Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

click.gethotresults.com Issues


  • This topic is locked This topic is locked
34 replies to this topic

#1 KJo132

KJo132

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 24 September 2012 - 05:55 PM

A few days ago I noticed that upon clicking anything in a google search I'd be redirected to a site that always started as click.gethotresults.com
I noticed several other posts here on this same thing but I didn't want to do all the same steps if something in my system was different.

Here's my DDS log.



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Tammy at 17:34:36 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.913 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
uRun: [Google Update] "c:\users\tammy\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [NBKeyScan] "c:\program files\nero\nero backitup 4\NBKeyScan.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5D12507E-16CC-4A74-8CE3-CF484F0A9406} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F9E17F4C-CDB8-4196-B119-78A47DFEFEA0} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F9E17F4C-CDB8-4196-B119-78A47DFEFEA0}\4514D4D495D20534F5E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F9E17F4C-CDB8-4196-B119-78A47DFEFEA0}\465616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F9E17F4C-CDB8-4196-B119-78A47DFEFEA0}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Hosts: 67.228.246.155 www.horseeden.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20120216&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\progra~1\meadco~1\npmeadax.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmeadax.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\tammy\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\tammy\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\tammy\appdata\roaming\kalydo\kalydoplayer\npkalydo.dll
FF - plugin: c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\users\tammy\appdata\roaming\mozilla\firefox\profiles\pne0lqyl.default\extensions\plugin@starstable.com\plugins\npstudioruntime.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-17 51936]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-10-8 15672]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-8-13 176096]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-9-14 89440]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-21 27496]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-30 913792]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-8-20 184304]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-10-8 820568]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-21 399432]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-7-23 4869488]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-7-23 416112]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-21 722528]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2011-11-17 6639616]
RUnknown szkg5;szkg5; [x]
RUnknown szkgfs;szkgfs; [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-8-20 5751928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-21 676936]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2012-3-11 23456]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\futuremark\futuremark systeminfo\FMSISvc.exe [2012-7-24 135584]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-23 135664]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-23 22856]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-6-25 27192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-18 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-7-23 16240]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-9 1343400]
SUnknown is3srv;is3srv; [x]
.
=============== Created Last 30 ================
.
2012-09-23 20:20:33 -------- d-----w- c:\program files\HP
2012-09-21 17:17:17 -------- d-----w- c:\users\tammy\appdata\roaming\AVG2013
2012-09-21 17:14:35 -------- d-----w- c:\users\tammy\appdata\local\AVG Secure Search
2012-09-21 17:14:12 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-21 17:13:40 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-21 17:13:35 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-09-21 17:13:34 -------- d-----w- c:\program files\AVG Secure Search
2012-09-21 17:09:41 -------- d-----w- c:\programdata\AVG2013
2012-09-21 17:03:46 -------- d-----w- c:\users\tammy\appdata\local\Avg2013
2012-09-21 17:03:45 -------- d-----w- c:\users\tammy\appdata\local\MFAData
2012-09-20 17:53:12 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-18 19:36:27 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-17 23:58:56 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-12 16:47:22 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 16:47:04 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 14:41:23 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:41:23 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:41:22 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:41:22 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:41:21 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 14:41:21 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-29 20:56:26 -------- d-----w- c:\users\tammy\appdata\roaming\StartNow Toolbar
.
==================== Find3M ====================
.
2012-09-20 23:29:31 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 23:29:31 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 17:53:00 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 22:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-13 21:40:54 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 09:52:28 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 09:52:18 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 18:56:44 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 17:35:59.97 ===============



Currently running the GMER. Wasn't sure if that log needed to be posted.

Attached Files


Edited by KJo132, 24 September 2012 - 05:56 PM.


BC AdBot (Login to Remove)

 


#2 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 24 September 2012 - 06:29 PM

In case the attach.zip wasn't supposed to be attached:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Please let me know if I should remove it or post it below.

Also the gmer has created a log, if I need to post that let me know.

Edited by KJo132, 24 September 2012 - 07:01 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 26 September 2012 - 01:37 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 September 2012 - 07:06 AM

Ok since doing this I haven't had the click.gethotresults.com pop up on google YET. I'm not 100% sure if this means it's fixed or if it's just a lucky streak.
Also thank you so very much for your time and for sharing your knowledge in order to help me (and others). There are hardly any free online help areas anymore and with my limited budget I cannot express the amount of gratitude I have towards you and the other members of this community.

I ran the Security check then ran the Adwcleaner. I had forgotten to save the log file for the Security Check so I had to run it again (after I ran the Adwcleaner). Just wanted to let you know as it wasn't in exact order as you posted.


Security Check:

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
CCleaner
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
IObit IObit Malware Fighter IMFsrv.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




Adwcleaner:

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 06:48:03
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Tammy - TAMMY-PC
# Boot Mode : Normal
# Running from : C:\Users\Tammy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater
Stopped & Deleted : Updater Service for StartNow Toolbar

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Windows\system32\conduitEngine.tmp
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Tammy\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Tammy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\Conduit
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\ConduitEngine
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Deleted : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\StartNow Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\prefs.js

C:\Users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\user.js ... Deleted !

