CPU Runs high unless Task manager/Process Explorer are open

Morbius · June 1, 2013

I have been having issues with my CPU not functioning properly lately, but whenever I open the task manager or process explorer, I see the CPU usage jump from 50-80% down to a normal 5-10%. I heard this can be a virus that hides when task manager is open. I have run Avira, SUPERantiSpyware, and MBAM in both normal and safe modes, and although I nipped some viruses, my issue persists. I'll paste my DxDiag, dds, and attach files below this. Thanks in advance for any help you can give.

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 7.0.6001.18639 BrowserJavaVersion: 10.15.2

Run by Morbius Liadon at 8:44:35 on 2013-06-01

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.5887.4124 [GMT -7:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Users\Morbius Liadon\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Users\Morbius Liadon\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Morbius Liadon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Users\Morbius Liadon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970

uProxyOverride = <local>

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970

mSearchAssistant = hxxp://searchou.com/?q={searchTerms}&id=dcc2538500000000000000508d9dfb7c&r=742

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - C:\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll

BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll

BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

TB: AIM Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\claroTlbr.dll

TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -

uRun: [Aim6] <no file>

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [PrivitizeVPN] "C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe" /autorun

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

dRunOnce: [LabelMaker2.0] regsvr32 C:\Program Files (x86)\Common Files\MySoftware\regdll.dll /s

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BDAREM~1.LNK - C:\Program Files (x86)\USB TV\EM28XX\BDARemote.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ULTRAH~1.LNK - C:\Windows\Installer\{96EF451E-A402-44D8-BAEE-D70D558A4122}\New_Shortcut_S1449_0EB7CDB78E0C4A918D2CA535D5B8160C.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{7D360ED7-E1B5-4A7B-AB19-8E40E21AD324} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{BF1476AA-32DB-4B53-B4E0-CCFC3D83ECEB} : DHCPNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -

x64-BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

x64-TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -

x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide

x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

x64-Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=

FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)

FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c

FF - prefs.js: keyword.URL - hxxp://searchou.com/?q={searchTerms}&id=dcc2538500000000000000508d9dfb7c

FF - component: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFExternalAlert.dll

FF - component: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCore.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-05-06 02:55; ffxtlbr@privitize.com; C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\ffxtlbr@privitize.com

FF - ExtSQL: 2013-05-06 02:55; za615t@vecbkb.co.uk; C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\za615t@vecbkb.co.uk

FF - ExtSQL: !HIDDEN! 2009-09-16 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQI3IwssM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - dcc2538500000000000000508d9dfb7c

FF - user.js: extensions.incredibar_i.instlDay - 15581

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:49:36

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQI3IwssM

FF - user.js: extensions.incredibar_i.upn2n - 92543491238592712

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10659

FF - user.js: extensions.incredibar_i.ppd - 102%5F6

FF - user.js: extensions.claro.tlbrSrchUrl -

FF - user.js: extensions.claro.id - dcc2538500000000000000508d9dfb7c

FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}

FF - user.js: extensions.claro.instlDay - 15641

FF - user.js: extensions.claro.vrsn - 1.8.3.10

FF - user.js: extensions.claro.vrsni - 1.8.3.10

FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:34:33

FF - user.js: extensions.claro.prtnrId - claro

FF - user.js: extensions.claro.prdct - claro

FF - user.js: extensions.claro.aflt - babsst

FF - user.js: extensions.claro_i.smplGrp - none

FF - user.js: extensions.claro.tlbrId - claro

FF - user.js: extensions.claro.instlRef - sst

FF - user.js: extensions.claro.dfltLng - en

FF - user.js: extensions.claro.excTlbr - false

FF - user.js: extensions.claro.admin - false

FF - user.js: extensions.privitize.hpOld0 - hxxp://www.yahoo.com/?ilc=8

FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c&q=

FF - user.js: extensions.privitize.id - dcc2538500000000000000508d9dfb7c

FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}

FF - user.js: extensions.privitize.instlDay - 15817

FF - user.js: extensions.privitize.vrsn - 1.8.16.22

FF - user.js: extensions.privitize.vrsni - 1.8.16.22

FF - user.js: extensions.privitize.vrsnTs - 1.8.16.221:30:33

FF - user.js: extensions.privitize.prtnrId - privitize

FF - user.js: extensions.privitize.prdct - privitize

FF - user.js: extensions.privitize.aflt - orgnl

FF - user.js: extensions.privitize.smplGrp - none

FF - user.js: extensions.privitize.tlbrId - base

FF - user.js: extensions.privitize.instlRef -

FF - user.js: extensions.privitize.dfltLng -

FF - user.js: extensions.privitize.excTlbr - true

FF - user.js: extensions.privitize.ffxUnstlRst - false

FF - user.js: extensions.privitize.admin - false

FF - user.js: extensions.privitize.autoRvrt - false

FF - user.js: extensions.privitize.rvrt - false

FF - user.js: extensions.privitize.hmpg - true

FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c

FF - user.js: extensions.privitize.dfltSrch - true

FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)

FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=dcc2538500000000000000508d9dfb7c

FF - user.js: extensions.privitize.dnsErr - true

FF - user.js: extensions.privitize.newTab - true

FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-28 52856]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\System32\drivers\RtlProt.sys [2007-4-23 31016]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-9-15 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-9-15 269480]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2009-9-15 88288]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2009-9-26 819600]

R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-3-15 415072]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-8-22 8704]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-9-23 447848]

R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-9-19 24652]

R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-8-29 185856]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-1-15 92160]

R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:\Windows\System32\drivers\vrtaucbl.sys [2011-1-7 66728]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]

R3 sftfs;sftfs;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys [2009-9-23 712536]

R3 sftplay;sftplay;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys [2009-9-23 261480]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2009-9-23 25944]

R3 sftvol;sftvol;C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys [2009-9-23 17752]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-9-23 203608]

R3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2012-9-3 1307648]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2009-11-23 9968]

S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2009-11-23 74480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 KHCAP;KHCap Packet Driver (KHCAP);C:\Windows\System32\drivers\KHCAP.sys [2013-1-4 39304]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v3.sys [2010-2-27 342528]

S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2009-11-23 7408]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-14 93184]

.

=============== File Associations ===============

.

FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

==================== Find3M ====================

.

2013-05-15 10:01:21 75016696 ----a-w- C:\Windows\System32\mrt.exe

2013-05-02 09:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll

2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll

2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll

2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe

2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll

2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll

2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe

2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll

2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2013-03-29 01:07:22 45056 ----a-w- C:\Windows\System32\atitmp64.dll

.

============= FINISH: 8:45:09.69 ===============

attach

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/14/2009 11:22:40 PM

System Uptime: 6/1/2013 8:25:22 AM (0 hours ago)

.

Motherboard: http://www.abit.com.tw/ | | F-I90HD (ATI RS600-SB600)

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 834 GiB total, 116.346 GiB free.

D: is CDROM (CDFS)

E: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

==== Installed Programs ======================

.

toolbar on IE and Chrome

7-Zip 9.20 (x64 edition)

7plugincoupon

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Media Encoder 2.5

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop CS6

Adobe Reader 9.1

Adobe Shockwave Player 11.5

AIM 6

AIM Toolbar

Akamai NetSession Interface

Akamai NetSession Interface Service

AllToAVI v4 r5394

AMD APP SDK Runtime

AMD Catalyst Install Manager

applicationupdater

Ask Toolbar

Audacity 1.3.12 (Unicode)

Audiosurf

Avanquest update

Avira AntiVir Personal - Free Antivirus

AVS Update Manager 1.0

AVS Video Converter 7

Battleground Europe

BlackBerry Desktop Software 4.7

Blender

Blender (remove only)

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Check Designer

CheckDesigner

Chivalry: Medieval Warfare

Civilization: Call To Power

Claro LTD toolbar

Command & Conquer Tiberian Sun

Counter-Strike: Source

DAEMON Tools Toolbar

DeepBurner v1.9.0.228

Deus Ex: Game of the Year Edition

Deus Ex: Human Revolution

Deus Ex: Invisible War

Dev-C++ 5 beta 9 release (4.9.9.2)

Dishonored

DivX Setup

Dota 2

Download Updater (AOL LLC)

Dungeons & Dragons Online®

Dyyno Broadcaster

EA Download Manager

Entropia Universe

EVE Online (remove only)

Fallen Earth

FFmpeg for Audacity on Windows

FFsplit version Alpha

FLV to WMV Convert 2.7

Free FLV Converter

FreeArc 0.666

Freecorder 4.02 Application

Freecorder Toolbar

gamelauncher-ps2-live

Garry's Mod

Garry's Mod 13 Beta

Gas Properties

GIMP 2.6.11

GIMPshop 2.2.8

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

GX GAMING CAVIMANUS HEADSET

Hi-Rez Studios Authenticate and Update Service

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Incredibar Toolbar on IE

Java 7 Update 15

Java Auto Updater

Java 6 Update 23

Just Cause 2

League of Legends

Left 4 Dead 2 Demo

LimeWire 5.2.13

Livestream Procaster

LOLReplay

Magic ISO Maker v5.5 (build 0281)

MagniPic

Malwarebytes Anti-Malware version 1.75.0.1300

ManyCam 2.4 (remove only)

Media converter

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Microsoft .NET Framework 1.1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Click-to-Run 2010 (Beta)

Microsoft Office Home and Business 2010 (Beta) - English

Microsoft Silverlight

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# .NET Redistributable Package 1.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Moon Breakers

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyCheckBook

MySoftware Fonts

NETGEAR WG111v3 wireless USB 2.0 adapter

Octodad

Octoshape Streaming Services

OpenOffice.org 3.1

Pando Media Booster

PDF Settings CS5

PDF Settings CS6

PlanetSide 2

PrivitizeVPN

Project64 1.6

Python 2.7a4

Realtek High Definition Audio Driver

Roll

Rome: Total War

Roxio Media Manager

Savage 2

SeaMonkey (2.0.8)

SecondLife (remove only)

SecondLifeViewer2 (remove only)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Skype™ 6.3

Snap.Do

SPORE™

Spotify

Star Conflict

Star Wars®: Knights of the Old Republic

StarCraft II

Steam

Stronghold Kingdoms

SUPERAntiSpyware Free Edition

Team Fortress 2

The Lord of the Rings Online™

The Lord of the Rings Online™ v03.08.00.8025

The Sims 2

The Sims 2 Nightlife

The Sims 2 Open For Business

Tom Clancy's H.A.W.X. 2

Tribes: Ascend

TuxGuitar

Ubisoft Game Launcher

Ultra Hal Text-to-Speech Reader

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

USB Video Driver

VanDyke Software SecureCRT 6.7

VanDyke Software SecureFX 6.7

VC80CRTRedist - 8.0.50727.6195

VD64Inst

Ventrilo Client for Windows x64

VH Toolkit 1.0.15.0

Viewpoint Media Player

Virtual Audio Cable 4.10

VLC media player 0.9.2

War of the Immortals

WAV To MP3 10.1.1

Web Assistant 2.0.0.464

Westwood Shared Internet Components

Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (04/27/2007 5.7.0427.0)

Windows Live ID Sign-in Assistant

WinFF 1.2

WinRAR archiver

WinX Free FLV to MP4 Converter 4.1.9

WinX Free MOV to WMV Converter 4.1.8

WinX Free MP4 to WMV Converter 4.1.9

WMA MP3 Converter v4.1 build 1296

World of Warcraft

wxDownload Fast 0.6.0

XSplit

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Zune

Zune Language Pack (ES)

Zune Language Pack (FR)

.

==== End Of File ===========================

DxDiag

------------------

System Information

------------------

Time of this report: 6/1/2013, 08:51:43

Machine name: MORBIUSLIADO-PC

Operating System: Windows Vista™ Home Premium (6.0, Build 6001) Service Pack 1 (6001.vistasp1_gdr.101014-0432)

Language: English (Regional Setting: English)

System Manufacturer: System Manufacter

System Model: System Product Name

BIOS: Phoenix - AwardBIOS v6.00PG

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz (4 CPUs), ~2.4GHz

Memory: 5886MB RAM

Page File: 2274MB used, 9720MB available

Windows Dir: C:\Windows

DirectX Version: DirectX 10

DX Setup Parameters: Not found

DxDiag Version: 6.00.6001.18000 64bit Unicode

------------

DxDiag Notes

------------

Display Tab 1: No problems found.

Sound Tab 1: No problems found.

Sound Tab 2: The file vrtaucbl.sys is not digitally signed, which means that it has not been tested by Microsoft's Windows Hardware Quality Labs (WHQL). You may be able to get a WHQL logo'd driver from the hardware manufacturer.

Sound Tab 3: No problems found.

Sound Tab 4: No problems found.

Input Tab: No problems found.

--------------------

DirectX Debug Levels

--------------------

Direct3D: 0/4 (retail)

DirectDraw: 0/4 (retail)

DirectInput: 0/5 (retail)

DirectMusic: 0/5 (retail)

DirectPlay: 0/9 (retail)

DirectSound: 0/5 (retail)

DirectShow: 0/6 (retail)

---------------

Display Devices

---------------

Card name: AMD Radeon HD 6900 Series

Manufacturer: Advanced Micro Devices, Inc.

Chip type: AMD Radeon Graphics Processor (0x6718)

DAC type: Internal DAC(400MHz)

Device Key: Enum\PCI\VEN_1002&DEV_6718&SUBSYS_31301682&REV_00

Display Memory: 629 MB

Dedicated Memory: 2037 MB

Shared Memory: 2687 MB

Current Mode: 1280 x 720 (32 bit) (60Hz)

Monitor: Generic PnP Monitor

Driver Name: aticfx64.dll,aticfx64.dll,aticfx64.dll,aticfx32,aticfx32,aticfx32,atiumd64.dll,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64.dll

Driver Version: 8.17.0010.1191 (English)

DDI Version: 10.1

Driver Attributes: Final Retail

Driver Date/Size: 3/28/2013 19:37:02, 1155264 bytes

WHQL Logo'd: Yes

WHQL Date Stamp:

Device Identifier: {D7B71EE2-2458-11CF-9571-3A11BEC2C535}

Vendor ID: 0x1002

Device ID: 0x6718

SubSys ID: 0x31301682

Revision ID: 0x0000

Video Accel: ModeMPEG2_A ModeMPEG2_C

Deinterlace Caps: {6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,UYVY) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,0x32315659) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{3C5323C1-6FB7-44F5-9081-056BF2EE449D}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{552C0DAD-CCBC-420B-83C8-74943CF9F1A6}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,2) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{6E8329FF-B642-418B-BCF0-BCB6591E255F}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_PixelAdaptive

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,0x3231564e) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S340,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(S342,UNKNOWN) Frames(Prev/Fwd/Back)=(0,0,0) Caps=

DDraw Status: Enabled

D3D Status: Enabled

AGP Status: Enabled

-------------

Sound Devices

-------------

Description: Speakers (2- USB PnP Sound Device)

Default Sound Playback: Yes

Default Voice Playback: Yes

Hardware ID: USB\VID_0D8C&PID_013C&REV_0100&MI_00

Manufacturer ID: 1

Product ID: 100

Type: WDM

Driver Name: CM10864.sys

Driver Version: 7.12.0008.2140 (English)

Driver Attributes: Final Retail

WHQL Logo'd: Yes

Date and Size: 1/11/2010 00:25:36, 1307648 bytes

Other Files:

Driver Provider: C-Media Inc.

HW Accel Level: Basic

Cap Flags: 0xF1F

Min/Max Sample Rate: 100, 200000

Static/Strm HW Mix Bufs: 1, 0

Static/Strm HW 3D Bufs: 0, 0

HW Memory: 0

Voice Management: No

EAX 2.0 Listen/Src: No, No

I3DL2 Listen/Src: No, No

Sensaura ZoomFX: No

Description: Line 1 (Virtual Audio Cable)

Default Sound Playback: No

Default Voice Playback: No

Hardware ID: EuMusDesign_VAC_WDM

Manufacturer ID: 1

Product ID: 100

Type: WDM

Driver Name: vrtaucbl.sys

Driver Version: 4.10.0000.2964 (English)

Driver Attributes: Final Retail

WHQL Logo'd: No

Date and Size: 1/7/2011 04:40:24, 66728 bytes

Other Files:

Driver Provider: EuMus Design

HW Accel Level: Basic

Cap Flags: 0xF1F

Min/Max Sample Rate: 100, 200000

Static/Strm HW Mix Bufs: 1, 0

Static/Strm HW 3D Bufs: 0, 0

HW Memory: 0

Voice Management: No

EAX 2.0 Listen/Src: No, No

I3DL2 Listen/Src: No, No

Sensaura ZoomFX: No

Description: Realtek Digital Output (Realtek High Definition Audio)

Default Sound Playback: No

Default Voice Playback: No

Hardware ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_147BA601&REV_1000

Manufacturer ID: 1

Product ID: 100

Type: WDM

Driver Name: RTKVHD64.sys

Driver Version: 6.00.0001.6662 (English)

Driver Attributes: Final Retail

WHQL Logo'd: Yes

Date and Size: 6/19/2012 17:54:20, 4065296 bytes

Other Files:

Driver Provider: Realtek Semiconductor Corp.

