I need help to remove system care antivirus from my server

L

Ladylike

New Member
Thread author
Jul 30, 2013
11
Hi Please I need your assistance on how to remove system care "antivirus" from my server. I had earlier tried the steps you suggested on your blog, i.e. to start the infected system in safe mode with networking
run malware bytes antimalware, rogue killer and hitman pro. But unfortunately an error message came up while running the malware bytes.

waiting anxiously to read from you please.

03OTL logfile created on: 7/30/2013 12:54:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 47.54% Memory free
3.93 Gb Paging File | 2.50 Gb Available in Paging File | 63.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 253.15 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive I: | 1.87 Gb Total Space | 1.63 Gb Free Space | 86.82% Space Free | Partition Type: FAT32

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 12:10:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Downloads\OTL.exe
PRC - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
PRC - [2013/07/30 10:27:30 | 000,161,968 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
PRC - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/06/13 11:20:35 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/01 05:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/05/01 05:11:08 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/02/27 08:43:47 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/11/30 03:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/27 08:38:44 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/03/16 02:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/07/14 02:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/30 10:27:30 | 002,285,232 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/07/30 10:27:30 | 000,521,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\log4cplusU.dll
MOD - [2013/07/30 10:27:30 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\SiteSafety.dll
MOD - [2013/07/30 09:06:37 | 000,013,600 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/07/12 09:58:58 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/12 09:58:48 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/12 09:58:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/12 09:58:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/12 09:58:13 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/12 09:57:47 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/13 11:20:35 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/06/09 08:26:11 | 000,704,000 | ---- | M] () -- C:\Users\HP\AppData\Roaming\BabSolution\Shared\BUSolution.dll
MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/05/16 06:33:37 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/05/16 06:33:36 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/04/19 23:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2013/02/27 08:43:47 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/05 11:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010/11/05 02:58:10 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2010/11/05 02:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/23 14:45:41 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/07/30 10:27:30 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/06/19 08:42:54 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/27 08:43:47 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/06 12:23:14 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2012/01/17 16:12:13 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/06/19 11:01:58 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2013/06/19 11:01:52 | 000,044,000 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2013/06/19 11:01:45 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2013/06/19 11:01:24 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2013/06/19 11:01:04 | 000,594,528 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/02 15:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/06/19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 31 97 E9 5F 41 2C CD 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss&mntrId=D281D8D3857E34AB
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=286&systemid=406&apn_uid=5556149558674025&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: {C4A4F5A0-4B89-4392-AFAC-D58010E349AF}:5.0.0.7107
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.02


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/07/30 10:27:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/06/19 11:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/06/19 11:02:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/27 08:43:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/01/30 10:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Extensions
[2013/05/22 12:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions
[2013/05/07 11:55:50 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
[2013/05/07 13:50:37 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ffxtlbr@delta.com
[2013/05/07 13:38:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\plugin@yontoo.com
[2013/04/11 16:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2013/05/07 13:40:52 | 000,006,505 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\babylon.xml
[2013/05/07 13:50:37 | 000,001,294 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\delta.xml
[2013/05/07 11:55:50 | 000,002,646 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\Search_Results.xml
[2013/01/30 10:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/27 08:43:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/27 08:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/07/30 10:27:41 | 000,003,577 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 08:43:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B30205-0C3A-4DEF-BB78-64048A011CBB}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126555AF-538D-4197-B0AD-27C6C181771E}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/30 09:10:44 | 000,000,000 | ---D | C] -- C:\e5ddeec68fa31077af1d02743bbd
[2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/29 11:12:11 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Malwarebytes
[2013/07/29 11:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/29 11:12:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Programs
[2013/07/29 11:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/25 10:43:53 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash
[2013/07/24 11:55:05 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\Remove System Care antivirus_files
[2013/07/23 12:19:14 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\3920-senatorial-district_files
[2013/07/15 16:16:48 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/15 16:16:46 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/15 16:16:46 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/15 16:16:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/15 16:16:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/07/15 16:16:44 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/15 16:16:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/07/15 16:16:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/15 16:16:44 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/07/15 16:16:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/07/12 11:34:46 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\flash content
[2013/07/11 09:11:12 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 09:09:53 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/11 09:09:39 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 09:09:36 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/30 12:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 12:16:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/30 10:27:30 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/07/30 10:16:00 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 10:10:31 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 09:06:23 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/30 09:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 09:06:02 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/29 11:12:11 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/25 15:20:38 | 000,307,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/25 15:20:38 | 000,037,732 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/24 11:55:07 | 000,060,994 | ---- | M] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm
[2013/07/23 12:19:15 | 000,102,368 | ---- | M] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm
[2013/07/23 11:40:16 | 002,087,003 | ---- | M] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf
[2013/07/23 11:39:58 | 000,453,389 | ---- | M] () -- C:\Users\HP\Desktop\Degema.pdf
[2013/07/22 16:00:00 | 000,132,944 | ---- | M] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf
[2013/07/19 15:59:29 | 000,889,679 | ---- | M] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf
[2013/07/17 17:05:56 | 000,285,507 | ---- | M] () -- C:\Users\HP\Desktop\galaxy.jpg
[2013/07/12 09:57:13 | 000,409,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/09 15:58:25 | 000,264,118 | ---- | M] () -- C:\Users\HP\Desktop\INVITATION.pdf
[4 C:\Users\HP\Desktop\*.tmp files -> C:\Users\HP\Desktop\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/29 11:12:11 | 000,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/24 11:55:05 | 000,060,994 | ---- | C] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm
[2013/07/23 12:19:14 | 000,102,368 | ---- | C] () -- C:\Users\HP\Desktop\3920-senatorial-district.htm
[2013/07/23 11:40:14 | 002,087,003 | ---- | C] () -- C:\Users\HP\Desktop\Report 421 - Rural Water Supply Study.pdf
[2013/07/23 11:39:56 | 000,453,389 | ---- | C] () -- C:\Users\HP\Desktop\Degema.pdf
[2013/07/22 16:00:00 | 000,132,944 | ---- | C] () -- C:\Users\HP\Desktop\201204_itil_v3_exam_dumps_exin150q-2.pdf
[2013/07/19 15:59:27 | 000,889,679 | ---- | C] () -- C:\Users\HP\Desktop\howto_aw_plus__troubleshoot_slow_network_performance2.pdf
[2013/07/17 17:08:10 | 000,285,507 | ---- | C] () -- C:\Users\HP\Desktop\galaxy.jpg
[2013/07/09 15:58:25 | 000,264,118 | ---- | C] () -- C:\Users\HP\Desktop\INVITATION.pdf
[2012/03/26 16:07:01 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/01/24 14:01:18 | 000,003,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/24 14:01:18 | 000,000,756 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/11/16 03:32:30 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\Users\HP\Desktop\galaxy.jpg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Hi and welcome to the malwaretips.com forums!

I'm Kuttus and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
<hr />




STEP 1: Run the below OTL fix
<ol><li>Start <>OTL.exe</></li>
<li>Copy/paste the following text written <>inside of the code box</> into the <>Custom Scans/Fixes</> box located at the bottom of OTL
Code: 
PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/05/01 05:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe
MOD - [2013/07/30 09:06:37 | 000,013,600 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/06/09 08:26:11 | 000,704,000 | ---- | M] () -- C:\Users\HP\AppData\Roaming\BabSolution\Shared\BUSolution.dll
MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=1197...D3857E34AB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=1197...D3857E34AB
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchT...D3857E34AB
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb...archTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[2013/05/22 12:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​
[2013/05/07 11:55:50 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
[2013/05/07 13:50:37 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​\ffxtlbr@delta.com
[2013/05/07 13:38:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​\plugin@yontoo.com
[2013/04/11 16:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​\ftdownloader3@ftdownloader.com.xpi
[2013/05/07 13:40:52 | 000,006,505 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​ins\babylon.xml
[2013/05/07 13:50:37 | 000,001,294 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​ins\delta.xml
[2013/05/07 11:55:50 | 000,002,646 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​ins\Search_Results.xml
[2013/02/27 08:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/07/30 10:27:41 | 000,003,577 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/27 08:43:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B30205-0C3A-4DEF-BB78-64048A011CBB}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126555AF-538D-4197-B0AD-27C6C181771E}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30
[2013/07/30 09:10:44 | 000,000,000 | ---D | C] -- C:\e5ddeec68fa31077af1d02743bbd
[2013/07/24 11:55:07 | 000,060,994 | ---- | M] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm


:commands
[emptytemp]
[reboot]
<>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system</></li>
<li>Then click the <>Run Fix</> button at the top</li>
<li>Let the program run unhindered, reboot when it is done</li>
<li>Attach the new log produced by OTL (C:\_OTL)</li>
</ol>

<hr />
 
Last edited by a moderator:
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
All processes killed
Error: Unable to interpret <PRC - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe> in the current context!
Error: Unable to interpret <PRC - [2013/05/01 05:11:08 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe> in the current context!
Error: Unable to interpret <MOD - [2013/07/30 09:06:37 | 000,013,600 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll> in the current context!
Error: Unable to interpret <MOD - [2013/06/09 08:26:11 | 000,704,000 | ---- | M] () -- C:\Users\HP\AppData\Roaming\BabSolution\Shared\BUSolution.dll> in the current context!
Error: Unable to interpret <MOD - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe> in the current context!
Error: Unable to interpret <SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)> in the current context!
Error: Unable to interpret <SRV - [2013/06/03 10:57:49 | 003,085,264 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?affID=1197...D3857E34AB> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?affID=1197...D3857E34AB> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchT...D3857E34AB> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb...archTerms}> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <[2013/05/22 12:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​​> in the current context!
Error: Unable to interpret <[2013/05/07 11:55:50 | 000,000,000 | ---D | M] (New Tab) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​​\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}> in the current context!
Error: Unable to interpret <[2013/05/07 13:50:37 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​​\ffxtlbr@delta.com> in the current context!
Error: Unable to interpret <[2013/05/07 13:38:38 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​​\plugin@yontoo.com> in the current context!
Error: Unable to interpret <[2013/04/11 16:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions​​\ftdownloader3@ftdownloader.com.xpi> in the current context!
Error: Unable to interpret <[2013/05/07 13:40:52 | 000,006,505 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​​ins\babylon.xml> in the current context!
Error: Unable to interpret <[2013/05/07 13:50:37 | 000,001,294 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​​ins\delta.xml> in the current context!
Error: Unable to interpret <[2013/05/07 11:55:50 | 000,002,646 | ---- | M] () -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplug​​ins\Search_Results.xml> in the current context!
Error: Unable to interpret <[2013/02/27 08:43:46 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml> in the current context!
Error: Unable to interpret <[2013/07/30 10:27:41 | 000,003,577 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml> in the current context!
Error: Unable to interpret <[2013/02/27 08:43:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml> in the current context!
Error: Unable to interpret <O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)> in the current context!
Error: Unable to interpret <O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.> in the current context!
Error: Unable to interpret <O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)> in the current context!
Error: Unable to interpret <O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)> in the current context!
Error: Unable to interpret <O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)> in the current context!
Error: Unable to interpret <O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\HP\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B30205-0C3A-4DEF-BB78-64048A011CBB}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{126555AF-538D-4197-B0AD-27C6C181771E}: DhcpNameServer = 41.75.80.41 4.2.2.2 83.229.88.30> in the current context!
Error: Unable to interpret <[2013/07/30 09:10:44 | 000,000,000 | ---D | C] -- C:\e5ddeec68fa31077af1d02743bbd> in the current context!
Error: Unable to interpret <[2013/07/24 11:55:07 | 000,060,994 | ---- | M] () -- C:\Users\HP\Desktop\Remove System Care antivirus.htm> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP
->Temp folder emptied: 480624241 bytes
->Temporary Internet Files folder emptied: 175583983 bytes
->FireFox cache emptied: 236283823 bytes
->Flash cache emptied: 6690 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 503495504 bytes
RecycleBin emptied: 739531526 bytes

Total Files Cleaned = 2,037.00 mb

Error: Unable to interpret <NOTICE: This script was written specifically for this user, for use on that particular machine. Running > in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 07302013_161105

Files\Folders moved on Reboot...
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download Security Check on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>
STEP 2: Run a scan with Junkware Removal Tool

Please download Junkware Removal Tool to your desktop from here
  • Turn off your antivirus software now to avoid potential conflicts
  • Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
  • The tool will open and start scanning your system
  • Please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
  • Post the contents of JRT.txt into your next reply


Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)


Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • When it prompts you to try their 30-day trail, click decline
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

 
Last edited by a moderator:
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
# AdwCleaner v2.306 - Logfile created 07/31/2013 at 13:25:35
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : HP - HP-PC
# Boot Mode : Normal
# Running from : C:\Users\HP\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : BrowserProtect
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\bprotector_extensions.sqlite
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\bprotector_prefs.js
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\Babylon.xml
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\delta.xml
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\searchplugins\Search_Results.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\delta
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\HP\AppData\Local\Babylon
Folder Deleted : C:\Users\HP\AppData\Local\Ilivid
Folder Deleted : C:\Users\HP\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\HP\AppData\Local\VirtualStore\Program Files\Search Results Toolbar
Folder Deleted : C:\Users\HP\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\HP\AppData\LocalLow\delta
Folder Deleted : C:\Users\HP\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\HP\AppData\Roaming\Babylon
Folder Deleted : C:\Users\HP\AppData\Roaming\file scout
Folder Deleted : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF}
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\HP\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\f4d6d8bc3ab842
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\f4d6d8bc3ab842
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=D281D8D3857E34AB --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=NT_ss&mntrId=D281D8D3857E34AB --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (en-US)