Deleted : user_pref("CT2856415..clientLogIsEnabled", true);
Deleted : user_pref("CT2856415..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2856415..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2856415.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2856415.CT2856415", "CT2856415");
Deleted : user_pref("CT2856415.CurrentServerDate", "14-1-2011");
Deleted : user_pref("CT2856415.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2856415.DialogsGetterLastCheckTime", "Fri Jan 14 2011 12:40:51 GMT-0600 (Central Standa[...]
Deleted : user_pref("CT2856415.DownloadReferralCookieData", "{\"BannerName\":\"\",\"BannerTypeId\":\"\",\"Bann[...]
Deleted : user_pref("CT2856415.FirstServerDate", "14-1-2011");
Deleted : user_pref("CT2856415.FirstTime", true);
Deleted : user_pref("CT2856415.FirstTimeFF3", true);
Deleted : user_pref("CT2856415.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2856415.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2856415.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2856415.HasUserGlobalKeys", true);
Deleted : user_pref("CT2856415.Initialize", true);
Deleted : user_pref("CT2856415.InitializeCommonPrefs", true);
Deleted : user_pref("CT2856415.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2856415.InstalledDate", "Fri Jan 14 2011 12:40:54 GMT-0600 (Central Standard Time)");
Deleted : user_pref("CT2856415.IsGrouping", false);
Deleted : user_pref("CT2856415.IsMulticommunity", false);
Deleted : user_pref("CT2856415.IsOpenThankYouPage", true);
Deleted : user_pref("CT2856415.IsOpenUninstallPage", true);
Deleted : user_pref("CT2856415.LanguagePackLastCheckTime", "Fri Jan 14 2011 12:40:54 GMT-0600 (Central Standar[...]
Deleted : user_pref("CT2856415.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2856415.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2856415.LastLogin_3.3.0.19", "Fri Jan 14 2011 12:40:52 GMT-0600 (Central Standard Time)[...]
Deleted : user_pref("CT2856415.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2856415.Locale", "en");
Deleted : user_pref("CT2856415.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2856415.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2856415.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2856415.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2856415.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285[...]
Deleted : user_pref("CT2856415.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2856415.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2856415.SearchInNewTabLastCheckTime", "Fri Jan 14 2011 12:40:53 GMT-0600 (Central Stand[...]
Deleted : user_pref("CT2856415.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2856415.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2856415.ServiceMapLastCheckTime", "Fri Jan 14 2011 12:40:48 GMT-0600 (Central Standard [...]
Deleted : user_pref("CT2856415.SettingsLastCheckTime", "Fri Jan 14 2011 12:40:49 GMT-0600 (Central Standard Ti[...]
Deleted : user_pref("CT2856415.SettingsLastUpdate", "1294239661");
Deleted : user_pref("CT2856415.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2856415.ThirdPartyComponentsLastCheck", "Fri Jan 14 2011 12:40:48 GMT-0600 (Central Sta[...]
Deleted : user_pref("CT2856415.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2856415.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2856415.UserID", "UN99477307520215096");
Deleted : user_pref("CT2856415.alertChannelId", "1248439");
Deleted : user_pref("CT2856415.approveUntrustedApps", true);
Deleted : user_pref("CT2856415.globalFirstTimeInfoLastCheckTime", "Fri Jan 14 2011 12:40:51 GMT-0600 (Central [...]
Deleted : user_pref("CT2856415.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2856415.myStuffEnabled", true);
Deleted : user_pref("CT2856415.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2856415.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2856415.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2856415.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2856415.testingCtid", "");
Deleted : user_pref("CT2856415.toolbarAppMetaDataLastCheckTime", "Fri Jan 14 2011 12:40:51 GMT-0600 (Central S[...]
Deleted : user_pref("CT2856415.toolbarContextMenuLastCheckTime", "Fri Jan 14 2011 12:40:54 GMT-0600 (Central S[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1248439/1244112/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2856415", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.0[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=2.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2856415",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2856415/CT2856415[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", "\"2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/63421989998628125[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/images/skins/zynga/seperator.gif", "\"46[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2856415");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1");
Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2856415");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{22e03916-85c5-44b0-8dc9-1830c11238d9}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4c4a44a6&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2856415");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2856415");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Mar 25 2011 13:41:41 GMT-05[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jan 14 2011 12:40:56 GMT-0600 (Centr[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jul 30 2011 18:41:06 GMT-0500 (Central D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "32c16edd-f322-44da-871c-d2f42d364823");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jan 25 2011 15:44:36 GMT-0600 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "253e282f-4083-4cf9-b685-2502d8ed4267");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Jul 31 2011 15:11:16 GMT-0500 (Central Dayl[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jan 14 2011 12:40:49 GMT-0600 (Central St[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "01/14/2011 21");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Jan 14 2011 12:40:50 GMT-0600 (Central Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsGrouping", false);
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jan 14 2011 12:40:49 GMT-0600 (Central Sta[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.0.19", "Fri Jan 14 2011 12:40:50 GMT-0600 (Central Standard T[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jan 14 2011 12:40:48 GMT-0600 (Central Standar[...]
Deleted : user_pref("ConduitEngine.UserID", "UN06191857161034753");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jan 14 2011 12:40:49 GMT-0600 (Centr[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jan 14 2011 12:40:50 GMT-0600 (Cent[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.4f7dff483a218.scode", "(function(){try{for(i=0;i<5;i++){window.setTimeout(func[...]
Deleted : user_pref("extensions.DivXWebPlayer@divx.com.install-event-fired", true);
Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,plugin@starstable.com:1.0.0.[...]
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("extensions.facemoods.aflt", "_#ddr");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "25");
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"13\": {\"id\": \"13\",\"tit[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.install_folder", "C:\\Program Files\\StartNow Tool[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "qlps.startnow.com");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Tammy\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"autofill":{"negative_upload_rate":1.0,"positive_upload_rate":1.0},"backup":{"_signature":"4SCT9J89asiQEhS5fzEjI4HllQlc1rApRNnl1P1Q74M=","_version":4,"browser":{"show_home_button":true},"extensions":{"ids":["aaggggdjdfddgdgbgedadgdgdedjgfdg","ahfgeienlihckogmohjhadlkjgocpleb","cfhdojbkjhnklbpkdaibdccddilifddb","hpilclpacieflhmobalmaccogiioldoo","jmfkcklnlgedgbglfkkgedjfmejoahla","lifbcibllhkdhoafpjfnlhfpfgnpldfl","ndibdjnfmopecpmkdieinmbadjfpblof","nneajnkjbffgblleaoojgaacokifdkhm"]},"homepage":"hxxp://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20120216","homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxp://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20120216"]}},"browser":{"check_default_browser":false,"clear_lso_data_enabled":true,"last_known_google_url":"hxxp://www.google.com/","last_prompted_google_url":"hxxp://www.google.com/","show_home_button":true,"window_placement":{"bottom":744,"left":12,"maximized":true,"right":1062,"top":4,"work_area_bottom":756,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"cloud_print":{"email":""},"countryid_at_install":21843,"default_apps_install_state":2,"default_search_provider":{"enabled":true,"encodings":"","hxxp://www.bing.com/favicon.ico","id":"9731","instant_url":"","keyword":"bing.com","name":"Bing","prepopulate_id":"0","search_url":"hxxp://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGACDF&install_date=20120216","suggest_url":"hxxp://api.bing.com/osjson.aspx?query=%s"},"devtools":{"split_location":466},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":true,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://1www.ecwlassic.info/",["hxxp://downloadandsave-a.akamaihd.net/",1.895000737684743,"hxxp://www.eegreat.info:1432/",1.895000737684743,"hxxp://www.forex.com/",1.895000737684743]],["hxxp://36ohk6dgmcd1n-c.c.yom.mail.yahoo.net/",["hxxp://36ohk6dgmcd1n-c.c.yom.mail.yahoo.net/",0.8019614090470532,"hxxp://d.yimg.com/",0.7002200362575015,"hxxp://mail.yimg.com/",0.5528171353599994,"hxxps://s.yimg.com/",1.607484013446973]],["hxxp://3cp9lcoq32dpn-c.c.yom.mail.yahoo.com/",["hxxp://dps.msg.yahoo.com/",1.607484013446973,"hxxp://mail.yimg.com/",2.335182408908695,"hxxp://prod1.rest-notify.msg.yahoo.com/",1.841050066682858,"hxxp://prod2.rest-core.msg.yahoo.com/",1.841050066682858]],["hxxp://ad-emea.doubleclick.net/",["hxxp://s0.2mdn.net/",0.9886425906256763]],["hxxp://ad.doubleclick.net/",["hxxp://cdn.doubleverify.com/",1.453110353148983,"hxxp://d.agkn.com/",0.6995351759859783,"hxxp://s0.2mdn.net/",0.3400480508657084]],["hxxp://ad.insightexpressai.com/",["hxxp://ad.insightexpressai.com/",0.7264851621250006]],["hxxp://ad.trafficmp.com/",["hxxp://d.pixel.trafficmp.com/",1.126730968734541,"hxxp://ib.mookie1.com/",0.9837878234312198,"hxxp://load.exelator.com/",0.9837878234312198,"hxxp://tmp3.nexac.com/",0.9837878234312198,"hxxps://ib.mookie1.com/",0.9837878234312198]],["hxxp://ad.turn.com/",["hxxp://cdn.turn.com/",0.6715717611402403]],["hxxp://ad.yieldmanager.com/",["hxxp://ec.atdmt.com/",1.012616440983474,"hxxp://fw.adsafeprotected.com/",1.159749385369138,"hxxp://tags.mathtag.com/",1.012616440983474,"hxxp://view.atdmt.com/",1.012616440983474]],["hxxp://adcast.deviantart.com/",["hxxp://ad.turn.com/",0.3361088822321007,"hxxp://ads.pubmatic.com/",1.480459006057544,"hxxp://cdn.fastclick.net/",0.0666868021005840,"hxxp://cdn.turn.com/",0.3533730543458596,"hxxp://pixel.quantserve.com/",0.3795317999291746,"hxxp://showadsak.pubmatic.com/",0.3042354106927977,"hxxp://track.pubmatic.com/",0.2894111215768709,"hxxp://view.atdmt.com/",0.4390189472820572]],["hxxp://ads.bluelithium.com/",["hxxp://ad.yieldmanager.com/",0.6788524463046179,"hxxp://ads.bluelithium.com/",0.6788524463046179,"hxxp://tag.admeld.com/",0.6788524463046179]],["hxxp://ads.pointroll.com/",["hxxp://ad.doubleclick.net/",0.4476585329792991,"hxxp://c.betrad.com/",0.05600231446458548,"hxxp://s0.2mdn.net/",0.4476585329792991,"hxxp://spd.pointroll.com/",0.4500434186144751,"hxxp://speed.pointroll.com/",0.6199752697011932,"hxxp://t.pointroll.com/",0.5066557038285183]],["hxxp://ads.pubmatic.com/",["hxxp://ads.pubmatic.com/",0.1813197149951255,"hxxp://image2.pubmatic.com/",0.07485586139896887]],["hxxp://adserver.adtechus.com/",["hxxp://ad.doubleclick.net/",0.9837878234312198,"hxxp://adserver.adtechus.com/",1.126730968734541,"hxxp://aka-cdn-ns.adtechus.com/",0.9837878234312198,"hxxp://cdn.doubleverify.com/",0.9837878234312198,"hxxp://cdna.tremormedia.com/",0.9837878234312198,"hxxp://edge.quantserve.com/",0.9837878234312198,"hxxp://objects.tremormedia.com/",0.9837878234312198,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://s0.2mdn.net/",0.9837878234312198]],["hxxp://adsrv.deviantart.com/",["hxxp://adimg.deviantart.net/",0.4038356344629081,"hxxp://adsrv.deviantart.com/",0.4717373783021668]],["hxxp://andalusiansdemythos.com/",["hxxp://andalusiansdemythos.com/",4.166660191945412]],["hxxp://answers.yahoo.com/",["hxxp://ajax.googleapis.com/",1.857229544077419,"hxxp://chrome.dealply.com/",2.127083409456189,"hxxp://crownchrome.dealply.com/",1.857229544077419,"hxxp://downloadandsave-a.akamaihd.net/",5.095475928622660,"hxxp://l.yimg.com/",12.38153029384945,"hxxp://optstatic.dealply.com/",1.857229544077419,"hxxp://static.dealply.com/",1.857229544077419,"hxxp://trkjmp.com/",1.857229544077419,"hxxp://ucs.query.yahoo.com/",1.857229544077419,"hxxp://yui.yahooapis.com/",2.666791140213729]],["hxxp://anthony-g.deviantart.com/",["hxxp://a.deviantart.net/",7.416259360642115,"hxxp://b.scorecardresearch.com/",0.9837878234312198,"hxxp://e.deviantart.net/",1.412617259341183,"hxxp://i.imgur.com/",0.9837878234312198,"hxxp://imgur.com/",0.9837878234312198,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://st.deviantart.net/",5.521700212345950,"hxxp://th00.deviantart.net/",0.9837878234312198,"hxxp://th06.deviantart.net/",0.9837878234312198,"hxxp://www.google-analytics.com/",0.9837878234312198]],["hxxp://arabianrun.com/",["hxxp://arabianrun.com/",1.819687738680315]],["hxxp://assets.myflashfetish.com/",["hxxp://assets.mixpod.com/",1.46824959154790,"hxxp://i.ytimg.com/",1.873010181655479,"hxxp://s.ytimg.com/",1.333331061432122,"hxxp://www.youtube.com/",1.333331061432122,"hxxp://xml.mixpod.com/",1.873010181655479]],["hxxp://avatraiv3.proboards.com/",["hxxp://cdn.insights.gravity.com/",1.169943896501474,"hxxp://i19.photobucket.com/",4.229797164274557,"hxxp://i40.tinypic.com/",1.169943896501474,"hxxp://images.proboards.com/",1.849911289339937,"hxxp://img.photobucket.com/",1.169943896501474,"hxxp://rma-api.gravity.com/",1.169943896501474,"hxxp://tcr.tynt.com/",1.169943896501474,"hxxp://www.cbox.ws/",2.359886833968784,"hxxp://www.google-analytics.com/",1.169943896501474,"hxxp://www.iycatacombs.com/",1.169943896501474]],["hxxp://b.photobucket.com/",["hxxp://b.photobucket.com/",1.042707228152897,"hxxp://content.aimatch.com/",0.2035673344640921,"hxxp://tag.admeld.com/",0.2035673344640921]],["hxxp://b3.mookie1.com/",["hxxp://b3.mookie1.com/",0.4285344500557172,"hxxp://dm.de.mookie1.com/",0.2711269983738543,"hxxp://ib.adnxs.com/",0.4285344500557172]],["hxxp://badge.stumbleupon.com/",["hxxp://cdn.stumble-upon.com/",1.516140936714389]],["hxxp://bannerfarm.ace.advertising.com/",["hxxp://bannerfarm.ace.advertising.com/",0.9837878234312198]],["hxxp://bicircle.net/",["hxxp://chrome.dealply.com/",1.895000737684743,"hxxp://downloadandsave-a.akamaihd.net/",1.895000737684743,"hxxp://optstatic.dealply.com/",1.654590196336679,"hxxp://static.dealply.com/",1.654590196336679]],["hxxp://bidder.mathtag.com/",["hxxp://ad.doubleclick.net/",1.126730968734541]],["hxxp://bidnw.ru4.com/",["hxxp://ad.doubleclick.net/",0.9837878234312198,"hxxp://view.atdmt.com/",0.9837878234312198]],["hxxp://blueridgeacademy.proboards.com/",["hxxp://adv.netshelter.net/",0.9285704713245431,"hxxp://b.scorecardresearch.com/",0.9285704713245431,"hxxp://i53.tinypic.com/",1.333331061432122,"hxxp://images.proboards.com/",1.333331061432122,"hxxp://input.insights.gravity.com/",1.46824959154790,"hxxp://ping.crowdscience.com/",0.9285704713245431,"hxxp://tap-cdn.rubiconproject.com/",0.9285704713245431,"hxxp://tap.rubiconproject.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.198407531556101,"hxxp://www7.cbox.ws/",1.063489001440322]],["hxxp://bn.xp1.ru4.com/",["hxxp://ad.doubleclick.net/",0.8117110752009157,"hxxp://view.atdmt.com/",1.072833553331609]],["hxxp://badge.stumbleupon.com/",0.9265575331591160,"hxxp://chrome.dealply.com/",0.9265575331591160,"hxxp://downloadandsave-a.akamaihd.net/",1.396750908195085,"hxxp://optstatic.dealply.com/",0.8090091894001237,"hxxp://pixel.quantserve.com/",0.8090091894001237,"hxxp://static.dealply.com/",0.8090091894001237,"hxxp://static02.linkedin.com/",0.8090091894001237,"hxxp://trkjmp.com/",0.8090091894001237,"hxxp://www.linkedin.com/",0.8090091894001237,"hxxps://ssl.gstatic.com/",0.8090091894001237]],["hxxp://britney-davy-art.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.126730968734541,"hxxp://edge.quantserve.com/",0.9837878234312198,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://s.deviantart.net/",0.9837878234312198,"hxxp://sh.deviantart.net/",1.841451695011388,"hxxp://st.deviantart.net/",5.986822907848663,"hxxp://th08.deviantart.net/",1.126730968734541,"hxxp://th09.deviantart.net/",0.9837878234312198,"hxxp://www.da-ads.com/",1.126730968734541,"hxxp://www.google-analytics.com/",1.126730968734541]],["hxxp://browse.deviantart.com/",["hxxp://b.scorecardresearch.com/",0.6683279509963462,"hxxp://pixel.quantserve.com/",0.6683279509963462,"hxxp://sh.deviantart.net/",1.250970010974563,"hxxp://th01.deviantart.net/",0.8625436375758321,"hxxp://th02.deviantart.net/",0.8625436375758321,"hxxp://th04.deviantart.net/",0.8625436375758321,"hxxp://th05.deviantart.net/",0.8625436375758321,"hxxp://th06.deviantart.net/",0.7654332944059682,"hxxp://th08.deviantart.net/",0.9596489809854542,"hxxp://www.google-analytics.com/",0.6683279509963462]],["hxxp://bs.serving-sys.com/",["hxxp://ad.doubleclick.net/",0.9837878234312198,"hxxp://ds.serving-sys.com/",1.555560404644504,"hxxp://s0.2mdn.net/",0.9837878234312198]],["hxxp://c1.glitch.bz/",["hxxp://api.glitch.com/",4.460841838519503]],["hxxp://canisnovus.com/",["hxxp://canisnovus.com/",0.2546977862204192,"hxxp://i44.photobucket.com/",0.06200202675433662,"hxxp://i690.photobucket.com/",0.06200202675433662,"hxxp://i943.photobucket.com/",0.06200202675433662,"hxxp://i97.photobucket.com/",0.06200202675433662,"hxxp://www.topwebgames.com/",0.08002116266455592]],["hxxp://cdn.insights.gravity.com/",["hxxp://input.insights.gravity.com/",66.67874248707476]],["hxxp://cdn.oggifinogi.com/",["hxxp://cdn.oggifinogi.com/",0.9285704713245431,"hxxp://main.oggifinogi.com/",1.063489001440322,"hxxp://raw.oggifinogi.com/",1.198407531556101,"hxxp://tracking.oggifinogi.com/",1.063489001440322]],["hxxp://cdn.turn.com/",["hxxp://image2.pubmatic.com/",1.204228275505104]],["hxxp://cdn.w55c.net/",["hxxp://ad.doubleclick.net/",0.9837878234312198,"hxxp://bs.serving-sys.com/",0.4285344500557172,"hxxp://c.betrad.com/",2.062866077304412,"hxxp://cheetah.vizu.com/",0.8379848152697840,"hxxp://cti.w55c.net/",0.8950920767477322,"hxxp://l.betrad.com/",0.5955364416409403,"hxxp://motifcdn2.doubleclick.net/",0.6492988635173518,"hxxp://pixel.quantserve.com/",0.6492988635173518,"hxxp://puma.vizu.com/",0.8379848152697840,"hxxp://s0.2mdn.net/",0.7436443392736887]],["hxxp://champion-equines.proboards.com/",["hxxp://adv.netshelter.net/",0.9285704713245431,"hxxp://b.scorecardresearch.com/",1.063489001440322,"hxxp://files.netshelter.net/",0.9285704713245431,"hxxp://i56.tinypic.com/",1.46824959154790,"hxxp://images.proboards.com/",1.333331061432122,"hxxp://input.insights.gravity.com/",1.46824959154790,"hxxp://pixel.rubiconproject.com/",0.9285704713245431,"hxxp://tap-cdn.rubiconproject.com/",0.9285704713245431,"hxxp://tap.rubiconproject.com/",1.063489001440322,"hxxp://www.google-analytics.com/",1.063489001440322]],["hxxp://chunga-stock.deviantart.com/",["hxxp://a.deviantart.net/",1.748281162911795,"hxxp://b.scorecardresearch.com/",1.159749385369138,"hxxp://e.deviantart.net/",1.012616440983474,"hxxp://pixel.quantserve.com/",1.012616440983474,"hxxp://s.deviantart.net/",1.012616440983474,"hxxp://sh.deviantart.net/",2.042547051683122,"hxxp://st.deviantart.net/",9.104913382914267,"hxxp://th01.deviantart.net/",1.159749385369138,"hxxp://th04.deviantart.net/",1.159749385369138,"hxxp://th06.deviantart.net/",1.012616440983474]],["hxxp://citi.bridgetrack.com.edgesuite.net/",["hxxp://citi.bridgetrack.com/",29.37603130157115]],["hxxp://click.get-amazing-results.com/",["hxxp://b.scorecardresearch.com/",2.253575376373089]],["hxxp://comments.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.072833553331609,"hxxp://e.deviantart.net/",1.072833553331609,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://sh.deviantart.net/",1.696363652564481,"hxxp://st.deviantart.com/",1.072833553331609,"hxxp://th00.deviantart.net/",1.072833553331609,"hxxp://th03.deviantart.net/",1.072833553331609,"hxxp://th05.deviantart.net/",1.384598602948045,"hxxp://th06.deviantart.net/",1.072833553331609,"hxxp://www.google-analytics.com/",1.072833553331609]],["hxxp://cti.w55c.net/",["hxxp://bh.contextweb.com/",0.1231990921097983,"hxxp://cms.ad.yieldmanager.net/",0.4285344500557172,"hxxp://dpm.demdex.net/",0.4908014641028511,"hxxp://i.w55c.net/",0.1028300688860932,"hxxp://r.openx.net/",0.1231990921097983]],["hxxp://d.agkn.com/",["hxxp://adadvisor.net/",0.5702076562577075,"hxxp://api.bizographics.com/",0.7260901810659250,"hxxp://d.agkn.com/",1.550210661186142,"hxxp://pbid.pro-market.net/",0.7260901810659250,"hxxp://r.nexac.com/",0.7260901810659250,"hxxp://rd.rlcdn.com/",0.7260901810659250]],["hxxp://d.xp1.ru4.com/",["hxxp://adadvisor.net/",0.9837878234312198,"hxxp://bid.openx.net/",0.9837878234312198,"hxxp://cm.g.doubleclick.net/",0.9837878234312198,"hxxp://hxxp.content.ru4.com/",1.126730968734541,"hxxp://image2.pubmatic.com/",0.9837878234312198,"hxxp://load.s3.amazonaws.com/",0.9837878234312198,"hxxp://loadm.exelator.com/",0.9837878234312198,"hxxp://m.xp1.ru4.com/",1.412617259341183,"hxxp://r.nexac.com/",0.9837878234312198,"hxxp://tags.bluekai.com/",0.9837878234312198]],["hxxp://d3.zedo.com/",["hxxp://ad.yieldmanager.com/",1.072833553331609,"hxxp://adnxs.revsci.net/",1.072833553331609,"hxxp://ads.revsci.net/",1.228716078139827,"hxxp://d14.zedo.com/",1.384598602948045,"hxxp://d3.zedo.com/",1.228716078139827,"hxxp://d7.zedo.com/",1.072833553331609,"hxxp://ib.adnxs.com/",1.072833553331609,"hxxp://m1.zedo.com/",1.072833553331609]],["hxxp://dareyoutomoveyour.proboards.com/",["hxxp://api.solvemedia.com/",1.873010181655479,"hxxp://cdn.gigya.com/",1.063489001440322,"hxxp://cdn.viglink.com/",0.9285704713245431,"hxxp://gscounters.gigya.com/",0.9285704713245431,"hxxp://i86.photobucket.com/",0.9285704713245431,"hxxp://images.proboards.com/",7.809510502673855,"hxxp://input.insights.gravity.com/",0.9285704713245431,"hxxp://iycatacombs.