HW Accel Level: Basic

Cap Flags: 0xF1F

Min/Max Sample Rate: 100, 200000

Static/Strm HW Mix Bufs: 1, 0

Static/Strm HW 3D Bufs: 0, 0

HW Memory: 0

Voice Management: No

EAX 2.0 Listen/Src: No, No

I3DL2 Listen/Src: No, No

Sensaura ZoomFX: No

Description: 1 - Digital Display Audio (AMD High Definition Audio Device)

Default Sound Playback: No

Default Voice Playback: No

Hardware ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1002

Manufacturer ID: 1

Product ID: 100

Type: WDM

Driver Name: AtihdLH6.sys

Driver Version: 6.58.0000.6614 (English)

Driver Attributes: Final Retail

WHQL Logo'd: Yes

Date and Size: 1/15/2013 03:11:24, 92160 bytes

Other Files:

Driver Provider: Advanced Micro Devices

HW Accel Level: Basic

Cap Flags: 0xF1F

Min/Max Sample Rate: 100, 200000

Static/Strm HW Mix Bufs: 1, 0

Static/Strm HW 3D Bufs: 0, 0

HW Memory: 0

Voice Management: No

EAX 2.0 Listen/Src: No, No

I3DL2 Listen/Src: No, No

Sensaura ZoomFX: No

---------------------

Sound Capture Devices

---------------------

Description: Microphone (2- USB PnP Sound Device)

Default Sound Capture: Yes

Default Voice Capture: Yes

Driver Name: CM10864.sys

Driver Version: 7.12.0008.2140 (English)

Driver Attributes: Final Retail

Date and Size: 1/11/2010 00:25:36, 1307648 bytes

Cap Flags: 0x1

Format Flags: 0xFFFFF

Description: Mic 1 (Virtual Audio Cable)

Default Sound Capture: No

Default Voice Capture: No

Driver Name: vrtaucbl.sys

Driver Version: 4.10.0000.2964 (English)

Driver Attributes: Final Retail

Date and Size: 1/7/2011 04:40:24, 66728 bytes

Cap Flags: 0x1

Format Flags: 0xFFFFF

Description: Line 1 (Virtual Audio Cable)

Default Sound Capture: No

Default Voice Capture: No

Driver Name: vrtaucbl.sys

Driver Version: 4.10.0000.2964 (English)

Driver Attributes: Final Retail

Date and Size: 1/7/2011 04:40:24, 66728 bytes

Cap Flags: 0x1

Format Flags: 0xFFFFF

-------------------

DirectInput Devices

-------------------

Device Name: Mouse

Attached: 1

Controller ID: n/a

Vendor/Product ID: n/a

FF Driver: n/a

Device Name: Keyboard

Attached: 1

Controller ID: n/a

Vendor/Product ID: n/a

FF Driver: n/a

Device Name: USB Keyboard

Attached: 1

Controller ID: 0x0

Vendor/Product ID: 0x04D9, 0x1603

FF Driver: n/a

Device Name: USB Keyboard

Attached: 1

Controller ID: 0x0

Vendor/Product ID: 0x04D9, 0x1603

FF Driver: n/a

Device Name: USB PnP Sound Device

Attached: 1

Controller ID: 0x0

Vendor/Product ID: 0x0D8C, 0x013C

FF Driver: n/a

Poll w/ Interrupt: No

-----------

USB Devices

-----------

+ USB Root Hub

| Vendor/Product ID: 0x1002, 0x4387

| Matching Device ID: usb\root_hub

| Service: usbhub

| Driver: usbhub.sys, 1/20/2008 19:47:01, 270336 bytes

| Driver: usbd.sys, 1/20/2008 19:47:25, 7680 bytes

----------------

Gameport Devices

----------------

------------

PS/2 Devices

------------

+ HID Keyboard Device

| Vendor/Product ID: 0x04D9, 0x1603

| Matching Device ID: hid_device_system_keyboard

| Service: kbdhid

| Driver: kbdhid.sys, 1/20/2008 19:47:27, 20480 bytes

| Driver: kbdclass.sys, 1/20/2008 19:47:27, 42040 bytes

|

+ Terminal Server Keyboard Driver

| Matching Device ID: root\rdp_kbd

| Upper Filters: kbdclass

| Service: TermDD

| Driver: i8042prt.sys, 1/20/2008 19:47:27, 64000 bytes

| Driver: kbdclass.sys, 1/20/2008 19:47:27, 42040 bytes

|

+ PS/2 Compatible Mouse

| Matching Device ID: *pnp0f13

| Service: i8042prt

| Driver: i8042prt.sys, 1/20/2008 19:47:27, 64000 bytes

| Driver: mouclass.sys, 1/20/2008 19:46:59, 39992 bytes

|

+ Terminal Server Mouse Driver

| Matching Device ID: root\rdp_mou

| Upper Filters: mouclass

| Service: TermDD

| Driver: termdd.sys, 1/20/2008 19:46:50, 63544 bytes

| Driver: sermouse.sys, 1/20/2008 19:46:59, 26624 bytes

| Driver: mouclass.sys, 1/20/2008 19:46:59, 39992 bytes

------------------------

Disk & DVD/CD-ROM Drives

------------------------

Drive: C:

Free Space: 119.1 GB

Total Space: 853.9 GB

File System: NTFS

Model: SAMSUNG HD103UJ ATA Device

Drive: Q:

Model: n/a

Drive: D:

Model: Memorex DVD+-RAM 530L v1 ATA Device

Driver: c:\windows\system32\drivers\cdrom.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:54, 79872 bytes

Drive: E:

Model: DWDA TQB81IV SCSI CdRom Device

Driver: c:\windows\system32\drivers\cdrom.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:54, 79872 bytes

Drive: F:

Model: DWDA TQB81IV SCSI CdRom Device

Driver: c:\windows\system32\drivers\cdrom.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:54, 79872 bytes

--------------

System Devices

--------------

Name: Realtek RTL8168/8111 Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_2410147B&REV_01\4&32DD75A1&0&0020

Driver: C:\Windows\system32\DRIVERS\Rtlh64.sys, 6.1837.0926.2006 (English), 10/2/2006 19:13:44, 51200 bytes

Name: High Definition Audio Controller

Device ID: PCI\VEN_1002&DEV_AA80&SUBSYS_AA801682&REV_00\4&1D657AEE&0&0110

Driver: C:\Windows\system32\DRIVERS\hdaudbus.sys, 6.00.6001.17036 (English), 1/20/2008 19:46:51, 50688 bytes

Name: PCI standard PCI-to-PCI bridge

Device ID: PCI\VEN_1002&DEV_7934&SUBSYS_79301002&REV_00\3&2B8E0B4B&0&20

Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:51, 179768 bytes

Name: PCI standard PCI-to-PCI bridge

Device ID: PCI\VEN_1002&DEV_7933&SUBSYS_79301002&REV_00\3&2B8E0B4B&0&10

Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:51, 179768 bytes

Name: PCI standard host CPU bridge

Device ID: PCI\VEN_1002&DEV_7930&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&00

Driver: n/a

Name: AMD Radeon HD 6900 Series

Device ID: PCI\VEN_1002&DEV_6718&SUBSYS_31301682&REV_00\4&1D657AEE&0&0010

Driver: C:\Windows\system32\DRIVERS\atikmdag.sys, 8.01.0001.1295 (English), 3/28/2013 19:35:02, 11658752 bytes

Driver: C:\Windows\system32\DRIVERS\ati2erec.dll, 1.00.0000.0024 (English), 3/28/2013 18:07:52, 53248 bytes

Driver: C:\Windows\system32\DRIVERS\atikmpag.sys, 8.14.0001.6304 (English), 3/28/2013 18:09:44, 581120 bytes

Driver: C:\Windows\system32\atiumd64.dll, 9.14.0010.0969 (English), 3/28/2013 19:36:38, 6985624 bytes

Driver: C:\Windows\system32\atiumd6a.dll, 8.14.0010.0390 (English), 3/28/2013 19:36:40, 5000320 bytes

Driver: C:\Windows\system32\atitmm64.dll, 6.14.0011.0024 (English), 3/28/2013 18:33:00, 120320 bytes

Driver: C:\Windows\system32\atiicdxx.dat, 3/11/2013 22:38:22, 695006 bytes

Driver: C:\Windows\system32\amdpcom64.dll, 8.14.0010.0023 (English), 3/28/2013 19:37:10, 78432 bytes

Driver: C:\Windows\system32\atimpc64.dll, 8.14.0010.0023 (English), 3/28/2013 19:37:10, 78432 bytes

Driver: C:\Windows\system32\atiadlxx.dll, 6.14.0010.1127 (English), 3/28/2013 18:10:30, 636416 bytes

Driver: C:\Windows\system32\atiumd6a.cap, 3/28/2013 18:38:06, 3309936 bytes

Driver: C:\Windows\system32\atimuixx.dll, 6.14.0010.1002 (English), 3/28/2013 18:32:46, 26112 bytes

Driver: C:\Windows\system32\atiapfxx.exe, 6.14.0010.1001 (English), 3/28/2013 18:57:54, 163840 bytes

Driver: C:\Windows\system32\atiapfxx.blb, 3/28/2013 18:59:46, 522872 bytes

Driver: C:\Windows\system32\ativvaxy_cik.dat, 3/4/2013 11:52:52, 230836 bytes

Driver: C:\Windows\system32\ativvaxy_cik_nd.dat, 11/22/2012 08:14:26, 230064 bytes

Driver: C:\Windows\system32\ativce02.dat, 1/31/2013 17:14:10, 75600 bytes

Driver: C:\Windows\system32\atiesrxx.exe, 6.14.0011.1143 (English), 3/28/2013 18:34:18, 241152 bytes

Driver: C:\Windows\system32\atieclxx.exe, 6.14.0011.1143 (English), 3/28/2013 18:35:06, 562688 bytes

Driver: C:\Windows\system32\atiedu64.dll, 6.14.0010.2514 (English), 3/28/2013 18:32:42, 59392 bytes

Driver: C:\Windows\system32\atidemgy.dll, 4.00.4835.37057 (English), 3/28/2013 18:35:14, 442368 bytes

Driver: C:\Windows\system32\atio6axx.dll, 6.14.0010.12217 (English), 3/28/2013 19:04:42, 24229376 bytes

Driver: C:\Windows\system32\aticalrt64.dll, 6.14.0010.1741 (English), 3/28/2013 18:55:36, 51200 bytes

Driver: C:\Windows\system32\aticalcl64.dll, 6.14.0010.1741 (English), 3/28/2013 18:55:28, 44544 bytes

Driver: C:\Windows\system32\aticaldd64.dll, 6.14.0010.1741 (English), 3/28/2013 18:55:16, 16082944 bytes

Driver: C:\Windows\system32\atipblag.dat, 9/12/2011 15:06:16, 3917 bytes

Driver: C:\Windows\system32\atiu9p64.dll, 8.14.0001.6304 (English), 3/28/2013 19:37:04, 112440 bytes

Driver: C:\Windows\system32\atiuxp64.dll, 8.14.0001.6304 (English), 3/28/2013 19:37:06, 139696 bytes

Driver: C:\Windows\system32\atig6pxx.dll, 8.14.0001.6304 (English), 3/28/2013 18:10:08, 17920 bytes

Driver: C:\Windows\system32\atig6txx.dll, 8.14.0001.6304 (English), 3/28/2013 18:10:00, 44032 bytes

Driver: C:\Windows\system32\atitmp64.dll, 6.14.0011.0021 (English), 3/28/2013 18:07:22, 45056 bytes

Driver: C:\Windows\system32\atibtmon.exe, 2.00.0000.0000 (English), 5/11/2009 15:35:28, 118784 bytes

Driver: C:\Windows\system32\atidxx64.dll, 8.17.0010.0489 (English), 3/28/2013 19:36:56, 8272136 bytes

Driver: C:\Windows\SysWOW64\atiumdag.dll, 9.14.0010.0969 (English), 3/28/2013 19:36:44, 5944264 bytes

Driver: C:\Windows\SysWOW64\atiumdva.dll, 8.14.0010.0390 (English), 3/28/2013 19:36:50, 4450264 bytes

Driver: C:\Windows\SysWOW64\amdpcom32.dll, 8.14.0010.0023 (English), 3/28/2013 19:37:10, 71704 bytes

Driver: C:\Windows\SysWOW64\atimpc32.dll, 8.14.0010.0023 (English), 3/28/2013 19:37:10, 71704 bytes

Driver: C:\Windows\SysWOW64\atiadlxy.dll, 6.14.0010.1127 (English), 3/28/2013 18:10:20, 430080 bytes

Driver: C:\Windows\SysWOW64\atiumdva.cap, 3/28/2013 18:24:06, 3342768 bytes

Driver: C:\Windows\SysWOW64\atiapfxx.blb, 3/28/2013 18:59:46, 522872 bytes

Driver: C:\Windows\SysWOW64\ati2edxx.dll, 6.14.0010.2514 (English), 3/28/2013 18:32:36, 43520 bytes

Driver: C:\Windows\SysWOW64\atioglxx.dll, 6.14.0010.12217 (English), 3/28/2013 18:48:26, 19870720 bytes

Driver: C:\Windows\SysWOW64\atidxx32.dll, 8.17.0010.0489 (English), 3/28/2013 19:36:54, 7233336 bytes

Driver: C:\Windows\SysWOW64\aticalrt.dll, 6.14.0010.1741 (English), 3/28/2013 18:55:34, 46080 bytes

Driver: C:\Windows\SysWOW64\aticalcl.dll, 6.14.0010.1741 (English), 3/28/2013 18:55:28, 44032 bytes

Driver: C:\Windows\SysWOW64\aticaldd.dll, 6.14.0010.1741 (English), 3/28/2013 18:51:04, 13703168 bytes

Driver: C:\Windows\SysWOW64\atipblag.dat, 9/12/2011 15:06:16, 3917 bytes

Driver: C:\Windows\SysWOW64\atiu9pag.dll, 8.14.0001.6304 (English), 3/28/2013 19:37:04, 92304 bytes

Driver: C:\Windows\SysWOW64\atiuxpag.dll, 8.14.0001.6304 (English), 3/28/2013 19:37:04, 118584 bytes

Driver: C:\Windows\SysWOW64\atigktxx.dll, 8.14.0001.6304 (English), 3/28/2013 18:09:52, 34816 bytes

Driver: C:\Windows\SysWOW64\atiglpxx.dll, 8.14.0001.6304 (English), 3/28/2013 18:10:04, 14848 bytes

Driver: C:\Windows\atiogl.xml, 2/27/2013 11:08:54, 44066 bytes

Driver: C:\Windows\system32\ATIODCLI.exe, 1.00.0000.0001 (English), 6/22/2009 08:34:36, 51200 bytes

Driver: C:\Windows\system32\ATIODE.exe, 1.00.0000.0001 (English), 8/27/2010 11:33:08, 332800 bytes

Driver: C:\Windows\system32\atiglpxx.dll, 8.14.0001.6304 (English), 3/28/2013 18:10:04, 14848 bytes

Driver: C:\Windows\system32\aticfx64.dll, 8.17.0010.1191 (English), 3/28/2013 19:37:02, 1155264 bytes

Driver: C:\Windows\SysWOW64\aticfx32.dll, 8.17.0010.1191 (English), 3/28/2013 19:37:00, 970912 bytes

Driver: C:\Windows\system32\OpenCL.dll, 1.02.0011.0000 (English), 3/28/2013 19:09:04, 54784 bytes

Driver: C:\Windows\system32\amdocl64.dll, 10.00.1124.0002 (English), 3/28/2013 19:12:48, 29150720 bytes

Driver: C:\Windows\system32\amdocl_as64.exe, 3/28/2013 19:13:14, 1187342 bytes

Driver: C:\Windows\system32\amdocl_ld64.exe, 3/28/2013 19:13:14, 1061902 bytes

Driver: C:\Windows\system32\OpenVideo64.dll, 10.00.1124.0002 (English), 3/28/2013 19:13:08, 76288 bytes

Driver: C:\Windows\system32\OVDecode64.dll, 10.00.1124.0002 (English), 3/28/2013 19:13:00, 64000 bytes

Driver: C:\Windows\system32\clinfo.exe, 3/28/2013 19:13:28, 222720 bytes

Driver: C:\Windows\SysWOW64\OpenCL.dll, 1.02.0011.0000 (English), 3/28/2013 19:09:00, 50176 bytes

Driver: C:\Windows\SysWOW64\amdocl.dll, 10.00.1124.0002 (English), 3/28/2013 19:10:52, 23810560 bytes

Driver: C:\Windows\SysWOW64\amdocl_as32.exe, 3/28/2013 19:13:12, 995342 bytes

Driver: C:\Windows\SysWOW64\amdocl_ld32.exe, 3/28/2013 19:13:14, 798734 bytes

Driver: C:\Windows\SysWOW64\OpenVideo.dll, 10.00.1124.0002 (English), 3/28/2013 19:13:04, 65536 bytes

Driver: C:\Windows\SysWOW64\OVDecode.dll, 10.00.1124.0002 (English), 3/28/2013 19:12:56, 56320 bytes

Driver: C:\Windows\system32\coinst_12.104.dll, 1.00.0005.0008 (English), 3/28/2013 19:00:54, 76800 bytes

Driver: C:\Windows\system32\Difxapi.dll, 2.01.0000.0000 (English), 11/2/2006 06:22:14, 525792 bytes

Name: ATI I/O Communications Processor LPC Controller

Device ID: PCI\VEN_1002&DEV_438D&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&A3

Driver: C:\Windows\system32\DRIVERS\msisadrv.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:51, 17976 bytes

Name: Standard Dual Channel PCI IDE Controller

Device ID: PCI\VEN_1002&DEV_438C&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&A1

Driver: C:\Windows\system32\DRIVERS\pciide.sys, 6.00.6000.16386 (English), 1/20/2008 19:46:50, 13416 bytes

Driver: C:\Windows\system32\DRIVERS\pciidex.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 51256 bytes

Driver: C:\Windows\system32\DRIVERS\atapi.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 22584 bytes

Driver: C:\Windows\system32\DRIVERS\ataport.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 124472 bytes

Name: Standard OpenHCD USB Host Controller

Device ID: PCI\VEN_1002&DEV_438B&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&9C

Driver: C:\Windows\system32\drivers\usbohci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 24064 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: Standard OpenHCD USB Host Controller

Device ID: PCI\VEN_1002&DEV_438A&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&9B

Driver: C:\Windows\system32\drivers\usbohci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 24064 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: Standard OpenHCD USB Host Controller

Device ID: PCI\VEN_1002&DEV_4389&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&9A

Driver: C:\Windows\system32\drivers\usbohci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 24064 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: Standard OpenHCD USB Host Controller

Device ID: PCI\VEN_1002&DEV_4388&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&99

Driver: C:\Windows\system32\drivers\usbohci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 24064 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: Standard OpenHCD USB Host Controller

Device ID: PCI\VEN_1002&DEV_4387&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&98

Driver: C:\Windows\system32\drivers\usbohci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 24064 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: Standard Enhanced PCI to USB Host Controller

Device ID: PCI\VEN_1002&DEV_4386&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&9D

Driver: C:\Windows\system32\drivers\usbehci.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 49152 bytes

Driver: C:\Windows\system32\drivers\usbport.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 259584 bytes

Driver: C:\Windows\system32\drivers\usbhub.sys, 6.00.6001.18000 (English), 1/20/2008 19:47:01, 270336 bytes

Driver: C:\Windows\system32\hccoin.dll, 6.00.6000.16386 (English), 11/2/2006 04:17:29, 10752 bytes

Driver: C:\Windows\system32\hcrstco.dll, 6.00.6001.18000 (English), 1/20/2008 19:47:25, 17920 bytes