File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\prefs.js

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Deleted : user_pref("extensions.delta.id", "d28186d3000000000000d8d3857e34ab");
Deleted : user_pref("extensions.delta.instlDay", "15832");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1613:50:37");
Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Deleted : user_pref("extentions.y2layers.installId", "2922159c-6b5c-4b2c-a0d7-676e01a31035");

*************************

AdwCleaner[S1].txt - [16275 octets] - [31/07/2013 13:25:35]

########## EOF - C:\AdwCleaner[S1].txt - [16336 octets] ##########
 
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x86
Ran by HP on Wed 07/31/2013 at 13:34:57.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"



~~~ FireFox

Successfully deleted: [File] "C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\8ix8f98r.default\extensions\ftdownloader3@ftdownloader.com.xpi"
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\8ix8f98r.default\minidumps [71 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/31/2013 at 13:36:39.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
mbar-log-2012-06-25 (16-30-00).txt
A log file with detections might look like this, containing info about all detected items:
Malwarebytes Anti-Rootkit 1.1.0.1000
www.malwarebytes.org

Database version: v2012.06.25.10
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: WMXP32 [administrator]

6/25/2012 4:30:00 PM
mbar-log-2012-06-25 (16-30-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 24649
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Delete on reboot. [a3d9b340f76567cf5ae9a8458c774db3]
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RUNTIME2 (Rootkit.Agent) -> Delete on reboot. [bdbfb34075e753e368dc6a838a79ca36]
HKLM\System\CurrentControlSet\Services\runtime (Rootkit.Agent) -> Delete on reboot. [9ddfc132e17b44f25672eb0670935fa1]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\WINDOWS\system32\drivers\runtime2.sys (Rootkit.Cutwail) -> Delete on reboot. [763bd40c542382a03a9081fd64c2bd49]
C:\Documents and Settings\Administrator\Desktop\readme(30).exe (Rootkit.0Access) -> Delete on reboot. [cbb1e80ba1bb47ef8ca45c281fe155ab]
C:\WINDOWS\system32\8_exception.nls (Trojan.Tibs) -> Delete on reboot. [1f5dae4561fb4ee80d419ad422e14db3]

(end)
 
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
alwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.31.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
HP :: HP-PC [administrator]

7/31/2013 4:26:37 PM
mbam-log-2013-07-31 (16-26-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199137
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />

STEP 3: Run a scan with Kaspersky Virus Removal Tool
<ol><li>Download Kaspersky Virus Removal Tool from the below link and then double click on it to start this utility.
<><a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">KASPERSKY VIRUS REMOVAL TOOL</a></> <em>(This link open an new webpage from where you can download Kaspersky Virus Removal Tool on your computer.)</em></li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
 
Last edited by a moderator:
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
Code: 
HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : HP-PC
   Windows . . . . . . . : 6.1.1.7601.X86/2
   User name . . . . . . : HP-PC\HP
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-08-01 10:42:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1h 16m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1168

   Objects scanned . . . : 946,251
   Files scanned . . . . : 46,827
   Remnants scanned  . . : 269,825 files / 629,599 keys

Suspicious files ____________________________________________________________

   C:\Users\HP\AppData\Local\Temp\F354.tmp
      Size . . . . . . . : 265,121 bytes
      Age  . . . . . . . : 1.0 days (2013-07-31 11:16:53)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : D3FF690FC6E0C0C25E49E5E032ED552837B825133A63E300B94952F515149EF3
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
         -6.1s C:\Users\HP\AppData\Roaming\Microsoft\Windows\Recent\APCON2 12_13 sever-071613.ptb.lnk
         -4.3s C:\Windows\Prefetch\FILESCOUT.EXE-C27540D1.pf
          0.0s C:\Users\HP\AppData\Local\Temp\F354.tmp
          3.6s C:\Users\HP\AppData\Roaming\Microsoft\Windows\Recent\OTL.Txt for server.lnk
         13.5s C:\Windows\Prefetch\NOTEPAD.EXE-86E0E9B9.pf
         40.8s C:\Windows\Prefetch\RESTORER1.0.0.1.EXE-446DDE63.pf
         40.9s C:\Windows\Prefetch\F354.TMP-F6A5589E.pf
         41.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{05F70771-FC13-4779-A7A3-92EBD52C4AA7}


Cookies _____________________________________________________________________

   C:\Users\HP\AppData\Roaming\Microsoft\Windows\Cookies\2AB7K5OK.txt
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ad.360yield.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ad.yieldmanager.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ads.creative-serving.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ads.p161.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:adtech.de
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:adtechus.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:advertising.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:apmebf.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:atdmt.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:burstnet.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:c1.atdmt.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:casalemedia.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:collective-media.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:dmtracker.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:doubleclick.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:fastclick.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:in.getclicky.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:invitemedia.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:kontera.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:media6degrees.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:overture.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:pool-eu-ie.creative-serving.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:questionmarket.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:revsci.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:ru4.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:serving-sys.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:smartadserver.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:statcounter.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:stats.adotube.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:stats.snacktools.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:survey.g.doubleclick.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:track.adform.net
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:tribalfusion.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:www.googleadservices.com
   C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8ix8f98r.default\cookies.sqlite:zedo.com
 
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
I was having difficulty in downloading the kaspersky virus removal tool. I have finally been able to download and run it. No threat was found after the scan too.

10:42:51.0248 1500 Trojan-Banker.Win32.Capper removal tool 1.0.8.0 Dec 10 2012 09:09:46
10:42:53.0260 1500 ============================================================
10:42:53.0260 1500 Current date / time: 2013/08/02 10:42:53.0260
10:42:53.0260 1500 SystemInfo:
10:42:53.0260 1500
10:42:53.0260 1500 OS Version: 6.1.7601 ServicePack: 1.0
10:42:53.0260 1500 Product type: Workstation
10:42:53.0260 1500 ComputerName: HP-PC
10:42:53.0260 1500 UserName: HP