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.198407531556101,"hxxp://www4.cbox.ws/",1.603168121663680]],["hxxp://dashsociety.com/",["hxxp://d15gt9gwxw5wu0.cloudfront.net/",1.461219049559447,"hxxp://d1nfmblh2wz0fd.cloudfront.net/",2.202733194112002,"hxxp://dashsociety.com/",25.37333180866088,"hxxp://www.google-analytics.com/",1.252973184094133]],["hxxp://demr.opt.fimserve.com/",["hxxp://ad.turn.com/",0.5291396256343607,"hxxp://cache.fimservecdn.com/",0.7436443392736887,"hxxp://demr.opt.fimserve.com/",0.5291396256343607,"hxxp://download.myads.com/",0.4880415964495655,"hxxp://fim.adnxs.com/",0.5291396256343607,"hxxp://rtb.media6degrees.com/",0.5291396256343607,"hxxp://tag.admeld.com/",0.1948056582879783,"hxxp://trgca.opt.fimserve.com/",0.4257795821626733,"hxxp://trgj.opt.fimserve.com/",0.5201200581587683,"hxxp://www.burstnet.com/",0.1590023751988883]],["hxxp://dm.de.mookie1.com/",["hxxp://a.collective-media.net/",0.6492988635173518,"hxxp://b3.mookie1.com/",0.6492988635173518,"hxxp://bh.contextweb.com/",1.012616440983474,"hxxp://imagen01.247realmedia.com/",0.2828314370991106,"hxxp://matcher-apx.bidder7.mookie1.com/",1.012616440983474,"hxxp://matcher-cwb.bidder7.mookie1.com/",1.012616440983474,"hxxp://matcher.bidder7.mookie1.com/",1.012616440983474,"hxxp://matcher.bidder8.mookie1.com/",1.159749385369138,"hxxp://network.realmedia.com/",0.2828314370991106,"hxxp://su.addthis.com/",0.6492988635173518]],["hxxp://downloadandsave-a.akamaihd.net/",["hxxp://trkjmp.com/",2.698174007732888]],["hxxp://ds.serving-sys.com/",["hxxp://ds.serving-sys.com/",1.126730968734541]],["hxxp://edge.sharethis.com/",["hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.313228117939032,"hxxp://edge.sharethis.com/",0.3929685855814530,"hxxp://w.sharethis.com/",1.022499242866940,"hxxp://www.google-analytics.com/",0.4500664735089003]],["hxxp://ei.rlcdn.com/",["hxxp://a.triggit.com/",1.857229544077419,"hxxp://d.agkn.com/",1.857229544077419,"hxxp://d.audienceiq.com/",1.857229544077419,"hxxp://d.turn.com/",1.857229544077419,"hxxp://qa.rlcdn.com/",2.127083409456189,"hxxp://s.ixiaa.com/",0.3524044029026939,"hxxp://sa.jumptap.com/",2.127083409456189,"hxxp://segment-pixel.invitemedia.com/",0.6222582682814639,"hxxp://tags.bluekai.com/",0.4036084614441109,"hxxps://xedge.aperture.displaymarketplace.com/",0.3524044029026939]],["hxxp://emlis.deviantart.com/",["hxxp://ad.xtendmedia.com/",1.063489001440322,"hxxp://ad.yieldmanager.com/",0.9285704713245431,"hxxp://content.yieldmanager.edgesuite.net/",1.063489001440322,"hxxp://ib.adnxs.com/",1.198407531556101,"hxxp://optimized-by.rubiconproject.com/",2.277770771763057,"hxxp://partner.googleadservices.com/",1.46824959154790,"hxxp://sh.deviantart.net/",3.626976071961812,"hxxp://st.deviantart.net/",6.99998932245870,"hxxp://tap-cdn.rubiconproject.com/",1.063489001440322,"hxxp://tap2-cdn.rubiconproject.com/",1.873010181655479]],["hxxp://en.wikipedia.org/",["hxxp://bits.wikimedia.org/",4.010582676487776,"hxxp://en.wikipedia.org/",1.083643034973644,"hxxp://geoiplookup.wikimedia.org/",0.4866416635819570,"hxxp://meta.wikimedia.org/",0.6215601936977357,"hxxp://upload.wikimedia.org/",4.644067298361390]],["hxxp://facebook.com/",["hxxps://facebook.com/",1.873207336400136,"hxxps://www.facebook.com/",1.873207336400136]],["hxxp://fairiegoodmother.deviantart.com/",["hxxp://a.deviantart.net/",1.215356718774648,"hxxp://e.deviantart.net/",1.309697194770743,"hxxp://st.deviantart.net/",0.8379848152697840,"hxxp://th01.deviantart.net/",1.309697194770743,"hxxp://th04.deviantart.net/",1.121011243018312,"hxxp://th05.deviantart.net/",1.121011243018312,"hxxp://th06.deviantart.net/",1.026670767022216,"hxxp://th07.deviantart.net/",1.592728622279513,"hxxp://th08.deviantart.net/",1.592728622279513,"hxxp://th09.deviantart.net/",1.309697194770743]],["hxxp://fezkitt.com/",["hxxp://i221.photobucket.com/",0.8272553297916125,"hxxp://i51.tinypic.com/",0.8272553297916125,"hxxp://i56.tinypic.com/",0.9474545657565353]],["hxxp://formasilvestrisv2.proboards.com/",["hxxp://downloadandsave-a.akamaihd.net/",0.1348790760030998,"hxxp://gscounters.gigya.com/",0.07812302917011230,"hxxp://i285.photobucket.com/",0.08947423853670983,"hxxp://i46.tinypic.com/",0.1121766572699048,"hxxp://i47.tinypic.com/",0.08947423853670983,"hxxp://i48.tinypic.com/",0.1348790760030998,"hxxp://images.proboards.com/",0.1575814947362949,"hxxp://optstatic.dealply.com/",0.07812302917011230,"hxxp://www.google-analytics.com/",0.07812302917011230,"hxxp://www3.cbox.ws/",0.1121766572699048]],["hxxp://forsakewolf.deviantart.com/",["hxxp://a.deviantart.net/",2.475776276605569,"hxxp://b.scorecardresearch.com/",1.072833553331609,"hxxp://e.deviantart.net/",1.384598602948045,"hxxp://fc01.deviantart.net/",1.072833553331609,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://st.deviantart.net/",1.072833553331609,"hxxp://th04.deviantart.net/",1.228716078139827,"hxxp://th08.deviantart.net/",1.228716078139827,"hxxp://www.google-analytics.com/",1.072833553331609,"hxxps://s.deviantart.com/",1.072833553331609]],["hxxp://funnyjunk.com/",["hxxp://pixel.quantserve.com/",1.967674022654115,"hxxp://static1.fjcdn.com/",6.542095682157697,"hxxp://static2.fjcdn.com/",9.401109219347436,"hxxp://static3.fjcdn.com/",6.827997035876671,"hxxp://static4.fjcdn.com/",6.827997035876671,"hxxp://www.google-analytics.com/",2.539476730092063,"hxxp://x1.fjcdn.com/",3.111279437530011,"hxxp://x2.fjcdn.com/",5.398490267281802,"hxxp://x3.fjcdn.com/",1.967674022654115,"hxxp://x4.fjcdn.com/",10.25881328050436]],["hxxp://fw.adsafeprotected.com/",["hxxp://fw.adsafeprotected.com/",0.584296980618140,"hxxp://view.atdmt.com/",0.584296980618140]],["hxxp://get.adobe.com/",["hxxp://stats.adobe.com/",2.5295730496120,"hxxp://www.adobe.com/",2.5295730496120,"hxxp://www.adobetag.com/",2.2086570657060,"hxxp://wwwimages.adobe.com/",17.29170830928799]],["hxxp://googleads.g.doubleclick.net/",["hxxp://google.com/",0.1921407860792804,"hxxp://googleads.g.doubleclick.net/",0.2464581813424942,"hxxp://p4.hgps4rm4whykg.afpjrvlkqyjivwsi.if.v4.ipv6-exp.l.google.com/",0.1129745824160140,"hxxp://pagead2.googlesyndication.com/",0.5104405223313031,"hxxps://googleads.g.doubleclick.net/",0.1921407860792804]],["hxxp://grooveshark.com/",["hxxp://grooveshark.com/",1.333331061432122,"hxxps://grooveshark.com/",1.063489001440322]],["hxxp://hoofprince.com/",["hxxp://www.hoofprince.com/",1.333331061432122]],["hxxp://horseeden.com/",["hxxp://www.horseeden.com/",1.635377706000218]],["hxxp://humblebeez.deviantart.com/",["hxxp://e.deviantart.net/",1.852246177372699,"hxxp://fc00.deviantart.com/",1.072833553331609,"hxxp://fc04.deviantart.com/",1.072833553331609,"hxxp://fc05.deviantart.com/",1.072833553331609,"hxxp://fc05.deviantart.net/",1.072833553331609,"hxxp://fc09.deviantart.com/",1.072833553331609,"hxxp://st.deviantart.net/",1.072833553331609,"hxxp://th02.deviantart.net/",1.228716078139827,"hxxp://th06.deviantart.net/",1.228716078139827,"hxxp://th08.deviantart.net/",1.384598602948045]],["hxxp://ib.adnxs.com/",["hxxp://ad.doubleclick.net/",0.1866710483751241,"hxxp://ad.turn.com/",0.5382041909521267,"hxxp://ads.pointroll.com/",0.6994014608970153,"hxxp://c.betrad.com/",0.6022911177271517,"hxxp://cdn.turn.com/",0.3023005034793530,"hxxp://l.betrad.com/",0.5382041909521267,"hxxp://pagead2.googlesyndication.com/",1.012616440983474,"hxxp://s0.2mdn.net/",0.1866710483751241,"hxxp://www.google-analytics.com/",0.2306089413770682,"hxxp://www.googleadservices.com/",0.2306089413770682]],["hxxp://images.proboards.com/",["hxxp://b.scorecardresearch.com/",0.4982895674182876,"hxxp://optimized-by.rubiconproject.com/",0.3069529161053417,"hxxp://tap-cdn.rubiconproject.com/",0.2219937657092679,"hxxp://www.lijit.com/",0.2219937657092679]],["hxxp://img-cdn.mediaplex.com/",["hxxp://edpn.ebay.com/",3.016560343842289,"hxxp://img-cdn.mediaplex.com/",1.905103642645405]],["hxxp://img.mediaplex.com/",["hxxp://img-cdn.mediaplex.com/",0.4908040099807660]],["hxxp://inecstasy.proboards.com/",["hxxp://adv.netshelter.net/",0.9285704713245431,"hxxp://b.scorecardresearch.com/",1.063489001440322,"hxxp://images.proboards.com/",1.063489001440322,"hxxp://input.insights.gravity.com/",1.46824959154790,"hxxp://ping.crowdscience.com/",0.9285704713245431,"hxxp://s2.images.proboards.com/",1.603168121663680,"hxxp://static.crowdscience.com/",0.9285704713245431,"hxxp://tap-cdn.rubiconproject.com/",0.9285704713245431,"hxxp://tap.rubiconproject.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.198407531556101]],["hxxp://inthemidnighthourx.proboards.com/",["hxxp://api.viglink.com/",0.9285704713245431,"hxxp://b.scorecardresearch.com/",0.9285704713245431,"hxxp://choices.truste.com/",1.333331061432122,"hxxp://i56.tinypic.com/",1.325236449601199,"hxxp://img-cdn.mediaplex.com/",0.9285704713245431,"hxxp://img.mediaplex.com/",0.9285704713245431,"hxxp://ping.crowdscience.com/",0.9285704713245431,"hxxp://tap.rubiconproject.com/",0.9285704713245431,"hxxp://tap2-cdn.rubiconproject.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.063489001440322]],["hxxp://jcspenny.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.126730968734541,"hxxp://edge.quantserve.com/",0.9837878234312198,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://sh.deviantart.net/",0.9837878234312198,"hxxp://st.deviantart.net/",1.698508549708066,"hxxp://th02.deviantart.net/",0.9837878234312198,"hxxp://th04.deviantart.net/",0.9837878234312198,"hxxp://th06.deviantart.net/",0.9837878234312198,"hxxp://th07.deviantart.net/",0.9837878234312198,"hxxp://www.google-analytics.com/",1.126730968734541]],["hxxp://jetpack.wordpress.com/",["hxxp://1.gravatar.com/",0.7398066120404562,"hxxp://edge.quantserve.com/",0.7398066120404562,"hxxp://pixel.quantserve.com/",0.7398066120404562,"hxxp://s.gravatar.com/",1.617019147398815,"hxxp://s0.wp.com/",0.7398066120404562,"hxxp://s1.wp.com/",2.932837950436353,"hxxp://s2.wp.com/",1.178412879719636]],["hxxp://kallieee.deviantart.com/",["hxxp://e.deviantart.net/",1.696363652564481,"hxxp://fc01.deviantart.net/",1.072833553331609,"hxxp://sh.deviantart.net/",1.696363652564481,"hxxp://st.deviantart.net/",29.40797976951408,"hxxp://th00.deviantart.net/",1.072833553331609,"hxxp://th01.deviantart.net/",1.072833553331609,"hxxp://th02.deviantart.net/",1.072833553331609,"hxxp://th05.deviantart.net/",1.072833553331609,"hxxp://th06.deviantart.net/",1.072833553331609,"hxxp://www.da-ads.com/",1.540481127756263]],["hxxp://l.yimg.com/",["hxxp://l.yimg.com/",0.9337860894933862,"hxxp://prod.rest-core.msg.yahoo.com/",0.7002200362575015,"hxxp://us.bc.yahoo.com/",1.607484013446973]],["hxxp://landing.widdit.com/",["hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.313228117939032]],["hxxp://loadus.exelator.com/",["hxxp://d.turn.com/",1.012616440983474]],["hxxp://media.adfrontiers.com/",["hxxp://b.scorecardresearch.com/",0.6492988635173518,"hxxp://b3.mookie1.com/",0.6492988635173518,"hxxp://ib.adnxs.com/",0.6492988635173518,"hxxp://lm.trafficmp.com/",0.8379848152697840,"hxxp://media.trafficmp.com/",0.6492988635173518,"hxxp://pagead2.googlesyndication.com/",1.072833553331609,"hxxp://pixel.quantserve.com/",0.8051813883255697,"hxxp://rs.gwallet.com/",0.6492988635173518,"hxxp://tags.bluekai.com/",0.6492988635173518,"hxxp://view.atdmt.com/",0.6492988635173518]],["hxxp://media.fastclick.net/",["hxxp://bs.serving-sys.com/",0.3857165033478598,"hxxp://cdn.fastclick.net/",1.843921576570668,"hxxp://ib.adnxs.com/",0.3857165033478598]],["hxxp://mig.nexac.com/",["hxxp://dm.de.mookie1.com/",0.7383495931779832,"hxxp://t.mookie1.com/",0.7383495931779832]],["hxxp://moonlightequines.proboards.com/",["hxxp://adv.netshelter.net/",0.9285704713245431,"hxxp://i53.tinypic.com/",1.063489001440322,"hxxp://i55.tinypic.com/",1.46824959154790,"hxxp://i56.tinypic.com/",1.198407531556101,"hxxp://ic.tynt.com/",0.9285704713245431,"hxxp://input.insights.gravity.com/",1.198407531556101,"hxxp://tap-cdn.rubiconproject.com/",0.9285704713245431,"hxxp://tap.rubiconproject.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.198407531556101,"hxxp://www2.cbox.ws/",1.063489001440322]],["hxxp://my.deviantart.com/",["hxxp://a.deviantart.net/",1.852246177372699,"hxxp://b.scorecardresearch.com/",1.072833553331609,"hxxp://e.deviantart.net/",1.072833553331609,"hxxp://i.deviantart.net/",1.228716078139827,"hxxp://my.deviantart.com/",1.072833553331609,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://sh.deviantart.net/",1.696363652564481,"hxxp://st.deviantart.com/",1.072833553331609,"hxxp://st.deviantart.net/",8.506192093999518,"hxxp://th02.deviantart.net/",1.228716078139827]],["hxxp://network.realmedia.com/",["hxxp://imagen01.247realmedia.com/",0.4034724752904013,"hxxp://network.realmedia.com/",0.2284991361144462,"hxxp://wxtarget.direct.weatherbug.com/",0.2284991361144462]],["hxxp://objects.tremormedia.com/",["hxxp://adserver.adtechus.com/",0.9837878234312198,"hxxp://dc.tremormedia.com/",0.9837878234312198]],["hxxp://p4.hgps4rm4whykg.afpjrvlkqyjivwsi.if.v4.ipv6-exp.l.google.com/",["hxxp://p4.hgps4rm4whykg.afpjrvlkqyjivwsi.if.v4.ipv6-exp.l.google.com/",0.9021317391677071]],["hxxp://pagead2.googlesyndication.com/",["hxxp://pagead2.googlesyndication.com/",2.164011226989135]],["hxxp://pbid.pro-market.net/",["hxxp://pbid.pro-market.net/",0.9837878234312198,"hxxp://tag.admeld.com/",0.7557987564206764]],["hxxp://photobucket.com/",["hxxp://b.scorecardresearch.com/",1.857229544077419,"hxxp://bcp.crwdcntrl.net/",2.127083409456189,"hxxp://connect.facebook.net/",1.857229544077419,"hxxp://pic.pbsrc.com/",2.396937274834959,"hxxp://rc.rlcdn.com/",2.666791140213729,"hxxp://static.ak.facebook.com/",2.666791140213729,"hxxp://www.facebook.com/",2.666791140213729,"hxxp://www.google-analytics.com/",2.127083409456189,"hxxps://s-static.ak.facebook.com/",2.127083409456189,"hxxps://www.facebook.com/",2.666791140213729]],["hxxp://pinit-cdn.pinterest.com/",["hxxp://api.pinterest.com/",0.7398066120404562,"hxxp://pinit-cdn.pinterest.com/",1.178412879719636]],["hxxp://pixel.invitemedia.com/",["hxxp://ad.doubleclick.net/",0.3650224957084597,"hxxp://ad.yieldmanager.com/",0.2828314370991106,"hxxp://adadvisor.net/",0.2828314370991106,"hxxp://pixel.invitemedia.com/",0.3239294662839058,"hxxp://segment-pixel.invitemedia.com/",0.3650224957084597]],["hxxp://platform.twitter.com/",["hxxp://cdn.api.twitter.com/",0.07156134883901637,"hxxp://p.twitter.com/",0.07604524521241429,"hxxp://r.twimg.com/",0.09025354727480872]],["hxxp://player.pureplay.com/",["hxxp://player.pureplay.com/",3.683082144967959,"hxxp://static.pureplay.com/",3.397180791248985]],["hxxp://premium.mookie1.com/",["hxxp://imagen04.247realmedia.com/",0.9021317391677071]],["hxxp://prenilj.blog.com/",["hxxp://5.cdn.blog.com/",1.063489001440322,"hxxp://bid.openx.net/",1.333331061432122,"hxxp://breeding-stallions.com/",0.9285704713245431,"hxxp://c.statcounter.com/",0.9285704713245431,"hxxp://in.monlinks.info/",2.412694301639077,"hxxp://pixel.quantserve.com/",0.9285704713245431,"hxxp://r.openx.net/",0.9285704713245431,"hxxp://www.breeding-stallions.com/",0.9285704713245431,"hxxp://www.google-analytics.com/",1.063489001440322,"hxxp://www.wtp101.com/",0.9285704713245431]],["hxxp://prod1.rest-notify.msg.yahoo.com/",["hxxp://prod1.rest-notify.msg.yahoo.com/",1.841050066682858]],["hxxp://prod2.rest-core.msg.yahoo.com/",["hxxp://mail.yimg.com/",1.607484013446973]],["hxxp://puma.vizu.com/",["hxxp://cheetah.vizu.com/",0.5879868036763369,"hxxp://puma.vizu.com/",1.211516902909208]],["hxxp://rc.rlcdn.com/",["hxxp://a.triggit.com/",0.3524044029026939,"hxxp://bcp.crwdcntrl.net/",0.06686780510316250,"hxxp://d.turn.com/",0.3524044029026939,"hxxp://i.w55c.net/",0.3524044029026939,"hxxp://idsync.rlcdn.com/",0.6674954293316393,"hxxp://log.dmtry.com/",1.857229544077419,"hxxp://p.rfihub.com/",1.857229544077419,"hxxp://segment-pixel.invitemedia.com/",0.3524044029026939,"hxxp://sync.mathtag.com/",0.06686780510316250,"hxxp://tags.bluekai.com/",0.3524044029026939]],["hxxp://resources.infolinks.com/",["hxxp://rt1703.infolinks.com/",1.033210453418045]],["hxxp://rs.gwallet.com/",["hxxp://image2.pubmatic.com/",0.9837878234312198,"hxxp://media.adfrontiers.com/",0.6492988635173518,"hxxp://r.openx.net/",0.4285344500557172,"hxxp://rs.gwallet.com/",0.2593575627654591,"hxxp://srv.clickfuse.com/",0.2593575627654591,"hxxp://tag.admeld.com/",0.3216245768125931]],["hxxp://runnaway-love.deviantart.com/",["hxxp://e.deviantart.com/",1.555560404644504,"hxxp://e.deviantart.net/",1.269674114037862,"hxxp://fc08.deviantart.net/",0.9837878234312198,"hxxp://sh.deviantart.net/",1.269674114037862,"hxxp://st.deviantart.net/",0.9837878234312198,"hxxp://th00.deviantart.net/",0.9837878234312198,"hxxp://th03.deviantart.net/",0.9837878234312198,"hxxp://th05.deviantart.net/",0.9837878234312198,"hxxp://th07.deviantart.net/",0.9837878234312198,"hxxp://th08.deviantart.net/",0.9837878234312198]],["hxxp://s0.2mdn.net/",["hxxp://csi.gstatic.com/",0.4667476175811904,"hxxp://dynamicads.g.doubleclick.net/",0.7088260089521662,"hxxp://s0.2mdn.net/",0.7909270718771693]],["hxxp://s7.addthis.com/",["hxxp://ad.yieldmanager.com/",1.198407531556101,"hxxp://d.turn.com/",0.9285704713245431,"hxxp://i.w55c.net/",0.9285704713245431,"hxxp://ib.adnxs.com/",1.198407531556101,"hxxp://p.addthis.com/",0.9285704713245431,"hxxp://pixel.quantserve.com/",0.9285704713245431,"hxxp://segment-pixel.invitemedia.com/",0.9285704713245431,"hxxp://va.px.invitemedia.com/",0.9285704713245431,"hxxp://www.googleadservices.com/",0.9285704713245431,"hxxps://d.p-td.com/",0.9285704713245431]],["hxxp://s97.photobucket.com/",["hxxp://d.audienceiq.com/",1.857229544077419,"hxxp://ei.rlcdn.com/",2.666791140213729,"hxxp://i97.photobucket.com/",14.00065348612207,"hxxp://pic.pbsrc.com/",10.22269937081929,"hxxp://s97.photobucket.com/",2.666791140213729,"hxxp://static.ak.facebook.com/",2.666791140213729,"hxxp://www.facebook.com/",2.666791140213729,"hxxp://www.google-analytics.com/",2.666791140213729,"hxxps://s-static.ak.facebook.com/",2.127083409456189,"hxxps://www.facebook.com/",2.666791140213729]],["hxxp://seg.sharethis.com/",["hxxp://b.scorecardresearch.com/",1.313228117939032,"hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.313228117939032]],["hxxp://slime-stock.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.072833553331609,"hxxp://e.deviantart.net/",1.696363652564481,"hxxp://fc02.deviantart.net/",1.072833553331609,"hxxp://fc04.deviantart.net/",1.072833553331609,"hxxp://fc06.deviantart.net/",1.072833553331609,"hxxp://fc08.deviantart.net/",1.228716078139827,"hxxp://fc09.deviantart.net/",1.072833553331609,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://www.google-analytics.com/",1.072833553331609,"hxxps://s.deviantart.com/",1.228716078139827]],["hxxp://smexyhajisan.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.007726675467327,"hxxp://edge.quantserve.com/",0.7808175566689386,"hxxp://pixel.quantserve.com/",0.7808175566689386,"hxxp://st.deviantart.net/",1.121176235106280,"hxxp://www.google-analytics.com/",0.8942721160681324]],["hxxp://spe.atdmt.com/",["hxxp://cimage.adobe.com/",0.9837878234312198,"hxxp://starwoodhotelsandres.tt.omtrdc.net/",1.269674114037862]],["hxxp://speed.pointroll.com/",["hxxp://control.ads.pointroll.com/",3.783163582144759,"hxxp://speed.pointroll.com/",17.82278032625644]],["hxxp://spiritofthewild.gotop100.com/",["hxxp://i12.photobucket.com/",0.05065257100622406,"hxxp://i123.photobucket.com/",0.05065257100622406,"hxxp://i3.photobucket.com/",0.05065257100622406,"hxxp://i51.tinypic.com/",0.05065257100622406,"hxxp://i53.tinypic.com/",0.05065257100622406,"hxxp://i61.photobucket.com/",0.05065257100622406,"hxxp://img.photobucket.com/",0.05801221808165213,"hxxp://s7.addthis.com/",0.06537186515708018,"hxxp://spiritofthewild.gotop100.com/",0.05801221808165213,"hxxp://www.facebook.com/",0.05065257100622406]],["hxxp://stock-jm.deviantart.com/",["hxxp://a.deviantart.net/",1.696363652564481,"hxxp://adsrv.deviantart.com/",1.072833553331609,"hxxp://b.scorecardresearch.com/",1.072833553331609,"hxxp://e.deviantart.net/",1.228716078139827,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://sh.deviantart.net/",1.484363818806123,"hxxp://th00.deviantart.net/",1.072833553331609,"hxxp://th07.deviantart.net/",1.072833553331609,"hxxp://th09.deviantart.net/",1.072833553331609,"hxxp://www.google-analytics.com/",1.072833553331609]],["hxxp://support.proboards.com/",["hxxp://ad.yieldmanager.com/",0.9285704713245431,"hxxp://adserving.cpxinteractive.com/",0.9285704713245431,"hxxp://adx.adnxs.com/",0.9285704713245431,"hxxp://cm.g.doubleclick.net/",0.9285704713245431,"hxxp://i19.photobucket.com/",1.333331061432122,"hxxp://ib.adnxs.com/",0.9285704713245431,"hxxp://images.proboards.com/",3.087296951738456,"hxxp://input.insights.gravity.com/",1.333331061432122,"hxxp://pixel.quantserve.com/",0.9285704713245431,"hxxp://s2.images.proboards.com/",1.063489001440322]],["hxxp://synfuleve.deviantart.com/",["hxxp://a.deviantart.net/",1.860660773859074,"hxxp://b.scorecardresearch.com/",0.4285344500557172,"hxxp://e.deviantart.net/",0.5530684781499849,"hxxp://fc09.deviantart.net/",0.4285344500557172,"hxxp://pixel.quantserve.com/",0.4285344500557172,"hxxp://th01.deviantart.net/",0.4908014641028511,"hxxp://th05.deviantart.net/",0.4285344500557172,"hxxp://th08.deviantart.net/",0.4285344500557172,"hxxp://th09.deviantart.net/",0.4285344500557172,"hxxp://www.google-analytics.com/",0.4285344500557172]],["hxxp://tap2-cdn.rubiconproject.com/",["hxxp://ib.adnxs.com/",1.204228275505104,"hxxp://match.adsrvr.org/",1.379201614681059,"hxxp://pixel.quantserve.com/",0.1313423476080621,"hxxp://pixel.rubiconproject.com/",1.379201614681059,"hxxp://rp.gwallet.com/",1.204228275505104]],["hxxp://text-enhance.com/",["hxxp://code.jquery.com/",1.857229544077419,"hxxp://downloadandsave-a.akamaihd.net/",2.666791140213729,"hxxp://fonts.googleapis.com/",1.857229544077419,"hxxp://static.dealply.com/",1.857229544077419,"hxxp://text-enhance.com/",9.143283909304211,"hxxp://themes.googleusercontent.com/",2.127083409456189,"hxxp://trkjmp.com/",1.857229544077419]],["hxxp://th08.deviantart.net/",["hxxp://s.deviantart.com/",0.7080710451557059]],["hxxp://thesaurus.superglossary.com/",["hxxp://l.sharethis.com/",0.9021317391677071,"hxxp://resources.infolinks.com/",0.9021317391677071,"hxxp://router.infolinks.com/",0.9021317391677071,"hxxp://seg.sharethis.com/",0.9021317391677071,"hxxp://w.sharethis.com/",1.819687738680315,"hxxp://wd-edge.sharethis.com/",0.9021317391677071,"hxxp://www.facebook.com/",1.164289167668384,"hxxp://www.google-analytics.com/",1.033210453418045,"hxxp://www.superglossary.com/",1.557530310179639,"hxxps://plusone.google.com/",1.033210453418045]],["hxxp://this.content.served.by.adshuffle.com/",["hxxp://media2.adshuffle.com/",0.5891467480523553,"hxxp://this.content.served.by.adshuffle.com/",0.5002760097604164]],["hxxp://tools.google.com/",["hxxp://fonts.googleapis.com/",0.3254143950756193,"hxxp://themes.googleusercontent.com/",0.3254143950756193,"hxxp://tools.google.com/",0.6969715774196662,"hxxp://www.google-analytics.com/",0.3254143950756193,"hxxp://www.google.com/",0.4079804357030780]],["hxxp://tracker.bidder7.mookie1.com/",["hxxp://ad.doubleclick.net/",1.012616440983474,"hxxp://b3.mookie1.com/",1.012616440983474]],["hxxp://twiil.deviantart.com/",["hxxp://b.scorecardresearch.com/",1.126730968734541,"hxxp://e.deviantart.com/",1.698508549708066,"hxxp://e.deviantart.net/",1.412617259341183,"hxxp://edge.quantserve.com/",0.9837878234312198,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://st.deviantart.net/",1.698508549708066,"hxxp://th02.deviantart.net/",0.9837878234312198,"hxxp://th05.deviantart.net/",0.9837878234312198,"hxxp://www.google-analytics.com/",1.126730968734541,"hxxps://s.deviantart.com/",0.9837878234312198]],["hxxp://udmserve.net/",["hxxp://ads.pubmatic.com/",1.803057031500892,"hxxp://cdn.udmserve.net/",0.5245618368100231,"hxxp://cm.g.doubleclick.net/",0.5245618368100231,"hxxp://edge.quantserve.com/",0.8745085151619337,"hxxp://image2.pubmatic.com/",0.5245618368100231,"hxxp://pixel.quantserve.com/",0.9507269017069798,"hxxp://pixel.rubiconproject.com/",1.204228275505104,"hxxp://showadsak.pubmatic.com/",0.6995351759859783,"hxxp://udmserve.net/",1.026945288252026,"hxxp://view.atdmt.com/",0.9507269017069798]],["hxxp://um.eqads.com/",["hxxp://tag.admeld.com/",0.9837878234312198]],["hxxp://us.mg6.mail.yahoo.com/",["hxxp://36ohk6dgmcd1n-c.c.yom.mail.yahoo.net/",2.308182173154628,"hxxp://3cp9lcoq32dpn-c.c.yom.mail.yahoo.com/",2.308182173154628,"hxxp://chrome.dealply.com/",1.841050066682858,"hxxp://downloadandsave-a.akamaihd.net/",1.607484013446973,"hxxp://image-c.c.yom.mail.yahoo.net/",1.607484013446973,"hxxp://l.yimg.com/",3.476012439334053,"hxxp://mail.yimg.com/",5.344540865221132,"hxxp://optstatic.dealply.com/",1.607484013446973,"hxxp://ucs.query.yahoo.com/",1.607484013446973,"hxxp://us.mg6.mail.yahoo.com/",2.308182173154628]],["hxxp://view.atdmt.com/",["hxxp://ad.doubleclick.net/",0.9507269017069798,"hxxp://spe.atdmt.com/",0.07759915410237296]],["hxxp://web.reachmode.com/",["hxxp://static.cdn.reachmode.com/",0.8326200725306984]],["hxxp://webcache.googleusercontent.com/",["chrome-extension://jmfkcklnlgedgbglfkkgedjfmejoahla/",0.4642627367411853,"hxxp://canisnovus.com/",1.408657449229947,"hxxp://www.hababeri.com/",0.4642627367411853,"hxxp://www.topwebgames.com/",0.6666330322744912]],["hxxp://wildequinesversion2.proboards.com/",["hxxp://cdn.gigya.com/",0.9285704713245431,"hxxp://fc00.deviantart.net/",0.9285704713245431,"hxxp://gradients.proboards.com/",0.9285704713245431,"hxxp://gscounters.gigya.com/",0.9285704713245431,"hxxp://i545.photobucket.com/",1.063489001440322,"hxxp://images.proboards.com/",0.9285704713245431]],["hxxp://wildhorsedreams.proboards.com/",["hxxp://dravu.com/",0.9285704713245431,"hxxp://i137.photobucket.com/",0.9285704713245431,"hxxp://i157.photobucket.com/",0.9285704713245431,"hxxp://i51.tinypic.com/",0.9285704713245431,"hxxp://i53.tinypic.com/",0.9285704713245431,"hxxp://i557.photobucket.com/",0.9285704713245431,"hxxp://img.photobucket.com/",3.357134011970013,"hxxp://img51.imageshack.us/",0.9285704713245431,"hxxp://widgets.twimg.com/",0.9285704713245431,"hxxp://www.equinus-sapientia.net/",0.9285704713245431]],["hxxp://wm.clearspring.com/",["hxxp://cam.clearspring.com/",1.748281162911795,"hxxp://googleads.g.doubleclick.net/",0.9837878234312198,"hxxp://i2.ytimg.com/",1.012616440983474,"hxxp://o-o.preferred.airstream-msp1.v18.lscache8.c.youtube.com/",1.012616440983474,"hxxp://s.youtube.com/",1.012616440983474,"hxxp://s.ytimg.com/",1.012616440983474,"hxxp://ut.addthis.com/",1.012616440983474,"hxxp://va.px.invitemedia.com/",0.9837878234312198,"hxxp://www.googleadservices.com/",0.9837878234312198,"hxxp://www.youtube.com/",1.159749385369138]],["hxxp://wrstables.proboards.com/",["hxxp://gscounters.gigya.com/",0.9285704713245431,"hxxp://i51.tinypic.com/",0.9285704713245431,"hxxp://i54.tinypic.com/",1.333331061432122,"hxxp://i55.tinypic.com/",0.9285704713245431,"hxxp://i56.tinypic.com/",1.333331061432122,"hxxp://images.proboards.com/",0.9285704713245431,"hxxp://img27.imageshack.us/",0.9285704713245431,"hxxp://s3.images.proboards.com/",0.9285704713245431,"hxxp://www.satisfaction.com/",0.9285704713245431,"hxxp://www7.cbox.ws/",1.063489001440322]],["hxxp://www.andalusians-for-you.com/",["hxxp://banners.copyscape.com/",0.4044806035340565,"hxxp://graphics.sitesell.com/",0.9267855569183426,"hxxp://www.andalusians-for-you.com/",9.763971778422947]],["hxxp://www.anymeeting.com/",["hxxp://ajax.googleapis.com/",1.313228117939032,"hxxp://d15gt9gwxw5wu0.cloudfront.net/",1.313228117939032,"hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.374287613337223,"hxxp://loading5.widdit.com/",0.8667305578397613,"hxxp://pixel.quantserve.com/",1.313228117939032,"hxxp://trk.kissmetrics.com/",1.118600976357299,"hxxp://www.adobe.com/",1.313228117939032,"hxxp://www.anymeeting.com/",4.967760570124760,"hxxp://www.google-analytics.com/",1.183476690217876,"hxxp://wwwimages.adobe.com/",1.313228117939032]],["hxxp://www.arcticlights-sim.com/",["hxxp://a0.twimg.com/",0.9204808592538624,"hxxp://api.twitter.com/",0.9204808592538624,"hxxp://i.imgur.com/",0.8037014592940981,"hxxp://i97.photobucket.com/",0.8037014592940981,"hxxp://widgets.twimg.com/",1.387588459572438,"hxxp://www.arcticlights-sim.com/",3.714056896087308,"hxxp://www.google-analytics.com/",0.4677675686704482,"hxxp://www.thetrevorproject.org/",0.8037014592940981]],["hxxp://www.avg.com/",["hxxp://chrome.dealply.com/",2.127083409456189,"hxxp://crownchrome.dealply.com/",1.857229544077419,"hxxp://downloadandsave-a.akamaihd.net/",2.666791140213729,"hxxp://platform.twitter.com/",2.396937274834959,"hxxp://servedby.dealply.com/",2.127083409456189,"hxxp://siteintercept.qualtrics.com/",1.857229544077419,"hxxp://static.dealply.com/",1.857229544077419,"hxxp://tbupdate.zugo.com/",2.127083409456189,"hxxp://www.avg.com/",8.333722313167902,"hxxps://www.facebook.com/",2.666791140213729]],["hxxp