Name: ATI I/O Communications Processor SMBus Controller

Device ID: PCI\VEN_1002&DEV_4385&SUBSYS_2412147B&REV_13\3&2B8E0B4B&0&A0

Driver: n/a

Name: ATI I/O Communications Processor PCI Bus Controller

Device ID: PCI\VEN_1002&DEV_4384&SUBSYS_00000000&REV_00\3&2B8E0B4B&0&A4

Driver: C:\Windows\system32\DRIVERS\pci.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:51, 179768 bytes

Name: High Definition Audio Controller

Device ID: PCI\VEN_1002&DEV_4383&SUBSYS_2412147B&REV_00\3&2B8E0B4B&0&A2

Driver: C:\Windows\system32\DRIVERS\hdaudbus.sys, 6.00.6001.17036 (English), 1/20/2008 19:46:51, 50688 bytes

Name: Standard Dual Channel PCI IDE Controller

Device ID: PCI\VEN_1002&DEV_4380&SUBSYS_43801002&REV_00\3&2B8E0B4B&0&90

Driver: C:\Windows\system32\DRIVERS\pciide.sys, 6.00.6000.16386 (English), 1/20/2008 19:46:50, 13416 bytes

Driver: C:\Windows\system32\DRIVERS\pciidex.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 51256 bytes

Driver: C:\Windows\system32\DRIVERS\atapi.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 22584 bytes

Driver: C:\Windows\system32\DRIVERS\ataport.sys, 6.00.6001.18000 (English), 1/20/2008 19:46:50, 124472 bytes

------------------

DirectShow Filters

------------------

DirectShow Filters:

WMAudio Decoder DMO,0x00800800,1,1,,

WMAPro over S/PDIF DMO,0x00600800,1,1,,

WMSpeech Decoder DMO,0x00600800,1,1,,

Zune AAC Decoder DMO,0x005fffff,1,1,,

MP3 Decoder DMO,0x00600800,1,1,,

Mpeg4s Decoder DMO,0x00800001,1,1,,

WMV Screen decoder DMO,0x00600800,1,1,,

WMVideo Decoder DMO,0x00800001,1,1,,

Microsoft Zune Mpeg4s Decoder DMO,0x00800001,1,1,,

Mpeg43 Decoder DMO,0x00800001,1,1,,

Mpeg4 Decoder DMO,0x00800001,1,1,,

Full Screen Renderer,0x00200000,1,0,,6.06.6001.18461

Multiple File Output,0x00200000,2,2,WMM2FILT.dll,

WMT Black Frame Generator,0x00200000,1,1,WMM2FILT.dll,

WMT Import Filter,0x00200000,0,1,WMM2FILT.dll,

DV Muxer,0x00400000,0,0,,6.06.6001.18000

Color Space Converter,0x00400001,1,1,,6.06.6001.18461

WMT Interlacer,0x00200000,1,1,WMM2FILT.dll,

WM ASF Reader,0x00400000,0,0,,11.00.6001.7000

Zune Enhanced Video Renderer,0x00200000,1,0,ZuneEvr.dll,4.00.0740.0000

Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.6001.7000

AVI Splitter,0x00600000,1,1,,6.06.6001.18461

VGA 16 Color Ditherer,0x00400000,1,1,,6.06.6001.18461

Microsoft MPEG-2 Video Decoder,0x005fffff,2,4,msmpeg2vdec.dll,11.00.6001.7000

AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.06.6001.18571

WMT Format Conversion,0x00200000,1,1,WMM2FILT.dll,

9x8Resize,0x00200000,1,1,WMM2FILT.dll,

StreamBufferSink,0x00200000,0,0,sbe.dll,6.06.6001.18571

WMT Virtual Source,0x00200000,0,1,WMM2FILT.dll,

Microsoft TV Caption Decoder,0x00200001,1,0,MSTVCapn.dll,6.00.6001.18000

MJPEG Decompressor,0x00600000,1,1,,6.06.6001.18461

CBVA DMO wrapper filter,0x00200000,1,1,cbva.dll,6.00.6001.18459

MPEG-I Stream Splitter,0x00600000,1,2,,6.06.6001.18461

SAMI (CC) Parser,0x00400000,1,1,,6.06.6001.18461

VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.6001.18000

MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.06.6001.18571

WMT AudioAnalyzer,0x00200000,1,1,WMM2FILT.dll,

Microsoft MPEG-2 Video Encoder,0x00200000,2,0,msmpeg2enc.dll,11.00.6001.7000

Stretch Video,0x00200000,1,1,WMM2FILT.dll,

Internal Script Command Renderer,0x00800001,1,0,,6.06.6001.18461

MPEG Audio Decoder,0x03680001,1,1,,6.06.6001.18461

Screen Capture filter,0x00200000,0,1,ZuneSrcWrp.dll,4.00.0740.0000

DV Splitter,0x00600000,1,2,,6.06.6001.18000

Video Mixing Renderer 9,0x00200000,1,0,,6.06.6001.18461

Microsoft MPEG-2 Encoder,0x00200000,2,1,msmpeg2enc.dll,11.00.6001.7000

Frame Eater,0x00200000,1,1,WMM2FILT.dll,

Allocator Fix,0x00200000,1,1,WMM2FILT.dll,

ACM Wrapper,0x00600000,1,1,,6.06.6001.18461

Video Renderer,0x00800001,1,0,,6.06.6001.18461

MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.06.6001.18571

Capture ASF Writer,0x00200000,0,0,WMM2FILT.dll,

Line 21 Decoder,0x00600000,1,1,,

Video Port Manager,0x00600000,2,1,,6.06.6001.18461

Video Renderer,0x00400000,1,0,,6.06.6001.18461

Bitmap Generate,0x00200000,1,1,WMM2FILT.dll,

Proxy Sink,0x00200000,1,0,WMM2FILT.dll,

Proxy Source,0x00200000,0,1,WMM2FILT.dll,

WM ASF Writer,0x00400000,0,0,,11.00.6001.7000

VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,6.00.6000.16386

WMT Sample Information Filter,0x00200000,1,1,WMM2FILT.dll,

File writer,0x00200000,1,0,,6.06.6001.18000

DVD Navigator,0x00200000,0,3,,6.06.6001.18000

WMT DV Extract,0x00200000,1,1,WMM2FILT.dll,

Overlay Mixer2,0x00200000,1,1,,

Microsoft MPEG-2 Audio Encoder,0x00200000,2,0,msmpeg2enc.dll,11.00.6001.7000

WST Pager,0x00800000,1,1,WSTPager.ax,6.06.6001.18000

MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.06.6001.18571

Record Queue,0x00200000,1,1,WMM2FILT.dll,

DV Video Decoder,0x00800000,1,1,,6.06.6001.18000

SampleGrabber,0x00200000,1,1,qedit.dll,6.06.6001.18000

Null Renderer,0x00200000,1,0,qedit.dll,6.06.6001.18000

WMT Log Filter,0x00200000,1,1,WMM2FILT.dll,

MPEG-2 Sections and Tables,0x005fffff,1,0,Mpeg2Data.ax,6.06.6001.18000

Microsoft AC3 Encoder,0x00200000,1,1,msac3enc.dll,11.00.6001.7000

WMT Virtual Renderer,0x00200000,1,0,WMM2FILT.dll,

StreamBufferSource,0x00200000,0,0,sbe.dll,6.06.6001.18571

Smart Tee,0x00200000,1,2,,6.06.6001.18000

Overlay Mixer,0x00200000,0,0,,

AVI Decompressor,0x00600000,1,1,,6.06.6001.18461

WMT MuxDeMux Filter,0x00200000,0,0,WMM2FILT.dll,

NetBridge,0x00200000,2,0,netbridge.dll,6.01.6001.18000

AVI/WAV File Source,0x00400000,0,2,,6.06.6001.18461

WMT Volume,0x00200000,1,1,WMM2FILT.dll,

Wave Parser,0x00400000,1,1,,6.06.6001.18461

MIDI Parser,0x00400000,1,1,,6.06.6001.18461

Multi-file Parser,0x00400000,1,1,,6.06.6001.18461

File stream renderer,0x00400000,1,1,,6.06.6001.18461

WMT VIH2 Fix,0x00200000,1,1,WMM2FILT.dll,

Microsoft MPEG-1/DD Audio Decoder,0x005fffff,1,1,msmpeg2adec.dll,11.00.6001.7000

AVI Mux,0x00200000,1,0,,6.06.6001.18000

Microsoft Zune H.264 Video Decoder,0x005fffff,1,1,ZuneH264Dec.dll,11.05.6000.6740

Line 21 Decoder 2,0x00600002,1,1,,6.06.6001.18461

File Source (Async.),0x00400000,0,1,,6.06.6001.18461

File Source (URL),0x00400000,0,1,,6.06.6001.18461

Media Center Extender Encryption Filter,0x00200000,2,2,Mcx2Filter.dll,6.01.6001.18459

AudioRecorder WAV Dest,0x00200000,0,0,,6.00.6000.16386

AudioRecorder Wave Form,0x00200000,0,0,,6.00.6000.16386

SoundRecorder Null Renderer,0x00200000,0,0,,6.00.6000.16386

Infinite Pin Tee Filter,0x00200000,1,1,,6.06.6001.18000

WMT Switch Filter,0x00200000,1,1,WMM2FILT.dll,

Enhanced Video Renderer,0x00200000,1,0,evr.dll,6.00.6001.18000

Uncompressed Domain Shot Detection Filter,0x00200000,1,1,WMM2FILT.dll,

BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.06.6001.18459

MPEG Video Decoder,0x40000001,1,1,,6.06.6001.18461

WDM Streaming Tee/Splitter Devices:

Tee/Sink-to-Sink Converter,0x00200000,1,1,,6.00.6001.18000

Video Compressors:

WMVideo8 Encoder DMO,0x00600800,1,1,,

WMVideo9 Encoder DMO,0x00600800,1,1,,

MSScreen 9 encoder DMO,0x00600800,1,1,,

DV Video Encoder,0x00200000,0,0,,6.06.6001.18000

MJPEG Compressor,0x00200000,0,0,,6.06.6001.18461

Audio Compressors:

WM Speech Encoder DMO,0x00600800,1,1,,

WMAudio Encoder DMO,0x00600800,1,1,,

IMA ADPCM,0x00200000,1,1,,6.06.6001.18461

PCM,0x00200000,1,1,,6.06.6001.18461

Microsoft ADPCM,0x00200000,1,1,,6.06.6001.18461

GSM 6.10,0x00200000,1,1,,6.06.6001.18461

CCITT A-Law,0x00200000,1,1,,6.06.6001.18461

CCITT u-Law,0x00200000,1,1,,6.06.6001.18461

MPEG Layer-3,0x00200000,1,1,,6.06.6001.18461

Audio Capture Sources:

Microphone (2- USB PnP Sound De,0x00200000,0,0,,6.06.6001.18000

Line 1 (Virtual Audio Cable),0x00200000,0,0,,6.06.6001.18000

Mic 1 (Virtual Audio Cable),0x00200000,0,0,,6.06.6001.18000

Midi Renderers:

Default MidiOut Device,0x00800000,1,0,,6.06.6001.18461

Microsoft GS Wavetable Synth,0x00200000,1,0,,6.06.6001.18461

WDM Streaming Capture Devices:

,0x00000000,0,0,,

Realtek HD Audio CD input,0x00200000,1,1,,6.00.6001.18000

Realtek HD Audio Front Mic input,0x00200000,1,1,,6.00.6001.18000

Realtek HD Audio Line input,0x00200000,1,1,,6.00.6001.18000

Realtek HD Audio Mic input,0x00200000,1,1,,6.00.6001.18000

Realtek HD Audio Stereo input,0x00200000,1,1,,6.00.6001.18000

ManyCam Virtual Webcam,0x00200000,1,2,,6.00.6001.18000

Virtual Cable 1,0x00200000,2,2,,6.00.6001.18000

USB PnP Sound Device,0x00200000,2,2,,6.00.6001.18000

WDM Streaming Rendering Devices:

AMD HD Audio HDMI out #0,0x00200000,1,1,,6.00.6001.18000

Realtek HD Audio output,0x00200000,1,1,,6.00.6001.18000

Realtek HDA SPDIF Out,0x00200000,1,1,,6.00.6001.18000

Virtual Cable 1,0x00200000,2,2,,6.00.6001.18000

USB PnP Sound Device,0x00200000,2,2,,6.00.6001.18000

BDA Network Providers:

Microsoft ATSC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6001.18061

Microsoft DVBC Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6001.18061

Microsoft DVBS Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6001.18061

Microsoft DVBT Network Provider,0x00200000,0,1,MSDvbNP.ax,6.06.6001.18061

Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.06.6001.18459

Video Capture Sources:

ManyCam Virtual Webcam,0x00200000,1,2,,6.00.6001.18000

Multi-Instance Capable VBI Codecs:

VBI Codec,0x00600000,1,4,VBICodec.ax,6.06.6001.18000

BDA Transport Information Renderers:

BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.06.6001.18459

MPEG-2 Sections and Tables,0x00600000,1,0,Mpeg2Data.ax,6.06.6001.18000

BDA CP/CA Filters:

Decrypt/Tag,0x00600000,1,0,EncDec.dll,6.06.6001.18571

Encrypt/Tag,0x00200000,0,0,EncDec.dll,6.06.6001.18571

XDS Codec,0x00200000,0,0,EncDec.dll,6.06.6001.18571

WDM Streaming Communication Transforms:

Tee/Sink-to-Sink Converter,0x00200000,1,1,,6.00.6001.18000

Audio Renderers:

Speakers (2- USB PnP Sound Devi,0x00200000,1,0,,6.06.6001.18461

1 - Digital Display Audio (AMD ,0x00200000,1,0,,6.06.6001.18461

Default DirectSound Device,0x00800000,1,0,,6.06.6001.18461

Default WaveOut Device,0x00200000,1,0,,6.06.6001.18461

DirectSound: 1 - Digital Display Audio (AMD High Definition Audio Device),0x00200000,1,0,,6.06.6001.18461

DirectSound: Line 1 (Virtual Audio Cable),0x00200000,1,0,,6.06.6001.18461

DirectSound: Realtek Digital Output (Realtek High Definition Audio),0x00200000,1,0,,6.06.6001.18461

DirectSound: Speakers (2- USB PnP Sound Device),0x00200000,1,0,,6.06.6001.18461

Line 1 (Virtual Audio Cable),0x00200000,1,0,,6.06.6001.18461

Realtek Digital Output (Realtek,0x00200000,1,0,,6.06.6001.18461

Psychotic · June 1, 2013

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Gmer

Download GMER Rootkit Scanner from here or here. Unzip it to your Desktop.

========================================================

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

========================================================

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log. Click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop.

Pleae attach the gmer.txt to your reply:

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, browse to where you saved the file, and
Click Upload.

Morbius · June 1, 2013

I will run the scan and attach it to a post when it is done.

Morbius · June 2, 2013

I attempted the scan twice, but both times the GMER Program stopped responding at the end and I was forced to close the program.

Psychotic · June 2, 2013

Let´s try something else...

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

Scan with aswMBR

Please download aswMBR.exe to your desktop.

Double-click the aswMBR.exe to run it
When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
Now click on the Scan button to start scan
On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply

Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

Morbius · June 2, 2013

Thanks, these ones worked. Here are the logs.

16:47:18.0846 3588 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:47:19.0369 3588 ============================================================

16:47:19.0369 3588 Current date / time: 2013/06/02 16:47:19.0369

16:47:19.0369 3588 SystemInfo:

16:47:19.0369 3588

16:47:19.0370 3588 OS Version: 6.0.6001 ServicePack: 1.0

16:47:19.0370 3588 Product type: Workstation

16:47:19.0370 3588 ComputerName: MORBIUSLIADO-PC

16:47:19.0370 3588 UserName: Morbius Liadon

16:47:19.0370 3588 Windows directory: C:\Windows

16:47:19.0370 3588 System windows directory: C:\Windows

16:47:19.0370 3588 Running under WOW64

16:47:19.0370 3588 Processor architecture: Intel x64

16:47:19.0370 3588 Number of processors: 4

16:47:19.0370 3588 Page size: 0x1000

16:47:19.0370 3588 Boot type: Normal boot

16:47:19.0370 3588 ============================================================

16:47:20.0757 3588 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:47:20.0762 3588 ============================================================

16:47:20.0763 3588 \Device\Harddisk0\DR0:

16:47:20.0763 3588 MBR partitions:

16:47:20.0763 3588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x683B57F0

16:47:20.0763 3588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x683B6000, BlocksNum 0xC34F800

16:47:20.0763 3588 ============================================================

16:47:20.0798 3588 C: <-> \Device\Harddisk0\DR0\Partition1

16:47:20.0798 3588 ============================================================

16:47:20.0798 3588 Initialize success

16:47:20.0798 3588 ============================================================

16:47:23.0755 4700 ============================================================

16:47:23.0755 4700 Scan started

16:47:23.0755 4700 Mode: Manual;

16:47:23.0755 4700 ============================================================

16:47:24.0754 4700 ================ Scan system memory ========================

16:47:24.0754 4700 System memory - ok

16:47:24.0755 4700 ================ Scan services =============================

16:47:25.0208 4700 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys

16:47:25.0212 4700 ACPI - ok

16:47:25.0250 4700 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

16:47:25.0264 4700 adp94xx - ok

16:47:25.0300 4700 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

16:47:25.0310 4700 adpahci - ok

16:47:25.0343 4700 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

16:47:25.0350 4700 adpu160m - ok

16:47:25.0374 4700 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

16:47:25.0382 4700 adpu320 - ok

16:47:25.0417 4700 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

16:47:25.0418 4700 AeLookupSvc - ok

16:47:25.0450 4700 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys

16:47:25.0453 4700 AFD - ok

16:47:25.0482 4700 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

16:47:25.0489 4700 agp440 - ok

16:47:25.0535 4700 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

16:47:25.0550 4700 aic78xx - ok

16:47:25.0773 4700 [ C7074BD8D4B8F564859ED373433030AE ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll

16:47:25.0773 4700 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE

16:47:25.0782 4700 Akamai ( HiddenFile.Multi.Generic ) - warning

16:47:25.0782 4700 Akamai - detected HiddenFile.Multi.Generic (1)

16:47:25.0807 4700 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

16:47:25.0810 4700 ALG - ok

16:47:25.0826 4700 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

16:47:25.0830 4700 aliide - ok

16:47:25.0874 4700 [ 310F86335B0505DDC6D2DD48E66EF06B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

16:47:25.0877 4700 AMD External Events Utility - ok

16:47:25.0889 4700 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

16:47:25.0893 4700 amdide - ok

16:47:25.0897 4700 amdide64 - ok

16:47:25.0914 4700 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

16:47:25.0921 4700 AmdK8 - ok

16:47:26.0204 4700 [ 79CC9BE187E3144E1B58A54B842475E7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