10:42:53.0260 1500 Windows directory: C:\Windows
10:42:53.0260 1500 System windows directory: C:\Windows
10:42:53.0260 1500 Processor architecture: Intel x86
10:42:53.0260 1500 Number of processors: 2
10:42:53.0260 1500 Page size: 0x1000
10:42:53.0260 1500 Boot type: Normal boot
10:42:53.0260 1500 ============================================================
10:42:53.0260 1500 Initialize success
10:42:53.0260 1500 ============================================================
10:43:04.0742 3640 ================================================================================
10:43:04.0742 3640 Scan started
10:43:04.0742 3640 ================================================================================
10:43:04.0742 3640 ProcessDriveEnumEx: Drive C:\ type 3:0
10:45:05.0610 3640 ProcessDriveEnumEx: Drive F:\ type 2:0
10:45:05.0610 3640 ProcessDriveEnumEx: Volume is not accessible (error 21)
10:45:05.0672 3640 ================================================================================
10:45:05.0672 3640 Scan finished
10:45:05.0672 3640 ================================================================================


Thanks a lot.

I will now send the OTL log for the server.
OTL logfile created on: 8/2/2013 10:51:36 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = \\Apcon-server\Users Folders\admin1\Desktop
Windows Server 2003 Server 2003 R2 Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController
Internet Explorer (Version = 6.0.3790.3959)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.54% Memory free
3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.23% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 210.53 Gb Free Space | 70.63% Space Free | Partition Type: NTFS

Computer Name: APCON-SERVER | User Name: admin1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 12:10:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- \\Apcon-server\Users Folders\admin1\Desktop\OTL.exe
PRC - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe
PRC - [2009/09/22 21:22:14 | 000,315,736 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe
PRC - [2009/08/13 10:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/08/13 03:52:22 | 000,028,456 | R--- | M] (Sage Software, Inc.) -- C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe
PRC - [2007/02/18 05:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe
PRC - [2007/02/18 05:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe
PRC - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ismserv.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 08:58:57 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/07/12 07:59:52 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\350513f364b8bf9e391b69c7e6abd824\System.Windows.Forms.ni.dll
MOD - [2013/07/12 07:58:53 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\07e0a1ad24a7c923ff4c0985e3a4e223\System.Drawing.ni.dll
MOD - [2013/07/12 07:52:09 | 007,976,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\322d1177f6f0486dfdc4bebe17f52c06\System.ni.dll
MOD - [2009/09/22 21:21:52 | 000,026,640 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\volenum.ppl


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - File not found [Auto | Stopped] -- mbamservice.exe -- (MBAMService)
SRV - File not found [Auto | Stopped] -- mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/30 05:39:57 | 000,450,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS)
SRV - [2009/09/22 21:22:14 | 000,315,736 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe -- (AVP)
SRV - [2009/08/13 10:04:28 | 000,435,496 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2009/08/13 04:03:46 | 000,043,816 | R--- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\Sage Software\Peachtree\SmartPostingService2010.exe -- (Peachtree SmartPosting 2010)
SRV - [2007/02/18 05:00:00 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs)
SRV - [2007/02/18 05:00:00 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs)
SRV - [2007/02/18 05:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService)
SRV - [2007/02/18 05:00:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis)
SRV - [2007/02/18 05:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv)
SRV - [2007/02/18 05:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr)
SRV - [2007/02/18 05:00:00 | 000,040,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ)
SRV - [2007/02/18 05:00:00 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\startdss.sys -- (startdss)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (LicenseInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/07/26 13:44:50 | 000,035,144 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/21 11:35:12 | 000,223,760 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/07/31 16:03:18 | 000,161,792 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\q57xp32.sys -- (q57w2k)
DRV - [2007/04/13 14:13:06 | 000,201,600 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\G200em.sys -- (G200e)
DRV - [2007/02/18 05:00:00 | 000,169,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wlbs.sys -- (WLBS)
DRV - [2007/02/18 05:00:00 | 000,072,704 | ---- | M] (Microsoft Corporation) [Kernel | Unavailable | Unknown] -- C:\WINDOWS\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2007/02/18 05:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ClusDisk.sys -- (ClusDisk)
DRV - [2007/02/18 05:00:00 | 000,034,816 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\dfs.sys -- (DfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)


[2012/06/11 14:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin1\Application Data\Mozilla\Extensions
[2012/06/11 14:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\gemgceiw.default\extensions
[2012/06/11 14:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\gemgceiw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/06/11 14:56:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\gemgceiw.default\extensions\staged-xpis
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Documents and Settings\admin1\Application Data\Mozilla\Firefox\Profiles\gemgceiw.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MICROSOFT\SEARCH ENHANCEMENT PACK\SEARCH HELPER\FIREFOXEXTENSION\SEARCHHELPEREXTENSION
File not found (No name found) -- C:\PROGRAM FILES\MSN TOOLBAR\PLATFORM\5.0.1449.0\FIREFOX

O1 HOSTS File: ([2007/02/18 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Servers MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found
O4 - HKCU..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime File not found
O4 - Startup: C:\Documents and Settings\admin1\Start Menu\Programs\Startup\Seagate 2GE3S8CW Product Registration.lnk = C:\Documents and Settings\admin1\Application Data\Leadertech\PowerRegister\Seagate 2GE3S8CW Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 2806270429 = 50 4B 03 04 68 36 5B F1 DD 49 44 A7 4B 5B 00 00 00 20 01 00 63 40 11 48 5E AF C9 D4 C2 DD E3 FE 0F B1 48 01 63 68 85 9D 73 24 05 4B 11 40 D2 74 AF DC 77 FF FE 9D B0 F5 DF 92 45 56 5E 41 95 DA A8 E6 23 8E C4 65 A1 B1 B3 E1 66 D5 90 09 FC 06 78 BC 99 D9 8D 51 9F F7 09 B2 E0 12 10 85 33 07 9A B7 D1 59 E6 18 2B 4C 13 57 8E D9 C8 85 B2 59 EA 5D CA 01 FD 5E E6 F1 23 29 15 09 FB 3C 5A D4 7A 44 41 2C 44 58 81 A5 BB 0B 62 4F F5 F0 03 81 2C 74 B8 7D 59 F8 35 D1 EE AE EC F8 9A 62 5A FC 0D AD 35 00 84 35 DD 2F F3 B5 3D 7B 07 1E 61 D1 41 8C 79 6F C7 C0 58 0D 38 7D 74 DD 2F 1F C1 2E FA B5 69 C8 5D D5 8C 6B AC 01 CF F7 2E 91 7D B4 2C 26 A8 AE 6C 24 EC C9 0C 77 A9 85 2B EB 01 DA F1 E6 A3 7F E8 46 8F 82 FD 51 58 C6 9D A1 9E DC B7 E9 A0 58 06 F4 A3 FA EA 79 57 C2 47 89 8E 56 2B 29 0D 35 E9 CC FA 78 35 2B 9D 86 A2 88 ED FF 60 C9 95 0A 8C 07 4E AD 40 F7 B3 81 46 53 D0 15 59 DB 08 35 41 45 3C C8 D5 19 85 F2 09 CE 3D 7A E1 38 D4 77 F8 2D 40 9D 78 65 F4 13 A9 3B E5 37 1E 40 DB D3 9E 6B 4E 68 FA 43 F6 91 1E 6F A9 68 2E AB C6 89 