://www.bing.com/",["hxxp://www.msn.com/",1.107357079159374]],["hxxp://www.cbox.ws/",["hxxp://static.cbox.ws/",0.2110210487180766,"hxxp://www.cbox.ws/",0.3822786099022117]],["hxxp://www.clocklink.com/",["hxxp://www.clocklink.com/",1.198407531556101]],["hxxp://www.da-ads.com/",["hxxp://pubads.g.doubleclick.net/",0.5405890765873026]],["hxxp://www.deviantart.com/",["hxxp://a.deviantart.net/",1.852246177372699,"hxxp://b.scorecardresearch.com/",1.228716078139827,"hxxp://e.deviantart.net/",1.072833553331609,"hxxp://edge.quantserve.com/",1.072833553331609,"hxxp://fc06.deviantart.net/",1.072833553331609,"hxxp://pixel.quantserve.com/",1.072833553331609,"hxxp://sh.deviantart.net/",2.943423851030222,"hxxp://st.deviantart.net/",4.658126624160377,"hxxp://th02.deviantart.net/",1.228716078139827,"hxxp://www.google-analytics.com/",1.228716078139827]],["hxxp://www.doublelequestrian.org/",["hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.275840513421308,"hxxp://www.doublelequestrian.org/",6.837196597565470]],["hxxp://www.effingpot.com/",["hxxp://counter.digits.com/",1.967674022654115,"hxxp://edge.quantserve.com/",1.967674022654115,"hxxp://pixel.quantserve.com/",1.967674022654115,"hxxp://platform.twitter.com/",3.111279437530011,"hxxp://www.effingpot.com/",9.972911926785384,"hxxp://www.facebook.com/",2.253575376373089,"hxxp://www.google-analytics.com/",2.253575376373089,"hxxps://www.facebook.com/",2.253575376373089]],["hxxp://www.equitopia.com/",["hxxp://ajax.googleapis.com/",0.3419836005158153,"hxxp://pagead2.googlesyndication.com/",0.09796530217115333,"hxxp://www.equitopia.com/",138.6539259885768]],["hxxp://www.everestjs.net/",["hxxp://tag.admeld.com/",0.9285704713245431,"hxxp://www.everestjs.net/",0.9285704713245431]],["hxxp://www.forex.com/",["hxxp://now.eloqua.com/",2.135411279032808,"hxxp://server.iad.liveperson.net/",1.895000737684743,"hxxp://www.forex.com/",27.85933920327574,"hxxp://www.google-analytics.com/",2.135411279032808,"hxxps://secure.efxnow.com/",1.654590196336679]],["hxxp://www.glitch.com/",["hxxp://c1.glitch.bz/",7.698475445465131,"hxxp://c2.glitch.bz/",0.3660390548654517,"hxxp://chrome.dealply.com/",1.329087998039039,"hxxp://downloadandsave-a.akamaihd.net/",2.470792663988422,"hxxp://optstatic.dealply.com/",0.6605967335881477,"hxxp://static.dealply.com/",0.3757387774948295,"hxxp://trkjmp.com/",0.3723797177765919,"hxxp://www.glitch.com/",0.7723734977869513,"hxxp://www.google-analytics.com/",1.408457768651733]],["hxxp://www.gmail.com/",["hxxps://accounts.google.com/",1.640176035866176,"hxxps://mail.google.com/",1.640176035866176,"hxxps://www.gmail.com/",1.640176035866176]],["hxxp://www.google.com/",["hxxp://d1nfmblh2wz0fd.cloudfront.net/",0.06355580253827375,"hxxp://www.google.com/",0.3866498203920907,"hxxps://www.google.com/",0.4234284045132922]],["hxxp://www.hoofprince.com/",["hxxp://st1.freeonlineusers.com/",0.9285704713245431]],["hxxp://www.horseeden.com/",["hxxp://badge.stumbleupon.com/",1.542268628449007,"hxxp://platform.twitter.com/",1.95754113416470,"hxxp://www.facebook.com/",1.542268628449007,"hxxp://www.google-analytics.com/",2.251820624987396,"hxxp://www.horseeden.com/",55.64150684129648,"hxxps://apis.google.com/",1.542268628449007,"hxxps://platform.stumbleupon.com/",1.126996122733315,"hxxps://plusone.google.com/",1.542268628449007,"hxxps://ssl.gstatic.com/",1.126996122733315,"hxxps://www.facebook.com/",1.542268628449007]],["hxxp://www.horseedenforums.com/",["hxxp://chrome.dealply.com/",0.05054520242157001,"hxxp://downloadandsave-a.akamaihd.net/",0.08029897530973004,"hxxp://i1098.photobucket.com/",1.911654343229152,"hxxp://i50.tinypic.com/",0.4106904570657662,"hxxp://i97.photobucket.com/",0.4106904570657662,"hxxp://tbupdate.zugo.com/",0.05054520242157001,"hxxp://www.google-analytics.com/",1.761652900239724,"hxxp://www.horseedenforums.com/",20.06903424254708]],["hxxp://www.k9-game.com/",["hxxp://www.k9-game.com/",0.4759821747471658]],["hxxp://www.msn.com/",["hxxp://api.skype.com/",2.27338020,"hxxp://c.msn.com/",1.134171894240,"hxxp://col.stb00.s-msn.com/",1.56583433160,"hxxp://col.stb01.s-msn.com/",2.716934164559999,"hxxp://col.stc.s-msn.com/",2.759479406320,"hxxp://connect.facebook.net/",2.27338020,"hxxp://platform.twitter.com/",3.924981199999999,"hxxp://udc.msn.com/",2.27338020,"hxxp://www.bing.com/",1.278059373360,"hxxps://platform.twitter.com/",2.60370040]],["hxxp://www.redwingshoes.com/",["hxxp://cdn1.certified-apps.com/",1.313228117939032,"hxxp://d15gt9gwxw5wu0.cloudfront.net/",1.313228117939032,"hxxp://d1nfmblh2wz0fd.cloudfront.net/",1.504039041058379,"hxxp://landing.widdit.com/",1.504039041058379,"hxxp://loading4.widdit.com/",1.313228117939032,"hxxp://static.app.widdit.com/",1.504039041058379,"hxxp://www.google-analytics.com/",1.504039041058379,"hxxp://www.redwingshoes.com/",6.465123042161387]],["hxxp://www.satisfaction.com/",["hxxp://i5.photobucket.com/",0.9285704713245431]],["hxxp://www.skype.com/",["hxxp://chrome.dealply.com/",1.640176035866176,"hxxp://crownchrome.dealply.com/",1.432094001465243,"hxxp://downloadandsave-a.akamaihd.net/",1.640176035866176,"hxxp://optstatic.dealply.com/",1.432094001465243,"hxxp://servedby.dealply.com/",2.056340104668041,"hxxp://static.ak.facebook.com/",2.056340104668041,"hxxp://static.dealply.com/",1.432094001465243,"hxxp://www.facebook.com/",5.801816723884829,"hxxp://www.skypeassets.com/",11.51573553613978,"hxxps://s-static.ak.facebook.com/",1.640176035866176]],["hxxp://www.topwebgames.com/",["hxxp://ad.doubleclick.net/",1.038185214858297,"hxxp://api.recaptcha.net/",0.7519789395962014,"hxxp://dts1.raasnet.com/",0.6565785144289168,"hxxp://load.exelator.com/",0.6565785144289168,"hxxp://p.brilig.com/",0.6565785144289168,"hxxp://p.raasnet.com/",0.7519789395962014,"hxxp://server.cpmstar.com/",1.324386490360150,"hxxp://www.google-analytics.com/",0.9427847896910123,"hxxp://www.google.com/",1.419786915527436,"hxxp://www.topwebgames.com/",1.896794041124101]],["hxxp://www.xovershadowedx.proboards.com/",["hxxp://adv.netshelter.net/",0.9285704713245431,"hxxp://b.scorecardresearch.com/",1.063489001440322,"hxxp://cdn.gigya.com/",0.9285704713245431,"hxxp://gscounters.gigya.com/",0.9285704713245431,"hxxp://i52.tinypic.com/",0.9285704713245431,"hxxp://i970.photobucket.com/",10.37300257295559,"hxxp://images.proboards.com/",2.277770771763057,"hxxp://input.insights.gravity.com/",1.603168121663680,"hxxp://www.google-analytics.com/",1.198407531556101,"hxxp://www3.cbox.ws/",1.333331061432122]],["hxxp://www.yahoo.com/",["hxxp://b.scorecardresearch.com/",1.607484013446973,"hxxp://crownchrome.dealply.com/",1.841050066682858,"hxxp://downloadandsave-a.akamaihd.net/",2.076092585144580,"hxxp://hrt.dpstack.com/",1.841050066682858,"hxxp://l.yimg.com/",11.34852711949671,"hxxp://l1.yimg.com/",4.748809033918731,"hxxp://optstatic.dealply.com/",0.6746962657292706,"hxxp://static.dealply.com/",1.841050066682858,"hxxp://us.bc.yahoo.com/",0.9082623189651555,"hxxp://www.yahoo.com/",0.2963320466070792]],["hxxp://www.youtube.com/",["hxxp://clients1.google.com/",2.084686339270529,"hxxp://csi.gstatic.com/",2.084686339270529,"hxxp://i1.ytimg.com/",2.387589482583341,"hxxp://i2.ytimg.com/",2.387589482583341,"hxxp://o-o---preferred---airstream-msp1---v12---lscache4.c.youtube.com/",3.296298912521777,"hxxp://o-o---preferred---ord12s19---v12---nonxt4.c.youtube.com/",2.690492625896153,"hxxp://s.youtube.com/",2.084686339270529,"hxxp://s.ytimg.com/",4.042612573958065,"hxxp://www.gstatic.com/",2.084686339270529,"hxxp://www.youtube.com/",2.387589482583341]],["hxxp://www2.cbox.ws/",["hxxp://www.cbox.ws/",0.3071902689955001]],["hxxp://www3.cbox.ws/",["hxxp://static.cbox.ws/",0.3357798281838265,"hxxp://www3.cbox.ws/",0.5516723976503013]],["hxxp://www4.cbox.ws/",["hxxp://static.cbox.ws/",0.2638723462634969,"hxxp://www.cbox.ws/",0.2638723462634969,"hxxp://www3.cbox.ws/",0.7344797787510941]],["hxxp://www5.cbox.ws/",["hxxp://www.cbox.ws/",0.1795013921888715]],["hxxp://xbluepearlx.deviantart.com/",["hxxp://a.deviantart.com/",1.412617259341183,"hxxp://a.deviantart.net/",2.842058711894876,"hxxp://b.scorecardresearch.com/",0.9837878234312198,"hxxp://e.deviantart.com/",1.698508549708066,"hxxp://e.deviantart.net/",1.984394840314709,"hxxp://pixel.quantserve.com/",0.9837878234312198,"hxxp://sh.deviantart.net/",1.269674114037862,"hxxp://st.deviantart.net/",0.9837878234312198,"hxxp://th03.deviantart.net/",0.9837878234312198,"hxxp://www.google-analytics.com/",0.9837878234312198]],["hxxp://xxaldonia.proboards.com/",["hxxp://b.scorecardresearch.com/",0.1538726211911511,"hxxp://ds.serving-sys.com/",0.1538726211911511,"hxxp://i52.tinypic.com/",0.1733966849340496,"hxxp://i55.tinypic.com/",0.1538726211911511,"hxxp://images.proboards.com/",0.3247244281622980,"hxxp://ping.crowdscience.com/",0.1343535572084940,"hxxp://tap-cdn.rubiconproject.com/",0.1343535572084940,"hxxp://tap.rubiconproject.com/",0.1343535572084940,"hxxp://www.google-analytics.com/",0.1733966849340496,"hxxp://www3.cbox.ws/",0.1377083963305132]],["hxxp://yahoo.com/",["hxxp://www.yahoo.com/",1.647631451519473]],["hxxp://z8.invisionfree.com/",["hxxp://209.85.62.23/",2.142852241647278,"hxxp://api.viglink.com/",1.198407531556101,"hxxp://assets.mixpod.com/",1.198407531556101,"hxxp://assets.myflashfetish.com/",1.063489001440322,"hxxp://counters.gigya.com/",1.063489001440322,"hxxp://i51.tinypic.com/",1.063489001440322,"hxxp://pixel.quantserve.com/",1.198407531556101,"hxxp://www.google-analytics.com/",1.333331061432122,"hxxp://www.youtube.com/",1.063489001440322,"hxxp://www5.cbox.ws/",1.333331061432122]],["hxxps://accounts.google.com/",["hxxps://accounts.youtube.com/",0.8091326543833187,"hxxps://downloadandsave-a.akamaihd.net/",2.056340104668041,"hxxps://mail.google.com/",0.8091326543833187,"hxxps://optstatic.dealply.com/",1.432094001465243,"hxxps://ssl.google-analytics.com/",0.8091326543833187,"hxxps://ssl.gstatic.com/",1.849542826387982,"hxxps://www.google.com/",0.5642622493637950]],["hxxps://api.twitter.com/",["hxxps://ajax.googleapis.com/",0.7398066120404562,"hxxps://twitter-any.s3.amazonaws.com/",0.7398066120404562]],["hxxps://apps.facebook.com/",["hxxps://0-149.channel.facebook.com/",2.27338020,"hxxps://apps.facebook.com/",5.436952680386079,"hxxps://fb1.farm2.zynga.com/",2.269019973360,"hxxps://fbcdn-creative-a.akamaihd.net/",2.93402060,"hxxps://fbcdn-profile-a.akamaihd.net/",4.397274585531988,"hxxps://photos-a.xx.fbcdn.net/",1.69696880843840,"hxxps://s-static.ak.facebook.com/",2.206663711540960,"hxxps://s-static.ak.fbcdn.net/",15.39599006783820,"hxxps://www.facebook.com/",1.840481029012855,"hxxps://zynga1-a.akamaihd.net/",2.640307224481248]],["hxxps://edit.yahoo.com/",["hxxps://akamai.turn.com/",0.4489879494046653,"hxxps://c5.ah.yahoo.com/",0.9747079956389234,"hxxps://c5a.ah.yahoo.com/",0.9747079956389234,"hxxps://downloadandsave-a.akamaihd.net/",2.806168769998527,"hxxps://edit.yahoo.com/",1.572315232706921,"hxxps://optstatic.dealply.com/",1.266861988637297,"hxxps://s.yimg.com/",7.500065096660375,"hxxps://us.bc.yahoo.com/",1.266861988637297]],["hxxps://fb-fb-0.castle.zynga.com/",["hxxps://fb-fb-0.castle.zynga.com/",1.204228275505104,"hxxps://graph.facebook.com/",1.729148293032969,"hxxps://platform.twitter.com/",1.554174953857015,"hxxps://s-static.ak.facebook.com/",3.478881684792521,"hxxps://s-static.ak.fbcdn.net/",1.379201614681059,"hxxps://ssl.google-analytics.com/",1.379201614681059,"hxxps://www.facebook.com/",1.379201614681059,"hxxps://zbar2.zynga.com/",1.554174953857015,"hxxps://zynga1-a.akamaihd.net/",7.454481719517092,"hxxps://zynga2-a.akamaihd.net/",6.828953431749770]],["hxxps://fb1.farm2.zynga.com/",["hxxps://api.zynga.com/",2.60370040,"hxxps://graph.facebook.com/",3.924981199999999,"hxxps://platform.twitter.com/",2.93402060,"hxxps://s-static.ak.facebook.com/",4.585621599999999,"hxxps://www.facebook.com/",3.924981199999999,"hxxps://zbar2.zynga.com/",2.93402060,"hxxps://zpay.static.zynga.com/",2.93402060,"hxxps://zynga1-a.akamaihd.net/",32.85410306291217,"hxxps://zynga2-a.akamaihd.net/",10.86170540,"hxxps://zynga3-a.akamaihd.net/",3.924981199999999]],["hxxps://login.yahoo.com/",["hxxps://akamai.turn.com/",0.6802847718252505,"hxxps://downloadandsave-a.akamaihd.net/",1.404420475902318,"hxxps://login.yahoo.com/",0.8779743636377166,"hxxps://optstatic.dealply.com/",1.056966041807681,"hxxps://s.yimg.com/",2.360646302231211,"hxxps://sb.scorecardresearch.com/",1.056966041807681,"hxxps://us.bc.yahoo.com/",1.056966041807681]],["hxxps://mail.google.com/",["hxxps://apis.google.com/",1.640176035866176,"hxxps://chatenabled.mail.google.com/",1.432094001465243,"hxxps://clients2.google.com/",1.432094001465243,"hxxps://downloadandsave-a.akamaihd.net/",1.848258070267109,"hxxps://mail-attachment.googleusercontent.com/",1.640176035866176,"hxxps://mail.google.com/",12.66852385911560,"hxxps://plus.google.com/",2.056340104668041,"hxxps://ssl.gstatic.com/",4.553324517479233,"hxxps://static.googleusercontent.com/",1.432094001465243,"hxxps://www.google.com/",1.432094001465243]],["hxxps://platform.twitter.com/",["hxxps://cdn.api.twitter.com/",0.5852525472154639,"hxxps://p.twitter.com/",0.5852525472154639,"hxxps://r.twimg.com/",0.5852525472154639]],["hxxps://plus.google.com/",["hxxps://apis.google.com/",0.5006281622672064,"hxxps://plus.google.com/",0.07625179950483077,"hxxps://ssl.gstatic.com/",0.7174038191147327,"hxxps://www.google.com/",0.1183682260153217]],["hxxps://plusone.google.com/",["hxxps://plusone.google.com/",1.516013778963762,"hxxps://ssl.gstatic.com/",0.07832418187819384]],["hxxps://protect.login.yahoo.com/",["hxxps://downloadandsave-a.akamaihd.net/",2.015551798984657,"hxxps://optstatic.dealply.com/",1.561718943584138,"hxxps://s.yimg.com/",7.461546063790879,"hxxps://us.bc.yahoo.com/",1.561718943584138]],["hxxps://s-assets.tp-cdn.com/",["hxxps://d261sv3xac0f7i.cloudfront.net/",1.379201614681059,"hxxps://geo.tp-cdn.com/",1.379201614681059]],["hxxps://www.facebook.com/",["hxxps://s-static.ak.fbcdn.net/",0.4665051263819647,"hxxps://www.facebook.com/",0.05896210795785829]],["hxxps://www.google.com/",["hxxps://accounts.google.com/",1.967674022654115,"hxxps://apis.google.com/",0.5998554753557404,"hxxps://downloadandsave-a.akamaihd.net/",0.5683542620066570,"hxxps://id.google.com/",0.9265575331591160,"hxxps://lh3.googleusercontent.com/",0.7174038191147327,"hxxps://optstatic.dealply.com/",0.4315024653957587,"hxxps://plus.google.com/",1.217275448330655,"hxxps://ssl.gstatic.com/",1.380441057626613,"hxxps://www.google.com/",15.92075984323356]],["hxxps://zynga1-a.akamaihd.net/",["hxxps://ajax.googleapis.com/",0.7616880912262719,"hxxps://fb1.farm2.zynga.com/",9.097289567132515,"hxxps://zbar.zynga.com/",0.9055755703462719,"hxxps://zynga1-a.akamaihd.net/",1.531037650431939,"hxxps://zynga2-a.akamaihd.net/",0.7616880912262719]]],"startup_list":[1,"hxxp://ads1.msads.net/","hxxp://blst.msn.com/","hxxp://col.stb00.s-msn.com/","hxxp://col.stb01.s-msn.com/","hxxp://col.stc.s-msn.com/","hxxp://col.stj.s-msn.com/","hxxp://rad.msn.com/","hxxp://udc.msn.com/","hxxp://www.bing.com/","hxxp://www.msn.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"alerts":{"initialized":true},"autoupdate":{"last_check":"12992554752079471","next_check":"12992652579396689"},"blacklistupdate":{"lastpingday":"12992511601100471","version":"0.0.0.124"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"aaggggdjdfddgdgbgedadgdgdedjgfdg":{"incognito":true,"install_time":"12987884437442048","location":4,"newAllowFileAccess":true,"path":"C:\\Users\\Tammy\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Default\\aaggggdjdfddgdgbgedadgdgdedjgfdg","state":1},"aandpgohbohmlknpjbblpmoladhoochg":{"blacklist":true},"abciiempgohamehppammbkhkicmkgkob":{"blacklist":true},"abfclfmhaemoockhhinpplncjehfpdbd":{"blacklist":true},"acmpfcamncegnhjdeiodgilikjafcamg":{"blacklist":true},"aebfkgcamgnimcbnbiopgdakknjgggnm":{"blacklist":true},"aemcjbfajnnmhblifaejadoecfoaebld":{"blacklist":true},"afenhmponmfmdmbmccbmglppcmjhmhmh":{"blacklist":true},"aglmapjbjphdidmnileogpjkgpdoliep":{"blacklist":true},"agmhonoepgcnakccfpidhjehlocaeaaj":{"blacklist":true},"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["appNotifications","management","webstorePrivate"]},"app_launcher_index":-2,"app_launcher_ordinal":"n","page_index":0,"page_ordinal":"n"},"ahjfgnikolodijnpakeknpilnemojlhc":{"blacklist":true},"aieglpnmmhleoenpbmfaffppfomgjmba":{"blacklist":true},"aifmjmboebdkdelpjenakhaodgneempp":{"blacklist":true},"alcbnnpmipohgdllkkglhkbncijplago":{"blacklist":true},"aldalonecchncedclgcndcndgilaclnk":{"blacklist":true},"aljdncnajablgppdcfbehhmidlmbndda":{"blacklist":true},"amfgdngndpfldigimkcindjalokfnmem":{"blacklist":true},"amoobcjlpgloocplpikcldcpjjdnoeii":{"blacklist":true},"anmjpohfnlopdfaojooicpemopnliimn":{"blacklist":true},"apdmgffkfhjfeejmbjidennfjdkmmmbl":{"blacklist":true},"aphncaagnlabkeipnbbicmcahnamibgb":{"blacklist":true},"bcddmcejgphfgofbpoocakaeapfomlek":{"blacklist":true},"benclngoadbppljglhphhnfknoppmjoa":{"blacklist":true},"bhdkpmneahdelgdgfhddianklldfoell":{"blacklist":true},"bilgncckogfgfipdlejkffnbkgjkmflh":{"blacklist":true},"bjihddggcgnblgojnmhpnngonofbnkaj":{"blacklist":true},"bkhafliomebnpccanacmlfaemgfiofko":{"blacklist":true},"bkkchglolnigbfncnbnnbhhempjkdpkf":{"blacklist":true},"bkplhcigeaiiliajeehehiikokgocbhb":{"blacklist":true},"bldgnkigdcpgnbfehgbameigoohecdfl":{"blacklist":true},"bndahdijlcnncjbpammoedeapmlobllc":{"blacklist":true},"boaoagnmpennjoigkkmnjhecapibhfko":{"blacklist":true},"boclfockfmgcppbajihcgajhpggaakgl":{"blacklist":true},"bokkificjhapflinbdejegngffgkcgfe":{"blacklist":true},"caphkimknlmnhpjoneddiaakmcaajagb":{"blacklist":true},"cbbbpmlnlpnjojeplppgeilanlihoojg":{"blacklist":true},"cbbjhegipokkofhhicbckicchjpcpeni":{"blacklist":true},"cdogaeccgljmkecjmoedambgiekkllij":{"blacklist":true},"cekdjgnecpoooikhmceokdhojckkkhmh":{"blacklist":true},"cepfogmgfkddnllaopgknbdfkceejmhk":{"blacklist":true},"cfbdodejdeejbkffcmiaknpmojjeibpn":{"blacklist":true},"cfhdojbkjhnklbpkdaibdccddilifddb":{"active_permissions":{"api":["contextMenus","tabs","unlimitedStorage","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*.youtube-nocookie.com/*","hxxp://*.youtube.com/*","hxxp://*/*","hxxps://*.youtube-nocookie.com/*","hxxps://*.youtube.com/*","hxxps://*/*"]},"delayNetworkRequests":true,"from_bookmark":false,"from_webstore":false,"granted_permissions":{"api":["contextMenus","tabs","unlimitedStorage"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*.youtube-nocookie.com/*","hxxp://*.youtube.com/*","hxxp://*/*","hxxps://*.youtube-nocookie.com/*","hxxps://*.youtube.com/*","hxxps://*/*"]},"install_time":"12975282492892405","lastpingday":"12992511600275471","location":1,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["contentScript1.js"],"matches":["hxxp://*.youtube.com/*","hxxps://*.youtube.com/*","hxxp://*.youtube-nocookie.com/*","hxxps://*.youtube-nocookie.com/*"],"run_at":"document_start"},{"all_frames":true,"js":["contentScript2.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"},{"all_frames":true,"js":["contentScript3.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","description":"Ads were yesterday! The successful extension Adblock Plus is now available for Google Chrome™.","icons":{"128":"icons/abp-128.png","16":"icons/abp-16.png","32":"icons/abp-32.png","48":"icons/abp-48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxGWIIBRUVzQIXITqE6+js1FA24fsZC58G0fxcO1Duwfps+9gip5tedTziErKEpeAQVkgasdT4kk+b6Lw27yp3oysAj6zD9j+j4W+EMArTXqMIc6SMYD7Z8bPcwPb3tC1MUxMSpO6oOVpFE23UhKe91SYnrK92nHI2cmsor5elXQIDAQAB","minimum_chrome_version":"16.0","name":"Adblock Plus (Beta)","options_page":"options.html","page_action":{"default icon":"icons/abp-19.png","default title":"Adblock Plus","popup":"popup.html"},"permissions":["tabs","hxxp://*/*","hxxps://*/*","contextMenus","webRequest","webRequestBlocking","unlimitedStorage"],"update_url":"hxxp://clients2.google.com/service/update2/crx","version":"1.2"},"path":"cfhdojbkjhnklbpkdaibdccddilifddb\\1.2_0","state":1},"cgnkbnaiipmfbakpmhllalggoepniemh":{"blacklist":true},"cihlkpohodpdkdnfalhdkhhlhmhffmbe":{"blacklist":true},"cjhklhdjonhcohlacgggcbklpnldleck":{"blacklist":true},"cjohbbapkbkkhpohinffggbphnhoblea":{"blacklist":true},"ckckpgefkpjfopjppjfcikppehdhceah":{"blacklist":true},"clapnamcglekekmamicmbahkghdcjaeh":{"blacklist":true},"cmjphjljejnfgdbkdgdlclaabimpknna":{"blacklist":true},"cmlokmkdolieoaoddlfhaidnlmiadhik":{"blacklist":true},"coajchbkdbfhmhbgcjepiofllfjjcpfp":{"blacklist":true},"cpiiakoibaohkfoaijaigdnocfolnmll":{"blacklist":true},"dadcalgappognjbjpalfophhcfakoeac":{"blacklist":true},"danapgfidmepmcfbjjacceiaiiioieio":{"blacklist":true},"dbiblcmlcgdjjbdpbmbcpineegngkiip":{"blacklist":true},"dbmdicehacbaohlockjgdglcobimmjkh":{"blacklist":true},"dejippphmhbpgckbhdidnjmdcpfccbaj":{"blacklist":true},"dfafokiagoiocidlpglcanjkcdbdnioi":{"blacklist":true},"dfoegfajplmijblljfancdapbdaopebb":{"blacklist":true},"dgaehaeahdegbdlenicbmkbakhdgoeml":{"blacklist":true},"dgcfmgdfbfbgcpbendbhbkfjppboebed":{"blacklist":true},"dgkemngdheppgohkjjelnkjmdeimmfml":{"blacklist":true},"diinokaoicgobepmadnmedlhdfnpehcj":{"blacklist":true},"dinhjcapnfbffhiihdlnbdfjdjjfhcbk":{"blacklist":true},"djnahdkbfgnhgpakidinfonfcjbagkgp":{"blacklist":true},"dlobhinihbmedmheccecfnkcadpehmbf":{"blacklist":true},"dmhjdbigobajgnfoabodjgmcdgoeoljm":{"blacklist":true},"dmkdhgkknhnfpdjeicefnpmhcpbimden":{"blacklist":true},"dnemhlkdpajbbniphgkgceplmnkfnhfo":{"blacklist":true},"doneghboglgnflpdicnkaojmmljgejkj":{"blacklist":true},"dpgenihgggagjjggfocjceeobjkadcbc":{"blacklist":true},"dpmloehicimdjkibmobhmpgdndgbcced":{"blacklist":true},"ebdcdchjcndpjhehacedepnggfdbfkpn":{"blacklist":true},"echngajnlpjeacbanjejlhcajjfoedcc":{"blacklist":true},"edmnikahahfkfilbbjbdoiabnghbkmjc":{"blacklist":true},"efbeabpbbkahnnjalakldjfhljboclkf":{"blacklist":true},"efhjelcghjkfigiagdfbfilndaffpmdj":{"blacklist":true},"efnaljpgehfilpmkhobibbjceeeondmn":{"blacklist":true},"egljdhfnbjahogjahnigfnbpidlmdagi":{"blacklist":true},"ehgoiaffgjoinpkllmmnikghgpghnabc":{"blacklist":true},"ehomcoocpagnlcakcbecdaknmacmedld":{"blacklist":true},"eihjeehdobnpkonebmpanonopghepfle":{"blacklist":true},"eijbdinddjecmebnlienfoijpjjobkjh":{"blacklist":true},"ejijgghlncnaphklndknkbkclebfboca":{"blacklist":true},"ejlekamipdcfcfpgfepjmklllbpeecaj":{"blacklist":true},"elcaigjcaijbfpjngaekbblphmfjdhfo":{"blacklist":true},"eofejpelggimkodeojpeojnbijgiglgh":{"blacklist":true},"eopmhecjnginkckggjmhombbopmkjpam":{"blacklist":true},"epbmnbdplhcomkedpjfceakddnbgfjmf":{"blacklist":true},"fafoohpbicgbcejffcplajonhhooddle":{"blacklist":true},"fbhiehmngojjcmljddjmgpmcockbccmo":{"blacklist":true},"fcfepemfihgibdacjlnlecebknaaepmj":{"blacklist":true},"ffgfbfakpcnngelphjnppokmoicdollk":{"blacklist":true},"fhlkffpjoajppmhcakbkjndbjfljccpi":{"blacklist":true},"fiapkdjniadkodmdibdnchoifkpfoiid":{"blacklist":true},"fibgploapkhokkbncddlkcmbmiengcfp":{"blacklist":true},"fihepkmlkmciffbhijldnpmifhbkiinp":{"blacklist":true},"fjjeecfjmgfnleghoellhldedkaocjfc":{"blacklist":true},"fleljamdchegbjeiipbnmiebnhgheeld":{"blacklist":true},"flmmgcfcpbfddenepkfmgfpbaceolcoe":{"blacklist":true},"fmcccidacjgnfiafddkngmeolkoiihil":{"blacklist":true},"fmonlemffgbabjifjfaoamdflijecdbk":{"blacklist":true},"fngolbdmkneakeaoiieafkilnogbocda":{"blacklist":true},"fnhcgnmfccojojojacgeiaaeacefdohb":{"blacklist":true},"fnkaadkanmfgpfbmdcllhjdgmdbgljpi":{"blacklist":true},"fnnmbghphdnmmjdapccfobgjemjadeli":{"blacklist":true},"fnoadkjdjfgafomgmablhmffooijcfbn":{"blacklist":true},"fommcgokigkhmnhlhlkckfjhefnmfohd":{"blacklist":true},"fpbippbofbmgmbojjmgfcifpmdaelcmd":{"blacklist":true},"fpmajanjndhgpifbcbnklbiehgnpkgmf":{"blacklist":true},"fpoajjnnpmledpmohlgpgbmlhbgkgahg":{"blacklist":true},"gaicmfjflflabagobdiodejfpjikheeo":{"blacklist":true},"gandihaiobadcggbfkhpbkocmiemjlnf":{"blacklist":true},"gbenikfjhilhpgagllmfgggdjaflbmbi":{"blacklist":true},"gdggdkkjecogagaffaemnbfmllcoihjp":{"blacklist":true},"gekkhpjigmckhgmgngadbeknekgpgolb":{"blacklist":true},"ghgphbmpcfgkfneodjpbdanmdoemklio":{"blacklist":true},"ghmaokcegalalefnhlfcnjhnpdbanjkj":{"blacklist":true},"gifglngcdbggmlgkcombebegdaoknkho":{"blacklist":true},"gjkbghdignnlcknknflbigpammebiolo":{"blacklist":true},"gkjeccpmibljcfpfapfljciimedljpnm":{"blacklist":true},"gkjmgdpdndoaiholejnmdbbpdaafahmm":{"blacklist":true},"gmghjgfdialcnhadahmjefeflgnhcjeb":{"blacklist":true},"gnapdhmknipknfmhhnhdmhakdfhgeing":{"blacklist":true},"gncfgndgeoddelbfhlndhljnecoednaa":{"blacklist":true},"gngmkbiihflpghldjnbpemaicedhdddk":{"blacklist":true},"gobjcjhhebpjbmjdgmejhebbleadnceo":{"blacklist":true},"gplgjmecjpbfcdikpbicknafcnfcidek":{"blacklist":true},"hbaajkahagmlkdekmbdabikbopdgpaac":{"blacklist":true},"hbdhabpmbbanaopgkbaondabkkepjfaf":{"blacklist":true},"hbmlheccjkodhfejcmblndjodllmnlnl":{"blacklist":true},"hcapokajkngndbglnfglpfdpoeidmpha":{"blacklist":true},"hcpndbchnlgojmnijaldkicigmihmdca":{"blacklist":true},"hdijkiondgomjpehfhopomicjbiodmcm":{"blacklist":true},"hdnbmmfjbblajkjkcaeofolgfnljpnim":{"blacklist":true},"hecijapnccjhonbmacmkmffooodfokoo":{"blacklist":true},"hefmoncdemhjembgbnkgglhlookbipdc":{"blacklist":true},"hfjpjodbolkmheaehcnmfhjakjileoof":{"blacklist":true},"hfpfbhnmbbigpmoodjemilggabklpopj":{"blacklist":true},"hgbaomphocgmdpmiohjclchaaljpaelp":{"blacklist":true},"hgboiaecclcbjphldpbgfgggcbihmnai":{"blacklist":true},"hgjgaeknhmidehalnmokomhpfhbfmpcm":{"blacklist":true},"hhfffemhgkginfafaoapljdllodppana":{"blacklist":true},"hhfiljkpjapjjphcocclhhaldpfkkjbi":{"blacklist":true},"hhjmkijkgojfifipdgmiemghfikbohcm":{"blacklist":true},"hhlgbfcfbkhlmajakkcjippgpcmejkko":{"blacklist":true},"hilncbjbdpnfepdidfchmdclhpnlegpj":{"blacklist":true},"hjkhligcnpfjhjlapmejaiaiigibofif":{"blacklist":true},"hkbgccpdcpbdckohbknjlamamelcnlki":{"blacklist":true},"hkjcejgfmaanpncnpoidgbhoikcaeepd":{"blacklist":true},"hkjfdgjkgpbbdmadbglcgljjjddkcdha":{"blacklist":true},"hmmoglffhpmacaacfbbmbbkcbdkjphnc":{"blacklist":true},"hnbcdmfeoldeppcbnnjmjkdofohaljbn":{"blacklist":true},"hncomkjbbkchfjelocejkbbflmjhlhfp":{"blacklist":true},"hnipgljcblpgnnojcfldehpeknhakbgj":{"blacklist":true},"hnkcpoijaeegompjgbjjhkdmljldaccg":{"blacklist":true},"hnnebfeppcbhhbhiifeaajgcjnkljlld":{"blacklist":true},"hnonhhpgjnjcjfbkjdpfbkfpaodcmncb":{"blacklist":true},"hpcdoodjfcmpcpkeendjnjkeinimhkih":{"blacklist":true},"hpibmhghjndideebpackbdlpncgkcppp":{"blacklist":true},"hpilclpacieflhmobalmaccogiioldoo":{"ack_external":true,"active_permissions":{"api":["contextMenus","cookies","management","notifications","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"disable_reason":1,"from_bookmark":false,"from_webstore":false,"install_time":"12978166630635110","lastpingday":"12992511600275471","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"all_frames":true,"js":["jquery.js","worker.