16:47:26.0346 4700 amdkmdag - ok

16:47:26.0381 4700 [ 07561D3B7FD99F6E186C49C2D0628E38 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

16:47:26.0401 4700 amdkmdap - ok

16:47:26.0496 4700 [ B4837FE56D76B2E9EA90E5365CF6A2BE ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

16:47:26.0499 4700 AntiVirSchedulerService - ok

16:47:26.0522 4700 [ DF5A3016052755C910A206058B4A1729 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

16:47:26.0526 4700 AntiVirService - ok

16:47:26.0560 4700 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

16:47:26.0561 4700 Appinfo - ok

16:47:26.0581 4700 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

16:47:26.0588 4700 arc - ok

16:47:26.0620 4700 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

16:47:26.0627 4700 arcsas - ok

16:47:26.0695 4700 aspnet_state - ok

16:47:26.0711 4700 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

16:47:26.0713 4700 AsyncMac - ok

16:47:26.0729 4700 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys

16:47:26.0730 4700 atapi - ok

16:47:26.0781 4700 [ FAF6F2BD78F98BD55499681E5DA73F73 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys

16:47:26.0782 4700 AtiHDAudioService - ok

16:47:26.0787 4700 AtiHdmiService - ok

16:47:27.0133 4700 [ 79CC9BE187E3144E1B58A54B842475E7 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

16:47:27.0203 4700 atikmdag - ok

16:47:27.0237 4700 [ F3A313050B8CB0608FCE442EDB49554F ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

16:47:27.0237 4700 AtiPcie - ok

16:47:27.0277 4700 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

16:47:27.0289 4700 AudioEndpointBuilder - ok

16:47:27.0297 4700 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll

16:47:27.0300 4700 AudioSrv - ok

16:47:27.0322 4700 [ B1224E6B086CD6548315B04AB575A23E ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

16:47:27.0324 4700 avgntflt - ok

16:47:27.0358 4700 [ ED45F12CFA62B83765C9C1496758CC87 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

16:47:27.0359 4700 avipbb - ok

16:47:27.0389 4700 [ BC4737AAFFA5964E4F8827C9B8C0EB8E ] BFE C:\Windows\System32\bfe.dll

16:47:27.0395 4700 BFE - ok

16:47:27.0458 4700 [ D896A0D43F8AB81ECB1FC6C24DECFD58 ] BITS C:\Windows\System32\qmgr.dll

16:47:27.0470 4700 BITS - ok

16:47:27.0528 4700 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

16:47:27.0533 4700 blbdrive - ok

16:47:27.0562 4700 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

16:47:27.0563 4700 bowser - ok

16:47:27.0581 4700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

16:47:27.0595 4700 BrFiltLo - ok

16:47:27.0615 4700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

16:47:27.0635 4700 BrFiltUp - ok

16:47:27.0656 4700 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

16:47:27.0658 4700 Browser - ok

16:47:27.0691 4700 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

16:47:27.0698 4700 Brserid - ok

16:47:27.0714 4700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

16:47:27.0719 4700 BrSerWdm - ok

16:47:27.0737 4700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

16:47:27.0740 4700 BrUsbMdm - ok

16:47:27.0752 4700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

16:47:27.0756 4700 BrUsbSer - ok

16:47:27.0770 4700 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

16:47:27.0776 4700 BTHMODEM - ok

16:47:27.0802 4700 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

16:47:27.0805 4700 cdfs - ok

16:47:27.0820 4700 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

16:47:27.0821 4700 cdrom - ok

16:47:27.0834 4700 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll

16:47:27.0835 4700 CertPropSvc - ok

16:47:27.0856 4700 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

16:47:27.0862 4700 circlass - ok

16:47:27.0967 4700 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys

16:47:27.0981 4700 CLFS - ok

16:47:28.0013 4700 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:47:28.0028 4700 clr_optimization_v2.0.50727_32 - ok

16:47:28.0099 4700 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:47:28.0106 4700 clr_optimization_v2.0.50727_64 - ok

16:47:28.0168 4700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:47:28.0196 4700 clr_optimization_v4.0.30319_32 - ok

16:47:28.0236 4700 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:47:28.0244 4700 clr_optimization_v4.0.30319_64 - ok

16:47:28.0261 4700 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

16:47:28.0266 4700 cmdide - ok

16:47:28.0294 4700 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

16:47:28.0299 4700 Compbatt - ok

16:47:28.0304 4700 COMSysApp - ok

16:47:28.0317 4700 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

16:47:28.0318 4700 crcdisk - ok

16:47:28.0337 4700 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll

16:47:28.0339 4700 CryptSvc - ok

16:47:28.0376 4700 [ 9F38FEB92D18468012543E1AFCF79BBC ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:47:28.0382 4700 cvhsvc - ok

16:47:28.0463 4700 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll

16:47:28.0474 4700 DcomLaunch - ok

16:47:28.0497 4700 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

16:47:28.0499 4700 DfsC - ok

16:47:28.0664 4700 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe

16:47:28.0745 4700 DFSR - ok

16:47:28.0772 4700 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

16:47:28.0776 4700 Dhcp - ok

16:47:28.0781 4700 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys

16:47:28.0783 4700 disk - ok

16:47:28.0807 4700 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll

16:47:28.0809 4700 Dnscache - ok

16:47:28.0828 4700 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll

16:47:28.0830 4700 dot3svc - ok

16:47:28.0845 4700 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

16:47:28.0848 4700 DPS - ok

16:47:28.0884 4700 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

16:47:28.0887 4700 drmkaud - ok

16:47:28.0923 4700 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

16:47:28.0933 4700 DXGKrnl - ok

16:47:29.0028 4700 [ 4AF117B55C76CEBFC6C52BFF1EEBAEC5 ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe

16:47:29.0030 4700 Dyyno Launcher - ok

16:47:29.0067 4700 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

16:47:29.0110 4700 E1G60 - ok

16:47:29.0131 4700 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

16:47:29.0133 4700 EapHost - ok

16:47:29.0145 4700 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys

16:47:29.0149 4700 Ecache - ok

16:47:29.0235 4700 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

16:47:29.0248 4700 ehRecvr - ok

16:47:29.0296 4700 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

16:47:29.0305 4700 ehSched - ok

16:47:29.0340 4700 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

16:47:29.0342 4700 ehstart - ok

16:47:29.0367 4700 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

16:47:29.0517 4700 elxstor - ok

16:47:29.0652 4700 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll

16:47:29.0703 4700 EMDMgmt - ok

16:47:29.0723 4700 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

16:47:29.0727 4700 ErrDev - ok

16:47:29.0755 4700 [ 932C05033053ADA2404FD836C9AB2C70 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys

16:47:29.0761 4700 EuMusDesignVirtualAudioCableWdm - ok

16:47:29.0789 4700 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll

16:47:29.0806 4700 EventSystem - ok

16:47:29.0827 4700 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys

16:47:29.0835 4700 exfat - ok

16:47:29.0855 4700 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys

16:47:29.0863 4700 fastfat - ok

16:47:29.0878 4700 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

16:47:29.0883 4700 fdc - ok

16:47:29.0887 4700 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

16:47:29.0889 4700 fdPHost - ok

16:47:29.0896 4700 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

16:47:29.0898 4700 FDResPub - ok

16:47:29.0914 4700 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

16:47:29.0915 4700 FileInfo - ok

16:47:29.0938 4700 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

16:47:29.0943 4700 Filetrace - ok

16:47:29.0966 4700 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

16:47:29.0970 4700 flpydisk - ok

16:47:29.0978 4700 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

16:47:29.0982 4700 FltMgr - ok

16:47:30.0034 4700 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:47:30.0050 4700 FontCache3.0.0.0 - ok

16:47:30.0068 4700 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

16:47:30.0072 4700 Fs_Rec - ok

16:47:30.0106 4700 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

16:47:30.0112 4700 gagp30kx - ok

16:47:30.0160 4700 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll

16:47:30.0177 4700 gpsvc - ok

16:47:30.0226 4700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:47:30.0227 4700 gupdate - ok

16:47:30.0248 4700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

16:47:30.0249 4700 gupdatem - ok

16:47:30.0288 4700 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

16:47:30.0299 4700 HdAudAddService - ok

16:47:30.0326 4700 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

16:47:30.0327 4700 HDAudBus - ok

16:47:30.0348 4700 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

16:47:30.0353 4700 HidBth - ok

16:47:30.0394 4700 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

16:47:30.0398 4700 HidIr - ok

16:47:30.0420 4700 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll

16:47:30.0432 4700 hidserv - ok

16:47:30.0445 4700 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

16:47:30.0445 4700 HidUsb - ok

16:47:30.0491 4700 [ FD1837DEE0A1D7F180D7B301C0656511 ] HiPatchService C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

16:47:30.0512 4700 HiPatchService - ok

16:47:30.0540 4700 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

16:47:30.0542 4700 hkmsvc - ok

16:47:30.0569 4700 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

16:47:30.0576 4700 HpCISSs - ok

16:47:30.0766 4700 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys

16:47:30.0791 4700 HTTP - ok

16:47:30.0809 4700 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

16:47:30.0815 4700 i2omp - ok

16:47:30.0833 4700 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

16:47:30.0839 4700 i8042prt - ok

16:47:30.0863 4700 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

16:47:30.0872 4700 iaStorV - ok

16:47:30.0968 4700 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

16:47:31.0011 4700 IDriverT - ok

16:47:31.0156 4700 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:47:31.0247 4700 idsvc - ok

16:47:31.0267 4700 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

16:47:31.0273 4700 iirsp - ok

16:47:31.0307 4700 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll

16:47:31.0315 4700 IKEEXT - ok

16:47:31.0432 4700 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

16:47:31.0467 4700 IntcAzAudAddService - ok

16:47:31.0485 4700 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

16:47:31.0492 4700 intelide - ok

16:47:31.0510 4700 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

16:47:31.0511 4700 intelppm - ok

16:47:31.0527 4700 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

16:47:31.0530 4700 IPBusEnum - ok

16:47:31.0554 4700 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:47:31.0560 4700 IpFilterDriver - ok

16:47:31.0594 4700 [ 3A0427F35E7F8C16BBC5B1BE32B8DE76 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

16:47:31.0607 4700 iphlpsvc - ok

16:47:31.0611 4700 IpInIp - ok

16:47:31.0631 4700 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

16:47:31.0637 4700 IPMIDRV - ok

16:47:31.0656 4700 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

16:47:31.0662 4700 IPNAT - ok

16:47:31.0684 4700 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

16:47:31.0688 4700 IRENUM - ok

16:47:31.0727 4700 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

16:47:31.0732 4700 isapnp - ok

16:47:31.0774 4700 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

16:47:31.0813 4700 iScsiPrt - ok

16:47:31.0828 4700 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

16:47:31.0834 4700 iteatapi - ok

16:47:31.0865 4700 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

16:47:31.0871 4700 iteraid - ok

16:47:31.0892 4700 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

16:47:31.0898 4700 kbdclass - ok

16:47:31.0907 4700 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

16:47:31.0908 4700 kbdhid - ok

16:47:31.0929 4700 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe

16:47:31.0931 4700 KeyIso - ok

16:47:31.0969 4700 [ 7D259F47D8CE1DF9A8E9C9820533191A ] KHCAP C:\Windows\system32\drivers\KHCAP.sys

16:47:31.0975 4700 KHCAP - ok

16:47:32.0012 4700 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

16:47:32.0020 4700 KSecDD - ok

16:47:32.0032 4700 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

16:47:32.0033 4700 ksthunk - ok

16:47:32.0068 4700 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

16:47:32.0074 4700 KtmRm - ok

16:47:32.0150 4700 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll

16:47:32.0154 4700 LanmanServer - ok

16:47:32.0179 4700 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

16:47:32.0183 4700 LanmanWorkstation - ok

16:47:32.0224 4700 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

16:47:32.0225 4700 lltdio - ok

16:47:32.0258 4700 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

16:47:32.0268 4700 lltdsvc - ok

16:47:32.0273 4700 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

16:47:32.0275 4700 lmhosts - ok

16:47:32.0294 4700 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

16:47:32.0301 4700 LSI_FC - ok

16:47:32.0319 4700 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

16:47:32.0326 4700 LSI_SAS - ok

16:47:32.0337 4700 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

16:47:32.0345 4700 LSI_SCSI - ok

16:47:32.0351 4700 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

16:47:32.0353 4700 luafv - ok

16:47:32.0380 4700 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys

16:47:32.0381 4700 ManyCam - ok

16:47:32.0411 4700 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

16:47:32.0418 4700 Mcx2Svc - ok

16:47:32.0438 4700 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

16:47:32.0443 4700 megasas - ok

16:47:32.0467 4700 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

16:47:32.0480 4700 MegaSR - ok

16:47:32.0511 4700 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

16:47:32.0513 4700 MMCSS - ok

16:47:32.0528 4700 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

16:47:32.0530 4700 Modem - ok

16:47:32.0538 4700 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

16:47:32.0544 4700 monitor - ok

16:47:32.0553 4700 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

16:47:32.0558 4700 mouclass - ok

16:47:32.0575 4700 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

16:47:32.0579 4700 mouhid - ok

16:47:32.0584 4700 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

16:47:32.0586 4700 MountMgr - ok

16:47:32.0612 4700 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:47:32.0638 4700 MozillaMaintenance - ok

16:47:32.0654 4700 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

16:47:32.0673 4700 mpio - ok

16:47:32.0693 4700 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

16:47:32.0693 4700 mpsdrv - ok

16:47:32.0715 4700 [ 8A670648C755867A3AA38DA50BA569AA ] MpsSvc C:\Windows\system32\mpssvc.dll

16:47:32.0724 4700 MpsSvc - ok

16:47:32.0748 4700 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

16:47:32.0754 4700 Mraid35x - ok

16:47:32.0760 4700 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

16:47:32.0763 4700 MRxDAV - ok

16:47:32.0787 4700 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

16:47:32.0790 4700 mrxsmb - ok

16:47:32.0805 4700 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:47:32.0809 4700 mrxsmb10 - ok

16:47:32.0827 4700 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:47:32.0829 4700 mrxsmb20 - ok

16:47:32.0848 4700 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys

16:47:32.0853 4700 msahci - ok

16:47:32.0866 4700 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

16:47:32.0873 4700 msdsm - ok

16:47:32.0909 4700 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

16:47:32.0916 4700 MSDTC - ok

16:47:32.0935 4700 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

16:47:32.0936 4700 Msfs - ok

16:47:32.0945 4700 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

16:47:32.0946 4700 msisadrv - ok

16:47:32.0970 4700 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

16:47:32.0978 4700 MSiSCSI - ok

16:47:32.0982 4700 msiserver - ok

16:47:33.0010 4700 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

16:47:33.0014 4700 MSKSSRV - ok

16:47:33.0030 4700 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

16:47:33.0033 4700 MSPCLOCK - ok

16:47:33.0047 4700 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

16:47:33.0051 4700 MSPQM - ok

16:47:33.0066 4700 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

16:47:33.0070 4700 MsRPC - ok

16:47:33.0097 4700 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

16:47:33.0102 4700 mssmbios - ok

16:47:33.0113 4700 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

16:47:33.0116 4700 MSTEE - ok

16:47:33.0122 4700 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys

16:47:33.0124 4700 Mup - ok

16:47:33.0148 4700 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll

16:47:33.0155 4700 napagent - ok

16:47:33.0195 4700 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

16:47:33.0196 4700 NativeWifiP - ok

16:47:33.0229 4700 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys

16:47:33.0238 4700 NDIS - ok

16:47:33.0243 4700 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

16:47:33.0244 4700 NdisTapi - ok

16:47:33.0253 4700 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

16:47:33.0258 4700 Ndisuio - ok

16:47:33.0270 4700 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

16:47:33.0271 4700 NdisWan - ok

16:47:33.0281 4700 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

16:47:33.0287 4700 NDProxy - ok

16:47:33.0300 4700 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

16:47:33.0302 4700 NetBIOS - ok

16:47:33.0312 4700 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys

16:47:33.0317 4700 netbt - ok

16:47:33.0321 4700 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe

16:47:33.0322 4700 Netlogon - ok

16:47:33.0348 4700 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

16:47:33.0354 4700 Netman - ok

16:47:33.0397 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:47:33.0417 4700 NetMsmqActivator - ok

16:47:33.0422 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:47:33.0423 4700 NetPipeActivator - ok

16:47:33.0450 4700 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

16:47:33.0455 4700 netprofm - ok

16:47:33.0460 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:47:33.0461 4700 NetTcpActivator - ok

16:47:33.0466 4700 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:47:33.0468 4700 NetTcpPortSharing - ok

16:47:33.0486 4700 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

16:47:33.0492 4700 nfrd960 - ok

16:47:33.0512 4700 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

16:47:33.0517 4700 NlaSvc - ok

16:47:33.0522 4700 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys

16:47:33.0523 4700 Npfs - ok

16:47:33.0532 4700 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

16:47:33.0535 4700 nsi - ok

16:47:33.0544 4700 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

16:47:33.0549 4700 nsiproxy - ok

16:47:33.0586 4700 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

16:47:33.0605 4700 Ntfs - ok

16:47:33.0615 4700 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

16:47:33.0615 4700 Null - ok

16:47:33.0640 4700 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

16:47:33.0647 4700 nvraid - ok

16:47:33.0667 4700 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

16:47:33.0673 4700 nvstor - ok

16:47:33.0690 4700 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

16:47:33.0698 4700 nv_agp - ok

16:47:33.0702 4700 NwlnkFlt - ok

16:47:33.0707 4700 NwlnkFwd - ok

16:47:33.0743 4700 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

16:47:33.0750 4700 ohci1394 - ok

16:47:33.0778 4700 [ 067DB5B067722997FCAFE1858163D411 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:47:33.0787 4700 ose - ok

16:47:33.0953 4700 [ 458169BA54CCF47D178DCB40D8158A7D ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:47:34.0041 4700 osppsvc - ok