5B 16 A7 C6 46 2D 8B FA B2 E1 19 3F 20 93 63 27 BB 57 CF BE 0B 3E E7 A9 EE E6 C1 13 79 48 61 D6 1E 09 56 24 21 E4 26 52 87 FD 47 F1 BD 6D 99 D2 E1 8D FA 16 28 57 5B A7 D9 0D 63 CB 8E 6F 89 14 51 FF C5 24 3E D8 AF AA FB FA 6C C5 E8 94 6D 3B DE F5 B5 41 99 F0 40 93 7F 86 A7 4D B0 4B E5 2F DC 20 77 B8 B9 2F CF BC 96 CD 0B 5C 73 2E FC AE 9A D5 C4 AB C4 6E 7E DA F6 14 1A 30 4F 8A C6 6C 39 22 60 61 05 5F 8D E3 CA 18 B6 A4 8B 5B E0 6B A7 B0 03 A4 D7 03 05 30 24 AF 98 18 C1 90 E2 34 51 03 72 7D 05 33 76 26 AF BE 44 CC 70 13 67 B1 D7 1B 1D BE BD 71 FA E0 19 7C 0B F0 4D 30 84 3F F3 7A 05 75 98 0C 35 5B 14 7A 66 10 13 0C 83 0F E2 D9 B9 81 48 42 67 1A B9 38 01 E8 38 35 AE E3 43 F8 DA A9 E2 FF 24 26 58 12 44 84 32 A8 DB C1 BE 08 07 FB D6 8B 87 71 2A 6F BC 03 D4 B3 FB 49 6F C8 1A 2C 4B 50 C3 32 C3 46 43 09 46 DB 07 8D 6C 17 6B AA 06 D3 CB FA 5C 5B 3C 8A 66 B9 EC E7 AA B3 33 40 B8 85 F4 33 7E 8C 90 BC 1E 07 ED 66 CB AA 04 21 A5 56 60 58 0B 52 1F 87 15 03 AF FB 5F 4E 36 D7 B0 D9 48 B0 33 19 54 F8 39 D5 12 A5 0C 2E 0E 7B F5 FE 58 19 1F 20 0F 4E DE 12 AE 4A B6 D3 38 64 CC 8C 71 96 8D 8F 93 8C B8 D8 C1 E7 80 E6 76 5B 17 05 FD 22 D1 24 29 20 82 E2 02 8D D2 47 68 DA 08 88 06 E0 73 1E 1E F6 94 1E 66 94 E0 0D E4 6C FD AB 2B 23 04 BA A0 AB 0E 3A 2E 5F 23 73 13 B8 F5 00 38 8A D8 28 5F 29 00 02 70 13 1C 46 21 05 3E 1A FD FA 13 99 ED 5C CC A1 2A 51 9F BE 28 78 AF 3E AC 02 8C F8 FD 29 C8 86 C4 FE 51 D5 B3 A1 EF A2 68 D9 50 D9 0D EF D6 E6 80 46 7C AF 2E F1 9D AE E9 69 49 D8 26 B3 0D 2A 71 34 16 DD 06 5A CF 30 6B F6 BF BC 18 55 56 75 D9 E0 31 A1 44 1C F3 5D 53 78 95 6B DC 05 DA A4 2C CC 59 B4 F7 11 B9 B7 B6 F9 59 F4 BC 3E 9C 32 6B 45 19 22 6B 73 66 FF 74 B6 23 52 10 84 42 F5 F1 5B 0E 50 8D 05 61 DF C3 20 9A 1B 43 0E A5 79 05 30 F8 64 16 85 32 AA 6D 6D FB E9 6C DB F2 52 E7 B5 CB BB D1 E2 48 6F 12 D8 80 C3 D1 56 85 8D F3 5B D7 41 A5 DF 70 39 7F D2 EE 74 E1 57 52 AF 2E 03 7F 4E 1B FE 58 BC F1 F9 74 72 88 42 CD 51 B6 84 35 8C C1 39 A2 1A 77 D4 1D 21 C9 14 A3 1E 0F D7 E5 86 F7 66 EC C2 F1 CC 99 23 B9 75 FB 49 FC CB 36 74 46 D2 6F 65 EA FC 0F 3D 0E 33 30 55 2A AF B8 CB C7 A1 C2 DD AE A3 76 85 D1 2E D6 50 C6 7D 2B 6D 2C 1A C1 91 92 73 CD 30 E5 6C AF 6B 10 BC 44 7D 2E 46 99 90 5D 37 CA B4 57 90 EB 40 60 00 CA B2 BC 93 E8 61 3F D3 CB 46 86 F2 BC 50 34 D8 38 EE E6 E6 2B BA 79 E2 9F 24 9B C4 1F AB 0B BF A3 E4 B2 79 15 60 84 5C 4B D5 6E C8 A6 0C 5D 97 27 AF F8 40 42 BE AE CA 85 1B 7A 6A 11 CE C2 69 48 6C 2D F4 84 CF 24 5E 98 E6 DA F5 54 91 2D B1 B2 E4 F2 2B 30 58 09 50 FE 7F 65 D5 BB 6A 82 EB 94 F7 94 38 40 05 58 E1 51 48 F5 32 90 4E C5 29 BE BE BE C5 C8 77 FC DA B8 8D 5F 5B 7B A6 38 39 55 3A D5 8E 49 15 38 E6 03 B9 6C 1D 42 6C EF 6A CE 2C 38 45 77 6F 32 97 4B 8A AC 39 93 20 09 68 B8 B3 60 E3 03 59 D2 CF D9 25 3F 6E 94 95 8D B4 CE F0 55 D1 D8 BE C0 C0 DC F7 11 E7 61 E8 B1 39 E9 4D 23 B2 3D 9E C5 60 F7 73 29 BF 81 8B E5 54 AB 58 2B 6A 18 C6 93 63 AE E3 5F 39 07 5B 5A B7 D6 C5 F5 3D 81 71 75 4B D1 ED 04 43 86 6A 2E 22 D6 9F 97 85 5C 10 82 3D 99 41 2E D1 ED AA E7 0D DA 52 72 3E 95 17 53 DC D4 79 5B 86 C1 F7 D2 07 47 A3 CD 4E F3 B2 5F 71 B7 19 48 01 80 D3 B4 F4 D8 8B 42 90 4F 9F 5A F8 D4 59 EF BD 85 D9 F9 5A A5 A9 5A A2 BB FB 9F 9C 99 49 34 6C FB 1A C7 3C 09 1F C8 B6 37 0C AC 35 CD 45 51 9F 1F B5 31 A3 99 9D B7 93 B3 A5 F2 5E 0F E0 3E EA E4 3C 2E A9 BA 9B 40 A9 67 65 19 E3 C0 B5 6F A1 75 F2 E6 C7 FF DF 0A 3E BD 92 BA 5D D0 F2 66 20 86 C2 AC 05 7A 2C 9F DB 93 83 E6 79 0B 80 4C 1B F3 63 20 1C 56 72 E7 17 1F 6A 66 0F 83 08 05 7D 14 00 86 6D 1E AD B6 B5 08 99 2C 66 93 E8 13 0F 67 2C 58 88 BD 8D 40 2E 0E 77 69 1A 01 0D 8D BD BE 7F C7 DC A4 91 59 EB 51 C7 84 FC 52 51 55 1B AB B5 F7 85 50 3B 8C 94 07 C3 24 CD 9E 78 8C 02 CB 65 5A E1 8C A8 C0 19 C6 F4 EF EE F5 14 B6 05 92 2F 73 B0 23 C4 F1 7D C5 7E B2 EA ED A3 1F 0F C9 4E EE 41 7F 28 DF 3B B8 2D 59 BE 36 43 62 38 CB 04 77 D1 CC 40 DC 23 37 70 0B EE 1C 8C 9F 42 9F FE FA B7 3F 3E CF 7E 5D 8C 13 3B F2 4B BD 57 65 08 3F 64 A7 E7 BE 15 11 D3 5A 25 76 FA 15 D1 51 16 94 A0 24 B6 9C 21 01 56 2D 30 75 6C 4E 79 23 E5 3B B4 96 E7 98 6D 7D 8E B4 BE DF 1D 50 55 C5 49 FC 47 E9 1D 3A B7 BC A1 CB A1 6E 44 F4 B7 27 EB 95 E3 DA 71 E0 5E 3F F3 9F 64 2A 7D 55 67 A1 DC A2 57 5D 71 6D 61 00 BB 4D B7 22 87 EF 6E 2A 72 52 DD 74 72 3A 9F 5B 46 2F 05 3B C6 C7 84 5B 05 AD 67 89 EA 79 75 07 94 14 93 59 6B 9C 94 3C D6 96 DA 54 C7 12 C2 AE 7E 2F BB 34 95 71 20 5F 74 BF 87 6B A2 08 52 28 A2 35 4F 73 8A F0 20 55 C8 76 07 10 9D 1D B3 6B A3 D8 B2 53 27 68 83 57 7C 31 46 CB 03 57 DC 0F 9B F5 2B 71 D7 2E 63 8A C4 0A 7E D0 CE D2 BA 1C 10 28 5B 57 AB AA E6 63 03 50 13 DD D4 9C 75 E3 AC 12 40 50 06 9B FA 05 3E B4 33 AA 7C 72 E8 1F 32 3E 72 A2 25 E5 F3 14 29 E9 00 81 96 BC 9D 8A 38 C3 2F 8D 94 06 10 B4 77 85 28 D8 AC B2 EA 6F 45 C6 59 58 6F F5 A1 4A F7 EF 41 41 8F 94 03 FA 49 EA DD 9D 82 41 0E 4D E6 41 A6 99 0E 21 82 0A CC B7 34 31 8F 7C FB 4A 14 A0 F8 A7 87 08 39 4A 04 5D 48 2E CF 40 4F B7 E8 59 6D FF 82 FB 86 35 75 83 7B 30 AE DB E9 85 2C 82 69 80 41 EF 8D 90 EB 4C A6 D2 7D 0D 73 2C DA 4C 4A 54 AC E0 07 D1 EE A5 41 28 C6 CF C4 3B E9 FA 91 B4 6C A0 B4 5D FC 06 2D D0 98 7C 27 AC 7F DF 74 7F 02 2E 7E 4B 0E 0E 5B 75 74 F6 ED 8C 61 04 26 AE 8C 65 87 E7 BC D7 52 A7 A9 C0 1E EB 91 62 A2 DC 56 80 17 CD EF D0 E1 83 60 04 5B 8B 46 4B 43 72 C9 01 39 37 A3 D8 BA 72 88 DB E7 AE 73 A1 07 41 AF 6B F8 2D D1 8D 94 A8 6A 22 C5 A4 8D 31 E4 E3 18 03 FA FE 6E 7D C1 14 D8 13 6D 7A E1 CF BE B8 D2 94 65 4C 7F F1 F1 D1 C2 FB DC A7 23 0C 49 6C 4E 58 FD E2 36 C7 6F 1E 51 5F 3D 8D 7D 9F 29 C1 D5 E8 1D BB 21 F8 37 DA 05 3A 02 AB 29 40 AF 26 01 03 26 76 72 89 5E C4 ED 3C 5C 30 6E 09 B6 12 2C 67 12 EC 95 6E 9F DD 3A 8E AE 90 1A 37 B7 82 52 83 2E C7 A7 36 EA AB 25 74 DC 30 93 58 99 71 59 C2 87 09 45 76 06 7C 9B A7 C3 D5 D9 B9 1F FF 71 D1 D8 46 F7 88 4D C3 E7 E2 DA 0C B7 E4 53 83 13 8D 88 07 50 A5 59 1E C7 84 74 3C FE F9 36 70 81 81 0E E7 BB F6 14 9B 5C 8C 70 3F 42 93 EF FA EB C1 E2 45 8A 17 68 75 36 34 2D 17 0E 73 DC 50 7F 1E 6F D8 E1 EB F7 13 4A 1A 16 FD 30 87 13 55 08 62 5F 44 34 02 4C 33 C8 B9 81 28 7A 9A E7 A7 C3 69 F4 45 82 26 03 85 B1 51 F5 5D EF 59 EE A7 32 2D 6E 0A B9 14 68 8A 01 C4 DE 66 3A EE 1F F1 71 90 87 71 E5 2A 69 FB B5 C2 6B 90 E0 DE 3D 76 08 AF 8D 3E D5 FB 2D 70 FF 84 56 A7 CB B1 BF D1 83 81 95 D0 32 BE D9 0B A7 4E C3 DB A1 51 39 71 32 0E 23 F7 66 82 66 05 4B A2 69 E1 14 AF C4 D2 9C 84 55 54 28 30 20 63 14 B9 06 69 FA 27 85 44 E1 A4 DD 1B 16 B5 F2 5F E1 63 C4 9B 64 89 80 2A 1C 45 90 A0 46 D1 86 61 2F 65 82 89 A7 8C ED 8B E7 FA 62 FF 0E B8 90 27 49 2C 3C 62 E0 63 0F 04 55 FC B9 1C F3 16 68 07 BD 48 39 80 02 44 81 19 98 51 17 52 C0 87 EF 0A 3B 84 26 E7 C6 D4 9B 8A 4A A8 E7 EF F3 F7 60 1F F0 76 79 1B 37 EC 7E 2C B5 57 2D 09 D3 C3 92 3A 00 1A A8 BC E5 7D 27 0D 11 B8 1A 2B C6 58 B9 1E A5 EE 03 26 2B 7C 0F BB 4C 20 54 CD 74 48 D7 ED C8 56 95 52 79 97 5F 36 BB D4 A0 7C 79 96 20 5E EE 46 D5 C1 BA CB 88 A5 93 7B 5D FC D5 F1 B2 4D 17 07 0E 9E E5 79 98 73 EE 38 2F 79 18 B2 5A D3 E1 88 BF 79 D5 20 D4 53 6D A7 D3 C6 96 42 BE A2 7E 43 D9 EC 98 3E 8A 2E 2E 88 07 5D 20 10 B3 D0 76 8C A2 A8 BB F7 51 DC E9 08 C4 D9 DE 59 47 38 20 99 E6 54 71 EE D1 E0 D6 27 58 C4 92 0F 9F B8 9E 54 A3 44 43 12 BE 47 BC 59 70 CE CB E9 66 48 D2 37 47 9A EA 63 0D 7F E7 D4 69 D3 8F 20 90 CD 88 08 F7 84 56 27 57 67 06 BC 9E DA 2D C4 48 54 BA 12 4A C5 C1 30 67 3B 8E DD 4D ED 87 F7 63 E1 83 ED 0B 90 16 B3 69 85 10 1B 01 36 90 5E 53 7C B7 19 59 F9 DF FE 52 F1 3B 4D 66 E2 75 38 C7 BB 13 BC 91 24 CA 92 14 18 76 C4 FB 7C 66 8E B4 31 75 D7 11 42 79 3C 29 0D DC 49 08 B9 A6 98 83 8B 54 7D 9B 1F 51 55 91 E7 8D D9 A0 84 D8 63 DC AF 85 C3 48 5D 2D C5 EA 90 48 03 10 86 81 B7 1B 81 8B 5D E2 03 F9 FA FF B5 60 AA 23 F8 FF 21 D8 43 E7 9B 1A 23 54 B3 6D 98 5C B1 AE 27 C3 99 8A 66 CB C8 A4 84 BE 2A 62 2F 31 A7 B4 12 3C 73 60 1B 27 4E 5A B7 92 39 14 D1 1B 6A 8B 6B 2F 84 93 5F 4D 16 9F 34 96 61 83 EB C2 CA 57 F6 72 48 A6 7E A2 79 05 AB 5E 81 B7 8C 86 ED 7F DA 2F EF 40 62 4F DF 93 E9 57 09 0C F4 07 52 32 75 DF 08 19 45 7C D5 12 E7 C6 B2 81 18 36 