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5zLf90NvMUzte2CakqyQ2oZfFhOf/9r7MLW+NakKXnWyAA/U1KoMVxxrfkwXO/sdXUZj2Nwjye24z7qT9FWoTQ3BP8iJ/D/1YcXbHSvvhHMnfQ3LQOmwY+yOQaEiqF6KZYsS1GE2YraXu70MIQ7XWx8CkJSDhfz1eUAVrZbMulwIDAQAB","name":"Codecv","permissions":["hxxp://*/*","hxxps://*/*","tabs","cookies","management","notifications","contextMenus"],"version":"1.0"},"path":"hpilclpacieflhmobalmaccogiioldoo\\1.0_0","state":0},"iablioliielnhdianpbiijaoncbmfend":{"blacklist":true},"iccblehkchfmjgfafjcpjlkjcponhdhl":{"blacklist":true},"icihfeaofpcfehanhbnjigdlpfahjlee":{"blacklist":true},"iemfpgbdjfoihicbocpbjppipdbfimeh":{"blacklist":true},"ifbkndkaolfbjjhnnhfmkbkoclpdkpli":{"blacklist":true},"ifeijfpkjckedpclgncedmgdiaoeahmk":{"blacklist":true},"igaajdmlejbjcbmpmnigopikfdaccdcm":{"blacklist":true},"igbaoknfddliiaoimhehfbkfekpmmfll":{"blacklist":true},"igghanohiioehififjoalfkdoicafjof":{"blacklist":true},"ihnembcpodnfgkafmiojebccomjekopm":{"blacklist":true},"iiiinekimabooeihccihfopoadcaaphn":{"blacklist":true},"ijecjbcgpblkacpijljpaienknanaloa":{"blacklist":true},"ijenlpgidnapbndonoinbkhekgjonojg":{"blacklist":true},"ilhjicgcglhjigdehkcehjdokmkahbjl":{"blacklist":true},"imfbomjbodpfgfhfahlgkkcllmhbelhk":{"blacklist":true},"imkffpjpdngdkpgadcmnlkhhmhdocijn":{"blacklist":true},"incfcgceegpikennjoplhfghaaikdgei":{"ack_external":true,"active_permissions":{"api":["cookies","history","idle","management","tabs","webNavigation","webRequest","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxp://tbupdate.zugo.com/*","hxxp://utrack.zugo.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*"]},"browser_action_visible":false,"disable_reason":1,"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12990983456445952","location":3,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"button.png","default_popup":"Popup/Popup.html","default_title":"StartNow"},"content_scripts":[{"js":["contentscript.js"],"matches":["hxxp://*/*"]}],"content_security_policy":"script-src 'self' hxxps://tbsupdate.zugo.com; object-src 'self'","description":"StartNow Search.","icons":{"128":"128.png","16":"16.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7bEVxang01ecjh7VlWHg3hCg4wWO+z/3DOhliI44cTacIFOIeA7leC5a7LG0Fl296DmluKwbUZDRj3dfAd9+Wm1ZXejT0PrgdGLbcJXny9sh0Z/8Nzln/nB47TZfZC5l4kcnNWrFmqZfuSddUsp2WnOW40fhfSjjYga4rLl5QlwIDAQAB","manifest_version":2,"name":"StartNow","permissions":["tabs","cookies","history","idle","management","webNavigation","webRequest","hxxp://*/","hxxps://*/","hxxp://tbupdate.zugo.com/","hxxp://utrack.zugo.com/"],"update_url":"hxxp://tbupdate.zugo.com/ztb/update/chrome/","version":"2.5.0"},"path":"incfcgceegpikennjoplhfghaaikdgei\\2.5.0_0","state":0},"iobnpmeeecphddicmhhmdjbnlbdhjlne":{"blacklist":true},"iomejadoamfilglofmeaffghddcgapmf":{"blacklist":true},"jaejgaoiipdjjlbnapngknalafalbkej":{"blacklist":true},"janhdpmhnighonkkbkdpnljcoenpfkbh":{"blacklist":true},"jbmbiepnidbnhbbfdbgioomdkgnbcacj":{"blacklist":true},"jbnafcjbcfgejacaanogofkkehcomamp":{"blacklist":true},"jcmipejepoimfflnoapdmkdephgjinck":{"blacklist":true},"jfalnphfjdoalcdhlnhdpekbmmopkgkj":{"blacklist":true},"jfjagidcpadkoaonbogmbgfimmnefeie":{"blacklist":true},"jgdkappiifgomhgikcjbanhnmlekpeje":{"blacklist":true},"jgmpapdckakiohhebmeoemejibommimi":{"blacklist":true},"jhhabiomopkibeecgngiggmopkeofacl":{"blacklist":true},"jindbcpkhnnnjgcjgmkjedbibibiojjf":{"blacklist":true},"jjnkfllhcgkgnfbekpnmoikpfihpjfli":{"blacklist":true},"jkihmglffmfjedfbpbpdbbimcodjbmdh":{"blacklist":true},"jkmhalpofmlfeglboejbchpoijnkmcgh":{"blacklist":true},"jljfnkmkkdkppfndippkedacgfkafped":{"blacklist":true},"jmbkhogpjgjpfjhpdikloblkbkljkgao":{"blacklist":true},"jmeanodbelbflfmnkfdjgpikmldgjjko":{"blacklist":true},"jmfkcklnlgedgbglfkkgedjfmejoahla":{"ack_external":true,"active_permissions":{"api":["plugin"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"allowFileAccess":true,"disable_reason":1,"events":["experimental.runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12987884448830233","lastpingday":"12992511600275471","location":3,"manifest":{"background_page":"background.html","content_scripts":[{"js":["content/jquery-1.4.4.min.js","content/avgls-inline.js","content/searchengine.js","content/searchshield.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"description":"Securing your clicks.","format_version":1,"icons":{"128":"content/Icons/128x128.png","16":"content/Icons/16x16.png","48":"content/Icons/48x48.png","64":"content/Icons/64x64.png"},"id":"881AC4EF96904f5fA0B49048C377CD59E8A84102","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB","minimum_chrome_version":"9","name":"AVG Safe Search","plugins":[{"path":"plugins/avgnpss.dll","public":true}],"version":"12.0.0.2191"},"path":"jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.2191_0","state":0},"jmifipgdcllamghkhdplfjffkciekbgo":{"blacklist":true},"jpehgolpfgnknboibogccapmdcadjkbd":{"blacklist":true},"jpeijjbllejgmokmahkeommcodahoobm":{"blacklist":true},"jpgidahfcgiajlcbleeiaibpmmblcmnb":{"blacklist":true},"jpkdlckejfjidmplieobnhijmoiecbhl":{"blacklist":true},"kbipembkfhbdmkkkfbigmohilmknjnof":{"blacklist":true},"kcanfkmhccbaheheaackijegkclkaeic":{"blacklist":true},"kcfnnanmpghdnoompcfclakpacapnfbn":{"blacklist":true},"kcgplbmkmfcpngilmhjmebdgkkpbdemp":{"blacklist":true},"kdchmeaiapjkejkcbeclgjklemecieeg":{"blacklist":true},"kdfahjokahcbmecgaandpobmgiiknagf":{"blacklist":true},"kelcbonmemlciepjdmfcifnhloeammhj":{"blacklist":true},"kelljdoinjlkmkncffgadbebgpmlcang":{"blacklist":true},"kffhenjbibjnbnjhlkcdlmpeccpaohio":{"blacklist":true},"kgbkdabomfdpfoibliicpmibceaoohgh":{"blacklist":true},"kgdhnhadbnpeibkghaebmhmngobdafag":{"blacklist":true},"kgdkcodealpfjolmiagcogfbgmaamegh":{"blacklist":true},"kgdmldjagfciieddcnlhampgkajkpanc":{"blacklist":true},"kibgmcdcfmcglajcfbecilngejnfppjp":{"blacklist":true},"kiipngoehgkgkackngaidmhmnchfbmio":{"blacklist":true},"kinhljbhjmcmoddhdoodekeklmjapjff":{"blacklist":true},"kkhomejdleoonmbdhcigkhkjcghngncf":{"blacklist":true},"kleaapgdkahaekcocmkbgfainbhihccj":{"blacklist":true},"kmlebjoghkhpapfhbdikannggmmffnco":{"blacklist":true},"kolbbghckjilleabphhgeggcgpfidofi":{"blacklist":true},"lambangeielkjcnmioccboaphdfcffib":{"blacklist":true},"lbaddolhebpnhdcdkicpcflhnfamcemn":{"blacklist":true},"lbficnmfealeidppcbgdcbemgfjodbkg":{"blacklist":true},"lceaiepehinnomgijphkmjccbigkljkj":{"blacklist":true},"lcfkojlnjnedeoepfemhdgkhiabkeadc":{"blacklist":true},"ldgfapfmnplpaohbbadnecegcpfkfall":{"blacklist":true},"lgalokbapphhklmilicdefmgbjkcmldf":{"blacklist":true},"lgcnahanhlfpceencjmlehpfklokhojk":{"blacklist":true},"lifbcibllhkdhoafpjfnlhfpfgnpldfl":{"ack_external":true,"active_permissions":{"api":["plugin","tabs"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"scriptable_host":["file:///*","hxxp://*/*","hxxps://*/*"]},"disable_reason":1,"events":["runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12990983457655952","lastpingday":"12992511600275471","location":3,"manifest":{"background_page":"background.html","browser_action":{"default_icon":"skype.png","default_title":"Options"},"content_scripts":[{"all_frames":true,"js":["contentscript.js"],"matches":["hxxp://*/*","file://*/*","hxxps://*/*"],"run_at":"document_end"}],"description":"Skype Click to Call","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMxFysW3wPKWRPPe3xuJQz3m1ZDLX1hN8EYdP37tRPf7lp8vIhG4xirlXHGK748qcLPc4Lm8WsHDhvS5okN54Kwcnw4T2tBXSCZJxMmlu14HZ5yc/t969QLTPLIbAsasq4NVo40YuP2B7umxV9BlcxZEB9TEKPEQq8DRoKhj9jBQIDAQAB","name":"Skype Click to Call","permissions":["tabs","hxxp://*/*","hxxps://*/*"],"plugins":[{"path":"npSkypeChromePlugin.dll","public":true}],"version":"6.2.0.10687"},"path":"lifbcibllhkdhoafpjfnlhfpfgnpldfl\\6.2.0.10687_0","state":0},"likifpgnijjfbdegfepoalpamlgnfofi":{"blacklist":true},"liomofjeffddiiccaolcnllbhnipbkhe":{"blacklist":true},"ljcicfibknpmlcmcecddjlbgkejehhpa":{"blacklist":true},"ljeihpebkahejeacdalhkhmckmggppif":{"blacklist":true},"ljmjoloiepllcndinchenhomcdcgbgef":{"blacklist":true},"lkdimamelhbiijkiljlnedmhnnkkmlbl":{"blacklist":true},"lkfdchejjogilmloogbbjlnlpbhgjfab":{"blacklist":true},"lkhcbijhgfchgdmklonlobkfbcadbokg":{"blacklist":true},"lljnngafekbnkpdfophmcdlbfebcbcld":{"blacklist":true},"lnahlgmhpghkhmafjppdidhcoaomipfg":{"blacklist":true},"lnbeebaenahmkbffnimghceldeeihfak":{"blacklist":true},"lncjcfkpannmofmpgdfoonkniofdnaba":{"blacklist":true},"lndempehphjoeimfchjflohpmhamiamf":{"blacklist":true},"lnjgjionmhobdfdegbciceafphgemjnc":{"blacklist":true},"lnlaeblencbjjjeaanegaldcjfekeled":{"blacklist":true},"loggadfheaoeabmkgolecncpfdfioefa":{"blacklist":true},"lojppnndedobolgfepahepphhloediji":{"blacklist":true},"loldehkdjdncebfnncknlkdchjclifbn":{"blacklist":true},"lookpbabilcplifjdeifacodednpacmk":{"blacklist":true},"lpgiafapdmlapiokjnmpbbfkomiceoml":{"blacklist":true},"lplmcpcnhpbffpcfiaddbeaplhhbengd":{"blacklist":true},"mamfageekafifnickhgkibkofcclfefe":{"blacklist":true},"mbmdaiddhfoljplpdhohimgieioblfif":{"blacklist":true},"mcbkimglepddodbiongpohpeidioafgk":{"blacklist":true},"mcknnlhkkdbcppajgefagceglahcafjd":{"blacklist":true},"mdiehnlecbjlppbpaaipmlnhhjgepfcg":{"blacklist":true},"mdngbiejioalifclonjepjjfppmbgned":{"blacklist":true},"megkcfpbmemnpkgadkoompnoajcolpni":{"blacklist":true},"mfffdpnblflpobcnekhekiahepofaane":{"blacklist":true},"mfhfkclojmdocagbmecgcnlofppebebd":{"blacklist":true},"mfncimdpmknolnnnccdmkpnpkaofonkc":{"blacklist":true},"mgdgiplcofghdmpekdeeceolepakodcb":{"blacklist":true},"mjalegijammcloleihdmooifidcjggjp":{"blacklist":true},"mjgobkikdipfikmaoakdcdbicpioljgg":{"blacklist":true},"mjolnadmlahbpepjaemohnkhpjkbhmef":{"blacklist":true},"mknjbohhleiicbpagpgmhoaigbblmnic":{"blacklist":true},"mkobblpffgbncfhijabakfafmkjdmmnm":{"blacklist":true},"mlmegahemifabfmdnndafagnncfbnahn":{"blacklist":true},"mlmmbepkgelpbenpobinockmiehdahai":{"blacklist":true},"mlnoedbhndgbjcbeadjfnmjloejlgojk":{"blacklist":true},"mmjodihhmnpkldljaifiajmlnpflfhpm":{"blacklist":true},"mndoohjdoechinpkfbkolflbonciahfo":{"blacklist":true},"mnhcgaghminpdabllkbkecahjfkdiabk":{"blacklist":true},"mnichagcickblneeijmfnmoiakigmmhf":{"blacklist":true},"mnllienogacopjnkmhgnniopjpgjpopp":{"blacklist":true},"mogepbcllienegdibkfpmombhefhcoic":{"blacklist":true},"mplhbhmkccidaokcelbcbcmhhedebcng":{"blacklist":true},"naopgnjebjeeedbbhcadkhkmeefmloho":{"blacklist":true},"nbieffehfdniifkgdckbndjhojohbfjj":{"blacklist":true},"nckmikohoilfkcoahbjpbgbpegcjgngm":{"blacklist":true},"ncpdanjmicnihdlijomcggnnekloephc":{"blacklist":true},"ndhkiimgbjnendpcfbiadlifmangejoa":{"blacklist":true},"ndibdjnfmopecpmkdieinmbadjfpblof":{"ack_external":true,"active_permissions":{"api":["tabs","webRequest","webRequestBlocking","webRequestInternal"],"explicit_host":["hxxp://*/*","hxxp://dnt.cloud.avg.com/*","hxxp://dntf.cloud.avg.com/*","hxxps://*/*"],"scriptable_host":["hxxp://*/*","hxxps://*/*"]},"events":["experimental.runtime.onInstalled"],"from_bookmark":false,"from_webstore":false,"install_time":"12987884452285325","lastpingday":"12989833196006164","location":3,"manifest":{"background_page":"content/background.html","browser_action":{"default_icon":"content/icons/avg_icon_16.png","default_title":"AVG Do Not Track"},"content_scripts":[{"all_frames":true,"js":["content/js/content.js"],"matches":["hxxp://*/*","hxxps://*/*"],"run_at":"document_start"}],"current_locale":"en_US","default_locale":"en","description":"Block Ads and Trackers","icons":{"128":"content/icons/avg_icon_128.png","16":"content/icons/avg_icon_16.png","32":"content/icons/avg_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDaBhCcd8V6V8SwALoaT+A51wnypeg3PtHPFZ6/1OKPFykl5ejJUJj4iBdO6hwupZS9r69OFb9AF0NPAxXqMfuh/mVqguifgJiqVV7tLaQ5tGAIy0pACKYaTICVePngldEIu1VNSf8A+YoQIt0LL7arZL5E/0iIoqX4Yd04Q8X2HwIDAQAB","name":"AVG Do Not Track","options_page":"content/options.html","permissions":["tabs","webRequest","webRequestBlocking","hxxp://*/*","hxxps://*/*","hxxp://dnt.cloud.avg.com/","hxxp://dntf.cloud.avg.com/"],"version":"12.0.0.2166"},"path":"ndibdjnfmopecpmkdieinmbadjfpblof\\12.0.0.2166_0","state":2},"ndiogongcmocdgjciemhagfhpjamehpe":{"blacklist":true},"negkalblfongjbphdcbbhddlickhlamd":{"blacklist":true},"nepfiodmbijheamafkiglonfkjebdjmf":{"blacklist":true},"nfecfkjnlkbphobjbcnphimihniieehc":{"blacklist":true},"nhboiakpmibkbkbeehchlfkggmhphpnk":{"blacklist":true},"nhkmojkfnknbbmhbnacjdlodokeophkl":{"blacklist":true},"nibohffepnilngkecenfdgnokfhmnkod":{"blacklist":true},"nidmbljkkcbdfklgdkklgjgmhejmbojn":{"blacklist":true},"nidodbfomffkfabciljelkbdiabkeehe":{"blacklist":true},"nifbebeekindefklojhchehidpikbjfc":{"blacklist":true},"nihhbeikpchdddoillfdcdinnnnllmna":{"blacklist":true},"nlgapikcofpablcmfgaoodlhiejiehhh":{"blacklist":true},"nloaaepkhcnmoakooihnefhhggbmemed":{"blacklist":true},"nmmnodocfckpoddcgihiihcdinaonckb":{"blacklist":true},"nmphbnbmgfccfhcmibikmhcgajjpelpf":{"blacklist":true},"nneajnkjbffgblleaoojgaacokifdkhm":{"ack_external":true,"active_permissions":{"api":["tabs"],"explicit_host":["hxxp://*/*"],"scriptable_host":["hxxp://*/*"]},"from_bookmark":false,"from_webstore":false,"install_time":"12967268425064527","lastpingday":"12992511600275471","location":3,"manifest":{"content_scripts":[{"js":["script.js"],"matches":["hxxp://*/*"],"run_at":"document_end"}],"current_locale":"en_US","default_locale":"en","description":"Increase performance and video formats for your HTML5 <video>","icons":{"128":"DivXHTML5.128.png","48":"DivXHTML5.48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgKGj4sjJKwOs1NkcicEV4Rkq2kpG7jM+u/UGvcCzxtLTjUIbJ80v6eoI33XmcwiKILCymnIX591nlTXDOI+eHeHUAY42f3SIeh/bDlea9T6MMJXW1Fh7ZuG30QKivxtzwKSSgrspwbBTauN6Rq3FGoDrv2L9rNwmYBrUPA8Z4awIDAQAB","name":"DivX Plus Web Player HTML5 <video>","permissions":["tabs","hxxp://*/*"],"version":"2.1.2.145"},"path":"nneajnkjbffgblleaoojgaacokifdkhm\\2.1.2.145_0","state":1},"nnioepmjbjjlflmdgjanlcmbjahljeeo":{"blacklist":true},"nochkknnbahbhmmknnmdhagelcnfagom":{"blacklist":true},"noefghcilkpcabnhhilojimkkjplhcnd":{"blacklist":true},"npadaghbcdejfngcjpbnoikajdnongca":{"blacklist":true},"npolaghondefgiomhkbiiompikfjneep":{"blacklist":true},"oakhllhnbcpgagdafgbninlpjdemdmjk":{"blacklist":true},"oanjogmonneelfpnfmdlalfddkeckdej":{"blacklist":true},"obgljnmbldahelaakfdbjkplokjoneip":{"blacklist":true},"ocmhjnhildbnglmlfimkjnnfgddelacb":{"blacklist":true},"ocnlnkjmfnolmbclblfhfhcakldceiec":{"blacklist":true},"odnamglmogfldajnhkfodmloofeokcmm":{"blacklist":true},"oghphhcagopecifjblgdcfihjnlcbcfc":{"blacklist":true},"ogjbodghhojomghbdfnlkppdagkfjede":{"blacklist":true},"oidjdpbndkjhmhmgdoggibcjnippkcgo":{"blacklist":true},"ojglppmhgfohhfeinlhklglifnbfebak":{"blacklist":true},"omceiakkomngangmllpgbjcoeloglald":{"blacklist":true},"onfbaaifbbahonepmednhkjbhdgogkbl":{"blacklist":true},"onpnpccdagncipgnoofbhchlbajcjnkd":{"blacklist":true},"oocfbmollajebjjpkahmlnclfhkjijea":{"blacklist":true},"ookcgejbfhcmcanfkfmmmpahflnlajbl":{"blacklist":true},"opnnngnphijodjhemhdafpnnpdjggofe":{"blacklist":true},"pajgiddgjidlcajihkjoacjbplimkgfe":{"blacklist":true},"pbdgmppmccanplobanhfkjndjkmmabgk":{"blacklist":true},"pbekednmpdekknlffkiopooofokfmkla":{"blacklist":true},"pbglijbamgmlcpnnpbfjkbdeheejjloj":{"blacklist":true},"peahabnpipmmfiajjjhgfggbeigbmbgp":{"blacklist":true},"peiijdmlgbelnnmnkighhkpeihmmamio":{"blacklist":true},"pfcelnbmkeoaeicedjomcjkcammlkdbk":{"blacklist":true},"pfhlnanelpgjbhndafjamnpfhkjadoip":{"blacklist":true},"pfoiaildicnbcjojocjlpcibenphhbln":{"blacklist":true},"pfonklmafadkmcedjlodommcoipgbcde":{"blacklist":true},"pgelifedkjaohmjehecojkfldinjlamn":{"blacklist":true},"pgjpnfpidejcmjibaaohcmehfohacckf":{"blacklist":true},"pgldfhecfiofkhnbgcncepnkjkeoahlk":{"blacklist":true},"phkpgooenaonkpnabopdbjjfmphclela":{"blacklist":true},"pihcfdffalbcnmbghijdfcaanagapelf":{"blacklist":true},"pjdhkkcnlbfebiokpeghfffajaabahfo":{"blacklist":true},"pjgbfgdpkbfimabdalhjmmeeelbmkcac":{"blacklist":true},"pjloefkigphblpjminnlpbhjchjafcfc":{"blacklist":true},"pkbbbncikcipejaiiiioboongndhmjgl":{"blacklist":true},"pkbkkendemaimikinaefldfljliecapm":{"blacklist":true},"pkhidkonipdjidjglnkfcfhnkfnlefbk":{"blacklist":true},"plfijddblbcdcnammpdmfccchkbdekmm":{"blacklist":true},"pnaiiipilbpcceggeanphcpkkihnojan":{"blacklist":true},"pnnbdjcjeiobikdfikegpclkcimgafpp":{"blacklist":true},"pnpfkfanlgljpkpilhgiimfadggfmhcd":{"blacklist":true},"pnpgiaejfbdapllkchhgchjpdbcpiooa":{"blacklist":true},"pobponmhkpmphbnfhpjdagklbkmjhked":{"blacklist":true},"ppmfajacidhcjbddpgmcmigffpppcadd":{"blacklist":true}},"toolbarsize":-1},"google":{"services":{"username":""}},"homepage":"hxxp://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20120216","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"instant":{"enabled_time":"12974010838347687"},"net":{"hxxp_server_properties":{"accounts.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":22},{"id":6,"value":0}],"supports_spdy":true},"accounts.youtube.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":2},{"id":6,"value":0}],"supports_spdy":true},"ajax.googleapis.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":19},{"id":6,"value":0}],"supports_spdy":true},"api.twitter.com:443":{"supports_spdy":true},"apis.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":16},{"id":6,"value":7}],"supports_spdy":true},"chatenabled.mail.google.com:443":{"settings":[{"id":4,"value":10},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"clients1.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6,"value":0}],"supports_spdy":true},"clients2.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6,"value":0}],"supports_spdy":true},"id.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6,"value":0}],"supports_spdy":true},"lh3.googleusercontent.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":10},{"id":6,"value":0}],"supports_spdy":true},"mail-attachment.googleusercontent.com:443":{"settings":[{"id":4,"value":10},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"mail.google.com:443":{"settings":[{"id":4,"value":10},{"id":5,"value":92},{"id":6,"value":0}],"supports_spdy":true},"plus.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"r.twimg.com:443":{"supports_spdy":true},"s.ytimg.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true},"ssl.google-analytics.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":3},{"id":6,"value":6}],"supports_spdy":true},"ssl.gstatic.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":23},{"id":6,"value":0}],"supports_spdy":true},"toolbarqueries.google.com:443":{"supports_spdy":true},"twitter.com:443":{"supports_spdy":true},"www.gmail.com:443":{"settings":[{"id":4,"value":10},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"www.google.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":5},{"id":6,"value":3}],"supports_spdy":true},"www.googletagservices.com:443":{"supports_spdy":true},"www.gstatic.com:443":{"settings":[{"id":4,"value":100},{"id":5,"value":32},{"id":6,"value":0}],"supports_spdy":true},"www.youtube.com:443":{"settings":[{"id":4,"value":100}],"supports_spdy":true}}},"ntp":{"app_page_names":["Apps"],"gplus_required":false,"intro_display_count":3,"pref_version":3,"promo_closed":false,"promo_end":1348290000.0,"promo_group":399,"promo_group_max":1,"promo_group_timeslice":0,"promo_increment":1,"promo_initial_segment":4,"promo_line":"What do you think of Chrome? <a href=\"hxxps://survey.googleratings.com/wix/p5963862.aspx\">Take the survey</a>","promo_num_groups":1000,"promo_resource_cache_update":"1348162724.236961","promo_start":1347858000.0,"promo_views":0,"promo_views_max":15,"shown_sections":64,"sign_in_promo":{"group":84,"group_max":100},"webstore_last_promo_id":"1335115"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89","plugins_list":[{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client","path":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\pdf.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\Application\\21.0.1180.89\\gcswf32.dll","version":"11,2,202,229"},{"enabled":false,"name":"Shockwave Flash","path":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\11.1.31.203\\pepflashplayer.dll","version":"11.1.31.203"},{"enabled":true,"name":"Shockwave Flash","path":"C:\\Windows\\system32\\Macromed\\Flash\\NPSWF32_11_2_202_233.dll","version":"11,2,202,233"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"AVG Internet Security","path":"C:\\Users\\Tammy\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0\\plugins/avgnpss.dll","version":"12.0.0.1901"},{"enabled":true,"name":"AVG Internet Security"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Browser\\nppdf32.dll","version":"9.5.1.283"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.310.5","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npdeployJava1.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java™ Platform SE 6 U31","path":"C:\\Program Files\\Java\\jre6\\bin\\plugin2\\npjp2.dll","version":"6.0.310.5"},{"enabled":true,"name":"Java"},{"enabled":true,"name":"Microsoft® Windows Media Player Firefox Plugin","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\np-mswmp.dll","version":"1.0.0.8"},{"enabled":true,"name":"Windows Media Player"},{"enabled":true,"name":"Flux Player","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npflux.dll","version":"2, 0, 0, 644"},{"enabled":true,"name":"Flux Player"},{"enabled":true,"name":"2007 Microsoft Office system","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\NPOFF12.DLL","version":"12.0.4518.1014"},{"enabled":true,"name":"Microsoft Office"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime Plug-in 7.7.1","path":"C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll","version":"7.7.1 (1680.42)"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"fluxDVD Browser Plugin","path":"C:\\Program Files\\Common Files\\mpDRM\\NPMPDRM.dll","version":"1.2.0.4"},{"enabled":true,"name":"fluxDVD Browser Plugin"},{"enabled":true,"name":"DivX VOD Helper Plug-in","path":"C:\\Program Files\\DivX\\DivX OVS Helper\\npovshelper.dll","version":"1.1.0.6"},{"enabled":true,"name":"DivX VOD Helper Plug-in"},{"enabled":true,"name":"DivX Plus Web Player","path":"C:\\Program Files\\DivX\\DivX Plus Web Player\\npdivx32.dll","version":"2, 1, 3, 529"},{"enabled":true,"name":"DivX Plus Web Player"},{"enabled":true,"name":"Picasa","path":"C:\\Program Files\\Google\\Picasa3\\npPicasa3.dll","version":"3, 1, 0, 0"},{"enabled":true,"name":"Picasa"},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll","version":"1.3.21.111"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Pando Web Plugin","path":"C:\\Program Files\\Pando Networks\\Media Booster\\npPandoWebPlugin.dll","version":"2.3.3.8"},{"enabled":true,"name":"Pando Web Plugin"},{"enabled":true,"name":" Wacom Dynamic Link Library","path":"C:\\Program Files\\TabletPlugins\\npwacom.dll","version":"1,1,0,5"},{"enabled":true,"name":" Wacom Dynamic Link Library"},{"enabled":true,"name":"NPGameWebStarter","path":"C:\\Program Files\\WEBZEN\\WebzenGameStarter\\NPGameWebStarter.dll","version":"1.0.2.9"},{"enabled":true,"name":"NPGameWebStarter"},{"enabled":true,"name":"iTunes Application Detector","path":"C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll","version":"1.0.1.1"},{"enabled":true,"name":"iTunes Application Detector"},{"enabled":true,"name":"Nexon Game Controller","path":"C:\\ProgramData\\NexonUS\\NGM\\npNxGameUS.dll","version":"1, 0, 1, 2"},{"enabled":true,"name":"Nexon Game Controller"},{"enabled":true,"name":"Unity Player","path":"C:\\Users\\Tammy\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll","version":"2.6.1.31223"},{"enabled":true,"name":"Unity Player"},{"enabled":true,"name":"Kalydo Player Plugin for Mozilla","path":"C:\\Users\\Tammy\\AppData\\Roaming\\Kalydo\\KalydoPlayer\\npkalydo.dll","version":"3, 09, 00, 5"},{"enabled":true,"name":"Kalydo Player Plugin for Mozilla"},{"enabled":true,"name":"SOE Web Installer","path":"C:\\Users\\Tammy\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\pne0lqyl.default\\extensions\\{000F1EA4-5E08-4564-A29B-29076F63A37A}\\plugins\\npsoe.dll","version":"1, 0, 3, 148"},{"enabled":true,"name":"SOE Web Installer"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.5.8r612"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.1.10111.0\\npctrl.dll","version":"4.1.10111.0"},{"enabled":true,"name":"Silverlight"}]},"profile":{"avatar_index":0,"content_settings":{"clear_on_exit_migrated":true,"pattern_pairs":{"*,*":{"per_plugin":{"npsitesafety.dll":1}}},"plugin_whitelist":{"npsitesafety":{"dll":true}},"pref_version":1},"exited_cleanly":false,"name":"Default Profile"},"selectfile":{"last_directory":"C:\\Users\\Tammy\\Desktop"},"session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"urls_to_restore_on_startup":["hxxp://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20120216"]},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false}}