16:47:34.0070 4700 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll

16:47:34.0082 4700 p2pimsvc - ok

16:47:34.0096 4700 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll

16:47:34.0102 4700 p2psvc - ok

16:47:34.0115 4700 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

16:47:34.0121 4700 Parport - ok

16:47:34.0128 4700 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys

16:47:34.0130 4700 partmgr - ok

16:47:34.0149 4700 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

16:47:34.0151 4700 PcaSvc - ok

16:47:34.0166 4700 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys

16:47:34.0168 4700 pci - ok

16:47:34.0217 4700 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys

16:47:34.0218 4700 pciide - ok

16:47:34.0255 4700 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

16:47:34.0265 4700 pcmcia - ok

16:47:34.0296 4700 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

16:47:34.0303 4700 PEAUTH - ok

16:47:34.0387 4700 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

16:47:34.0389 4700 PerfHost - ok

16:47:34.0470 4700 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

16:47:34.0488 4700 pla - ok

16:47:34.0513 4700 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll

16:47:34.0518 4700 PlugPlay - ok

16:47:34.0533 4700 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

16:47:34.0538 4700 PNRPAutoReg - ok

16:47:34.0552 4700 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll

16:47:34.0558 4700 PNRPsvc - ok

16:47:34.0584 4700 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

16:47:34.0592 4700 PolicyAgent - ok

16:47:34.0606 4700 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

16:47:34.0613 4700 PptpMiniport - ok

16:47:34.0635 4700 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

16:47:34.0641 4700 Processor - ok

16:47:34.0660 4700 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll

16:47:34.0664 4700 ProfSvc - ok

16:47:34.0674 4700 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe

16:47:34.0676 4700 ProtectedStorage - ok

16:47:34.0699 4700 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys

16:47:34.0700 4700 PSched - ok

16:47:34.0735 4700 [ A6BF0A9B5A30D743623CA0D3BE35DF05 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

16:47:34.0736 4700 PxHlpa64 - ok

16:47:34.0782 4700 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

16:47:34.0805 4700 ql2300 - ok

16:47:34.0821 4700 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

16:47:34.0829 4700 ql40xx - ok

16:47:34.0855 4700 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

16:47:34.0860 4700 QWAVE - ok

16:47:34.0872 4700 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

16:47:34.0873 4700 QWAVEdrv - ok

16:47:34.0884 4700 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

16:47:34.0885 4700 RasAcd - ok

16:47:34.0906 4700 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

16:47:34.0909 4700 RasAuto - ok

16:47:34.0926 4700 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

16:47:34.0947 4700 Rasl2tp - ok

16:47:34.0969 4700 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll

16:47:34.0973 4700 RasMan - ok

16:47:34.0983 4700 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

16:47:34.0989 4700 RasPppoe - ok

16:47:34.0995 4700 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

16:47:34.0996 4700 RasSstp - ok

16:47:35.0030 4700 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

16:47:35.0076 4700 rdbss - ok

16:47:35.0126 4700 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

16:47:35.0127 4700 RDPCDD - ok

16:47:35.0154 4700 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

16:47:35.0163 4700 rdpdr - ok

16:47:35.0168 4700 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

16:47:35.0171 4700 RDPENCDD - ok

16:47:35.0210 4700 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

16:47:35.0219 4700 RDPWD - ok

16:47:35.0251 4700 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

16:47:35.0253 4700 RemoteAccess - ok

16:47:35.0268 4700 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll

16:47:35.0278 4700 RemoteRegistry - ok

16:47:35.0329 4700 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys

16:47:35.0333 4700 RimUsb - ok

16:47:35.0360 4700 [ 0DE22421179D5A8440B68517DDF2B051 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

16:47:35.0361 4700 RimVSerPort - ok

16:47:35.0397 4700 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

16:47:35.0398 4700 ROOTMODEM - ok

16:47:35.0458 4700 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

16:47:35.0479 4700 Roxio UPnP Renderer 9 - ok

16:47:35.0528 4700 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe

16:47:35.0556 4700 Roxio Upnp Server 9 - ok

16:47:35.0604 4700 [ 36298AD2C6EC49A56A94580EFC112D5A ] RoxLiveShare9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

16:47:35.0634 4700 RoxLiveShare9 - ok

16:47:35.0683 4700 [ A9EFCEAC45EDE62CA05BB966B4798A14 ] RoxMediaDB9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

16:47:35.0718 4700 RoxMediaDB9 - ok

16:47:35.0746 4700 [ 5BD1FD70536147E393B39F86B9D13A92 ] RoxWatch9 C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

16:47:35.0775 4700 RoxWatch9 - ok

16:47:35.0796 4700 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

16:47:35.0798 4700 RpcLocator - ok

16:47:35.0828 4700 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll

16:47:35.0833 4700 RpcSs - ok

16:47:35.0843 4700 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

16:47:35.0849 4700 rspndr - ok

16:47:35.0891 4700 [ C6701C5F6781D7DED9208A4D554AC37B ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

16:47:35.0891 4700 RTL8169 - ok

16:47:35.0929 4700 [ C979AB0ECAE51A091770A54CF64D791B ] RTL8187B C:\Windows\system32\DRIVERS\wg111v3.sys

16:47:35.0940 4700 RTL8187B - ok

16:47:35.0975 4700 [ D1664991A07ACF2703D4A4E5BE4B6C80 ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys

16:47:35.0979 4700 RtlProt - ok

16:47:35.0984 4700 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe

16:47:35.0985 4700 SamSs - ok

16:47:36.0025 4700 [ 5BF35C4EA3F00FA8D3F1E5BF03D24584 ] SASDIFSV C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS

16:47:36.0046 4700 SASDIFSV - ok

16:47:36.0076 4700 [ A22F08C98AC2F44587BF3A1FB52BF8CD ] SASENUM C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS

16:47:36.0094 4700 SASENUM - ok

16:47:36.0115 4700 [ C7D81C10D3BEFEEE41F3408714637438 ] SASKUTIL C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys

16:47:36.0123 4700 SASKUTIL - ok

16:47:36.0172 4700 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

16:47:36.0190 4700 sbp2port - ok

16:47:36.0220 4700 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll

16:47:36.0224 4700 SCardSvr - ok

16:47:36.0260 4700 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll

16:47:36.0273 4700 Schedule - ok

16:47:36.0318 4700 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll

16:47:36.0319 4700 SCPolicySvc - ok

16:47:36.0343 4700 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

16:47:36.0347 4700 SDRSVC - ok

16:47:36.0357 4700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

16:47:36.0358 4700 secdrv - ok

16:47:36.0364 4700 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

16:47:36.0366 4700 seclogon - ok

16:47:36.0380 4700 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

16:47:36.0383 4700 SENS - ok

16:47:36.0403 4700 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

16:47:36.0409 4700 Serenum - ok

16:47:36.0431 4700 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

16:47:36.0438 4700 Serial - ok

16:47:36.0457 4700 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

16:47:36.0462 4700 sermouse - ok

16:47:36.0489 4700 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

16:47:36.0491 4700 SessionEnv - ok

16:47:36.0504 4700 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

16:47:36.0508 4700 sffdisk - ok

16:47:36.0517 4700 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

16:47:36.0522 4700 sffp_mmc - ok

16:47:36.0534 4700 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

16:47:36.0539 4700 sffp_sd - ok

16:47:36.0551 4700 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

16:47:36.0556 4700 sfloppy - ok

16:47:36.0611 4700 [ 6532F56E1BD7FE50E1352B909530C651 ] sftfs C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftfslh.sys

16:47:36.0627 4700 sftfs - ok

16:47:36.0648 4700 [ 596E6F76832E9BC6275F805F81C08085 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

16:47:36.0653 4700 sftlist - ok

16:47:36.0668 4700 [ E6FF02B1BD81EA2F6894066D5CB6D91E ] sftplay C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys

16:47:36.0677 4700 sftplay - ok

16:47:36.0701 4700 [ CFFB30B10C66F9A8C6A70D105BD4DE8D ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

16:47:36.0702 4700 Sftredir - ok

16:47:36.0717 4700 [ BAF32EF413025559C23754AFCABCA90A ] sftvol C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftvollh.sys

16:47:36.0718 4700 sftvol - ok

16:47:36.0730 4700 [ 741C2E8439E06670A9BA754AB27DD4A7 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

16:47:36.0732 4700 sftvsa - ok

16:47:36.0758 4700 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

16:47:36.0764 4700 SharedAccess - ok

16:47:36.0805 4700 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll

16:47:36.0811 4700 ShellHWDetection - ok

16:47:36.0833 4700 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

16:47:36.0839 4700 SiSRaid2 - ok

16:47:36.0856 4700 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

16:47:36.0863 4700 SiSRaid4 - ok

16:47:36.0915 4700 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

16:47:36.0972 4700 SkypeUpdate - ok

16:47:37.0032 4700 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe

16:47:37.0073 4700 slsvc - ok

16:47:37.0089 4700 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

16:47:37.0091 4700 SLUINotify - ok

16:47:37.0127 4700 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys

16:47:37.0129 4700 Smb - ok

16:47:37.0148 4700 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

16:47:37.0150 4700 SNMPTRAP - ok

16:47:37.0158 4700 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys

16:47:37.0160 4700 spldr - ok

16:47:37.0193 4700 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe

16:47:37.0223 4700 Spooler - ok

16:47:37.0295 4700 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys

16:47:37.0296 4700 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB

16:47:37.0297 4700 sptd ( LockedFile.Multi.Generic ) - warning

16:47:37.0297 4700 sptd - detected LockedFile.Multi.Generic (1)

16:47:37.0356 4700 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys

16:47:37.0363 4700 srv - ok

16:47:37.0380 4700 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

16:47:37.0383 4700 srv2 - ok

16:47:37.0399 4700 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

16:47:37.0401 4700 srvnet - ok

16:47:37.0413 4700 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

16:47:37.0416 4700 SSDPSRV - ok

16:47:37.0442 4700 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

16:47:37.0446 4700 SstpSvc - ok

16:47:37.0460 4700 Steam Client Service - ok

16:47:37.0487 4700 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll

16:47:37.0503 4700 stisvc - ok

16:47:37.0515 4700 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

16:47:37.0515 4700 swenum - ok

16:47:37.0599 4700 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

16:47:37.0635 4700 SwitchBoard - ok

16:47:37.0665 4700 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll

16:47:37.0673 4700 swprv - ok

16:47:37.0695 4700 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

16:47:37.0700 4700 Symc8xx - ok

16:47:37.0734 4700 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

16:47:37.0740 4700 Sym_hi - ok

16:47:37.0749 4700 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

16:47:37.0755 4700 Sym_u3 - ok

16:47:37.0790 4700 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll

16:47:37.0799 4700 SysMain - ok

16:47:37.0816 4700 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

16:47:37.0818 4700 TabletInputService - ok

16:47:37.0838 4700 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll

16:47:37.0844 4700 TapiSrv - ok

16:47:37.0855 4700 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

16:47:37.0863 4700 TBS - ok

16:47:37.0915 4700 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

16:47:37.0933 4700 Tcpip - ok

16:47:37.0964 4700 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

16:47:37.0972 4700 Tcpip6 - ok

16:47:37.0982 4700 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

16:47:38.0004 4700 tcpipreg - ok

16:47:38.0019 4700 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

16:47:38.0024 4700 TDPIPE - ok

16:47:38.0040 4700 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

16:47:38.0044 4700 TDTCP - ok

16:47:38.0062 4700 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

16:47:38.0063 4700 tdx - ok

16:47:38.0077 4700 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

16:47:38.0083 4700 TermDD - ok

16:47:38.0116 4700 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll

16:47:38.0125 4700 TermService - ok

16:47:38.0133 4700 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll

16:47:38.0137 4700 Themes - ok

16:47:38.0149 4700 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

16:47:38.0151 4700 THREADORDER - ok

16:47:38.0165 4700 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

16:47:38.0169 4700 TrkWks - ok

16:47:38.0204 4700 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

16:47:38.0205 4700 TrustedInstaller - ok

16:47:38.0251 4700 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

16:47:38.0252 4700 tssecsrv - ok

16:47:38.0269 4700 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

16:47:38.0270 4700 tunmp - ok

16:47:38.0309 4700 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

16:47:38.0310 4700 tunnel - ok

16:47:38.0332 4700 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

16:47:38.0338 4700 uagp35 - ok

16:47:38.0377 4700 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

16:47:38.0387 4700 udfs - ok

16:47:38.0412 4700 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

16:47:38.0415 4700 UI0Detect - ok

16:47:38.0432 4700 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

16:47:38.0438 4700 uliagpkx - ok

16:47:38.0460 4700 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

16:47:38.0470 4700 uliahci - ok

16:47:38.0487 4700 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

16:47:38.0494 4700 UlSata - ok

16:47:38.0513 4700 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

16:47:38.0522 4700 ulsata2 - ok

16:47:38.0544 4700 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

16:47:38.0549 4700 umbus - ok

16:47:38.0576 4700 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys

16:47:38.0581 4700 UMPass - ok

16:47:38.0600 4700 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

16:47:38.0608 4700 upnphost - ok

16:47:38.0660 4700 [ C899FB269BE4740DBE2801B204CD71D4 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

16:47:38.0667 4700 usbaudio - ok

16:47:38.0714 4700 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

16:47:38.0715 4700 usbccgp - ok

16:47:38.0742 4700 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

16:47:38.0751 4700 usbcir - ok

16:47:38.0764 4700 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

16:47:38.0770 4700 usbehci - ok

16:47:38.0790 4700 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

16:47:38.0795 4700 usbhub - ok

16:47:38.0827 4700 [ 540B622DA0949695C40CDC9D5D497A8B ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

16:47:38.0831 4700 usbohci - ok

16:47:38.0873 4700 [ 07E2F74BA2930A302C96E027CF03CD34 ] USBPNPA C:\Windows\system32\drivers\CM10864.sys

16:47:38.0886 4700 USBPNPA - ok

16:47:38.0926 4700 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

16:47:38.0942 4700 usbprint - ok

16:47:38.0970 4700 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

16:47:38.0975 4700 usbscan - ok

16:47:39.0016 4700 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:47:39.0032 4700 USBSTOR - ok

16:47:39.0054 4700 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

16:47:39.0058 4700 usbuhci - ok

16:47:39.0105 4700 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

16:47:39.0112 4700 usbvideo - ok

16:47:39.0141 4700 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll

16:47:39.0143 4700 UxSms - ok

16:47:39.0162 4700 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe

16:47:39.0170 4700 vds - ok

16:47:39.0191 4700 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

16:47:39.0196 4700 vga - ok

16:47:39.0211 4700 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

16:47:39.0212 4700 VgaSave - ok

16:47:39.0234 4700 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

16:47:39.0250 4700 viaide - ok

16:47:39.0285 4700 [ 5F974FDE801C73952770736BECDE11E7 ] Viewpoint Manager Service C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe

16:47:39.0309 4700 Viewpoint Manager Service - ok

16:47:39.0327 4700 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys

16:47:39.0329 4700 volmgr - ok

16:47:39.0338 4700 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

16:47:39.0344 4700 volmgrx - ok

16:47:39.0366 4700 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys

16:47:39.0370 4700 volsnap - ok

16:47:39.0396 4700 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

16:47:39.0403 4700 vsmraid - ok

16:47:39.0455 4700 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe

16:47:39.0477 4700 VSS - ok

16:47:39.0497 4700 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll

16:47:39.0504 4700 W32Time - ok

16:47:39.0527 4700 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

16:47:39.0531 4700 WacomPen - ok

16:47:39.0555 4700 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

16:47:39.0556 4700 Wanarp - ok

16:47:39.0560 4700 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

16:47:39.0561 4700 Wanarpv6 - ok

16:47:39.0583 4700 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll

16:47:39.0592 4700 wcncsvc - ok

16:47:39.0606 4700 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

16:47:39.0609 4700 WcsPlugInService - ok

16:47:39.0623 4700 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

16:47:39.0628 4700 Wd - ok

16:47:39.0663 4700 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

16:47:39.0672 4700 Wdf01000 - ok

16:47:39.0683 4700 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

16:47:39.0686 4700 WdiServiceHost - ok

16:47:39.0690 4700 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

16:47:39.0692 4700 WdiSystemHost - ok

16:47:39.0756 4700 [ 58C93841B12E5897651EF3342F09C9F1 ] Web Assistant Updater C:\Program Files\Web Assistant\ExtensionUpdaterService.exe

16:47:39.0757 4700 Web Assistant Updater - ok

16:47:39.0770 4700 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll

16:47:39.0775 4700 WebClient - ok

16:47:39.0810 4700 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

16:47:39.0815 4700 Wecsvc - ok

16:47:39.0831 4700 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

16:47:39.0834 4700 wercplsupport - ok

16:47:39.0855 4700 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll

16:47:39.0859 4700 WerSvc - ok

16:47:39.0874 4700 WinDefend - ok

16:47:39.0882 4700 WinHttpAutoProxySvc - ok

16:47:39.0919 4700 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

16:47:39.0930 4700 Winmgmt - ok

16:47:39.0987 4700 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

16:47:40.0015 4700 WinRM - ok

16:47:40.0053 4700 [ 2215B7B794B3B7E5CC9FC423E985E2AA ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

16:47:40.0060 4700 WinUSB - ok

16:47:40.0108 4700 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll

16:47:40.0117 4700 Wlansvc - ok

16:47:40.0183 4700 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:47:40.0212 4700 wlidsvc - ok

16:47:40.0232 4700 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

16:47:40.0236 4700 WmiAcpi - ok

16:47:40.0281 4700 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

16:47:40.0289 4700 wmiApSrv - ok

16:47:40.0299 4700 WMPNetworkSvc - ok

16:47:40.0328 4700 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

16:47:40.0332 4700 WPCSvc - ok

16:47:40.0344 4700 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

16:47:40.0348 4700 WPDBusEnum - ok

16:47:40.0390 4700 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

16:47:40.0395 4700 WpdUsb - ok

16:47:40.0505 4700 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

16:47:40.0515 4700 WPFFontCache_v0400 - ok

16:47:40.0535 4700 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

16:47:40.0539 4700 ws2ifsl - ok

16:47:40.0556 4700 [ CB8EA6D95949384925CCFCA21CC6DFD8 ] wscsvc C:\Windows\System32\wscsvc.dll

16:47:40.0559 4700 wscsvc - ok

16:47:40.0563 4700 WSearch - ok

16:47:40.0630 4700 [ FB3796754FE00F0BDC87A36F164A5F4D ] wuauserv C:\Windows\system32\wuaueng.dll

16:47:40.0660 4700 wuauserv - ok

16:47:40.0680 4700 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

16:47:40.0681 4700 WudfPf - ok

16:47:40.0706 4700 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

16:47:40.0714 4700 WUDFRd - ok

16:47:40.0726 4700 [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

16:47:40.0729 4700 wudfsvc - ok

16:47:40.0781 4700 [ DA1C23F65EF1894AB5B6FF79D81F544A ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys

16:47:40.0801 4700 xnacc - ok

16:47:40.0839 4700 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

16:47:40.0845 4700 xusb21 - ok

16:47:40.0888 4700 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

16:47:40.0924 4700 YahooAUService - ok

16:47:41.0129 4700 [ 9D6545A29F9E556E3EB7B2B565612B9A ] ZuneNetworkSvc c:\Program Files\Zune\ZuneNss.exe

16:47:41.0244 4700 ZuneNetworkSvc - ok

16:47:41.0270 4700 [ A462202521D21127910F51D1C2BBE1AE ] ZuneWlanCfgSvc c:\Windows\system32\ZuneWlanCfgSvc.exe

16:47:41.0289 4700 ZuneWlanCfgSvc - ok

16:47:41.0300 4700 ================ Scan global ===============================

16:47:41.0321 4700 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

16:47:41.0358 4700 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

16:47:41.0372 4700 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll

16:47:41.0405 4700 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe

16:47:41.0409 4700 [Global] - ok

16:47:41.0409 4700 ================ Scan MBR ==================================

16:47:41.0416 4700 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

16:47:41.0774 4700 \Device\Harddisk0\DR0 - ok

16:47:41.0775 4700 ================ Scan VBR ==================================

16:47:41.0778 4700 [ 87CB1B07CB173479F0AE8D3DC675FC6D ] \Device\Harddisk0\DR0\Partition1

16:47:41.0780 4700 \Device\Harddisk0\DR0\Partition1 - ok

16:47:41.0813 4700 [ EA514D21F14FAD668BB6CEDA4958F98F ] \Device\Harddisk0\DR0\Partition2

16:47:41.0815 4700 \Device\Harddisk0\DR0\Partition2 - ok

16:47:41.0815 4700 ============================================================

16:47:41.0815 4700 Scan finished

16:47:41.0815 4700 ============================================================

16:47:41.0823 3128 Detected object count: 2

16:47:41.0823 3128 Actual detected object count: 2

16:47:50.0769 3128 Akamai ( HiddenFile.Multi.Generic ) - skipped by user

16:47:50.0769 3128 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

16:47:50.0769 3128 sptd ( LockedFile.Multi.Generic ) - skipped by user

16:47:50.0769 3128 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

16:48:54.0970 2944 Deinitialize success

Run date: 2013-06-02 16:49:14

-----------------------------

16:49:14.442 OS Version: Windows x64 6.0.6001 Service Pack 1

16:49:14.443 Number of processors: 4 586 0xF0B

16:49:14.443 ComputerName: MORBIUSLIADO-PC UserName: Morbius Liadon

16:49:16.628 Initialize success

16:49:37.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-6

16:49:37.813 Disk 0 Vendor: SAMSUNG_HD103UJ 1AA01118 Size: 953869MB BusType: 3

16:49:37.830 Disk 0 MBR read successfully

16:49:37.833 Disk 0 MBR scan

16:49:37.836 Disk 0 Windows VISTA default MBR code

16:49:38.047 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 853866 MB offset 2048

16:49:38.576 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99999 MB offset 1748721664

16:49:39.107 Disk 0 scanning C:\Windows\system32\drivers

16:53:35.281 Service scanning

16:53:42.391 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32

16:53:45.444 Modules scanning

16:53:45.445 Disk 0 trace - called modules:

16:53:45.453 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8005db92c0]<<spww.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys

16:53:45.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80061aa490]

16:53:45.455 3 CLASSPNP.SYS[fffffa60011d5b3a] -> nt!IofCallDriver -> [0xfffffa80061b0520]

16:53:45.455 5 acpi.sys[fffffa60007a0ff6] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-6[0xfffffa80061b0940]

16:53:45.455 \Driver\atapi[0xfffffa8005ecd8f0] -> IRP_MJ_CREATE -> 0xfffffa8005db92c0

16:53:45.456 Scan finished successfully

16:54:53.263 Disk 0 MBR has been saved successfully to "C:\Users\Morbius Liadon\Desktop\diag\MBR.dat"

16:54:53.271 The log file has been saved successfully to "C:\Users\Morbius Liadon\Desktop\diag\aswMBR.txt"

Psychotic · June 3, 2013

Step 1: defogger

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers.
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2: Uninstall programs

Press the Windows- and the R-key simultanously.
Within the textbox, write appwiz.cpl, click OK.
Search for and remove the following programs
toolbar on IE and Chrome
7plugincoupon
AIM Toolbar
applicationupdater
Ask Toolbar
Claro LTD toolbar
DAEMON Tools Toolbar
Freecorder Toolbar
Incredibar Toolbar on IE
Snap.Do
Close the window.

Step 3: Combofix

Combofix

Combofix should only be run when adviced by a team member!

Link

Important - Save the file to your desktop!

Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Morbius · June 4, 2013

<p>Here is the Combofix log.</p>

<div>ComboFix 13-06-03.06 - Morbius Liadon 06/03/2013 21:15:42.1.4 - x64</div>

<div>Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.5887.4017 [GMT -7:00]</div>

<div>Running from: c:\users\Morbius Liadon\Downloads\ComboFix.exe</div>

<div>AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}</div>

<div>SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}</div>

<div>SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>

<div>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>C:\Install.exe</div>

<div>c:\programdata\40492792</div>

<div>c:\programdata\MaGniiPuicc</div>

<div>c:\programdata\MaGniiPuicc\5174fe76c3c37.tlb</div>

<div>c:\programdata\MaGniiPuicc\settings.ini</div>

<div>c:\programdata\MaGniiPuicc\uninstall.exe</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\MaGniiPuicc</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\MaGniiPuicc\MaGniiPuicc.lnk</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\MaGniiPuicc\Uninstall.lnk</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\Uninstall wxDownload Fast.lnk</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\wxDownload Fast on the Web.lnk</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\wxDownload Fast\wxDownload Fast.lnk</div>

<div>c:\users\Morbius Liadon\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E688D975-6A94-4E2C-AEBB-049FFB2D461A}.xps</div>

<div>c:\users\Morbius Liadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery</div>

<div>c:\users\Morbius Liadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk</div>

<div>c:\users\Morbius Liadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk</div>

<div>c:\windows\Installer\{96EF451E-A402-44D8-BAEE-D70D558A4122}\New_Shortcut_S1449_0EB7CDB78E0C4A918D2CA535D5B8160C.exe</div>

<div>c:\windows\SysWow64\URTTemp</div>

<div>c:\windows\SysWow64\URTTemp\regtlib.exe</div>

<div>((((((((((((((((((((((((( Files Created from 2013-05-04 to 2013-06-04 )))))))))))))))))))))))))))))))</div>

<div>2013-06-04 04:26 . 2013-06-04 04:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Mcx1\AppData\Local\temp</div>

<div>2013-06-04 04:26 . 2013-06-04 04:26<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>

<div>2013-06-04 02:51 . 2013-06-04 02:51<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\_MSRSTRT.EXE</div>

<div>2013-06-04 02:47 . 2013-06-04 02:47<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\AppData\Roaming\Sony Online Entertainment</div>

<div>2013-06-03 04:15 . 2013-06-03 04:17<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\Game of Thrones S03E09 HDTV x264-EVOLVE[ettv]</div>

<div>2013-06-01 08:35 . 2013-06-02 09:18<span class="Apple-tab-span" style="white-space:pre"> </span>76232<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{30D11013-79AC-4FE4-819A-F33DA6852BE0}\offreg.dll</div>

<div>2013-05-31 10:20 . 2013-05-13 06:37<span class="Apple-tab-span" style="white-space:pre"> </span>9460464<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\Microsoft\Windows Defender\Definition Updates\{30D11013-79AC-4FE4-819A-F33DA6852BE0}\mpengine.dll</div>

<div>2013-05-21 01:20 . 2013-05-21 01:22<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\Game of Thrones S03E08 HDTV x264-EVOLVE[ettv]</div>

<div>2013-05-20 12:12 . 2013-05-20 12:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Bethesda Softworks</div>

<div>2013-05-20 09:20 . 2013-05-20 12:12<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\Dishonored-SKIDROW</div>

<div>2013-05-15 16:51 . 2013-05-15 16:51<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\AppData\Local\Octodad</div>

<div>2013-05-15 16:46 . 2013-05-15 16:50<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\Octodad</div>

<div>2013-05-10 09:42 . 2013-05-14 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\Farrah Superstar Backdoor Teen Mom</div>

<div>2013-05-05 12:58 . 2013-05-05 13:02<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\AppData\Roaming\Blackboard</div>

<div>2013-05-05 08:56 . 2013-05-05 08:57<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Morbius Liadon\Game of Thrones S03E05</div>

<div>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>2013-05-15 10:01 . 2006-11-02 12:35<span class="Apple-tab-span" style="white-space:pre"> </span>75016696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\mrt.exe</div>

<div>2013-05-02 09:06 . 2009-10-03 10:02<span class="Apple-tab-span" style="white-space:pre"> </span>278800<span class="Apple-tab-span" style="white-space:pre"> </span>------w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MpSigStub.exe</div>

<div>2013-04-04 21:50 . 2009-12-12 08:17<span class="Apple-tab-span" style="white-space:pre"> </span>25928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>78432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atimpc64.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>78432<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\amdpcom64.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>71704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atimpc32.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>71704<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\amdpcom32.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>139696<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiuxp64.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>118584<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiuxpag.dll</div>

<div>2013-03-29 02:37 . 2012-07-28 01:13<span class="Apple-tab-span" style="white-space:pre"> </span>92304<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiu9pag.dll</div>

<div>2013-03-29 02:37 . 2011-04-20 01:21<span class="Apple-tab-span" style="white-space:pre"> </span>112440<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiu9p64.dll</div>

<div>2013-03-29 02:37 . 2013-03-29 02:37<span class="Apple-tab-span" style="white-space:pre"> </span>1155264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aticfx64.dll</div>

<div>2013-03-29 02:37 . 2012-07-28 02:15<span class="Apple-tab-span" style="white-space:pre"> </span>970912<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\aticfx32.dll</div>

<div>2013-03-29 02:36 . 2013-03-29 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>8272136<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atidxx64.dll</div>

<div>2013-03-29 02:36 . 2013-03-29 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>7233336<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atidxx32.dll</div>

<div>2013-03-29 02:36 . 2012-07-28 01:32<span class="Apple-tab-span" style="white-space:pre"> </span>4450264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiumdva.dll</div>

<div>2013-03-29 02:36 . 2012-07-28 04:09<span class="Apple-tab-span" style="white-space:pre"> </span>5944264<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiumdag.dll</div>

<div>2013-03-29 02:36 . 2013-03-29 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>5000320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiumd6a.dll</div>

<div>2013-03-29 02:36 . 2013-03-29 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>6985624<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiumd64.dll</div>

<div>2013-03-29 02:35 . 2013-03-29 02:35<span class="Apple-tab-span" style="white-space:pre"> </span>11658752<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\atikmdag.sys</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>222720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\clinfo.exe</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>798734<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\amdocl_ld32.exe</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>1187342<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\amdocl_as64.exe</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>1061902<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\amdocl_ld64.exe</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>995342<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\amdocl_as32.exe</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>76288<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\OpenVideo64.dll</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>65536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\OpenVideo.dll</div>

<div>2013-03-29 02:13 . 2013-03-29 02:13<span class="Apple-tab-span" style="white-space:pre"> </span>64000<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\OVDecode64.dll</div>

<div>2013-03-29 02:12 . 2013-03-29 02:12<span class="Apple-tab-span" style="white-space:pre"> </span>56320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\OVDecode.dll</div>

<div>2013-03-29 02:12 . 2013-03-29 02:12<span class="Apple-tab-span" style="white-space:pre"> </span>29150720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\amdocl64.dll</div>

<div>2013-03-29 02:10 . 2013-03-29 02:10<span class="Apple-tab-span" style="white-space:pre"> </span>23810560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\amdocl.dll</div>

<div>2013-03-29 02:09 . 2013-03-29 02:09<span class="Apple-tab-span" style="white-space:pre"> </span>54784<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\OpenCL.dll</div>

<div>2013-03-29 02:09 . 2013-03-29 02:09<span class="Apple-tab-span" style="white-space:pre"> </span>50176<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\OpenCL.dll</div>

<div>2013-03-29 02:04 . 2013-03-29 02:04<span class="Apple-tab-span" style="white-space:pre"> </span>24229376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atio6axx.dll</div>

<div>2013-03-29 02:00 . 2013-03-29 02:00<span class="Apple-tab-span" style="white-space:pre"> </span>76800<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\coinst_12.104.dll</div>

<div>2013-03-29 01:57 . 2013-03-29 01:57<span class="Apple-tab-span" style="white-space:pre"> </span>163840<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiapfxx.exe</div>

<div>2013-03-29 01:55 . 2013-03-29 01:55<span class="Apple-tab-span" style="white-space:pre"> </span>51200<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aticalrt64.dll</div>

<div>2013-03-29 01:55 . 2013-03-29 01:55<span class="Apple-tab-span" style="white-space:pre"> </span>46080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\aticalrt.dll</div>

<div>2013-03-29 01:55 . 2013-03-29 01:55<span class="Apple-tab-span" style="white-space:pre"> </span>44544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aticalcl64.dll</div>

<div>2013-03-29 01:55 . 2013-03-29 01:55<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\aticalcl.dll</div>

<div>2013-03-29 01:55 . 2013-03-29 01:55<span class="Apple-tab-span" style="white-space:pre"> </span>16082944<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\aticaldd64.dll</div>

<div>2013-03-29 01:51 . 2013-03-29 01:51<span class="Apple-tab-span" style="white-space:pre"> </span>13703168<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\aticaldd.dll</div>

<div>2013-03-29 01:48 . 2013-03-29 01:48<span class="Apple-tab-span" style="white-space:pre"> </span>19870720<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atioglxx.dll</div>

<div>2013-03-29 01:35 . 2013-03-29 01:35<span class="Apple-tab-span" style="white-space:pre"> </span>442368<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atidemgy.dll</div>

<div>2013-03-29 01:35 . 2013-03-29 01:35<span class="Apple-tab-span" style="white-space:pre"> </span>562688<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atieclxx.exe</div>

<div>2013-03-29 01:34 . 2013-03-29 01:34<span class="Apple-tab-span" style="white-space:pre"> </span>241152<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiesrxx.exe</div>

<div>2013-03-29 01:33 . 2013-03-29 01:33<span class="Apple-tab-span" style="white-space:pre"> </span>120320<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atitmm64.dll</div>

<div>2013-03-29 01:32 . 2013-03-29 01:32<span class="Apple-tab-span" style="white-space:pre"> </span>26112<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atimuixx.dll</div>

<div>2013-03-29 01:32 . 2013-03-29 01:32<span class="Apple-tab-span" style="white-space:pre"> </span>59392<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiedu64.dll</div>

<div>2013-03-29 01:32 . 2013-03-29 01:32<span class="Apple-tab-span" style="white-space:pre"> </span>43520<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ati2edxx.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>636416<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiadlxx.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>430080<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiadlxy.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>17920<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atig6pxx.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>14848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atiglpxx.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>14848<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atiglpxx.dll</div>

<div>2013-03-29 01:10 . 2013-03-29 01:10<span class="Apple-tab-span" style="white-space:pre"> </span>44032<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atig6txx.dll</div>

<div>2013-03-29 01:09 . 2013-03-29 01:09<span class="Apple-tab-span" style="white-space:pre"> </span>34816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\atigktxx.dll</div>

<div>2013-03-29 01:09 . 2013-03-29 01:09<span class="Apple-tab-span" style="white-space:pre"> </span>581120<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\atikmpag.sys</div>

<div>2013-03-29 01:07 . 2013-03-29 01:07<span class="Apple-tab-span" style="white-space:pre"> </span>53248<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ati2erec.dll</div>

<div>2013-03-29 01:07 . 2011-04-20 01:21<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\atitmp64.dll</div>

<div>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</div>

<div>*Note* empty entries & legit default entries are not shown </div>

<div>REGEDIT4</div>

<div>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]</div>

<div>"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-11-26 1525088]</div>

<div>[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]</div>

<div>[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]</div>

<div>[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]</div>

<div>[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]</div>

<div>2012-07-12 18:46<span class="Apple-tab-span" style="white-space:pre"> </span>162816<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\Web Assistant\Extension32.dll</div>

<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Akamai NetSession Interface"="c:\users\Morbius Liadon\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]</div>

<div>"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-20 399736]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]</div>

<div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]</div>

<div>"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]</div>

<div>"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]</div>

<div>"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-07-31 2023936]</div>

<div>"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]</div>

<div>"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]</div>

<div>"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]</div>

<div>"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-01 1263512]</div>

<div>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>

<div>"PrivitizeVPN"="c:\program files (x86)\PrivitizeVPN\PrivitizeVPN.exe" [2013-04-22 196784]</div>

<div>"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]</div>

<div>[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]</div>

<div>"LabelMaker2.0"="c:\program files (x86)\Common Files\MySoftware\regdll.dll" [2006-08-03 94208]</div>

<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>

<div>BDARemote.lnk - c:\program files (x86)\USB TV\EM28XX\BDARemote.exe [2009-11-1 81997]</div>

<div>NETGEAR WG111v3 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WG111v3\WG111v3.exe [2008-6-13 2498560]</div>

<div>Ultra Hal Text-to-Speech Reader Startup.lnk - [N/A]</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>

<div>"EnableUIADesktopToggle"= 0 (0x0)</div>

<div>[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]</div>

<div>"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]</div>

<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]</div>

<div>2009-09-03 22:21<span class="Apple-tab-span" style="white-space:pre"> </span>548352<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]</div>

<div>@="Service"</div>

<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>

<div>Akamai<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>Akamai</div>

<div>HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs</div>

<div>Themes</div>

<div>Contents of the 'Scheduled Tasks' folder</div>

<div>2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 13:02]</div>

<div>2013-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</div>

<div>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-06 13:02]</div>

<div>2013-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416004185-852997876-3554588183-1000Core.job</div>

<div>- c:\users\Morbius Liadon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 21:56]</div>

<div>2013-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3416004185-852997876-3554588183-1000UA.job</div>

<div>- c:\users\Morbius Liadon\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-31 21:56]</div>

<div>2013-06-03 c:\windows\Tasks\User_Feed_Synchronization-{08F944BC-915C-41C0-834D-0952645B46F2}.job</div>