47 CE 3F CC 19 E3 2F 10 AA 52 8D DF 7F 66 2D 47 55 E1 BA 4C 45 53 AD 83 ED E6 5D AF C1 D0 BC D8 9B FB 5B AF EE 13 4B 5E E8 40 75 E8 F9 58 09 2B 48 C6 5F 33 1C 81 6F E9 AA FE FF BC 77 98 05 5E 6D 9D CA B6 63 D6 58 B0 89 B3 81 B4 EA 63 99 CB E4 A5 25 EE CB AE B1 66 C1 F5 6A F9 03 81 5C EE 42 ED 61 0E FC CA CE 60 B2 5A 38 71 1D DB 21 E3 24 E7 42 65 F1 DE 09 13 42 5C DD 1C 41 5F B3 69 09 C8 59 6A 55 CA A5 F7 EA 05 04 4B 81 73 C0 C8 3F 66 71 16 82 F3 0D 65 01 5C F1 CC 80 1D 1E 9D EE 83 41 F8 EB B8 00 A2 9D BB 21 3F 21 7A 23 19 69 8E CE E1 7E 0F A3 71 95 0E EF 84 78 90 61 EF 7D 6D 40 C9 70 02 72 D5 10 37 79 67 C2 87 9B A2 8B 22 2B 29 36 6D 5B 53 22 35 DC EC 53 FD 0E 58 E2 8A E8 DE 80 AB 72 37 05 B3 53 4D E4 C1 28 B7 5D C2 08 8B 7F BD 23 00 63 5E 94 1D B3 B4 38 7C 53 AD E0 63 06 96 91 C6 98 52 DE 7B 14 2F 59 B5 46 1E 9C D8 30 1D 42 76 05 1B F8 E4 A6 2D 56 BF 03 2D F3 9D 7A 8D A2 05 03 14 26 E2 65 C0 7E 9A 39 86 9E E8 AB C6 E9 F9 F4 D2 BA 26 5B D0 D6 24 87 85 B3 80 52 26 13 6E 5E E9 E7 DD 5D BD A3 00 DE 0F BD D2 B1 9A DD 8D 68 A3 1E A3 EE A9 A6 B1 F3 0F D1 62 84 09 07 CF 92 08 A2 DC 35 82 0D EC ED D4 25 6D FF 58 D8 44 4A 70 5D 46 8B 93 4E 50 FC DE 38 20 37 6D 0B A5 B2 B0 D8 24 30 3D 84 0F DB 87 90 46 18 F1 9B 6C 98 FB F2 F6 31 4F 48 14 2C 62 38 71 97 65 55 7E B8 A4 3E 1D 69 BA BC CB 81 57 0E 32 FC 8C EA 86 CD 84 F5 B7 D1 1F 50 3C 72 BE 37 24 AF 08 45 46 E4 E2 C1 2D 28 5F 67 25 D4 4A 47 29 6A 6B DD 8C 8F 60 82 78 48 1F 88 DA 7E 86 F1 B6 68 20 81 3A 5C 72 D9 76 1C 9F 94 B2 BF B4 4F 01 CE 26 BD 6D B3 01 54 E3 50 8A DE 4A 03 4D CA FA 90 24 B2 60 6D 22 85 7D 5E 21 BB 35 72 65 5E 80 79 0C 5D C6 38 7D A7 9C 90 E3 46 EF 4D 4B 2F 2B 60 FF 95 45 3B 5F 26 A0 50 36 9E B5 E7 6B 26 F9 7E 19 20 E4 51 A8 5D 6C AC 65 38 D8 1B 6B 88 8C BA 74 E1 02 C4 BD 55 69 6A A0 58 28 33 BF FF 8A AA FA C0 11 C6 5D 13 54 55 90 BC 6C 5C F8 66 47 DE D8 F2 40 3E 7F 3C 34 60 D2 14 AA DD 45 D8 8C 99 BE A2 12 9F 70 67 9B D2 97 CA AF 90 0D 67 6E C2 AA D6 7F 7A A2 90 41 90 71 16 7D 03 66 C4 6E FA 25 20 03 D3 51 AB C6 B0 62 5F B7 2A F0 6E C1 A8 53 CC 7D D0 75 29 67 7D 33 E4 46 00 2E 26 CB 97 EE EE 39 F6 F0 D2 27 92 42 8C 15 F9 B7 7E 1E 8E E4 7D 72 D8 3F 74 9A 39 7F 03 E4 D2 A4 15 A3 DF 43 0C 56 AC CD 86 C3 61 54 5A 15 95 5A 59 12 D0 C8 E1 08 6C 0C 39 D7 AD 40 E5 8F 9A B4 43 C1 96 91 EF A7 F1 EA 8F 82 40 76 70 85 36 E7 C5 FF 4A D5 11 DF AD A2 39 6E C5 7C 60 C9 4C 38 89 F2 83 5A C2 66 68 F5 B7 93 6A F3 39 04 1C 9D 3B 68 D2 0A 81 87 EF FA 11 36 8D 11 EB A0 68 B1 16 E7 3A 76 EE E5 B6 16 33 DE FD AA B5 5D 06 AD 43 08 12 52 C4 48 CD 21 33 EE 5B EE C2 58 BB 9F E5 91 74 89 2E AE 26 D3 D1 50 8C AE 51 37 3A 0C 88 71 8A 5E B9 8B 4A B5 47 48 D9 3A BF 0C B2 71 B1 E0 C0 44 E1 02 7B B4 B7 4A D2 D4 21 16 26 E7 8F E2 20 B5 E7 99 89 E4 47 57 00 8E 1F D6 6F A8 0A 87 F1 48 52 22 3B 7D CE E2 E7 4C 2E 7E 46 4A D4 AD C2 A2 28 63 0C E3 7F 2B AE 60 90 1E 90 3B 50 47 C5 22 54 EB 86 FA 14 D0 59 81 5C 3F 1F 0D 20 92 7E 18 4B 40 AA 29 0F DF 1E B8 92 C2 CC FA 02 0B 27 DC CB 89 FA 2C 44 54 B4 2B 17 49 D1 AD 07 78 1F 1E 23 B5 38 74 2F 80 05 76 53 81 0A 54 2B C7 1F FB C8 01 A6 C7 10 1D 9B E0 C9 E0 77 69 C1 18 1C 84 90 3F FB 6F A0 4D DB 77 06 C4 5A 36 BC 5E DA AE A2 74 0B 0D 1B 92 94 98 11 90 31 E4 4F 93 00 01 A1 60 D1 5E C9 ED 04 4B 90 92 E4 9F 99 CA 02 A9 DC 38 8E 32 D5 F6 AB B5 36 10 31 9B 84 B5 C1 8D B4 83 8B 11 35 86 C2 6F 59 74 37 02 63 24 93 64 8B 65 59 F5 65 1E 2B 98 FA 4C DE D4 3A FF 91 3C 67 04 A0 F9 B6 53 3B D7 C7 63 01 DC 76 19 17 5E 45 76 A2 41 9D 53 03 CD E0 4A AF 22 6F 92 16 AC 96 FB CE 3C 80 02 8C 9C 1A A5 CC D7 2C CC 03 A7 28 D8 F8 5E 54 04 A8 AC 07 88 D6 88 57 B3 52 E4 7C 0A 1D 04 A7 F3 7D AB 84 13 83 EF 2E 90 60 05 E3 CC 4E 19 E2 82 A2 68 A9 E8 C0 1E 6F EB 55 2D A1 57 9F 87 DB 5F 40 3C FA 12 AF 9B D3 FF CB BC E6 EA 58 B9 27 E6 A0 EA 46 5D 0E 50 06 13 66 37 AA 47 09 CF C1 AA D0 D1 FB DD BA D3 17 52 3B FB 3F 79 8E E5 A4 16 8C 34 3B 82 84 97 49 3E F5 9B F7 9F 7A BE F3 CB 4C 55 00 E8 E6 CF 3E 3F D9 04 62 88 00 F1 17 1A 05 EB 96 21 6C 8D D1 82 75 3A E3 4C 93 63 7B BF BE F3 FC 67 4E 36 92 85 55 3C B9 23 BF 48 17 7F 54 40 D0 23 3B 12 7F 45 35 CE D6 8A 69 53 0F 11 60 F6 CF A8 98 CA 52 68 4B 6E 0B 08 98 75 FF 08 71 14 50 69 DE 6A 5F AE A2 15 43 7F 0F 47 E8 8F 10 7D DD 0A 89 8E 47 DD A2 5A E3 26 C5 C2 10 D2 F0 88 84 F1 12 2A A4 0B ED 7D 48 DF D5 16 00 C8 23 E2 CB 42 82 47 6E DA 5F D3 B7 60 BE E4 AB 07 10 DF ED 70 06 BC BC D4 9D 74 8E C0 27 02 8A BD AD 6D 29 0D ED 67 38 27 FE 0E 4C C5 8F 5A 50 95 93 0A 2B 54 59 EA 37 1F EF 47 B7 F9 E2 8E 1E D7 8E 55 5C 85 1C 72 F3 7F 39 2E 4B E2 8C 23 4B 0D 73 56 B6 BC 41 9E 75 C3 33 E8 BB 5D 2D 94 08 39 E7 1E 94 79 92 D8 47 42 60 28 77 42 6D 6B 68 19 05 04 D8 B6 91 95 B9 EC 11 41 3D AC 03 F4 94 18 AA 2F 34 4F 9D 50 EF 5E B2 07 F1 F3 EA 29 76 07 14 57 72 7A 80 0E 71 47 52 D2 E5 45 79 C8 AF 85 C6 25 5E E4 B2 0D 90 22 7C D7 E4 7F C0 D1 C9 23 9B F2 5C AD DD C7 82 DD CD 86 B9 37 BD DD 06 4A C4 19 68 4A 02 E5 56 80 89 5C F7 BC 1C 43 7F A5 B3 6F 67 F4 97 BC 2B 41 5C ED 78 6F 34 1C F5 B5 5E E1 4D 79 B9 81 20 70 23 0D FD 71 1A 36 87 77 75 00 93 F9 01 C7 F7 15 EC E9 83 60 69 CA 9B F5 32 6C 38 92 57 91 48 59 A0 AE 00 F4 95 35 D2 76 D9 25 34 01 58 EE 63 E0 FD 26 0E 9F 08 5A CA D0 AF 29 44 0A A7 06 A3 DB 53 B0 85 28 4F 4F 66 4F 93 26 DB ED 71 08 35 10 28 19 31 6C E7 D5 4F 0A 54 49 04 04 58 48 73 EC 54 79 08 4C 17 85 89 9F 44 10 28 F8 F1 28 8C 44 D2 8D 5A B7 48 FB F4 91 08 5C 35 50 34 7D 78 35 32 4C 04 D8 E8 F1 A5 F4 C7 C2 5D 2A D7 57 E6 E0 AB 22 8F 31 E9 0F 93 22 BB FC 0C 5F 91 FA 20 1A F6 3D 60 32 63 CA DA 0A 7C A5 50 1A 75 C7 A2 C4 81 BB B4 06 8B AE 46 6A 7D 08 9A E2 54 18 BF 8D 6C 97 02 45 2E BE 85 ED E2 A4 9C 0C 05 A3 90 09 47 43 4F 8E 15 94 B8 67 69 81 5A 35 DD 70 C7 4D 64 01 33 80 DD 4C C2 3C D7 1F 3F E2 52 7C 34 B3 41 24 BF C0 68 5A 0B F4 BE F6 70 66 C2 66 B3 88 E3 BA 79 A1 FB F3 69 DB 4B 78 EA E9 5A 8E 8C EA 52 00 1A 37 9A 2D B0 2B 22 9B 95 78 2D 5E C6 54 20 AB 7E D3 8C 1B 4C 44 65 41 1B 6C C8 66 14 9A D8 66 B0 ED F5 E4 BA 8B CA D8 2D 95 19 C7 7D B4 DB 38 CD 38 5C F7 14 6A A6 DE 81 85 6D E6 FE 35 0C 19 4C 92 FE 5E D7 C3 16 65 0A 9C DF 8C 98 6C 24 A7 74 3B 78 50 F5 40 F2 FF 0A 66 7E 6D 90 D8 71 FB 35 2A 68 B7 F4 2A 16 E8 AC E8 86 5C 52 09 A3 2D 80 A1 28 D2 AE D3 9B 99 60 D2 DF E7 FD AA B3 7B D1 E2 A6 AB 12 D5 38 7C 41 66 AD 37 20 69 C7 4D 78 08 FE A1 6E E6 52 BA C6 3F 5B C9 21 B1 1C 98 9F 3A 7C 6A E0 AC 16 B2 3C 08 79 6E 45 70 03 C5 1E 15 E0 62 AF 28 D2 27 F4 E7 1A 75 C7 98 5B 73 C4 2E CD AA 39 53 06 E4 B0 77 6D A7 E1 C4 DE D2 6A 22 BA F9 81 9E 66 4A 61 2A B2 07 3B 93 57 8C 50 FF F1 B0 F9 16 20 81 BB 0A AA 00 A4 AB C9 DD 2E EE 3E 30 AC 77 93 3D 22 7E D1 7D C6 8D DF 7C 69 8F F1 76 A0 40 C0 77 1E 11 4C E7 3A 52 61 84 55 86 3D 62 AE DF 86 A2 4D AB 08 0F C1 DE 79 06 FB 66 14 8B 2E F3 AC 9F 58 DD 26 2D 04 90 0D 7B 86 5C CA 0C EC 5F 56 3A 49 8A C8 A4 84 C8 8B DE 60 50 7D 40 8C 32 E8 A4 33 28 58 F7 6E D6 2D 84 CB AA 58 40 7F 2A 1D D9 1D E3 0B A1 23 30 98 10 23 2F 5F 90 1E 98 AC 53 E9 9E 32 87 92 E9 43 E1 01 0E 03 8C 53 4E 6D FC A5 C8 27 E3 6C 29 77 49 C4 1C B2 00 A7 3E F3 A5 E4 FD 8E 6B 0C FF 6F A2 3D A9 A2 47 40 7F 36 B4 5C A5 95 DE B9 08 5E 4F 36 1E 4A 09 D9 7F C6 31 7A 19 5E 2D 42 A2 1E 00 B5 1F 9A 01 BB 71 0C 9C 9C DF 70 28 E2 5E F4 9A 9A 29 E8 7F 15 5D 0C 6F 7F 1E C6 2D AF EF 61 E6 35 F1 EB 73 9A 91 C2 13 DA 6A 55 CF A6 6A 84 37 D7 76 3B BA E6 9C 20 E0 4F F0 32 D3 26 EE 6A 4C F8 81 B7 79 CD 2E CF 7B B8 C5 79 52 6F CC B8 9A 77 5E 4A 9A 92 E2 E5 C2 3D 5B E3 B5 44 E5 8B 2E C8 FA 83 A0 8C D8 DB C2 CE 44 2B 2A B3 C7 58 C0 A4 6C C5 3C 6B 48 BA 00 9E 83 81 39 D5 F2 65 89 59 2C C7 01 C4 5C 74 A9 C1 DA 0E A7 1D EE BD 84 FC 68 1A D6 05 7A AD 65 56 FB 93 77 9F AE 9C 42 3B 2B B5 CD 4A 01 9F 93 C3 80 37 97 78 FE 75 65 AC 58 F1 FF 5D 78 0E 79 15 D8 0D 38 64 4E DF F5 2C 77 06 2E 19 2B EC E1 14 39 73 D8 4F DA 44 08 0E 6D B8 02 10 30 B8 15 01 1E B5 21 AC 2D 22 36 75 5A 85 62 5A 4C F2 4F 97 83 CA 40 00 03 BC F8 E0 B2 9D 7A 7D 45 9E 15 82 54 F1 A3 27 9D 83 AD 78 5E FE A8 9E 7E 93 D6 92 92 CF 