*************************

AdwCleaner[S1].txt - [122553 octets] - [26/09/2012 06:48:03]

########## EOF - C:\AdwCleaner[S1].txt - [122615 octets] ##########



Roguekiller:

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Tammy [Admin rights]
Mode : Scan -- Date : 09/26/2012 07:00:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM160HI ATA Device +++++
--- User ---
[MBR] d1d10664f84f47b78505438bb0e22606
[BSP] a93ba6e00e8d6d637eee9251f19a0aa3 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 26 September 2012 - 07:33 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 September 2012 - 08:52 AM

I ran combofix and I saved the log it sent to me, however it did not save on my desktop and I am unable to find it anywhere though I am positive I saved it. Can you tell me the name of the combofix log? Attempting to find it within my computer files. If it's ok to run Combofix again, let me know but I will not run it a second time until I have heard back from you.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 26 September 2012 - 01:17 PM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 26 September 2012 - 03:17 PM

Thank you for that! Here's the log. I have been unable to use my computer much today but I will be on it more in a few hours. I'll let you know then how it is working.


ComboFix 12-09-26.01 - Tammy 09/26/2012 8:23.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1302 [GMT -5:00]
Running from: c:\users\Tammy\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Reactivate.exe
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\StartNow Toolbar\XBrowser.dll
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\content.js
c:\programdata\Codecv\data\content.js
c:\programdata\Codecv\data\jsondb.js
c:\programdata\Codecv\hpilclpacieflhmobalmaccogiioldoo.crx
c:\programdata\Codecv\settings.ini
c:\programdata\Codecv\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-26 to 2012-09-26 )))))))))))))))))))))))))))))))
.
.
2012-09-26 13:33 . 2012-09-26 13:33 -------- d-----w- c:\users\Tammy\AppData\Local\temp
2012-09-26 13:33 . 2012-09-26 13:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-23 20:20 . 2012-09-23 20:20 -------- d-----w- c:\program files\HP
2012-09-23 20:20 . 2012-09-23 20:20 -------- d-----w- c:\program files\Hewlett-Packard
2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\users\Tammy\AppData\Roaming\AVG2013
2012-09-21 17:14 . 2012-09-26 11:48 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-21 17:13 . 2012-09-21 17:13 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-21 17:13 . 2012-09-26 11:48 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-09-21 17:09 . 2012-09-21 18:16 -------- d-----w- c:\programdata\AVG2013
2012-09-21 17:03 . 2012-09-21 17:53 -------- d-----w- c:\users\Tammy\AppData\Local\Avg2013
2012-09-21 17:03 . 2012-09-21 17:03 -------- d-----w- c:\users\Tammy\AppData\Local\MFAData
2012-09-20 17:53 . 2012-09-20 17:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-20 17:51 . 2012-09-20 17:51 -------- d-----w- c:\programdata\McAfee
2012-09-18 19:36 . 2012-09-18 19:36 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-17 23:58 . 2012-09-17 23:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 10:34 . 2012-09-14 10:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 16:47 . 2012-09-12 16:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 16:47 . 2012-09-12 16:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 14:41 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:41 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:41 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:41 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:41 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-29 22:31 . 2012-08-29 22:33 -------- d-----w- c:\users\Public\StarStableOnline
2012-08-29 20:56 . 2012-08-29 20:56 -------- d-----w- c:\users\Tammy\AppData\Roaming\StartNow Toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 23:29 . 2012-04-07 04:49 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 23:29 . 2011-07-28 23:47 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 17:53 . 2010-10-15 21:17 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 22:04 . 2010-07-24 01:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 21:40 . 2012-08-13 21:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 09:52 . 2012-08-10 09:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 09:52 . 2012-08-10 09:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 18:56 . 2012-08-09 18:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-24 00:10 . 2012-07-24 00:10 53248 ----a-r- c:\users\Tammy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-18 17:47 . 2012-08-15 18:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 18:30 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 18:30 102912 ----a-w- c:\windows\system32\browser.dll
2007-05-24 20:17 . 2012-09-08 00:16 1667072 ----a-w- c:\program files\mozilla firefox\plugins\fluxcore.dll
2006-07-28 18:29 . 2012-09-08 00:16 36864 ----a-w- c:\program files\mozilla firefox\plugins\fluxcryp.dll
2007-05-24 20:17 . 2012-09-08 00:16 307200 ----a-w- c:\program files\mozilla firefox\plugins\fluxdx8.dll
2007-05-24 20:17 . 2012-09-08 00:16 61440 ----a-w- c:\program files\mozilla firefox\plugins\HawkNL.dll
2012-09-08 00:17 . 2012-09-08 00:16 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UrsaSpellChecker
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 20:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 00:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 00:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 00:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-11-28 12:36 4692296 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 EagleXNt;EagleXNt; [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:29]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 01:37]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 01:37]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049637376-3198039210-1265106122-1000Core.job
- c:\users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 12:08]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049637376-3198039210-1265106122-1000UA.job
- c:\users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 12:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20120216&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4049637376-3198039210-1265106122-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,a9,e7,04,ce,bd,c3,bc,52,0e,8d,b3,0b,7b,17,37,b8,f6,8c,5e,97,
94,f0,e3,c3,ed,df,4c,f3,c1,8e,44,61,34,15,75,5f,da,44,b8,2f,5c,55,31,14,ff,\
"rkeysecu"=hex:d6,78,26,cb,7d,75,90,a9,d1,f1,fa,0e,f5,ca,da,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:3f14492a
"904254FC"="C6B55DA6"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-26 08:36:27
ComboFix-quarantined-files.txt 2012-09-26 13:36
.
Pre-Run: 59,177,570,304 bytes free
Post-Run: 59,087,683,584 bytes free
.
- - End Of File - - 077D3655F705BAC9CE4A6AB31E506682

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 26 September 2012 - 04:32 PM

Greetings KJo132

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 27 September 2012 - 09:13 AM

Here are these logs.
The aswMBR didn't give a completion notification but it just stopped scanning. So I selected save log.


tdsskiller:

09:10:48.0419 5620 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
09:10:49.0012 5620 ============================================================
09:10:49.0012 5620 Current date / time: 2012/09/27 09:10:49.0012
09:10:49.0012 5620 SystemInfo:
09:10:49.0012 5620
09:10:49.0012 5620 OS Version: 6.1.7601 ServicePack: 1.0
09:10:49.0012 5620 Product type: Workstation
09:10:49.0012 5620 ComputerName: TAMMY-PC
09:10:49.0012 5620 UserName: Tammy
09:10:49.0012 5620 Windows directory: C:\Windows
09:10:49.0012 5620 System windows directory: C:\Windows
09:10:49.0012 5620 Processor architecture: Intel x86
09:10:49.0012 5620 Number of processors: 2
09:10:49.0012 5620 Page size: 0x1000
09:10:49.0012 5620 Boot type: Normal boot
09:10:49.0012 5620 ============================================================
09:10:50.0759 5620 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:10:50.0759 5620 ============================================================
09:10:50.0759 5620 \Device\Harddisk0\DR0:
09:10:50.0759 5620 MBR partitions:
09:10:50.0775 5620 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
09:10:50.0775 5620 ============================================================
09:10:50.0806 5620 C: <-> \Device\Harddisk0\DR0\Partition1
09:10:50.0806 5620 ============================================================
09:10:50.0806 5620 Initialize success
09:10:50.0806 5620 ============================================================
09:10:52.0257 5164 ============================================================
09:10:52.0257 5164 Scan started
09:10:52.0257 5164 Mode: Manual;
09:10:52.0257 5164 ============================================================
09:10:53.0146 5164 ================ Scan system memory ========================
09:10:53.0146 5164 System memory - ok
09:10:53.0146 5164 ================ Scan services =============================
09:10:53.0442 5164 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:10:53.0442 5164 1394ohci - ok
09:10:53.0489 5164 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:10:53.0505 5164 ACPI - ok
09:10:53.0536 5164 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:10:53.0536 5164 AcpiPmi - ok
09:10:53.0551 5164 adfs - ok
09:10:53.0661 5164 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:10:53.0661 5164 AdobeFlashPlayerUpdateSvc - ok
09:10:53.0754 5164 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:10:53.0770 5164 adp94xx - ok
09:10:53.0801 5164 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:10:53.0801 5164 adpahci - ok
09:10:53.0832 5164 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:10:53.0848 5164 adpu320 - ok
09:10:54.0035 5164 [ 96D6CDD0B32846E8CFBE592F4F32E608 ] AdvancedSystemCareService5 C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:10:54.0035 5164 AdvancedSystemCareService5 - ok
09:10:54.0097 5164 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:10:54.0097 5164 AeLookupSvc - ok
09:10:54.0144 5164 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:10:54.0144 5164 AFD - ok
09:10:54.0207 5164 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:10:54.0207 5164 agp440 - ok
09:10:54.0253 5164 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:10:54.0269 5164 aic78xx - ok
09:10:54.0753 5164 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
09:10:54.0753 5164 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
09:10:54.0768 5164 Akamai ( HiddenFile.Multi.Generic ) - warning
09:10:54.0768 5164 Akamai - detected HiddenFile.Multi.Generic (1)
09:10:54.0815 5164 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:10:54.0877 5164 ALG - ok
09:10:54.0940 5164 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:10:54.0940 5164 aliide - ok
09:10:54.0971 5164 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:10:54.0971 5164 amdagp - ok
09:10:54.0987 5164 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:10:54.0987 5164 amdide - ok
09:10:55.0033 5164 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:10:55.0049 5164 AmdK8 - ok
09:10:55.0080 5164 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:10:55.0080 5164 AmdPPM - ok
09:10:55.0143 5164 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:10:55.0143 5164 amdsata - ok
09:10:55.0174 5164 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:10:55.0174 5164 amdsbs - ok
09:10:55.0221 5164 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:10:55.0221 5164 amdxata - ok
09:10:55.0252 5164 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:10:55.0267 5164 AppID - ok
09:10:55.0283 5164 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:10:55.0283 5164 AppIDSvc - ok
09:10:55.0330 5164 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:10:55.0330 5164 Appinfo - ok
09:10:55.0501 5164 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:10:55.0501 5164 Apple Mobile Device - ok
09:10:55.0626 5164 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:10:55.0626 5164 arc - ok
09:10:55.0657 5164 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:10:55.0657 5164 arcsas - ok
09:10:55.0845 5164 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:10:55.0845 5164 aspnet_state - ok
09:10:55.0876 5164 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:10:55.0891 5164 AsyncMac - ok
09:10:55.0938 5164 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:10:55.0938 5164 atapi - ok
09:10:56.0001 5164 [ 547F07839F71A4357A5E503646CAC2B0 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
09:10:56.0001 5164 atksgt - ok
09:10:56.0063 5164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:10:56.0079 5164 AudioEndpointBuilder - ok
09:10:56.0094 5164 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:10:56.0094 5164 Audiosrv - ok
09:10:56.0703 5164 [ 1D7D0D5D33D8B1507EC5FBFE332E5657 ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
09:10:56.0765 5164 AVGIDSAgent - ok
09:10:56.0843 5164 [ 9E42E8B6BB7FD68F840003A9FC8F24C8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:10:56.0843 5164 AVGIDSDriver - ok
09:10:56.0874 5164 [ CB77A9743A033E33F8409D235C683D99 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:10:56.0874 5164 AVGIDSHX - ok
09:10:56.0921 5164 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:10:56.0921 5164 AVGIDSShim - ok
09:10:56.0937 5164 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:10:56.0952 5164 Avgldx86 - ok
09:10:56.0983 5164 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
09:10:56.0999 5164 Avglogx - ok
09:10:57.0015 5164 [ DACC0743F5313045D5CCA23F8A7CDF68 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:10:57.0030 5164 Avgmfx86 - ok
09:10:57.0046 5164 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:10:57.0046 5164 Avgrkx86 - ok
09:10:57.0077 5164 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:10:57.0077 5164 Avgtdix - ok
09:10:57.0124 5164 [ 3001E24F340D400BFF85935E5777FC5B ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
09:10:57.0124 5164 avgtp - ok
09:10:57.0171 5164 [ 42F11F37CC06D9AB6528AF2E215B8799 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
09:10:57.0186 5164 avgwd - ok
09:10:57.0217 5164 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:10:57.0217 5164 AxInstSV - ok
09:10:57.0280 5164 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:10:57.0295 5164 b06bdrv - ok
09:10:57.0311 5164 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:10:57.0311 5164 b57nd60x - ok
09:10:57.0373 5164 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:10:57.0373 5164 BDESVC - ok
09:10:57.0389 5164 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:10:57.0389 5164 Beep - ok
09:10:57.0451 5164 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
09:10:57.0467 5164 BFE - ok
09:10:57.0529 5164 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
09:10:57.0529 5164 BITS - ok
09:10:57.0545 5164 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:10:57.0545 5164 blbdrive - ok
09:10:57.0639 5164 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:10:57.0639 5164 Bonjour Service - ok
09:10:57.0685 5164 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:10:57.0685 5164 bowser - ok
09:10:57.0701 5164 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:10:57.0701 5164 BrFiltLo - ok
09:10:57.0717 5164 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:10:57.0732 5164 BrFiltUp - ok
09:10:57.0795 5164 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:10:57.0795 5164 BridgeMP - ok
09:10:57.0841 5164 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:10:57.0857 5164 Browser - ok
09:10:57.0888 5164 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:10:57.0888 5164 Brserid - ok
09:10:57.0904 5164 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:10:57.0904 5164 BrSerWdm - ok
09:10:57.0935 5164 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:10:57.0935 5164 BrUsbMdm - ok
09:10:57.0966 5164 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:10:57.0966 5164 BrUsbSer - ok
09:10:58.0013 5164 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:10:58.0013 5164 BTHMODEM - ok
09:10:58.0060 5164 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:10:58.0060 5164 bthserv - ok
09:10:58.0200 5164 catchme - ok
09:10:58.0231 5164 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:10:58.0231 5164 cdfs - ok
09:10:58.0294 5164 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:10:58.0309 5164 cdrom - ok
09:10:58.0372 5164 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:10:58.0372 5164 CertPropSvc - ok
09:10:58.0403 5164 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:10:58.0403 5164 circlass - ok
09:10:58.0465 5164 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:10:58.0465 5164 CLFS - ok
09:10:58.0559 5164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:10:58.0559 5164 clr_optimization_v2.0.50727_32 - ok
09:10:58.0606 5164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:10:58.0621 5164 clr_optimization_v4.0.30319_32 - ok
09:10:58.0637 5164 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:10:58.0637 5164 CmBatt - ok
09:10:58.0684 5164 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:10:58.0684 5164 cmdide - ok
09:10:58.0746 5164 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:10:58.0746 5164 CNG - ok
09:10:58.0793 5164 [ A4D44AB8423791DB757B38150EC599A4 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:10:58.0793 5164 CnxtHdAudService - ok
09:10:58.0824 5164 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:10:58.0824 5164 Compbatt - ok
09:10:58.0887 5164 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:10:58.0887 5164 CompositeBus - ok
09:10:58.0902 5164 COMSysApp - ok
09:10:58.0949 5164 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
09:10:58.0949 5164 cpudrv - ok
09:10:58.0965 5164 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:10:58.0980 5164 crcdisk - ok
09:10:59.0027 5164 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:10:59.0027 5164 CryptSvc - ok
09:10:59.0089 5164 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:10:59.0105 5164 DcomLaunch - ok
09:10:59.0152 5164 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:10:59.0167 5164 defragsvc - ok
09:10:59.0214 5164 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:10:59.0214 5164 DfsC - ok
09:10:59.0245 5164 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:10:59.0245 5164 Dhcp - ok
09:10:59.0261 5164 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:10:59.0261 5164 discache - ok
09:10:59.0277 5164 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:10:59.0277 5164 Disk - ok
09:10:59.0355 5164 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:10:59.0355 5164 Dnscache - ok
09:10:59.0448 5164 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:10:59.0479 5164 dot3svc - ok
09:10:59.0511 5164 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:10:59.0526 5164 DPS - ok
09:10:59.0573 5164 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:10:59.0589 5164 drmkaud - ok
09:10:59.0745 5164 [ 651554E483712B708EDE864D0CA1AA73 ] DrvAgent32 C:\Windows\system32\Drivers\DrvAgent32.sys
09:10:59.0760 5164 DrvAgent32 - ok
09:11:00.0103 5164 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:11:00.0135 5164 DXGKrnl - ok
09:11:00.0228 5164 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B C:\Windows\system32\DRIVERS\e100b325.sys
09:11:00.0244 5164 E100B - ok
09:11:00.0244 5164 EagleXNt - ok
09:11:00.0306 5164 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:11:00.0322 5164 EapHost - ok
09:11:01.0195 5164 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:11:01.0273 5164 ebdrv - ok
09:11:01.0336 5164 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:11:01.0351 5164 EFS - ok
09:11:01.0601 5164 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:11:01.0617 5164 ehRecvr - ok
09:11:01.0726 5164 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:11:01.0726 5164 ehSched - ok
09:11:01.0835 5164 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:11:01.0835 5164 elxstor - ok
09:11:01.0913 5164 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:11:01.0929 5164 ErrDev - ok
09:11:02.0116 5164 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:11:02.0147 5164 EventSystem - ok
09:11:02.0225 5164 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:11:02.0241 5164 exfat - ok
09:11:02.0303 5164 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:11:02.0303 5164 fastfat - ok
09:11:02.0365 5164 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:11:02.0381 5164 fdc - ok
09:11:02.0428 5164 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:11:02.0443 5164 fdPHost - ok
09:11:02.0475 5164 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:11:02.0490 5164 FDResPub - ok
09:11:02.0521 5164 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:11:02.0537 5164 FileInfo - ok
09:11:02.0568 5164 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:11:02.0584 5164 Filetrace - ok
09:11:02.0599 5164 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:11:02.0631 5164 flpydisk - ok
09:11:02.0693 5164 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:11:02.0724 5164 FltMgr - ok
09:11:02.0989 5164 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:11:03.0021 5164 FontCache - ok
09:11:03.0208 5164 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:11:03.0239 5164 FontCache3.0.0.0 - ok
09:11:03.0270 5164 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:11:03.0301 5164 FsDepends - ok
09:11:03.0364 5164 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:11:03.0379 5164 Fs_Rec - ok
09:11:03.0535 5164 [ AE6F0A6562D3ECCD613DE1FD8612AC4E ] Futuremark SystemInfo Service C:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe
09:11:03.0551 5164 Futuremark SystemInfo Service - ok
09:11:03.0660 5164 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:11:03.0676 5164 fvevol - ok
09:11:03.0723 5164 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:11:03.0738 5164 gagp30kx - ok
09:11:03.0785 5164 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:11:03.0847 5164 GEARAspiWDM - ok
09:11:04.0035 5164 Giraffic - ok
09:11:04.0237 5164 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:11:04.0269 5164 gpsvc - ok
09:11:04.0503 5164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:11:04.0534 5164 gupdate - ok
09:11:04.0549 5164 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:11:04.0549 5164 gupdatem - ok
09:11:04.0690 5164 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:11:04.0705 5164 gusvc - ok
09:11:04.0768 5164 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
09:11:04.0799 5164 hamachi - ok
09:11:04.0846 5164 [ E19BC597A0B13BBE6A7E3612F6F8D8A6 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys
09:11:04.0861 5164 HBtnKey - ok
09:11:04.0908 5164 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:11:04.0924 5164 hcw85cir - ok
09:11:04.0955 5164 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:11:04.0971 5164 HDAudBus - ok
09:11:05.0002 5164 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:11:05.0033 5164 HidBatt - ok
09:11:05.0064 5164 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:11:05.0080 5164 HidBth - ok
09:11:05.0127 5164 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:11:05.0142 5164 HidIr - ok
09:11:05.0205 5164 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:11:05.0220 5164 hidserv - ok
09:11:05.0267 5164 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:11:05.0267 5164 HidUsb - ok
09:11:05.0314 5164 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:11:05.0345 5164 hkmsvc - ok
09:11:05.0423 5164 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:11:05.0439 5164 HomeGroupListener - ok
09:11:05.0548 5164 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:11:05.0579 5164 HomeGroupProvider - ok
09:11:05.0610 5164 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:11:05.0626 5164 HpSAMD - ok
09:11:05.0751 5164 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:11:05.0782 5164 HSF_DPV - ok
09:11:05.0844 5164 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:11:05.0875 5164 HSXHWAZL - ok
09:11:06.0047 5164 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:11:06.0063 5164 HTTP - ok
09:11:06.0125 5164 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:11:06.0125 5164 hwpolicy - ok
09:11:06.0187 5164 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:11:06.0203 5164 i8042prt - ok
09:11:06.0312 5164 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:11:06.0343 5164 iaStorV - ok
09:11:06.0468 5164 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:11:06.0499 5164 IDriverT - ok
09:11:06.0796 5164 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:11:06.0811 5164 idsvc - ok
09:11:08.0200 5164 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:11:08.0340 5164 igfx - ok
09:11:08.0434 5164 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:11:08.0449 5164 iirsp - ok
09:11:08.0683 5164 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:11:08.0699 5164 IKEEXT - ok
09:11:09.0011 5164 [ 1F0AEDCBD294A0A3B479896B278AD343 ] IMFservice C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
09:11:09.0011 5164 IMFservice - ok
09:11:09.0089 5164 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:11:09.0105 5164 intelide - ok
09:11:09.0167 5164 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:11:09.0183 5164 intelppm - ok
09:11:09.0229 5164 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:11:09.0245 5164 IPBusEnum - ok
09:11:09.0276 5164 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:11:09.0292 5164 IpFilterDriver - ok
09:11:09.0432 5164 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:11:09.0463 5164 iphlpsvc - ok
09:11:09.0526 5164 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:11:09.0822 5164 IPMIDRV - ok
09:11:09.0900 5164 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:11:10.0025 5164 IPNAT - ok
09:11:10.0446 5164 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:11:10.0462 5164 iPod Service - ok
09:11:10.0493 5164 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:11:10.0509 5164 IRENUM - ok
09:11:10.0540 5164 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:11:10.0555 5164 isapnp - ok
09:11:10.0649 5164 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:11:10.0665 5164 iScsiPrt - ok
09:11:10.0696 5164 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
09:11:10.0711 5164 kbdclass - ok
09:11:10.0727 5164 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
09:11:10.0743 5164 kbdhid - ok
09:11:10.0774 5164 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:11:10.0789 5164 KeyIso - ok
09:11:10.0836 5164 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:11:10.0867 5164 KSecDD - ok
09:11:10.0945 5164 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:11:10.0961 5164 KSecPkg - ok
09:11:11.0086 5164 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:11:11.0101 5164 KtmRm - ok
09:11:11.0211 5164 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:11:11.0226 5164 LanmanServer - ok
09:11:11.0273 5164 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:11:11.0289 5164 LanmanWorkstation - ok
09:11:11.0351 5164 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
09:11:11.0367 5164 lirsgt - ok
09:11:11.0413 5164 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:11:11.0445 5164 lltdio - ok
09:11:11.0523 5164 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:11:11.0538 5164 lltdsvc - ok
09:11:11.0569 5164 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:11:11.0585 5164 lmhosts - ok
09:11:11.0616 5164 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:11:11.0632 5164 LSI_FC - ok
09:11:11.0725 5164 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:11:11.0741 5164 LSI_SAS - ok
09:11:11.0772 5164 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:11:11.0788 5164 LSI_SAS2 - ok
09:11:11.0835 5164 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:11:11.0850 5164 LSI_SCSI - ok
09:11:11.0881 5164 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:11:11.0913 5164 luafv - ok
09:11:13.0145 5164 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
09:11:13.0254 5164 LVUVC - ok
09:11:13.0332 5164 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:11:13.0348 5164 MBAMProtector - ok
09:11:13.0535 5164 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:11:13.0551 5164 MBAMScheduler - ok
09:11:13.0644 5164 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:11:13.0660 5164 MBAMService - ok
09:11:13.0707 5164 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
09:11:13.0707 5164 mcdbus - ok
09:11:13.0785 5164 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:11:13.0800 5164 Mcx2Svc - ok
09:11:13.0878 5164 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:11:13.0909 5164 mdmxsdk - ok
09:11:13.0941 5164 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:11:13.0956 5164 megasas - ok
09:11:14.0034 5164 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:11:14.0050 5164 MegaSR - ok
09:11:14.0112 5164 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:11:14.0128 5164 MMCSS - ok
09:11:14.0159 5164 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:11:14.0175 5164 Modem - ok
09:11:14.0221 5164 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:11:14.0221 5164 monitor - ok
09:11:14.0268 5164 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:11:14.0299 5164 mouclass - ok
09:11:14.0315 5164 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:11:14.0315 5164 mouhid - ok
09:11:14.0377 5164 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:11:14.0393 5164 mountmgr - ok
09:11:14.0549 5164 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:11:14.0580 5164 MozillaMaintenance - ok
09:11:14.0627 5164 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:11:14.0643 5164 mpio - ok
09:11:14.0705 5164 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:11:14.0721 5164 mpsdrv - ok
09:11:14.0939 5164 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:11:14.0970 5164 MpsSvc - ok
09:11:15.0033 5164 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:11:15.0048 5164 MRxDAV - ok
09:11:15.0126 5164 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:11:15.0157 5164 mrxsmb - ok
09:11:15.0251 5164 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:11:15.0267 5164 mrxsmb10 - ok
09:11:15.0298 5164 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:11:15.0313 5164 mrxsmb20 - ok
09:11:15.0360 5164 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:11:15.0376 5164 msahci - ok
09:11:15.0407 5164 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:11:15.0438 5164 msdsm - ok
09:11:15.0688 5164 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:11:15.0719 5164 MSDTC - ok
09:11:15.0781 5164 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:11:15.0797 5164 Msfs - ok
09:11:15.0844 5164 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:11:15.0844 5164 mshidkmdf - ok
09:11:15.0906 5164 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:11:15.0922 5164 msisadrv - ok
09:11:15.0984 5164 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:11:16.0000 5164 MSiSCSI - ok
09:11:16.0000 5164 msiserver - ok
09:11:16.0031 5164 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:11:16.0047 5164 MSKSSRV - ok
09:11:16.0093 5164 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:11:16.0125 5164 MSPCLOCK - ok
09:11:16.0187 5164 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:11:16.0203 5164 MSPQM - ok
09:11:16.0281 5164 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:11:16.0281 5164 MsRPC - ok
09:11:16.0312 5164 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:11:16.0327 5164 mssmbios - ok
09:11:16.0359 5164 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:11:16.0374 5164 MSTEE - ok
09:11:16.0405 5164 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:11:16.0421 5164 MTConfig - ok
09:11:16.0468 5164 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:11:16.0483 5164 Mup - ok
09:11:16.0624 5164 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:11:16.0639 5164 napagent - ok
09:11:16.0764 5164 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:11:16.0780 5164 NativeWifiP - ok
09:11:16.0998 5164 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:11:17.0029 5164 NDIS - ok
09:11:17.0061 5164 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:11:17.0092 5164 NdisCap - ok
09:11:17.0107 5164 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:11:17.0139 5164 NdisTapi - ok
09:11:17.0185 5164 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:11:17.0201 5164 Ndisuio - ok
09:11:17.0263 5164 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:11:17.0279 5164 NdisWan - ok
09:11:17.0357 5164 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:11:17.0373 5164 NDProxy - ok
09:11:17.0763 5164 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
09:11:17.0763 5164 Nero BackItUp Scheduler 4.0 - ok
09:11:17.0841 5164 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:11:17.0856 5164 NetBIOS - ok
09:11:17.0950 5164 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:11:17.0965 5164 NetBT - ok
09:11:17.0997 5164 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:11:18.0012 5164 Netlogon - ok
09:11:18.0137 5164 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:11:18.0153 5164 Netman - ok
09:11:18.0231 5164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:11:18.0231 5164 NetMsmqActivator - ok
09:11:18.0262 5164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:11:18.0262 5164 NetPipeActivator - ok
09:11:18.0387 5164 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:11:18.0402 5164 netprofm - ok
09:11:18.0433 5164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:11:18.0433 5164 NetTcpActivator - ok
09:11:18.0449 5164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:11:18.0449 5164 NetTcpPortSharing - ok
09:11:19.0713 5164 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
09:11:19.0869 5164 netw5v32 - ok
09:11:21.0694 5164 [ D4EF7A9767C05905500EC312CB29EF46 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
09:11:21.0881 5164 NETwLv32 - ok
09:11:21.0959 5164 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:11:21.0975 5164 nfrd960 - ok
09:11:22.0053 5164 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:11:22.0084 5164 NlaSvc - ok
09:11:22.0411 5164 [ CB992AE1506985D9167E85883B4C3240 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
09:11:22.0427 5164 NMIndexingService - ok
09:11:22.0505 5164 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:11:22.0536 5164 Npfs - ok
09:11:22.0583 5164 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:11:22.0583 5164 nsi - ok
09:11:22.0630 5164 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:11:22.0630 5164 nsiproxy - ok
09:11:23.0004 5164 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:11:23.0020 5164 Ntfs - ok
09:11:23.0082 5164 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:11:23.0113 5164 Null - ok
09:11:23.0191 5164 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:11:23.0207 5164 nvraid - ok
09:11:23.0285 5164 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:11:23.0301 5164 nvstor - ok
09:11:23.0363 5164 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:11:23.0363 5164 nv_agp - ok
09:11:23.0691 5164 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:11:23.0706 5164 odserv - ok
09:11:23.0769 5164 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:11:23.0769 5164 ohci1394 - ok
09:11:23.0847 5164 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:11:23.0862 5164 ose - ok
09:11:23.0971 5164 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:11:23.0987 5164 p2pimsvc - ok
09:11:24.0127 5164 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:11:24.0159 5164 p2psvc - ok
09:11:24.0221 5164 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:11:24.0237 5164 Parport - ok
09:11:24.0299 5164 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:11:24.0315 5164 partmgr - ok
09:11:24.0361 5164 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:11:24.0377 5164 Parvdm - ok
09:11:24.0439 5164 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:11:24.0471 5164 PcaSvc - ok
09:11:24.0533 5164 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:11:24.0549 5164 pci - ok
09:11:24.0611 5164 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:11:24.0627 5164 pciide - ok
09:11:24.0705 5164 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:11:24.0736 5164 pcmcia - ok
09:11:24.0783 5164 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:11:24.0798 5164 pcw - ok
09:11:24.0970 5164 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:11:24.0985 5164 PEAUTH - ok
09:11:25.0407 5164 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:11:25.0438 5164 pla - ok
09:11:25.0625 5164 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
09:11:25.0641 5164 PLFlash DeviceIoControl Service - ok
09:11:25.0812 5164 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:11:25.0843 5164 PlugPlay - ok
09:11:25.0906 5164 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:11:25.0921 5164 PNRPAutoReg - ok
09:11:26.0031 5164 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:11:26.0031 5164 PNRPsvc - ok
09:11:26.0156 5164 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:11:26.0172 5164 PolicyAgent - ok
09:11:26.0250 5164 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:11:26.0266 5164 Power - ok
09:11:26.0344 5164 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:11:26.0375 5164 PptpMiniport - ok
09:11:26.0390 5164 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:11:26.0406 5164 Processor - ok
09:11:26.0515 5164 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:11:26.0531 5164 ProfSvc - ok
09:11:26.0562 5164 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:11:26.0562 5164 ProtectedStorage - ok
09:11:26.0593 5164 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:11:26.0609 5164 Psched - ok
09:11:26.0921 5164 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:11:26.0952 5164 ql2300 - ok
09:11:26.0999 5164 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:11:27.0014 5164 ql40xx - ok
09:11:27.0140 5164 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:11:27.0171 5164 QWAVE - ok
09:11:27.0203 5164 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:11:27.0218 5164 QWAVEdrv - ok
09:11:27.0249 5164 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:11:27.0265 5164 RasAcd - ok
09:11:27.0327 5164 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:11:27.0343 5164 RasAgileVpn - ok
09:11:27.0390 5164 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:11:27.0405 5164 RasAuto - ok
09:11:27.0468 5164 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:11:27.0483 5164 Rasl2tp - ok
09:11:27.0577 5164 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:11:27.0593 5164 RasMan - ok
09:11:27.0624 5164 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:11:27.0655 5164 RasPppoe - ok
09:11:27.0702 5164 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:11:27.0733 5164 RasSstp - ok
09:11:27.0827 5164 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:11:27.0858 5164 rdbss - ok
09:11:27.0905 5164 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:11:27.0920 5164 rdpbus - ok
09:11:27.0983 5164 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:11:27.0998 5164 RDPCDD - ok
09:11:28.0029 5164 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:11:28.0029 5164 RDPENCDD - ok
09:11:28.0076 5164 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:11:28.0076 5164 RDPREFMP - ok
09:11:28.0154 5164 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:11:28.0185 5164 RDPWD - ok
09:11:28.0263 5164 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:11:28.0279 5164 rdyboost - ok
09:11:28.0373 5164 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:11:28.0388 5164 RemoteAccess - ok
09:11:28.0482 5164 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:11:28.0497 5164 RemoteRegistry - ok
09:11:28.0607 5164 [ B9BB8E2093C1615AD6EA55AD96214354 ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
09:11:28.0638 5164 Revoflt - ok
09:11:28.0700 5164 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
09:11:28.0716 5164 rimmptsk - ok
09:11:28.0747 5164 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:11:28.0778 5164 rimsptsk - ok
09:11:28.0825 5164 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
09:11:28.0841 5164 rismxdp - ok
09:11:28.0950 5164 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:11:28.0965 5164 RpcEptMapper - ok
09:11:29.0028 5164 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:11:29.0043 5164 RpcLocator - ok
09:11:29.0153 5164 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
09:11:29.0168 5164 RpcSs - ok
09:11:29.0246 5164 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:11:29.0277 5164 rspndr - ok
09:11:29.0324 5164 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:11:29.0324 5164 SamSs - ok
09:11:29.0387 5164 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:11:29.0387 5164 sbp2port - ok
09:11:29.0465 5164 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:11:29.0465 5164 SCardSvr - ok
09:11:29.0543 5164 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:11:29.0543 5164 scfilter - ok
09:11:29.0621 5164 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:11:29.0636 5164 Schedule - ok
09:11:29.0730 5164 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:11:29.0730 5164 SCPolicySvc - ok
09:11:29.0761 5164 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:11:29.0777 5164 sdbus - ok
09:11:29.0855 5164 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:11:29.0870 5164 SDRSVC - ok
09:11:29.0933 5164 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:11:29.0933 5164 secdrv - ok
09:11:30.0026 5164 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:11:30.0042 5164 seclogon - ok
09:11:30.0152 5164 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:11:30.0152 5164 SENS - ok
09:11:30.0230 5164 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:11:30.0246 5164 SensrSvc - ok
09:11:30.0308 5164 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:11:30.0308 5164 Serenum - ok
09:11:30.0370 5164 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:11:30.0370 5164 Serial - ok
09:11:30.0448 5164 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:11:30.0448 5164 sermouse - ok
09:11:30.0573 5164 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:11:30.0573 5164 SessionEnv - ok
09:11:30.0620 5164 [ 9E7DEE11FD5A4355941A45F13C0ED59A ] sfdrv01 C:\Windows\system32\drivers\sfdrv01.sys
09:11:30.0620 5164 sfdrv01 - ok
09:11:30.0667 5164 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
09:11:30.0667 5164 sffdisk - ok
09:11:30.0714 5164 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:11:30.0714 5164 sffp_mmc - ok
09:11:30.0745 5164 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
09:11:30.0745 5164 sffp_sd - ok
09:11:30.0792 5164 [ ECEFB59D2206D281E6D317AF0EA0D8BD ] sfhlp02 C:\Windows\system32\drivers\sfhlp02.sys
09:11:30.0792 5164 sfhlp02 - ok
09:11:30.0823 5164 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:11:30.0823 5164 sfloppy - ok
09:11:30.0870 5164 [ D5A7E09D2C6A702809E49190D52ADC9F ] sfvfs02 C:\Windows\system32\drivers\sfvfs02.sys
09:11:30.0870 5164 sfvfs02 - ok
09:11:30.0948 5164 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:11:30.0963 5164 SharedAccess - ok
09:11:31.0010 5164 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:11:31.0010 5164 ShellHWDetection - ok
09:11:31.0057 5164 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:11:31.0057 5164 sisagp - ok
09:11:31.0088 5164 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:11:31.0104 5164 SiSRaid2 - ok
09:11:31.0104 5164 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:11:31.0119 5164 SiSRaid4 - ok
09:11:31.0322 5164 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:11:31.0369 5164 Skype C2C Service - ok
09:11:31.0494 5164 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:11:31.0494 5164 SkypeUpdate - ok
09:11:31.0572 5164 [ BF302072DC8374CF4E118FD88AA817A2 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
09:11:31.0572 5164 SmartDefragDriver - ok
09:11:31.0603 5164 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:11:31.0603 5164 Smb - ok
09:11:31.0728 5164 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:11:31.0743 5164 SNMPTRAP - ok
09:11:31.0790 5164 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:11:31.0806 5164 spldr - ok
09:11:31.0899 5164 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:11:31.0899 5164 Spooler - ok
09:11:32.0149 5164 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:11:32.0196 5164 sppsvc - ok
09:11:32.0242 5164 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:11:32.0242 5164 sppuinotify - ok
09:11:32.0320 5164 [ 0C1DAD75274CB6E31F053CE3E08BF9C3 ] sptd C:\Windows\system32\Drivers\sptd.sys
09:11:32.0336 5164 sptd - ok
09:11:32.0398 5164 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:11:32.0398 5164 srv - ok
09:11:32.0445 5164 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:11:32.0445 5164 srv2 - ok
09:11:32.0476 5164 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:11:32.0476 5164 srvnet - ok
09:11:32.0523 5164 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:11:32.0539 5164 SSDPSRV - ok
09:11:32.0601 5164 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:11:32.0601 5164 SstpSvc - ok
09:11:32.0648 5164 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:11:32.0664 5164 stexstor - ok
09:11:32.0710 5164 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:11:32.0726 5164 StiSvc - ok
09:11:32.0788 5164 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:11:32.0788 5164 swenum - ok
09:11:32.0898 5164 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
09:11:32.0913 5164 SwitchBoard - ok
09:11:32.0960 5164 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:11:32.0960 5164 swprv - ok
09:11:33.0022 5164 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:11:33.0022 5164 SynTP - ok
09:11:33.0100 5164 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:11:33.0116 5164 SysMain - ok
09:11:33.0178 5164 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:11:33.0194 5164 TabletInputService - ok
09:11:33.0397 5164 [ C9D5FA17200768EF92538F1F95735A2E ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
09:11:33.0444 5164 TabletServicePen - ok
09:11:33.0506 5164 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:11:33.0522 5164 TapiSrv - ok
09:11:33.0584 5164 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:11:33.0584 5164 TBS - ok
09:11:33.0662 5164 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:11:33.0709 5164 Tcpip - ok
09:11:33.0802 5164 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:11:33.0818 5164 TCPIP6 - ok
09:11:33.0943 5164 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:11:33.0943 5164 tcpipreg - ok
09:11:34.0021 5164 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:11:34.0021 5164 TDPIPE - ok
09:11:34.0083 5164 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:11:34.0114 5164 TDTCP - ok
09:11:34.0178 5164 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:11:34.0193 5164 tdx - ok
09:11:34.0271 5164 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:11:34.0271 5164 TermDD - ok
09:11:34.0318 5164 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:11:34.0349 5164 TermService - ok
09:11:34.0396 5164 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:11:34.0412 5164 Themes - ok
09:11:34.0505 5164 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:11:34.0505 5164 THREADORDER - ok
09:11:34.0568 5164 [ 8D83C60DE67C2DB212452D8EBE7CA196 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
09:11:34.0568 5164 TouchServicePen - ok
09:11:34.0599 5164 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:11:34.0599 5164 TrkWks - ok
09:11:34.0693 5164 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:11:34.0693 5164 TrustedInstaller - ok
09:11:34.0755 5164 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:11:34.0755 5164 tssecsrv - ok
09:11:34.0771 5164 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:11:34.0771 5164 TsUsbFlt - ok
09:11:34.0833 5164 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:11:34.0833 5164 tunnel - ok
09:11:34.0880 5164 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:11:34.0895 5164 uagp35 - ok
09:11:34.0927 5164 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:11:34.0927 5164 udfs - ok
09:11:34.0973 5164 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:11:34.0973 5164 UI0Detect - ok
09:11:35.0005 5164 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:11:35.0005 5164 uliagpkx - ok
09:11:35.0051 5164 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:11:35.0051 5164 umbus - ok
09:11:35.0083 5164 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:11:35.0083 5164 UmPass - ok
09:11:35.0224 5164 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
09:11:35.0224 5164 UMVPFSrv - ok
09:11:35.0286 5164 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:11:35.0302 5164 upnphost - ok
09:11:35.0364 5164 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:11:35.0364 5164 USBAAPL - ok
09:11:35.0411 5164 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:11:35.0427 5164 usbccgp - ok
09:11:35.0458 5164 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:11:35.0458 5164 usbcir - ok
09:11:35.0489 5164 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:11:35.0489 5164 usbehci - ok
09:11:35.0552 5164 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:11:35.0567 5164 usbhub - ok
09:11:35.0614 5164 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
09:11:35.0614 5164 usbohci - ok
09:11:35.0661 5164 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:11:35.0661 5164 usbprint - ok
09:11:35.0770 5164 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:11:35.0770 5164 USBSTOR - ok
09:11:35.0832 5164 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:11:35.0832 5164 usbuhci - ok
09:11:35.0895 5164 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:11:35.0926 5164 UxSms - ok
09:11:35.0973 5164 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:11:35.0973 5164 VaultSvc - ok
09:11:36.0051 5164 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:11:36.0051 5164 vdrvroot - ok
09:11:36.0144 5164 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:11:36.0144 5164 vds - ok
09:11:36.0191 5164 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:11:36.0191 5164 vga - ok
09:11:36.0207 5164 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:11:36.0207 5164 VgaSave - ok
09:11:36.0269 5164 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:11:36.0269 5164 vhdmp - ok
09:11:36.0300 5164 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:11:36.0300 5164 viaagp - ok
09:11:36.0332 5164 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:11:36.0332 5164 ViaC7 - ok
09:11:36.0347 5164 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:11:36.0347 5164 viaide - ok
09:11:36.0363 5164 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:11:36.0363 5164 volmgr - ok
09:11:36.0410 5164 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:11:36.0410 5164 volmgrx - ok
09:11:36.0441 5164 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:11:36.0441 5164 volsnap - ok
09:11:36.0456 5164 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:11:36.0456 5164 vsmraid - ok
09:11:36.0534 5164 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:11:36.0550 5164 VSS - ok
09:11:36.0675 5164 [ 40DBA03782BCC10685A8C200C5EBDCD0 ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:11:36.0675 5164 vToolbarUpdater12.2.6 - ok
09:11:36.0722 5164 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
09:11:36.0722 5164 vwifibus - ok
09:11:36.0784 5164 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:11:36.0800 5164 W32Time - ok
09:11:36.0862 5164 [ F24EE97511FB901189E11CBBD51605BA ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
09:11:36.0862 5164 wacmoumonitor - ok
09:11:36.0909 5164 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
09:11:36.0909 5164 wacommousefilter - ok
09:11:36.0956 5164 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:11:36.0956 5164 WacomPen - ok
09:11:37.0002 5164 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
09:11:37.0002 5164 wacomvhid - ok
09:11:37.0034 5164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:11:37.0034 5164 WANARP - ok
09:11:37.0049 5164 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:11:37.0049 5164 Wanarpv6 - ok
09:11:37.0143 5164 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:11:37.0158 5164 WatAdminSvc - ok
09:11:37.0252 5164 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:11:37.0268 5164 wbengine - ok
09:11:37.0330 5164 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:11:37.0346 5164 WbioSrvc - ok
09:11:37.0392 5164 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:11:37.0408 5164 wcncsvc - ok
09:11:37.0424 5164 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:11:37.0439 5164 WcsPlugInService - ok
09:11:37.0486 5164 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:11:37.0486 5164 Wd - ok
09:11:37.0548 5164 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:11:37.0548 5164 Wdf01000 - ok
09:11:37.0564 5164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:11:37.0580 5164 WdiServiceHost - ok
09:11:37.0595 5164 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:11:37.0595 5164 WdiSystemHost - ok
09:11:37.0626 5164 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:11:37.0642 5164 WebClient - ok
09:11:37.0720 5164 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:11:37.0736 5164 Wecsvc - ok
09:11:37.0860 5164 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:11:37.0860 5164 wercplsupport - ok
09:11:37.0923 5164 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:11:37.0938 5164 WerSvc - ok
09:11:37.0970 5164 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:11:37.0970 5164 WfpLwf - ok
09:11:38.0001 5164 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:11:38.0001 5164 WIMMount - ok
09:11:38.0079 5164 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:11:38.0094 5164 winachsf - ok
09:11:38.0172 5164 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:11:38.0188 5164 WinDefend - ok
09:11:38.0219 5164 WinHttpAutoProxySvc - ok
09:11:38.0313 5164 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:11:38.0313 5164 Winmgmt - ok
09:11:38.0360 5164 WinRing0_1_2_0 - ok
09:11:38.0438 5164 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:11:38.0453 5164 WinRM - ok
09:11:38.0531 5164 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:11:38.0531 5164 WinUsb - ok
09:11:38.0609 5164 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:11:38.0609 5164 Wlansvc - ok
09:11:38.0703 5164 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:11:38.0718 5164 wlidsvc - ok
09:11:38.0750 5164 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:11:38.0750 5164 WmiAcpi - ok
09:11:38.0812 5164 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:11:38.0828 5164 wmiApSrv - ok
09:11:38.0937 5164 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:11:38.0968 5164 WMPNetworkSvc - ok
09:11:39.0015 5164 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:11:39.0030 5164 WPCSvc - ok
09:11:39.0077 5164 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:11:39.0077 5164 WPDBusEnum - ok
09:11:39.0140 5164 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:11:39.0140 5164 ws2ifsl - ok
09:11:39.0171 5164 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
09:11:39.0171 5164 wscsvc - ok
09:11:39.0186 5164 WSearch - ok
09:11:39.0296 5164 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:11:39.0327 5164 wuauserv - ok
09:11:39.0358 5164 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:11:39.0358 5164 WudfPf - ok
09:11:39.0420 5164 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:11:39.0420 5164 WUDFRd - ok
09:11:39.0467 5164 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:11:39.0483 5164 wudfsvc - ok
09:11:39.0530 5164 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:11:39.0545 5164 WwanSvc - ok
09:11:39.0592 5164 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:11:39.0592 5164 XAudio - ok
09:11:39.0623 5164 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:11:39.0623 5164 XAudioService - ok
09:11:39.0686 5164 ================ Scan global ===============================
09:11:39.0748 5164 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:11:39.0842 5164 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:11:39.0873 5164 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
09:11:39.0935 5164 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:11:39.0951 5164 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
09:11:39.0966 5164 [Global] - ok
09:11:39.0966 5164 ================ Scan MBR ==================================
09:11:39.0982 5164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:11:40.0325 5164 \Device\Harddisk0\DR0 - ok
09:11:40.0325 5164 ================ Scan VBR ==================================
09:11:40.0341 5164 [ 1A58DEE205BF7932C863D11EB3EB10FC ] \Device\Harddisk0\DR0\Partition1
09:11:40.0341 5164 \Device\Harddisk0\DR0\Partition1 - ok
09:11:40.0341 5164 ============================================================
09:11:40.0341 5164 Scan finished
09:11:40.0341 5164 ============================================================
09:11:40.0356 4532 Detected object count: 1
09:11:40.0356 4532 Actual detected object count: 1
09:12:04.0783 4532 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
09:12:04.0784 4532 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip




aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 09:14:53
-----------------------------
09:14:53.753 OS Version: Windows 6.1.7601 Service Pack 1
09:14:53.753 Number of processors: 2 586 0xE0C
09:14:53.755 ComputerName: TAMMY-PC UserName: Tammy
09:14:54.911 Initialize success
09:18:14.331 AVAST engine defs: 12092700
09:18:37.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
09:18:37.241 Disk 0 Vendor: SAMSUNG_HM160HI HH100-08 Size: 152627MB BusType: 11
09:18:37.300 Disk 0 MBR read successfully
09:18:37.303 Disk 0 MBR scan
09:18:37.309 Disk 0 Windows 7 default MBR code
09:18:37.325 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 2048
09:18:37.333 Disk 0 scanning sectors +312578048
09:18:37.416 Disk 0 scanning C:\Windows\system32\drivers
09:18:52.908 Service scanning
09:19:40.425 Modules scanning
09:20:03.393 Disk 0 trace - called modules:
09:20:03.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
09:20:03.411 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e524a0]
09:20:03.418 3 CLASSPNP.SYS[8950759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x85d38908]
09:20:04.599 AVAST engine scan C:\Windows
09:20:09.077 AVAST engine scan C:\Windows\system32
09:26:00.905 AVAST engine scan C:\Windows\system32\drivers
09:26:26.763 AVAST engine scan C:\Users\Tammy
09:31:27.004 Disk 0 MBR has been saved successfully to "C:\Users\Tammy\Desktop\MBR.dat"
09:31:27.013 The log file has been saved successfully to "C:\Users\Tammy\Desktop\aswMBR.txt"

Edited by KJo132, 27 September 2012 - 09:33 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 27 September 2012 - 12:50 PM

Hello KJo132

I would like to know how the computer is doing now.


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\users\Tammy\AppData\Roaming\StartNow Toolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 27 September 2012 - 03:10 PM

I'm still getting the redirects and they are still frequent. Also it has redirected me to another site but I did not save the site. I'll try to pay more attention next time. Will edit this with the proper information after I run it.

the other site is this:
http://searcherdesktop.com/index.php?search=laptop%20making%20buzzing%20noise%20when%20plugged
this happened when I click on a google link that lead to bleepingcomputer.com and it redirected me to neweygg.com


Tried to run ComboFix. Upon it starting it stated: There's a newer version of ComboFix available.
Would you like to update ComboFix?

Should I update it?

Edited by KJo132, 27 September 2012 - 07:11 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:15 PM

Posted 28 September 2012 - 02:44 AM

yes do update it please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 28 September 2012 - 08:33 AM

Combofix log:


ComboFix 12-09-27.03 - Tammy 09/28/2012 8:09.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.1251 [GMT -5:00]
Running from: c:\users\Tammy\Desktop\ComboFix.exe
Command switches used :: c:\users\Tammy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tammy\AppData\Roaming\StartNow Toolbar
c:\users\Tammy\AppData\Roaming\StartNow Toolbar\CR\installer.json
c:\users\Tammy\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 13:25 . 2012-09-28 13:25 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-09-28 13:25 . 2012-09-28 13:25 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-09-28 13:25 . 2012-09-28 13:25 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-09-28 13:25 . 2012-09-28 13:25 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-09-28 13:25 . 2012-09-28 13:25 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-09-28 13:25 . 2012-09-28 13:25 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-09-28 13:25 . 2012-09-28 13:25 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-09-28 13:25 . 2012-09-28 13:25 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-09-28 13:25 . 2012-09-28 13:25 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-09-28 13:25 . 2012-09-28 13:25 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-09-28 13:25 . 2012-09-28 13:25 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-09-28 13:25 . 2012-09-28 13:25 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-09-28 13:24 . 2012-09-28 13:24 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-09-28 13:24 . 2012-09-28 13:24 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-09-28 13:24 . 2012-09-28 13:24 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-09-28 13:24 . 2012-09-28 13:24 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-09-28 13:24 . 2012-09-28 13:24 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-09-28 13:22 . 2012-09-28 13:26 -------- d-----w- c:\users\Tammy\AppData\Local\temp
2012-09-28 13:22 . 2012-09-28 13:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-26 13:39 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 20:20 . 2012-09-23 20:20 -------- d-----w- c:\program files\HP
2012-09-23 20:20 . 2012-09-23 20:20 -------- d-----w- c:\program files\Hewlett-Packard
2012-09-21 17:17 . 2012-09-21 17:17 -------- d-----w- c:\users\Tammy\AppData\Roaming\AVG2013
2012-09-21 17:14 . 2012-09-26 11:48 -------- d-----w- c:\programdata\AVG Secure Search
2012-09-21 17:13 . 2012-09-21 17:13 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-21 17:13 . 2012-09-26 11:48 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-09-21 17:09 . 2012-09-21 18:16 -------- d-----w- c:\programdata\AVG2013
2012-09-21 17:03 . 2012-09-21 17:53 -------- d-----w- c:\users\Tammy\AppData\Local\Avg2013
2012-09-21 17:03 . 2012-09-21 17:03 -------- d-----w- c:\users\Tammy\AppData\Local\MFAData
2012-09-20 17:53 . 2012-09-20 17:53 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-20 17:51 . 2012-09-20 17:51 -------- d-----w- c:\programdata\McAfee
2012-09-18 19:36 . 2012-09-18 19:36 -------- d-----w- c:\program files\TeamSpeak 3 Client
2012-09-17 23:58 . 2012-09-17 23:58 51936 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-09-14 10:34 . 2012-09-14 10:34 89440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-09-12 16:47 . 2012-09-12 16:47 164704 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-09-12 16:47 . 2012-09-12 16:47 151648 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-12 14:41 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 14:41 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:41 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 14:41 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 14:41 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 14:41 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-29 22:31 . 2012-08-29 22:33 -------- d-----w- c:\users\Public\StarStableOnline
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 23:29 . 2012-04-07 04:49 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-20 23:29 . 2011-07-28 23:47 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 17:53 . 2010-10-15 21:17 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-07 22:04 . 2010-07-24 01:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 21:40 . 2012-08-13 21:40 176096 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-08-10 09:52 . 2012-08-10 09:52 19808 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2012-08-10 09:52 . 2012-08-10 09:52 35168 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-08-09 18:56 . 2012-08-09 18:56 178656 ----a-w- c:\windows\system32\drivers\avglogx.sys
2012-07-24 00:10 . 2012-07-24 00:10 53248 ----a-r- c:\users\Tammy\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-18 17:47 . 2012-08-15 18:30 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14 . 2012-08-15 18:30 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14 . 2012-08-15 18:30 102912 ----a-w- c:\windows\system32\browser.dll
2007-05-24 20:17 . 2012-09-08 00:16 1667072 ----a-w- c:\program files\mozilla firefox\plugins\fluxcore.dll
2006-07-28 18:29 . 2012-09-08 00:16 36864 ----a-w- c:\program files\mozilla firefox\plugins\fluxcryp.dll
2007-05-24 20:17 . 2012-09-08 00:16 307200 ----a-w- c:\program files\mozilla firefox\plugins\fluxdx8.dll
2007-05-24 20:17 . 2012-09-08 00:16 61440 ----a-w- c:\program files\mozilla firefox\plugins\HawkNL.dll
2012-09-08 00:17 . 2012-09-08 00:16 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"NBKeyScan"="c:\program files\Nero\Nero BackItUp 4\NBKeyScan.exe" [2008-09-24 2254120]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5]
2012-05-28 20:56 288128 ----a-w- c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 00:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-24 00:30 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-24 00:30 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-11-28 12:36 4692296 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [x]
R3 EagleXNt;EagleXNt; [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0; [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 23:29]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 01:37]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-24 01:37]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049637376-3198039210-1265106122-1000Core.job
- c:\users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 12:08]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4049637376-3198039210-1265106122-1000UA.job
- c:\users\Tammy\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 12:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tammy\AppData\Roaming\Mozilla\Firefox\Profiles\pne0lqyl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z164&form=ZGAADF&install_date=20120216&q=
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4049637376-3198039210-1265106122-1000\Software\SecuROM\License information*]
"datasecu"=hex:a3,a9,e7,04,ce,bd,c3,bc,52,0e,8d,b3,0b,7b,17,37,b8,f6,8c,5e,97,
94,f0,e3,c3,ed,df,4c,f3,c1,8e,44,61,34,15,75,5f,da,44,b8,2f,5c,55,31,14,ff,\
"rkeysecu"=hex:d6,78,26,cb,7d,75,90,a9,d1,f1,fa,0e,f5,ca,da,6c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mpDRM\LicenseStore*]
"CheckValue"=dword:3f14492a
"904254FC"="C6B55DA6"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Nero\Nero BackItUp 4\IoctlSvc.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\system32\sppsvc.exe
c:\program files\AVG\AVG2013\avgui.exe
c:\program files\AVG\AVG2013\avgcfgex.exe
.
**************************************************************************
.
Completion time: 2012-09-28 08:32:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-28 13:32
ComboFix2.txt 2012-09-26 13:36
.
Pre-Run: 60,665,151,488 bytes free
Post-Run: 60,580,401,152 bytes free
.
- - End Of File - - 3AE44D4091691BD82B260BA65F555652

#15 KJo132

KJo132
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 28 September 2012 - 09:46 AM

Also being redirected now by feed.hype-ads.com and myfindhere.com or something similar.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users