<div>- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]</div>

<div>--------- X64 Entries -----------</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>

<div>"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 163568]</div>

<div>"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2009-07-31 2023936]</div>

<div>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]</div>

<div>"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-08 8146944]</div>

<div>"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]</div>

<div>------- Supplementary Scan -------</div>

<div>uLocal Page = c:\windows\system32\blank.htm</div>

<div>mLocal Page = %SystemRoot%\system32\blank.htm</div>

<div>uInternet Settings,ProxyOverride = <local></div>

<div>uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970</div>

<div>mSearchAssistant = hxxp://searchou.com/?q={searchTerms}&id=dcc2538500000000000000508d9dfb7c&r=742</div>

<div>Trusted Zone: clonewarsadventures.com</div>

<div>Trusted Zone: freerealms.com</div>

<div>Trusted Zone: soe.com</div>

<div>Trusted Zone: sony.com</div>

<div>TCP: DhcpNameServer = 192.168.1.1</div>

<div>FF - ProfilePath - c:\users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\</div>

<div>FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=</div>

<div>FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)</div>

<div>FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c</div>

<div>FF - ExtSQL: 2013-05-06 02:55; ffxtlbr@privitize.com; c:\users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\ffxtlbr@privitize.com</div>

<div>FF - ExtSQL: 2013-05-06 02:55; za615t@vecbkb.co.uk; c:\users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\za615t@vecbkb.co.uk</div>

<div>FF - ExtSQL: !HIDDEN! 2009-09-16 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</div>

<div>FF - user.js: extensions.incredibar_i.newTab - false</div>

<div>FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQI3IwssM&loc=IB_TB&i=26&search=</div>

<div>FF - user.js: extensions.incredibar_i.id - dcc2538500000000000000508d9dfb7c</div>

<div>FF - user.js: extensions.incredibar_i.instlDay - 15581</div>

<div>FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14</div>

<div>FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14</div>

<div>FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1413:49</div>

<div>FF - user.js: extensions.incredibar_i.prtnrId - Incredibar</div>

<div>FF - user.js: extensions.incredibar_i.prdct - incredibar</div>

<div>FF - user.js: extensions.incredibar_i.aflt - orgnl</div>

<div>FF - user.js: extensions.incredibar_i.smplGrp - none</div>

<div>FF - user.js: extensions.incredibar_i.tlbrId - base</div>

<div>FF - user.js: extensions.incredibar_i.instlRef - </div>

<div>FF - user.js: extensions.incredibar_i.dfltLng - </div>

<div>FF - user.js: extensions.incredibar_i.excTlbr - false</div>

<div>FF - user.js: extensions.incredibar_i.ms_url_id - </div>

<div>FF - user.js: extensions.incredibar_i.upn2 - 6PQI3IwssM</div>

<div>FF - user.js: extensions.incredibar_i.upn2n - 92543491238592712</div>

<div>FF - user.js: extensions.incredibar_i.productid - 26</div>

<div>FF - user.js: extensions.incredibar_i.installerproductid - 26</div>

<div>FF - user.js: extensions.incredibar_i.did - 10659</div>

<div>FF - user.js: extensions.incredibar_i.ppd - 102%5F6</div>

<div>FF - user.js: extensions.claro.tlbrSrchUrl - </div>

<div>FF - user.js: extensions.claro.id - dcc2538500000000000000508d9dfb7c</div>

<div>FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}</div>

<div>FF - user.js: extensions.claro.instlDay - 15641</div>

<div>FF - user.js: extensions.claro.vrsn - 1.8.3.10</div>

<div>FF - user.js: extensions.claro.vrsni - 1.8.3.10</div>

<div>FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:34</div>

<div>FF - user.js: extensions.claro.prtnrId - claro</div>

<div>FF - user.js: extensions.claro.prdct - claro</div>

<div>FF - user.js: extensions.claro.aflt - babsst</div>

<div>FF - user.js: extensions.claro_i.smplGrp - none</div>

<div>FF - user.js: extensions.claro.tlbrId - claro</div>

<div>FF - user.js: extensions.claro.instlRef - sst</div>

<div>FF - user.js: extensions.claro.dfltLng - en</div>

<div>FF - user.js: extensions.claro.excTlbr - false</div>

<div>FF - user.js: extensions.claro.admin - false</div>

<div>FF - user.js: extensions.privitize.hpOld0 - hxxp://www.yahoo.com/?ilc=8</div>

<div>FF - user.js: extensions.privitize.tlbrSrchUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c&q=</div>

<div>FF - user.js: extensions.privitize.id - dcc2538500000000000000508d9dfb7c</div>

<div>FF - user.js: extensions.privitize.appId - {301966DF-A84B-4255-AAB9-574B5CE237E4}</div>

<div>FF - user.js: extensions.privitize.instlDay - 15817</div>

<div>FF - user.js: extensions.privitize.vrsn - 1.8.16.22</div>

<div>FF - user.js: extensions.privitize.vrsni - 1.8.16.22</div>

<div>FF - user.js: extensions.privitize.vrsnTs - 1.8.16.221:30</div>

<div>FF - user.js: extensions.privitize.prtnrId - privitize</div>

<div>FF - user.js: extensions.privitize.prdct - privitize</div>

<div>FF - user.js: extensions.privitize.aflt - orgnl</div>

<div>FF - user.js: extensions.privitize.smplGrp - none</div>

<div>FF - user.js: extensions.privitize.tlbrId - base</div>

<div>FF - user.js: extensions.privitize.instlRef - </div>

<div>FF - user.js: extensions.privitize.dfltLng - </div>

<div>FF - user.js: extensions.privitize.excTlbr - true</div>

<div>FF - user.js: extensions.privitize.ffxUnstlRst - false</div>

<div>FF - user.js: extensions.privitize.admin - false</div>

<div>FF - user.js: extensions.privitize.autoRvrt - false</div>

<div>FF - user.js: extensions.privitize.rvrt - false</div>

<div>FF - user.js: extensions.privitize.hmpg - true</div>

<div>FF - user.js: extensions.privitize.hmpgUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c</div>

<div>FF - user.js: extensions.privitize.dfltSrch - true</div>

<div>FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)</div>

<div>FF - user.js: extensions.privitize.kw_url - hxxp://searchou.com/?q={searchTerms}&id=dcc2538500000000000000508d9dfb7c</div>

<div>FF - user.js: extensions.privitize.dnsErr - true</div>

<div>FF - user.js: extensions.privitize.newTab - true</div>

<div>FF - user.js: extensions.privitize.newTabUrl - hxxp://searchou.com/?id=dcc2538500000000000000508d9dfb7c</div>

<div>- - - - ORPHANS REMOVED - - - -</div>

<div>Wow6432Node-HKCU-Run-AdobeBridge - (no file)</div>

<div>Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe</div>

<div>SafeBoot-WudfPf</div>

<div>SafeBoot-WudfRd</div>

<div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div>

<div>AddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c:\programdata\MaGniiPuicc\uninstall.exe</div>

<div>AddRemove-Gas Properties - c:\windows\system32\javaws.exe</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai]</div>

<div>"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"</div>

<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>

<div>[HKEY_USERS\S-1-5-21-3416004185-852997876-3554588183-1000\Software\SecuROM\License information*]</div>

<div>"datasecu"=hex:1c,38,42,42,ec,ad,f4,77,20,e1,7c,1a,ef,07,05,b0,67,09,b5,99,18,</div>

<div>"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="FlashBroker"</div>

<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div>

<div>"Enabled"=dword:00000001</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Shockwave Flash Object"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="ShockwaveFlash.ShockwaveFlash"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="Macromedia Flash Factory Object"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"</div>

<div>"ThreadingModel"="Apartment"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>

<div>@="FlashFactory.FlashFactory.1"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>

<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>

<div>@="FlashFactory.FlashFactory"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>@="IFlashBroker4"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div>

<div>"Version"="1.0"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]</div>

<div>@="Shockwave Flash"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]</div>

<div>@Denied: (A 2) (Everyone)</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]</div>

<div>@="FlashBroker"</div>

<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]</div>

<div>"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,</div>

<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>

<div>@Denied: (A) (Users)</div>

<div>@Denied: (A) (Everyone)</div>

<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>

<div>"BlindDial"=dword:00000000</div>

<div>Completion time: 2013-06-03 21:29:04</div>

<div>ComboFix-quarantined-files.txt 2013-06-04 04:29</div>

<div>Pre-Run: 165,623,472,128 bytes free</div>

<div>Post-Run: 169,671,016,448 bytes free</div>

<div>- - End Of File - - 15A40F0E1B653C3988AAABF67FD0455E</div>

Morbius · June 4, 2013

I'm not sure how that HTML got in the post. Here is the log attached so it will be easier to read.

ComboFix.txt

Psychotic · June 4, 2013

Scan with adwCleaner

Please download AdwCleaner to your desktop.

Run adwcleaner.exe.
Hit delete.
When the run is finished, it will open up a text file.
Please post its contents within your next reply.
You´ll find the log file at C:\AdwCleaner[s1].txt also.

SecurityCheck

Please download SecurityCheck from one of the following mirrors: LINK1 LINK2

Save the file to your desktop.
Run Securitycheck.exe and follow the instructions within the DOS-Box.
When the scan is finished it will open up a text file (checkup.txt).

Post its content within your next reply.
Please go to here to run the online scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Morbius · June 5, 2013

Sorry about the wait, I have been busy at work! Running the scans when I get home.

Psychotic · June 5, 2013

No problem!

Morbius · June 7, 2013

<div># AdwCleaner v2.302 - Logfile created 06/07/2013 at 04:19:45</div>

<div># Updated 06/06/2013 by Xplode</div>

<div># Operating system : Windows Vista Home Premium Service Pack 1 (64 bits)</div>

<div># User : Morbius Liadon - MORBIUSLIADO-PC</div>

<div># Boot Mode : Normal</div>

<div># Running from : C:\Users\Morbius Liadon\Downloads\adwcleaner.exe</div>

<div># Option [Delete]</div>

<div>***** [services] *****</div>

<div>Stopped & Deleted : Viewpoint Manager Service</div>

<div>Stopped & Deleted : Web Assistant Updater</div>

<div>***** [Files / Folders] *****</div>

<div>Deleted on reboot : C:\Program Files (x86)\Common Files\Software Update Utility</div>

<div>Deleted on reboot : C:\Program Files (x86)\Conduit</div>

<div>Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar</div>

<div>Deleted on reboot : C:\Program Files (x86)\Perion</div>

<div>Deleted on reboot : C:\Program Files (x86)\PriceGong</div>

<div>Deleted on reboot : C:\Program Files (x86)\Viewpoint</div>

<div>Deleted on reboot : C:\Program Files\Web Assistant</div>

<div>Deleted on reboot : C:\ProgramData\Babylon</div>

<div>Deleted on reboot : C:\ProgramData\clsoft ltd</div>

<div>Deleted on reboot : C:\ProgramData\InstallMate</div>

<div>Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong</div>

<div>Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast</div>

<div>Deleted on reboot : C:\ProgramData\Premium</div>

<div>Deleted on reboot : C:\ProgramData\Viewpoint</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\boost_interprocess</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\Claro LTD</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\Conduit</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\incredibar.com</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\PriceGong</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\LocalLow\Viewpoint</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Babylon</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\Conduit</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\ConduitCommon</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\CT1060933</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}</div>

<div>Deleted on reboot : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}</div>

<div>Deleted on reboot : C:\Windows\SysWOW64\AskSearch</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt</div>

<div>File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml</div>

<div>File Deleted : C:\user.js</div>

<div>File Deleted : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\searchplugins\Web Search.xml</div>

<div>***** [Registry] *****</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong</div>

<div>Key Deleted : HKCU\Software\Ask&Record</div>

<div>Key Deleted : HKCU\Software\Conduit</div>

<div>Key Deleted : HKCU\Software\IM</div>

<div>Key Deleted : HKCU\Software\ImInstaller</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4F4C5E11-0612-48D2-8055-987992AAC432}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}</div>

<div>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}</div>

<div>Key Deleted : HKCU\Software\PrivitizeVPNInstallDates</div>

<div>Key Deleted : HKCU\Software\StartSearch</div>

<div>Key Deleted : HKCU\Software\YahooPartnerToolbar</div>

<div>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}</div>

<div>Key Deleted : HKLM\Software\Babylon</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}</div>

<div>Key Deleted : HKLM\Software\Conduit</div>

<div>Key Deleted : HKLM\Software\Freeze.com</div>

<div>Key Deleted : HKLM\Software\MetaStream</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}</div>

<div>Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP</div>

<div>Key Deleted : HKLM\Software\Viewpoint</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility</div>

<div>Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}</div>

<div>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}</div>

<div>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd</div>

<div>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1</div>

<div>Key Deleted : HKLM\SOFTWARE\Web Assistant</div>

<div>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]</div>

<div>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]</div>

<div>***** [internet Browsers] *****</div>

<div>-\\ Internet Explorer v7.0.6001.18639</div>

<div>Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com</div>

<div>Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com</div>

<div>Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com</div>

<div>Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMon&dpid=SnapdoEMon&co=US&userid=e3fc2318-d6df-48cd-9772-d4c55b0135cb&searchtype=ds&q={searchTerms} --> hxxp://www.google.com</div>

<div>-\\ Mozilla Firefox v12.0 (en-US)</div>

<div>File : C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\prefs.js</div>

<div>C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\user.js ... Deleted !</div>

<div>Deleted : user_pref("CT1060933..clientLogIsEnabled", false);</div>

<div>Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]</div>

<div>Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]</div>

<div>Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</div>

<div>Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</div>

<div>Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Sat Jun 11 2011 09:49:06 GMT-0700 (Pacific Daylight[...]</div>

<div>Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);</div>

<div>Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);</div>

<div>Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_130040833450137909", true);</div>

<div>Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_130068876516309164", true);</div>

<div>Deleted : user_pref("CT1060933.CTID", "CT1060933");</div>

<div>Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Tue May 14 2013 16:01:04 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]</div>

<div>Deleted : user_pref("CT1060933.CommunityChanged", true);</div>

<div>Deleted : user_pref("CT1060933.CurrentServerDate", "15-5-2013");</div>

<div>Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");</div>

<div>Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Tue May 14 2013 01:28:57 GMT-0700 (Pacific Daylig[...]</div>

<div>Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");</div>

<div>Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Tue May 14 2013 01:28:56 GMT-0700 (Pacific [...]</div>

<div>Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");</div>

<div>Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");</div>

<div>Deleted : user_pref("CT1060933.FirstServerDate", "26-9-2010");</div>

<div>Deleted : user_pref("CT1060933.FirstTime", true);</div>

<div>Deleted : user_pref("CT1060933.FirstTimeFF3", true);</div>

<div>Deleted : user_pref("CT1060933.FirstTimeSettingsDone", true);</div>

<div>Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);</div>

<div>Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);</div>

<div>Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</div>

<div>Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);</div>

<div>Deleted : user_pref("CT1060933.HomePageProtectorEnabled", false);</div>

<div>Deleted : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://www.google.com/");</div>

<div>Deleted : user_pref("CT1060933.Initialize", true);</div>

<div>Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);</div>

<div>Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);</div>

<div>Deleted : user_pref("CT1060933.InstalledDate", "Sun Sep 26 2010 12:11:14 GMT-0700 (Pacific Daylight Time)");</div>

<div>Deleted : user_pref("CT1060933.InvalidateCache", false);</div>

<div>Deleted : user_pref("CT1060933.IsAlertDBUpdated", true);</div>

<div>Deleted : user_pref("CT1060933.IsGrouping", false);</div>

<div>Deleted : user_pref("CT1060933.IsMulticommunity", true);</div>

<div>Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);</div>

<div>Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);</div>

<div>Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue May 14 2013 01:28:57 GMT-0700 (Pacific Dayligh[...]</div>

<div>Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]</div>

<div>Deleted : user_pref("CT1060933.LastLogin_2.7.2.0", "Sat Mar 26 2011 20:08:06 GMT-0700 (Pacific Daylight Time)"[...]</div>

<div>Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Sun Aug 12 2012 17:16:34 GMT-0700 (Pacific Daylight Time)[...]</div>

<div>Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Tue May 14 2013 16:01:04 GMT-0700 (Pacific Daylight Time)[...]</div>

<div>Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Aug 10 2012 00:02:26 GMT-0700 (Pacific Daylight Time)"[...]</div>

<div>Deleted : user_pref("CT1060933.LatestVersion", "3.18.0.7");</div>

<div>Deleted : user_pref("CT1060933.Locale", "en-us");</div>

<div>Deleted : user_pref("CT1060933.LoginCache", 4);</div>

<div>Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");</div>

<div>Deleted : user_pref("CT1060933.MCDetectTooltipShow", true);</div>

<div>Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</div>

<div>Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");</div>

<div>Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);</div>

<div>Deleted : user_pref("CT1060933.RadioIsPodcast", false);</div>

<div>Deleted : user_pref("CT1060933.RadioLastCheckTime", "Tue May 14 2013 01:28:57 GMT-0700 (Pacific Daylight Time)[...]</div>

<div>Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");</div>

<div>Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");</div>

<div>Deleted : user_pref("CT1060933.RadioMediaID", "21504191");</div>

<div>Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");</div>

<div>Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");</div>

<div>Deleted : user_pref("CT1060933.RadioShrinkedFromSetup", false);</div>

<div>Deleted : user_pref("CT1060933.RadioStationName", "KFOG");</div>

<div>Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");</div>

<div>Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);</div>

<div>Deleted : user_pref("CT1060933.SearchBoxWidth", 150);</div>

<div>Deleted : user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]</div>

<div>Deleted : user_pref("CT1060933.SearchEngineBeforeUnload", "Google");</div>

<div>Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);</div>

<div>Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Tue May 14 2013 01:28:56 GMT-0700 (Pacific Dayli[...]</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]</div>

<div>Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false);</div>

<div>Deleted : user_pref("CT1060933.SearchProtectorEnabled", false);</div>

<div>Deleted : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);</div>

<div>Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Tue May 14 2013 01:28:56 GMT-0700 (Pacific Daylight [...]</div>

<div>Deleted : user_pref("CT1060933.SettingsCheckIntervalMin", 120);</div>

<div>Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Tue May 14 2013 16:01:04 GMT-0700 (Pacific Daylight Ti[...]</div>

<div>Deleted : user_pref("CT1060933.SettingsLastUpdate", "1368519134");</div>

<div>Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);</div>

<div>Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Mon May 06 2013 02:56:01 GMT-0700 (Pacific Day[...]</div>