06 C3 3B 09 1E FE F5 34 C1 7E DC 9F 4B 8A 1D D6 90 3C A9 6D FD 6E CC F9 9E 0D BF B0 B9 44 A9 BE 79 52 65 B7 0F 68 02 FC 66 00 6C 01 3C D9 51 DD 2A FC D7 62 AB BC D3 11 04 93 9A 80 7E 73 A3 C5 88 C3 C3 52 59 F2 A3 E2 25 B1 5C 8D 92 95 37 48 46 CB D2 82 51 15 FC 26 D3 93 AC CA 1C CC 42 A2 89 76 2D 7B 3A 25 8B 37 8D 0A DB 18 EF 79 DD C4 4E 83 50 E7 6F 5F 49 B2 B6 14 77 D7 60 3A 3B 57 52 2A 33 4E 0C EC 34 68 D4 8B 98 9A 64 7D 0C 7F 57 27 D5 F5 C1 7D 1A BF BE 64 4C 46 20 0E 1C 5F 42 55 5B 08 C3 CD 51 41 08 37 08 EF 47 75 42 9B D4 5B B4 4E 9C AF 28 88 8F FE D5 9E 2B 27 42 19 2F C9 5D DD F6 D2 FD C6 3E 41 50 18 BA E8 4C 24 0A 0F E1 EE 39 A3 5D E1 58 2B 88 8F 76 D1 69 F7 CC 4A 42 21 80 36 18 23 33 F8 18 74 FF E7 61 86 B7 5F EF 3E 6A 46 02 F3 76 DD A0 83 83 1E 0F 59 FF B4 A3 8F EF AD 6D 09 3C AE 0D DD 71 0E CB D4 DA C5 41 2D 99 B0 FD DF 08 F2 95 62 08 66 D5 B7 84 45 FF 93 FC BD C6 25 B0 9A 06 76 D9 F2 E0 92 5F A6 FC 0A AE 64 F9 9E 8A 46 0D 80 BA 57 BE E6 54 59 71 73 CE B2 1B 98 B2 BF DE 60 5E CE B3 F5 9C 39 D3 5C 5B D7 8D 9A 01 4D 97 20 91 60 48 A2 51 A1 14 D9 62 94 0C E9 91 B7 7E B9 96 24 8B A0 C2 2A 79 CF 51 07 1E DA F0 78 5E E5 1B 38 8E F1 62 9A F2 92 9B CB A0 51 A6 1A C3 EB 28 4D E2 E8 AF 53 F7 F0 B8 5F 08 99 AF 94 97 E4 ED 74 34 AF E3 E4 85 0A 5F 35 98 C9 E3 08 38 78 5A 28 01 16 85 23 CC 1E 82 6B FA AD D0 15 A5 6B 3E D6 21 AA 06 93 8D 5F DE 31 08 33 9F 8D B8 3B 60 82 A5 41 DA EC 89 D1 1D 9C 08 74 F2 EF 0E 38 37 93 B8 9A 20 37 FE C4 F4 62 54 40 93 56 21 32 10 F4 0E 6E C0 9F 96 5E 3C 57 E5 DF C6 DE 9C 8C B9 36 DC A9 8F 0B 18 A3 43 5F B3 3A AA 7E 9B 1F 11 EE D0 49 CE 71 5B D8 B4 12 AA 72 D7 07 04 F0 05 C9 05 31 0E 63 05 F5 F8 07 7C AB 37 89 76 1A 86 FB 1E A4 7C 5F 88 73 2B 69 BF F6 9C B0 45 76 7E C7 B3 05 48 3B 54 94 C9 23 12 CC 25 87 5F C1 DD A2 B2 A5 EB 2E 5D B8 3C CB 14 C0 3D 7C FB DD 8F 03 8C 77 57 6E 4F F1 57 36 54 C1 F3 C4 F0 29 41 28 84 68 66 5C FD DD 47 B4 7D ED 2A 46 6D 20 BE AD B1 44 8E 86 D8 5D 4E 21 69 AC 13 2E 59 88 A5 C1 AD A4 51 51 21 CF B4 1E AC 6C C5 C4 51 92 D0 6E BC 7C 77 06 48 36 F6 C3 EC C9 8F AD 0D 48 D0 64 E6 F0 42 B5 BC 37 19 50 72 CB 2F DB 44 84 ED 05 27 19 3A ED 3D 3E 08 A2 C8 B3 70 89 EB B7 0D E4 87 0A 35 96 40 85 0A 3E C0 24 FF 50 80 7B 00 2A D1 04 25 01 D4 6D 78 63 39 5B 78 27 76 6B 2B 21 50 09 3E 85 B9 A9 1F B6 FE 13 FD 79 ED 21 90 07 58 08 7E 6B 81 8D 9D 7A 01 D9 47 DE 40 31 A8 94 0A 96 86 21 42 53 16 85 C0 6B 6C 80 79 68 86 11 C9 A1 CC A2 9B F4 09 D9 B8 A1 29 1C B3 22 41 6F 6C C5 F8 43 91 6C BC B7 2F CB 69 55 71 71 81 00 50 FC 3C 9F 4C FA 78 18 C3 8B D7 A8 1D 04 0C 03 94 DF A1 C1 96 C9 AF 57 56 A1 C7 13 3C 51 B3 C7 6B 2B DA 91 A8 04 43 B5 6C 7F C2 2B 29 A9 7A E2 1E 9A 06 52 D2 32 9A 99 46 2C 97 AD 0C 7A 23 5D BC 23 43 46 C3 7F FA 62 DC 46 2D 2D 71 05 20 7A FF 82 A3 D9 2B 76 51 5F 17 98 34 E5 F6 D3 0E 68 16 2C 79 10 F1 55 D6 A2 8C 40 66 8B 55 1A E2 B8 A6 B3 5F 86 44 B7 F8 74 85 1D 67 2D 09 F8 26 75 74 C9 88 27 B3 27 00 76 91 EA 52 88 D2 56 A9 92 6B 4F AD 9E 78 5E 25 18 07 48 21 6F B7 71 C3 18 E6 6F 25 79 DC 5C AA A6 34 CA 23 23 34 B1 AA 3E A9 83 73 3F BC 66 4A C8 6B 1B C0 3C 0D 60 3B 0B 1B 31 72 31 21 D0 C4 56 0B 40 3B 86 03 06 68 B3 5D 5C 68 32 67 4F 06 57 F5 9B 06 EE BE F0 42 88 F7 E7 BD 37 47 F9 EA 12 24 45 07 33 43 6E A1 D7 9D 5C 89 F6 40 4B 05 85 D0 4A C2 24 F4 EA 68 54 DE E1 B0 BF BB 44 EB 2E 51 14 BA 10 2E CA 4D 81 D9 B8 CC 56 F3 48 5E 82 38 6B 12 02 B7 34 4C EA 20 D3 08 A8 EA A6 32 5E 7C 01 84 B5 D6 B5 42 FA 71 DE 26 D2 93 D0 0B EE AD 80 62 0C 43 CA EB 02 30 F9 AA 2C A5 F5 6C 43 FB DF 75 61 AF 04 0B 56 37 40 D8 B1 3E 75 5F 6C 3C 7A CA 7D 14 9F 34 15 8B 46 44 24 29 FA 9E 53 A7 4B 3B 26 A3 10 8A EE 3A D5 90 DA BC 71 9A 46 0F 8D 78 A2 50 C5 E9 98 20 19 00 CE C3 5D DB E9 92 1E 5A E8 C6 93 D8 A5 92 30 E4 5B 42 74 5A ED E5 3B 75 E2 FC E5 BA B8 E7 9C BF 71 E3 76 1D E8 13 1E B8 3B CB 12 90 32 DA 36 30 63 50 32 F4 36 A3 47 6F 3C 41 30 A2 03 9B 28 61 B9 71 F5 6F 4D 33 6B 64 A2 26 F3 F0 95 14 D7 19 13 DC 62 50 D1 6E C2 02 1C 8F F3 5A 04 B4 BD CF 75 C8 D0 F6 1F 0E B7 3B 37 D1 31 54 EF D4 CC B8 7E 84 80 EE 91 05 8A 29 1C 7F 13 EF DE 93 7D 4C 0B 89 A3 89 6E 07 33 41 E9 3E 4B B2 1F 46 66 7C 23 C5 E3 BB 05 0D 19 F4 DF 3A 56 B9 0F B0 F5 DD 1F A0 84 5F 91 BD 6E 73 19 8D CC BE EC 3D 82 18 78 52 48 A2 87 2F 0B 7B 02 97 BA BA 37 86 56 56 7F 44 6E FD 28 AC 29 65 6D C2 34 B9 26 86 FF D9 DD 4F 5C 53 DE A5 11 74 B8 09 A0 D6 3E 95 3E 51 A5 13 6E A7 71 E8 55 84 5D D4 64 8C B3 F8 C3 31 11 2C 55 12 C9 9C 9B B4 34 26 AD 0E E8 B3 C1 AF 2A D5 68 82 ED 55 EB 26 BB 71 08 DB 0B FF 37 D7 36 80 DD 9C BA AC 40 06 BA E5 79 14 DC F3 5B 19 6A 68 E4 98 11 1D E3 60 26 8E 99 E9 3E 0F 7F 98 77 E8 2D B8 32 6D DB D0 21 62 BF CC D9 CC 9E 83 FF FE C1 FF FE 99 68 F2 EF 8F 98 23 6D 1D 52 14 3E 88 31 D7 6A 07 6B 6E 07 9F EA 30 A8 6D 0B 78 21 33 6E 2D 0F 5E D8 4F 72 F3 8E CC B8 53 28 DF 3B 3D 78 1E EE 5D 35 44 42 94 47 4C CE 69 BE 75 52 5A 8D A2 34 F0 C2 70 E3 B0 A5 5F 6E E8 7B 3D E2 7C 34 B4 63 00 37 7F AC 5C 2D 30 5A 72 39 15 08 DA BB 99 CA D5 85 4E D4 1F 9D C3 AD 96 7A B5 C2 D3 0C DE 6D 85 45 4A 37 42 09 8F 32 B7 9E 65 CD A9 D9 E7 C2 6C 12 8C 69 98 44 3E 61 8C 6C 0B EF 4D 9B A4 E1 CC 05 E6 A0 B3 98 B3 A4 21 F0 A1 DF C5 6E 49 B6 4A B6 8C 79 15 F4 34 41 CF 71 20 75 AE 4A 94 6A BA AF 28 89 4D C7 B2 FE 76 4C 01 EB 71 2A 78 9E 83 A8 15 D6 63 A5 48 C5 06 F4 2F 04 B2 F2 34 00 1E 69 BD 52 C3 04 31 66 A8 CE DD BF 22 16 9F DD DC 66 84 12 87 44 C0 B2 D8 AA E5 1E 57 6C CA 68 C7 4D 12 74 90 7A 09 05 E2 99 A3 6F C1 36 E3 8A 50 C3 97 7B 83 3B 4C C1 48 B2 24 53 6F E6 CE 16 6B B4 B9 0A 83 FF 4C 0D 06 9B 91 01 32 5A 8A 5D 23 16 ED CB 95 D3 F6 B1 0B 41 1D 4D 69 41 44 9A 7A 56 7B 55 7B BF 5A 76 E6 EC 50 84 55 06 AE 7B 80 96 C0 C4 CA 5A 50 2E 73 54 86 70 0D BC EE D0 87 03 6B A6 25 ED 01 77 F3 17 00 37 5D CD 38 D9 46 DE 4C A6 50 8A ED 85 46 59 9B A9 D6 05 65 8A 1D 5D 28 A4 5B 7B 12 83 5F F0 9F F5 E1 43 7E 76 D7 AF A5 5F A5 95 AA 48 BD E7 ED C4 2E 51 A8 7B 06 08 FA B2 DF 94 78 EC 48 2F A9 4C D8 FC 02 C2 B4 E7 A6 4D 12 71 98 0E EF EF 49 AE 1C 0B 0B 4F 89 90 26 0D 2A 25 63 B7 F5 BB DE 7E 00 F4 BE 71 D9 04 AF A5 EF 87 0F 5E 33 FC CC 23 16 35 38 ED 16 34 47 50 0C B7 2D D3 6C EF 73 7A B5 7E 89 93 28 E2 E3 F5 00 5F DA 9A 2A 54 28 C2 09 E9 77 10 0B F2 10 76 73 F9 9F 5B 65 F0 7B 6C 58 13 D1 B4 E8 FC D3 2C 32 F4 2F 5A 7B 05 49 10 48 47 CF 2B 2E C8 1C 5F C8 23 A3 3E DF C0 E9 6B 7D AF 65 71 07 F5 F6 93 08 12 C1 FE 4E A0 B2 CA 05 0A 1C 67 84 5E 3A 6F 22 FC 9F 53 68 A6 1A C5 ED A2 BE 87 C1 8B 8A B8 1E A5 99 93 38 D7 92 12 36 D7 68 20 8F 30 07 A9 4B A7 E2 71 D7 6D 72 F7 3E 7D 67 76 6B 32 94 4D 53 E8 24 58 36 6A FF C9 5C 97 91 2A AF C8 34 E6 7F D0 97 55 2E 84 53 45 EE 63 79 05 32 7C 8F C3 92 FC 50 48 DD 44 1D 79 7C 11 93 C4 9C E2 F0 FF F1 BD 05 6A 3D F9 6F E4 84 C8 C8 A1 AC 41 A3 69 D9 DB 22 89 60 23 06 AB 5F D1 63 6B A2 13 0A 8A 6B 63 AD 85 22 8B C6 F9 49 13 0C A3 B9 30 EA 21 B8 26 B7 F9 81 83 43 79 C9 6D 43 EC 48 09 94 15 BF E2 4C BD CD 92 37 96 97 09 01 67 D4 AD 08 5C 29 77 1A 35 A7 34 0B C9 88 E2 7D 41 57 0A EF 08 E9 EC 87 59 C5 6B 52 26 01 02 5D EB B7 DC D2 F5 FC A8 76 FF 1C 78 9E 24 1D D6 8D 98 1C 5A 31 B6 93 53 6F DB 83 C1 0E 6C BB 60 C9 BE AA AD E1 94 8D C0 77 7D 9F C1 A2 31 C1 2D 80 E7 2F 6A 7A 4A B4 3D E4 29 34 7A 7F 67 6F EA 77 06 67 59 47 6A 7F C8 6A 0C FB 8B AD 41 C0 2E 53 A5 42 C9 4A 9A D7 DF 4B EA 00 FB 7B 44 DC 66 5F 6A 6B B8 3E BB BE 7C 7F D4 02 23 C9 D3 93 79 AA 31 4F 7F 57 15 72 CF C3 30 93 6B D4 AB 7C B7 8F DD AC C9 42 DF 15 62 58 50 C5 13 CE 38 1C 00 C9 E3 E4 6B 31 A9 A2 6F 90 3E C6 75 2D 5B F5 EF 4A 39 49 08 0F 76 C9 FB 4F 43 C3 DC 93 60 CB B6 54 2F C6 29 EA 66 DE 5D 0D 49 CF 07 93 5E 65 46 91 E9 C4 8E 87 05 CA 06 9F EF 66 9C 68 6B 3C BB A0 5B FF FD 39 4D 21 37 85 80 60 C4 A0 67 FF 4B C1 B7 FC 73 DA C9 13 C2 E9 8C 4D E3 7F 0A A8 62 3C 95 24 55 E1 0C 23 25 A5 66 CE 11 EB D2 84 F3 66 61 2E 2E D4 A3 23 0C E3 5C 58 93 39 06 78 3D E6 3C 77 01 AD 9B 93 23 CE 79 81 4F 40 3C CD 68 3B C8 55 AF 06 C8 9A 24 90 14 1F 63 0C F7 51 92 87 EC FD 4E 61 0F 61 02 13 7F 3B E4 4F 6D DC 3D 94 06 E1 E3 5E FC 97 63 9B 91 83 A0 E1 65 91 0E 92 8C DC 88 0E 0D 82 20 76 37 BA 37 D9 41 0F 31 B5 FE 08 22 25 A2 0A C8 2A 8D FF E9 C2 C1 8B BB 8F C3 69 CA 6C 7C F6 DF E8 89 82 3A 94 C7 8A 6D 8E ED AD 70 B1 6A 45 44 1F F1 B5 99 A1 40 0C AF 7B 1D 06 2A 1A 05 86 77 6F 2A 86 05 F0 B8 6B C7 BF DE 3B E4 39 A2 34 6A 8F 1D 24 D8 F9 BF 68 50 8D 7E A7 78 F9 03 C0 44 97 73 EF 67 BB 99 05 AD 0E E4 DD 26 D2 85 4B 1C D4 80 F7 1F 3E ED 8E C7 60 C1 BB 5C 5C CE 3A E2 0C FA 4D 6F D5 8E 8F B3 74 FA 53 71 AF E9 B4 CA E2 D8 35 A7 99 F0 7F 42 7C 2B 56 3B B5 4D 0F 88 ED 35 C7 05 E1 62 AD FB E1 DC BF BE 7F D4 79 34 DF 0F 87 6E 46 D5 19 CE 22 05 2B 2D 51 65 37 85 25 76 96 55 B8 E4 4B E9 84 C3 94 8D 0E 8F 42 29 67 31 21 F9 52 7E 86 EA 87 55 DD D0 7E FA 65 9E D2 D1 9A AE D8 F6 1F F2 7B 62 F2 15 5A 85 D8 8B B1 7E 81 E0 6F 63 9F 69 45 66 04 0A 3F EC 9B 6A E0 48 52 DA FD 91 1C D9 DA 25 D7 AB 53 3F D1 77 41 C2 FC CA 24 9A 59 F4 E4 9B C1 F1 DA 07 8E EF 7C E7 5A F2 CA A6 BD 93 3C 13 1C 5A 8A A1 7B F5 E1 E4 3C E6 D8 58 2C F9 C4 B2 91 C3 AD DA 68 7E B0 8D CA 24 03 59 1A 54 9F C7 99 57 C3 98 0A 5A 8D 57 25 22 97 48 5D BD B9 1B AD 2C 46 D0 46 04 8B 71 AC 5A 77 20 33 E6 BC A0 39 AF 16 86 61 88 F2 5A B2 91 BA C3 4F 85 83 BB 9A FE C3 B4 48 9C A0 FF 42 8B E8 1D EA FC FE A6 8A 35 B4 A5 47 B8 B2 3B 76 73 9F C6 64 30 5E 7A FF 16 CB 23 05 90 AD BD A8 72 65 15 30 93 F3 B0 65 B6 D2 C9 BC 1C 62 CB A2 1B 86 0B 02 5D 65 1D 0C EA A0 0A FD A2 7E 6C 81 85 34 98 64 57 8E 91 FD A5 9D E3 DA D0 9F 5A 55 36 1D 49 B2 EE A5 95 0B FE 02 8F A2 50 D1 F0 9A 84 09 86 BD 96 1C E6 56 35 52 F1 FD 26 3D 3D 75 7E 97 DC 79 1E 3B 50 1C 4A EB 0E EB 4B 01 B4 67 AC BA 51 61 CB 2F 2E B4 7B 45 0F 91 FD C0 BF 73 71 D2 4D 72 F4 97 63 89 49 5D B4 C2 E4 E9 49 44 BA 53 5D 8C 71 AA 56 3E 22 28 1F 31 FE 7D 4D C8 DD E2 A0 0D 18 EA A9 BE 3F 2F 8C C6 BB 1F F5 F0 E8 98 1A BF 05 6B B4 A4 8B 30 52 64 51 2F DF E5 57 2A BD C1 EF 67 B6 28 3E 8A E9 F9 C2 3F 50 86 14 47 C1 FE 36 3F 53 8F 58 25 75 0E A1 3B 6D 64 19 A2 A5 DE 4A 87 8F D8 15 BC 84 4E 64 A6 8B F0 E8 06 A5 57 C5 45 FC 4C 55 E4 24 30 63 65 D3 A7 30 D0 02 C2 49 62 99 E4 D7 D6 76 84 DA 4E 59 B0 A3 96 E7 27 A6 F2 9B B5 57 C4 A1 95 2A 09 E8 F8 D8 27 55 32 A0 FD 07 08 79 07 57 07 AF 2C B8 84 71 71 D5 32 A0 0E AD E2 7F 88 5F 25 0F 93 84 CF 90 65 A8 54 24 4A AF D6 97 31 7A 4A 0F 25 F1 2B 2F 64 EB 11 71 25 17 07 6E 61 0A A0 DF 96 E1 BC EB 46 2E 5C 47 D2 05 54 38 19 AB CE E7 D9 4F 1E 68 E9 DA 3F 38 31 3A FE 60 B3 D7 DD EE 5B C9 C1 DD CF 75 A8 59 E4 26 9E 43 92 B0 E2 65 B7 92 1D 4E E3 B7 E5 65 01 23 6D 54 22 B2 B6 4B A3 F1 8D 31 80 8D B8 8C FB 8A 04 0F 34 6C 76 4C 40 94 B3 18 12 5E D7 2A 7A A8 31 DC 37 BD C3 9C B3 3B 55 CA 59 49 C2 3C AD 06 3C 85 79 12 5F A1 43 C9 C3 35 96 E5 44 82 14 23 A0 04 15 6B B9 39 45 1D 6B 1A 16 FC 57 C4 B3 3E C6 CA 83 DD 14 0F 05 5E 7C A1 30 8B D6 88 70 BE 6B 80 7E D5 4B 95 66 78 52 FB 5E AD D3 49 86 D5 94 93 CB 7A C6 CE 03 27 68 B4 C5 29 9D 88 59 4D 26 54 1F 29 23 1D 28 22 FF 45 01 E3 78 1C AF 71 88 72 17 6F 87 8E 2D 06 09 40 AF 2A CB 26 37 60 04 F9 04 31 03 7A 20 1E 51 51 07 57 00 8B A1 B8 19 A3 B0 4F 3C 07 1C 69 33 23 DE 17 91 0E 7B 69 F7 41 53 99 CE 21 C6 84 A3 F8 C7 49 53 39 F9 0B DC 03 A6 57 7B 73 47 D3 0C 6F E3 DE E1 1B 6C 81 DC EB DF BA 1C 6D 02 D5 A6 06 3E AE A2 59 28 CD 16 B5 72 EC 4B 6C 12 68 0F 7F 2C 6A A2 81 C3 22 76 A9 29 69 2D 73 73 01 2C D1 AC 28 A3 1F 51 D4 0D 1B 84 F2 86 D3 7B 07 04 01 FB 36 36 A2 43 E1 24 3B 28 6A 30 EA EA 77 04 FA A2 C2 8A 74 27 B8 B8 4E B5 B6 1C 56 70 5C 5A D9 37 4B 5C 70 9F 87 E7 63 CF 9F CF 7A 1F B3 35 28 27 0B 61 1B 66 00 82 21 36 39 6E 19 2B C6 5E 7D B4 3B 4C EC 25 19 39 45 C1 A1 9D 93 E8 F2 9D B3 65 0E 1A 89 92 40 C6 4E 8C 30 DC A2 16 59 FA D1 21 3C 23 F7 B9 AF 4D 7A 5A 46 8A 1A EE AD F5 48 F7 EE 00 43 03 3E 2E B1 D6 FE B7 7C 26 B7 4A 9A 91 7E 8E 6D C5 D9 D9 7B DD 47 F1 12 FF D5 03 15 EB 7D 63 7C 58 43 D0 FD 57 AB 20 C5 30 A7 0E E8 8C A9 C2 BB 49 22 F3 82 7E 50 F7 F3 DD 64 BD 5B D7 71 26 A7 A9 17 9C 73 1C 0B DA 96 6D 2A C1 3C B0 21 07 0D BF 44 A9 F7 C1 FE 91 DE 7B 4C 71 E0 46 9E 18 FC 60 7F C0 2B AE 9E 8B E6 11 33 6E 72 D0 68 D9 72 17 43 73 9E 1E 77 E7 7E B4 B2 D5 96 33 E5 0E E7 5F E4 6F D0 52 1C 7D 49 6E F6 43 20 7E D6 3F 01 51 A1 3A 3F 2D DC B8 44 8B F3 08 03 83 62 D4 AB 9D E0 8E FD C6 A8 99 2E 37 3F A1 2F D6 B4 41 10 72 DA 72 FC DB 47 AF 7B 71 B7 D5 78 99 91 73 29 94 B0 54 94 0A E7 30 63 83 43 10 1F D8 4F 41 A2 BF 96 5E 45 35 3C BC B3 4D 65 F6 82 90 1D 93 81 A6 D5 91 8C F5 22 7A B2 DC 6F 06 FA 05 DF C0 41 E7 19 4E D3 E0 8C 9E 3E BB D1 FA 5E EC D1 3B A2 DD 52 80 27 71 22 33 FF F9 63 25 CD A7 77 12 AF AA 86 C1 CA D7 07 BC 49 D1 37 1A 14 26 66 1C BD 1C 40 50 04 EF AB 47 41 4A F2 59 1E 44 AB 2C 35 F6 20 59 EF A1 37 36 E7 77 68 2D 12 91 BB 78 F4 3B 84 1F B5 0D 54 3F B4 83 5B 59 7E EC EB F6 9C 72 C1 D6 F8 DB 1A B0 72 58 48 8B 34 4D 45 33 68 79 EF DB 9C 8A BF ED 36 E1 2D 43 1D 8E 10 9A EF 3A 85 BE A2 E9 AA 71 B9 41 CC F2 9F ED 5A 1A D1 FC 1F E9 90 30 D8 2A 48 4C 57 F9 E5 12 54 4D B2 A1 34 A5 91 F0 B2 A3 AC 6C 82 90 05 D3 7E 38 22 F5 37 3C 0B 63 D7 1C B6 4E AE EF D5 E6 54 64 10 C2 6F 62 91 D6 F7 75 9E D1 19 83 B2 01 0D 14 1B 14 10 24 54 99 01 EE 43 58 3E 53 24 76 03 44 C1 60 84 7A 11 86 4C 3E 86 6A A3 23 49 17 30 45 57 79 F4 2F C5 86 CF B7 25 A8 74 74 28 05 8E 59 E5 B5 D5 F8 AC EC 9A 6A 10 BB 27 F2 A8 61 07 A0 30 A7 06 96 7A 39 FA F9 DB 4D 2F 06 DC 40 5E E2 94 D7 CE 0B 2B 48 2B 29 1D 4E A8 48 96 D6 C7 B5 C9 ED 39 7F B7 9B 23 A1 A3 5B 46 45 A9 CA 0B CA 5F 80 E0 31 48 05 BB E8 D6 E6 2F D2 7F 3E B2 FE E7 70 91 0D 2E 56 01 DF D4 F4 52 50 C2 FD 13 48 59 6D 58 B7 39 46 DD A2 13 F3 1E 53 80 9F 9E C4 50 C9 35 D7 DA DC 70 F6 82 E1 33 87 D5 EF 0D 87 17 5A 5F E4 C3 52 85 34 8F 1A E7 57 AD 4B 0A E7 91 89 99 76 61 50 9F 14 AC A8 BE 80 EC 98 8F 48 4E 58 B0 0F D8 EF 52 E6 B5 80 A0 E2 89 FC DB 93 4F A4 41 72 4E 2E 10 68 CC BA 6D 57 80 C6 CA 6B 99 00 6F 16 F7 81 66 D9 F8 09 2F 30 90 D4 6E 9F 24 39 6C ED 8D 8E 11 12 69 74 0E 70 98 30 D7 B4 27 B3 4B 35 FC 97 15 FC 88 D6 B7 6C 96 C1 52 AB BC FA 47 9C 22 68 62 6B FB BA E3 1B E0 97 7A 0D A6 6E E1 DD 06 2E F4 81 CB 9E 3C 8F 3D D5 8E 12 A8 11 4C EC AF 74 30 68 71 CE D4 41 64 B5 03 19 6A 9A F5 7E 0C CA E5 64 3E 78 8F 4E 87 89 80 07 A2 63 95 0E 4E 09 B9 65 58 5B 1C 64 53 E9 40 B7 A1 1F 73 18 34 82 45 E0 1A 52 C4 CB 39 05 D1 CD C6 9A D1 48 22 AD 6F AC 6C 32 90 5A 82 EC 4D 43 92 75 49 E8 E1 BC DB 82 8A 21 9E 96 23 BA 44 88 A0 B6 29 86 84 A6 D8 D7 A3 22 83 B1 DE 29 79 22 B8 29 EA 9D EC 44 0B A8 7E FD 48 C9 B1 52 22 57 A0 10 CD B6 85 24 28 9F 75 C2 25 95 FE 97 3B E3 09 80 48 9B 73 51 33 F2 0D 2C 19 AC 78 44 C5 09 5C 75 DE E2 09 D4 29 27 69 C7 72 38 7B 61 A9 40 93 FE 7A F9 90 C7 A2 4F A1 C6 28 89 3B C8 7A EE B6 94 98 2A C9 47 46 E1 70 51 09 4A F6 D6 8C F8 E7 4C 63 12 26 97 61 AE B5 45 AD 28 74 BA 8A 3C FF 31 9E 6C D5 2F 51 30 44 0F 28 4F BD 17 85 3E 70 47 F0 95 8E AA 52 1D DC 20 91 EC BF B2 43 14 16 4C 8B CB 65 96 98 37 77 70 77 31 62 D4 66 C3 A1 7C 2A 99 CB CD 6D 20 C4 22 50 E6 C6 17 56 F8 4F FC 11 F7 A1 B3 BF D3 F0 09 3F E2 93 6D 15 C6 91 79 8F 25 28 48 D3 78 7F 91 CF 24 14 79 75 93 91 F5 8F FE 75 9F 83 C4 B8 D5 1E 27 37 D3 3A 1B F3 82 C0 02 CE B0 03 BE 98 F3 75 87 12 5D 22 28 D1 AC 5F A5 3A C3 F9 82 4B 0A CF 83 A4 AD 54 00 AE 04 61 F0 2E DD 35 CD F9 85 5D 8D 68 AD 92 2C C1 2D CE F5 CF 0E 8F 9C 1B 13 C1 1B 7C 2A 48 56 67 61 E6 BA 6C 7E 21 3E A3 EB F3 3F 5A 1D C2 DA C2 4B 3B D9 2C 02 FF CB 2B C0 16 D7 03 8C 78 4E 39 FE 81 92 B4 33 E8 E6 53 F0 08 B8 04 22 EC 42 27 82 26 09 55 41 B2 72 D0 5E DC 9F 2A 97 2D 63 23 46 02 67 1B 90 6B 68 D4 7E D5 DA F3 07 C7 48 1C 3B 88 01 E0 9A CA F0 A7 AD 65 DB F2 BF D6 93 96 21 46 D4 E9 72 2D DC 22 BE AB 35 CD 5F F5 56 CE E6 19 97 C9 49 0E FF 98 EA A8 33 40 63 A4 17 7E A1 BC C3 A9 3D 90 98 0C 4F 08 CF 7F 6F 28 C9 EE BE 49 D0 E6 AB C2 0E 59 E2 F3 10 16 96 AC 3F 8D 7A 51 D0 CB 70 3F 94 20 9F 9B A2 4F 2E 52 0F 2A E3 5C C7 16 31 7E 6D 52 8C 54 64 3E 5E 26 51 7B 09 86 6E 0D 3B 71 64 1F 2A 3D 5D 97 B2 D7 64 00 7A 96 EE FD FA 07 AF DC 4F 4B 9A 7A 40 CB 