<div>Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1331805997");</div>

<div>Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");</div>

<div>Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]</div>

<div>Deleted : user_pref("CT1060933.UserID", "UN56483507517530035");</div>

<div>Deleted : user_pref("CT1060933.ValidationData_Search", 2);</div>

<div>Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);</div>

<div>Deleted : user_pref("CT1060933.alertChannelId", "15651");</div>

<div>Deleted : user_pref("CT1060933.appApproved.129272674122038321", true);</div>

<div>Deleted : user_pref("CT1060933.approveUntrustedApps", false);</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C71706B6E6E756F");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737277767174747B75242F4B4947[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "3A6E6B416C6E6E6F7A4648747520774A7C4C254C4D52502A55[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D686B6F6C7070747170747A");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477A213F3E484F4E4D464[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E6E406C6D4341707A78757446734C48787A4C204D");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C71706B6D6E6E70707872");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975702A7A77727C77752178");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");</div>

<div>Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.acp_personal.appstate", "656E61626C65");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.bbactive", "796573");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.bbid", "36633030663566373765396432353633");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.cb_experience_000", "31");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423635373536303539343934385F46697265666F78")[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "4672692041756720313020323031322031393A31323A33382[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.last_client_stats_submit_2", "31333635393439353236");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_last_submit_6", "31333638353732343739");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_site_irrelevant", "31");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_site_new", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_site_not_supported", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_site_supported", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_use_history", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_use_pop", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_use_related", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_stats_stats_use_typed", "30");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_s[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A22436F75706F6E4[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appstate_acplus", "6F6E");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appstate_pricegong", "6F6E");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_appstatereporttime", "31333638353732343637353935");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_currentversion", "312E342E342E36");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_first_time", "31");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_lastlogintime", "31333638353732343637363634");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_showclosebutton", "74727565");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_showwelcomegadget", "66616C7365");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.mam_gk_userid", "66373564396337372D363364662D343438332D393063652[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.pg_enable", "66616C7365");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-country-code", "22555322");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-experiments-animation", "7B226E616D65223A22302E3735222C22766[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-experiments-hover_effect", "7B226E616D65223A2273686F7274222C[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-experiments-image_analysis", "7B226E616D65223A22776974686F75[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-experiments-placement", "7B226E616D65223A22777265636B2D77696[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-experiments-play_icon", "7B226E616D65223A226E6F222C227665727[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-periodic-reports", "7B227974745F70696E675F30223A5B3133363738[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-user-id", "2265393832346637332D336563342D343434382D623939662[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.sac-yt-first-ping", "31333637383334313733313739");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.searchappstate", "33");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.searchapptracking", "73656E74");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "53756E204F637420313420323031322030363A[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.whitelist", "5B7B226E616D65223A2254696D65222C22646F6D61696E5F726[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.whitelist_ts", "31333638353732343638393932");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-country-code", "22555322");</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-experiments-design", "7B226E616D65223A2261637475616C6C794C[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-experiments-feed", "7B226E616D65223A22777265636B416E645461[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-experiments-hover_effect", "7B226E616D65223A2268616C66222C[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-experiments-trigger", "7B226E616D65223A2278302E35222C22766[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-periodic-reports", "7B22777265636B5F70696E675F30223A5B3133[...]</div>

<div>Deleted : user_pref("CT1060933.backendstorage.wreck-user-id", "2232353864616532622D326537662D343333392D3865393[...]</div>

<div>Deleted : user_pref("CT1060933.clientLogIsEnabled", false);</div>

<div>Deleted : user_pref("CT1060933.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]</div>

<div>Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]</div>

<div>Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon May 06 2013 02:56:04 GMT-0700 (Pacific [...]</div>

<div>Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT1060933.initDone", true);</div>

<div>Deleted : user_pref("CT1060933.isAppTrackingManagerOn", false);</div>

<div>Deleted : user_pref("CT1060933.isFirstRadioInstallation", false);</div>

<div>Deleted : user_pref("CT1060933.myStuffEnabled", true);</div>

<div>Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);</div>

<div>Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]</div>

<div>Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);</div>

<div>Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]</div>

<div>Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]</div>

<div>Deleted : user_pref("CT1060933.revertSettingsEnabled", false);</div>

<div>Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);</div>

<div>Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);</div>

<div>Deleted : user_pref("CT1060933.testingCtid", "");</div>

<div>Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue May 14 2013 01:28:57 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Mon May 06 2013 02:56:03 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CT1060933.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]</div>

<div>Deleted : user_pref("CT1060933.usagesFlag", 2);</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]</div>

<div>Deleted : user_pref("CommunityToolbar.EngineOwner", "");</div>

<div>Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");</div>

<div>Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");</div>

<div>Deleted : user_pref("CommunityToolbar.IsEngineShown", true);</div>

<div>Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);</div>

<div>Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Morbius Liadon\\AppData\\Roaming\\M[...]</div>

<div>Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");</div>

<div>Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x2[...]</div>

<div>Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");</div>

<div>Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");</div>

<div>Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");</div>

<div>Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");</div>

<div>Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");</div>

<div>Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Aug 08 2012 19:46:16 GMT-07[...]</div>

<div>Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Aug 10 2012 13:44:24 GMT-0700 (Pacif[...]</div>

<div>Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.alert.locale", "en");</div>

<div>Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Aug 10 2012 19:46:14 GMT-0700 (Pacific D[...]</div>

<div>Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");</div>

<div>Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);</div>

<div>Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);</div>

<div>Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);</div>

<div>Deleted : user_pref("CommunityToolbar.alert.userId", "b891c0db-1c1e-476d-9ffa-7bfa92effe3f");</div>

<div>Deleted : user_pref("CommunityToolbar.globalUserId", "979d9f46-41b0-481c-8616-8750631276f1");</div>

<div>Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</div>

<div>Deleted : user_pref("CommunityToolbar.killedEngine", true);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon May 06 2013 02:56:0[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 14 2013 16:01:13 GMT-070[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 14 2013 01:28:58 GMT-0700 (P[...]</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</div>

<div>Deleted : user_pref("CommunityToolbar.notifications.userId", "a6ba1f96-d4ec-4f43-8892-5cd670fd1a6a");</div>

<div>Deleted : user_pref("CommunityToolbar.undefined", "");</div>

<div>Deleted : user_pref("aol_toolbar.surf.date", "528");</div>

<div>Deleted : user_pref("aol_toolbar.surf.lastDate", "9");</div>

<div>Deleted : user_pref("aol_toolbar.surf.lastMonth", "10");</div>

<div>Deleted : user_pref("aol_toolbar.surf.lastYear", "2009");</div>

<div>Deleted : user_pref("aol_toolbar.surf.mURL", "");</div>

<div>Deleted : user_pref("aol_toolbar.surf.mURLh", "0");</div>

<div>Deleted : user_pref("aol_toolbar.surf.mURLw", "0");</div>

<div>Deleted : user_pref("aol_toolbar.surf.mURLx", "0");</div>

<div>Deleted : user_pref("aol_toolbar.surf.mURLy", "0");</div>

<div>Deleted : user_pref("aol_toolbar.surf.milestone", "-1");</div>

<div>Deleted : user_pref("aol_toolbar.surf.month", "1793");</div>

<div>Deleted : user_pref("aol_toolbar.surf.prevMonth", "3337");</div>

<div>Deleted : user_pref("aol_toolbar.surf.total", "5143");</div>

<div>Deleted : user_pref("aol_toolbar.surf.week", "1040");</div>

<div>Deleted : user_pref("aol_toolbar.surf.year", "5129");</div>

<div>Deleted : user_pref("browser.search.selectedEngine", "Search The Web (privitize)");</div>

<div>Deleted : user_pref("extensions.503e80148ecf8.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]</div>

<div>Deleted : user_pref("extensions.5174fe76c3b58.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);</div>

<div>Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=116198&tt=431[...]</div>

<div>Deleted : user_pref("extensions.claro.admin", false);</div>

<div>Deleted : user_pref("extensions.claro.aflt", "babsst");</div>

<div>Deleted : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");</div>

<div>Deleted : user_pref("extensions.claro.dfltLng", "en");</div>

<div>Deleted : user_pref("extensions.claro.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.claro.id", "dcc2538500000000000000508d9dfb7c");</div>

<div>Deleted : user_pref("extensions.claro.instlDay", "15641");</div>

<div>Deleted : user_pref("extensions.claro.instlRef", "sst");</div>

<div>Deleted : user_pref("extensions.claro.prdct", "claro");</div>

<div>Deleted : user_pref("extensions.claro.prtnrId", "claro");</div>

<div>Deleted : user_pref("extensions.claro.tlbrId", "claro");</div>

<div>Deleted : user_pref("extensions.claro.tlbrSrchUrl", "");</div>

<div>Deleted : user_pref("extensions.claro.vrsn", "1.8.3.10");</div>

<div>Deleted : user_pref("extensions.claro.vrsni", "1.8.3.10");</div>

<div>Deleted : user_pref("extensions.claro_i.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1021:34:33");</div>

<div>Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);</div>

<div>Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);</div>

<div>Deleted : user_pref("extensions.incredibar.admin", false);</div>

<div>Deleted : user_pref("extensions.incredibar.aflt", "orgnl");</div>

<div>Deleted : user_pref("extensions.incredibar.cntry", "US");</div>

<div>Deleted : user_pref("extensions.incredibar.dfltLng", "");</div>

<div>Deleted : user_pref("extensions.incredibar.dfltSrch", false);</div>

<div>Deleted : user_pref("extensions.incredibar.did", "10659");</div>

<div>Deleted : user_pref("extensions.incredibar.envrmnt", "production");</div>

<div>Deleted : user_pref("extensions.incredibar.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.incredibar.hdrMd5", "672AA49938EF436DD61B3E6681620BA3");</div>

<div>Deleted : user_pref("extensions.incredibar.hmpg", false);</div>

<div>Deleted : user_pref("extensions.incredibar.id", "dcc2538500000000000000508d9dfb7c");</div>

<div>Deleted : user_pref("extensions.incredibar.installerproductid", "26");</div>

<div>Deleted : user_pref("extensions.incredibar.instlDay", "15581");</div>

<div>Deleted : user_pref("extensions.incredibar.instlRef", "");</div>

<div>Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);</div>

<div>Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:49:36");</div>

<div>Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");</div>

<div>Deleted : user_pref("extensions.incredibar.newTab", false);</div>

<div>Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);</div>

<div>Deleted : user_pref("extensions.incredibar.ppd", "102%5F6");</div>

<div>Deleted : user_pref("extensions.incredibar.prdct", "incredibar");</div>

<div>Deleted : user_pref("extensions.incredibar.productid", "26");</div>

<div>Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");</div>

<div>Deleted : user_pref("extensions.incredibar.sg", "none");</div>

<div>Deleted : user_pref("extensions.incredibar.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.incredibar.tlbrId", "base");</div>

<div>Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQI3IwssM&loc=IB_T[...]</div>

<div>Deleted : user_pref("extensions.incredibar.upn2", "6PQI3IwssM");</div>

<div>Deleted : user_pref("extensions.incredibar.upn2n", "92543491238592712");</div>

<div>Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");</div>

<div>Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:49:36");</div>

<div>Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");</div>

<div>Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");</div>

<div>Deleted : user_pref("extensions.incredibar_i.dfltLng", "");</div>

<div>Deleted : user_pref("extensions.incredibar_i.did", "10659");</div>

<div>Deleted : user_pref("extensions.incredibar_i.excTlbr", false);</div>

<div>Deleted : user_pref("extensions.incredibar_i.id", "dcc2538500000000000000508d9dfb7c");</div>

<div>Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");</div>

<div>Deleted : user_pref("extensions.incredibar_i.instlDay", "15581");</div>

<div>Deleted : user_pref("extensions.incredibar_i.instlRef", "");</div>

<div>Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");</div>

<div>Deleted : user_pref("extensions.incredibar_i.newTab", false);</div>

<div>Deleted : user_pref("extensions.incredibar_i.ppd", "102%5F6");</div>

<div>Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");</div>

<div>Deleted : user_pref("extensions.incredibar_i.productid", "26");</div>

<div>Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");</div>

<div>Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");</div>

<div>Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");</div>

<div>Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQI3IwssM&loc=IB[...]</div>

<div>Deleted : user_pref("extensions.incredibar_i.upn2", "6PQI3IwssM");</div>

<div>Deleted : user_pref("extensions.incredibar_i.upn2n", "92543491238592712");</div>

<div>Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");</div>

<div>Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:49:36");</div>

<div>Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");</div>

<div>Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");</div>

<div>-\\ Google Chrome v27.0.1453.110</div>

<div>File : C:\Users\Morbius Liadon\AppData\Local\Google\Chrome\User Data\Default\Preferences</div>

<div>[OK] File is clean.</div>

<div>AdwCleaner[s1].txt - [45934 octets] - [07/06/2013 04:19:45]</div>

<div>########## EOF - C:\AdwCleaner[s1].txt - [45995 octets] ##########</div>

<div>

<div> Results of screen317's Security Check version 0.99.64 </div>

<div> Windows Vista Service Pack 1 x64 </div>

<div> Out of date service pack!! </div>

<div>``````````````Antivirus/Firewall Check:`````````````` </div>

<div> Windows Firewall Enabled! </div>

<div>AntiVir Desktop </div>

<div> Antivirus up to date! </div>

<div>`````````Anti-malware/Other Utilities Check:````````` </div>

<div> SUPERAntiSpyware Free Edition </div>

<div> Malwarebytes Anti-Malware version 1.75.0.1300 </div>

<div> Java 6 Update 23 </div>

<div> Java 7 Update 15 </div>

<div> Java version out of Date! </div>

<div> Adobe Flash Player <span class="Apple-tab-span" style="white-space:pre"> </span>11.4.402.265 </div>

<div> Adobe Reader 9 Adobe Reader out of Date! </div>

<div> Mozilla Firefox 12.0 Firefox out of Date! </div>

<div> Google Chrome 27.0.1453.110 </div>

<div> Google Chrome 27.0.1453.94 </div>

<div>````````Process Check: objlist.exe by Laurent```````` </div>

<div> Avira Antivir avgnt.exe </div>

<div> Avira Antivir avguard.exe </div>

<div>`````````````````System Health check````````````````` </div>

<div> Total Fragmentation on Drive C: 0 % </div>

<div>

<div>C:\Program Files (x86)\Avira\AntiVir Desktop\ApnIC.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div>

<div>C:\Program Files (x86)\Avira\AntiVir Desktop\ApnToolbarInstaller.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div>

<div>C:\ProgramData\ukprfree\ulklfemon.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/KeyLogger.UltimateKeylogger.AB application</div>

<div>C:\Users\All Users\ukprfree\ulklfemon.dll<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/KeyLogger.UltimateKeylogger.AB application</div>

<div>C:\Users\Morbius Liadon\AppData\Roaming\Mozilla\Firefox\Profiles\ibjxk3vq.default\extensions\za615t@vecbkb.co.uk\content\bg.js<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Adware.MultiPlug.H application</div>

<div>C:\Users\Morbius Liadon\Desktop\WAVToMP3.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Adware.RK.AO.Gen application</div>

<div>C:\Users\Morbius Liadon\Downloads\cbsidlm-tr1_10a-ReadPlease_2003-ORG-10030557 (1).exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DownloadAdmin.G application</div>

<div>C:\Users\Morbius Liadon\Downloads\cbsidlm-tr1_10a-ReadPlease_2003-ORG-10030557.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/DownloadAdmin.G application</div>

<div>C:\Users\Morbius Liadon\Downloads\Grandmas_Boy_(2006)_720p_BrRip_x264_-_600MB_-_YIFY_secure.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/TopMedia.B application</div>

<div>C:\Users\Morbius Liadon\Downloads\Hitman_Absolution_SKIDROW.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Adware.1ClickDownload.S application</div>

<div>C:\Users\Morbius Liadon\Downloads\ManyCam.exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats</div>

<div>C:\Users\Morbius Liadon\Downloads\VLC_32.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallIQ application</div>

</div>

Psychotic · June 7, 2013

Yur system is out of date. Run Windows Update and install every critical update it finds.

You´ll get the Service PAck 1 for windows Vista there - install it immediately!

Morbius · June 8, 2013

My Windows update isn't showing the newest Service Pack. Can I get Service Pack 2 from the Microsoft website?

Morbius · June 8, 2013

Nvm, got Service pack 2 now.

Psychotic · June 8, 2013

If you installed all available Windows Updates, get a new scan log from SecurityCheck and post that up

Morbius · June 11, 2013

Results of screen317's Security Check version 0.99.64

Windows Vista Service Pack 2 x64

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AntiVir Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

SUPERAntiSpyware Free Edition

Malwarebytes Anti-Malware version 1.75.0.1300

Java 6 Update 23

Java 7 Update 15

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 12.0 Firefox out of Date!

Google Chrome 27.0.1453.110

Google Chrome 27.0.1453.94

````````Process Check: objlist.exe by Laurent````````

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

Psychotic · June 11, 2013

Then your system is all clean now!

Java update update

Your Java runtime environment is outdated. We will fix this.

Get the actual JRE from here
Save jxpiinstall.exe to your desktop
Close all running programs, especially your browser(s)
Run jxpiinstall.exe. This will download the newest JRE installer ( Java 7 Update 4 ) and install the software
when finished, go to
Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
When finished, reboot your computer.

After the reboot

Open control panel again and click the java symbol.
Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.
Click Delete Files.
The Delete Temporary Files dialog box appears
Click OK on Delete Temporary Files window.
Click OK again.

Adobe Reader update

Your Adobe Reader is outdated. We will fix this.

Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
Run setup and follow the instructions.
Click upon Start-->control panel-->add/remove programs.
Search for and remove any older reader versions.

Mozilla Firefox update

Your Firefox browser is outdated. Please follow these instructions to update it:

Get the actual firefox from here.
Run setup and follow the instructions on your monitor.
Report any problems you have with the update.

Uninstall our tools.

Please follow these steps in order:

In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
In the case we used Combofix. Rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
In any case please download delfix to your desktop.
- Close all other programms and start delfix.
- Please check all the boxes and run the tool.
- delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

Reading Material

How to protect yourself

System Updates
Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
Windows XP | Windows Vista |
Windows 7 | windows 8
Protection
What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
Up to date Software
Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
- Secunia Online Software Inspector - Checks if your software has updates available.
- Filehippo Update Checkere - This tool also scans your computer for outdated software.
- Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins in your Firefox browser.
[*] Backups
There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
[*] Brains
It's no joke! You really need one of those things. It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Morbius · June 11, 2013

Thanks for all your help! I'll remember to send along a donation to your paypal when I get some spare cash

Psychotic · June 11, 2013

That would be really nice of you!

AdvancedSetup · June 13, 2013

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

CPU Runs high unless Task manager/Process Explorer are open

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information