85 3E 0A 35 16 D5 2E D8 43 70 36 D8 2D D5 24 E6 22 E0 48 A1 44 71 DB 3D 82 93 7A 1D 68 24 B0 C6 CF 94 A8 08 65 DA D6 49 3E 06 54 FA CC 94 12 63 18 2D 8C 37 5F D1 3C 44 0F 33 EB 21 FD 36 7D B5 B9 6B 22 BA AE CD 8F B0 07 40 5D 02 80 54 A8 74 CC 1A F8 22 8A C4 37 E6 CD 9E CA 28 CF 7D 50 89 73 85 1C D2 06 79 53 68 67 01 E6 E2 39 C4 28 A8 6F A2 32 6C E5 A8 CD 90 47 DF 07 F8 85 28 36 3F 79 78 1B 61 B4 EA 5B 9E 3B 8C BE E7 57 46 0F D0 90 58 FF F4 71 54 3C E4 F1 88 AE 53 3A 21 99 C3 D8 E4 25 43 3D BE 54 A5 D2 7B 80 8E A1 B1 19 83 1E 1E 92 5C AE 38 4C E8 59 6D 65 A2 AE D6 EE C9 A9 D5 0C 87 E5 13 C5 31 A7 A0 D2 BC D2 4B 44 0B D7 C2 D6 48 97 A5 9A 23 CF 04 F4 0B D4 32 46 D2 45 DC 65 1B B7 69 C6 EE 2F 64 91 06 58 DC 0F D7 1B 6F 50 DB 99 D7 F8 63 F4 28 AA E2 FA C7 51 AF EA 3B 93 48 FE 70 E5 20 EE E9 3A 46 74 36 D3 56 0F 13 95 A7 B8 C5 EA 97 1C C3 D6 76 20 72 33 2B 5F B3 E9 3F 71 0D 5D 14 21 7F 3E 74 17 44 E0 1D 61 0E BB C5 6F 40 7D 47 60 8D 1C 96 63 CE B7 E4 B6 33 94 3F 90 2B 35 30 CA 3C 0C 05 3A CF D4 3C 69 0C 70 23 33 47 84 FF E5 85 61 A0 66 3A 57 60 EB 3B C3 EE A5 FB 2E F6 BB D6 59 91 30 78 39 B5 FE 1D 4B BB 4E AF C8 32 F8 DA 33 60 1C 33 94 F5 3D DC AC D4 C4 25 9C F7 17 03 18 B2 AA 72 BA 8F AB 28 7A 9C C3 7B 6E F0 EB 44 42 B2 D9 C4 E8 FC 65 99 3E E6 D6 4D 32 94 91 8C A4 D6 E3 96 22 E8 82 75 C9 21 B2 BF 11 8E 8E 29 24 26 57 F4 71 DD CB 9F 4A E1 FC A4 C7 54 06 C1 57 54 98 BC 24 82 96 1B 68 24 6B 8C 94 9C 3C 42 F9 89 41 9A 94 A7 FC 74 7E F1 A3 97 9F BC BE D0 D2 60 11 2A 6D C4 BB BB 9A C0 60 27 8D A5 57 03 C1 D9 62 50 A3 D8 68 F2 D7 07 C9 11 E5 C6 8B EE 14 CD AE BE 1D 18 8A 29 71 DA 54 3B 75 95 6D FC 5D 27 59 33 8D 66 0D 71 A9 7E 3A BC BB C3 17 6D D8 9E F8 A3 46 09 C1 60 9F AB 6C D4 0A D9 50 A3 72 03 00 EC 5B 8A 99 02 F8 F1 31 7E AA E9 B5 A8 29 6E 57 C3 59 4B C4 38 98 F2 1C 55 EB 79 2C 81 9C 8D E0 37 89 D0 17 48 C0 95 5D 2F 45 93 94 B6 5F 17 81 8A 1F B4 75 B9 FA 2C 12 05 64 F0 DB A1 E3 50 0F 17 77 1F 7D 13 3D 45 3C 62 2B A2 2C 04 1E F1 98 D8 D8 25 AE 06 48 D7 63 D8 12 3A C0 94 D8 65 E4 46 B7 09 78 E5 9E 6C 4A 99 9E 90 BD 28 47 DF 93 2D 93 32 35 BC 0A 2B A4 D9 3B 52 4B A4 07 55 7B 87 4C 85 BC ED 19 55 FE 97 F2 07 76 F4 35 20 22 4F 9E 95 FB F7 E0 DD 99 5E 9D 38 90 E8 4A ED AE A7 11 77 E7 70 F2 B7 09 C6 FD 69 9D 61 A7 EF 63 B4 72 D1 CB DA 2A 06 AF BE 78 3E C3 C3 0F A7 33 91 89 3C ED E9 F8 52 CA 95 73 3D 5F EE 02 2B 5E 7D 14 4F 2B 0F 7D 81 D0 1D 8D F6 C2 E1 B6 BC C6 07 62 8C 7B BD C6 25 1E 0A 2A 99 FD CA A2 98 A7 B3 08 CA CF FB 17 F2 32 A1 97 45 03 58 A4 4C 13 DD E7 D4 AA 5D B3 82 58 42 F1 39 39 F0 4E A6 AC 5B 24 6D 39 BF 3C 26 02 7D 29 9A C1 34 07 3D CC 7B 79 80 64 B2 AC BF 31 87 68 FC 53 66 89 F0 1E DC 4C 02 7C F2 1E 30 DF 96 D5 8B 6F 20 66 18 8F 2E 06 48 A6 39 0D BE EC 51 A3 7E 13 3F D9 17 C8 B0 4A BC AF 8F 74 27 D7 0F 13 80 61 52 A0 88 F0 DC F9 02 47 53 F6 CA D9 E9 2D EE 18 8C 82 FA 2A 72 EF AC 5E 6B 3C 63 1C 3D CE 5F 54 2A D1 AA A6 7E F6 B1 9D 0D E9 5E 17 D9 73 C5 F1 0F 26 98 F0 D7 EC 40 2E D7 3D FD 8A BE 22 48 5E 29 9B 3E A9 23 63 11 27 B5 DA 3D 37 53 78 AF 33 AC 37 95 00 E7 2A A6 59 A2 75 C7 4E 4C DC FA 10 80 F9 7B A3 0D 86 23 1F 93 87 A2 D2 95 D3 A8 FB CB FE DE E1 A3 0A E9 0E 8A B8 3A AD AB 06 E4 CC AE A7 52 F4 77 85 1B 6F 5E 5B 58 81 62 6E 5D 1C 2B 07 74 A8 3F 58 74 2A 6C B4 1C B8 22 B4 87 A2 4B FD C8 94 B4 16 4B 69 0E B0 0C E9 D3 E3 44 6E E3 D7 9E 23 BD CE DD 39 B3 0F 02 BB 80 34 29 A4 91 2C A7 E7 59 6B 4F 2E DD 83 28 B3 7A C9 5A 42 C9 7D 75 55 40 56 2C F9 6C 57 44 90 45 7E 32 AA 76 9C BE 0C 3B 72 80 6F 3C 70 A0 BD F2 4C 6B 0C E2 CB AE 7E 58 0D 76 9A 28 BB 12 42 AB D1 10 33 13 88 25 A5 31 4B 41 3A DB 9F FA 81 50 87 21 C1 62 D1 68 38 60 0A 36 E4 6B 45 1F AE EC 31 31 2A 69 CA 62 DE 76 AB 68 76 23 37 B6 A3 F0 BD 4B 54 CC E6 B4 9F 9E B2 7A 69 1A 96 13 49 7E D5 EF B0 C8 E6 4C 11 5B D3 ED 98 6B D2 58 38 86 A4 3A 8E 8C DD 6E FF C1 DD D0 8E 83 2E 95 7B 32 5D B6 8F 9C 03 66 F9 47 13 33 B2 13 DF 76 7A 4D 2F 8C 50 C6 9C 36 89 75 30 C9 B5 CE B6 75 EA C7 D8 11 49 95 F5 29 10 E4 8E 71 46 8B B2 64 4E B8 D7 AE 42 D4 72 64 C6 6C 30 26 98 CB 81 8C 4E 17 E7 41 25 2B E8 1C C2 CA F4 0C E4 A3 86 28 39 FA 1C 00 B3 56 AD 5F 72 0D 24 6A E6 B4 8B 3C 5A 0A 52 06 1F 5B 27 75 75 D7 20 59 DA CD C0 CB 69 6E 6E 12 58 A0 99 9D 33 F4 8D 6A 7B 6D E4 91 F4 8D 70 E2 66 A8 84 FE 5C B7 CE 54 57 93 A2 CA 87 DF 2C 6C 96 30 06 A3 4B B4 B7 18 CA 94 42 08 3E EF 6E 9A 92 85 C9 C9 EE 8E F2 CF 49 70 4C 72 FF 1F F9 89 4C 91 D7 02 0B 44 52 6D 62 14 1E 74 7C CA 97 E3 E5 C0 A3 7B ED D1 4E C2 E4 06 F1 88 52 18 09 B5 03 F7 B1 BD 85 9B 64 5D 62 15 B4 2C E7 D7 34 77 96 2F F1 E7 FB 9F 82 6D FF 27 1E E2 9F 78 27 5E F7 30 11 44 35 A9 D8 C4 ED 23 90 B4 79 A3 9B FB B3 D9 61 40 B9 55 FC E0 5A C4 1A 67 4A 73 07 AD 3D A5 5C E2 3E 88 E3 EF 39 21 F4 E2 A9 C0 97 3B EB B1 6B 0A 61 D1 A7 3B 09 DA 43 D9 BB 0D 08 33 C5 DD 63 F2 93 AF E3 EC B5 E0 88 BB 7B 46 57 17 48 53 8A 7E 8A 82 16 48 FF 13 39 3F 55 BD E5 F5 DB A7 47 5F 8D FE 05 72 4F 5F 1B 9C B8 4D 31 B5 C1 32 6F 30 B5 ED 5C 7C 17 B8 67 5F 84 76 13 1C D8 8E 8E B0 D7 6F 9B EA F4 0C 62 42 00 C4 7A F3 8A 4C B6 75 CC C9 7D 2F 02 F3 93 73 81 7A 37 8F 7A BB 67 FD A4 13 72 1F 24 EB B0 F2 C9 EE 7F B6 90 28 D6 BF CC 86 4F 76 B1 51 87 BD E3 34 49 B5 33 D9 C8 28 EE 3C 64 86 E7 25 F5 4C 66 94 E4 64 DF 1A 64 2F 40 FA F3 63 DA 09 39 2B 1D E8 A8 0D ED 8A 4D 7C 76 F0 4A 50 78 D5 71 F8 F0 F5 B5 15 1A 55 61 BF C2 67 F0 6B 4E 93 B8 4D 87 81 C8 84 D7 E4 4C 45 38 38 3F FD 5D CA 9D B4 9C A9 69 64 9E BE 15 B2 84 23 8F 75 18 21 37 7B 08 4E 2F C0 22 3E 47 B9 E5 E0 4C 41 DD 2C 48 7F C8 55 20 B2 50 E1 D1 13 63 DE 70 B4 9B E0 9E 2A 5E 6C 1F 88 0C 51 04 57 E6 C4 12 2B 14 27 76 08 AC 7F AA E8 6A 8D C4 E0 12 37 EB 24 07 A4 0F 44 F2 3B 9C E6 5D ED 70 75 26 0B 1E 52 5F A7 B2 83 4B 0B 7D 01 5B AC 37 ED EA 62 C5 EB DE 1F F7 E1 B1 14 8A 9F 21 34 7C 76 64 5F AD FF CC BC 8D 60 2D F0 06 59 87 B2 DC 88 A8 48 B7 90 55 A6 28 88 2B 3A 5A D5 7F C1 66 1D EA 5D DE C9 54 D3 08 77 39 88 93 3F CC 18 D3 AF 20 64 C8 CC AF 92 32 86 F8 45 BA A8 CC FA 06 62 AA F9 87 D4 F8 31 AD BD 8F 80 F5 EB 16 39 FF 73 4B 5D E6 B6 F4 EF 33 87 F3 47 9E B0 D9 90 CE 54 BB A6 AD 94 10 3F 46 41 6F DC C2 E3 F7 C2 A1 1F 73 11 F8 D9 45 99 92 49 7A 23 1D A2 35 4F F5 0D 8F FF E8 34 05 D4 BB 44 DF F2 F1 A1 70 DA C4 66 D4 24 EB 89 7E 6C BF 10 F4 F6 62 1A 3D CE F5 85 96 95 7A F1 2A 12 18 AE B2 97 BF 3D 35 8C 86 F3 00 D8 E9 C7 C6 0E F8 D0 E6 6B 4D 91 04 42 A0 D9 3B 3E E9 A6 46 52 E5 96 72 77 A8 0B 75 BC 5F 02 7E 04 AF 79 A5 06 53 3F B9 B0 B5 D4 C5 27 4E 39 BC 02 A9 A3 72 38 56 F0 B7 5A 77 24 BD 2D 2F 9B F1 BD A6 72 60 1B 0B 8E E8 39 95 96 2E 4C 8C 0F 86 4A 11 49 84 37 25 F8 5B 79 5B 89 79 2C D0 E2 EA 56 CE 97 07 5C AE AE 91 DE 76 EC 9E 78 99 93 AE 05 02 9F 6A 3D 03 BA 89 A5 0D 47 74 D9 9C 5F AB 62 DA D9 F9 B2 AF E5 DD E8 37 46 98 2D 1C FA DD FC 31 92 CD 33 8C 6F 60 88 9E 08 81 0E 04 5C 34 FE 7C 5B 24 80 BE 8F 6F A0 EC C3 70 CE 8C 5A 70 22 A6 44 7D 63 0F 1D 26 65 2A C2 E2 AA 3C EB FA DC DF 3A 8E 71 5E 28 C4 DC 0C FC 15 CE 0F E3 BF 3D E9 97 50 BD 61 7A 21 34 8B 9B 30 23 E0 03 8C 4A 47 0A 98 5A CE BF 4F 24 CA 0F 17 40 5D 73 02 D1 BF C8 82 18 DE DA 10 9D 40 65 67 B2 37 87 3F E1 2B 83 3F A4 E3 DB B4 15 18 DF 10 32 D0 AF 10 74 AF 15 20 6F F3 E1 E8 14 16 CA 5F BB 20 AF F0 1E 15 6B 16 4C 08 B5 E6 F3 98 7C 0A F9 22 B5 45 FD DE 01 D6 5F F6 F0 C9 A9 24 19 6C A3 61 4F 77 FA F9 9D AA 1B 32 F7 40 F3 D7 32 EA 76 2C E7 87 83 2A 49 73 4F 3D 27 34 E4 99 F8 88 0F DE 87 53 24 B6 03 6D C1 31 52 25 78 70 B0 78 06 AD 2A C1 38 55 27 2B 7D 50 06 19 A5 BD 11 7A F9 74 AC F1 35 A5 86 1C BE 91 A8 6B 3D 25 51 54 33 CE 2F 7F E7 AC 6D 58 56 DF E6 4E 21 69 11 C0 83 96 6E 94 AE 41 38 58 96 85 59 2D FA 2E 69 B0 AB FC DB 73 57 50 CE 51 52 C3 A5 D6 32 AB A3 F9 89 74 90 58 E7 E4 3E 64 DD 35 2A 6D F9 43 74 D6 A7 71 F0 B4 7F B4 C6 5D 2B E9 52 D1 44 E0 55 54 48 E1 86 C0 9C A9 D4 01 24 E0 03 7E 84 9E 19 1D 6E C8 14 24 73 55 5D 59 1C EA 93 B4 14 B6 5E 6E E2 4D E3 84 64 22 AC DD 87 11 BC A9 8A FC 57 91 02 75 1A 95 69 43 EA FF 01 8C 48 E4 2E E1 BD 16 DA 93 37 3F 50 0F 95 72 9A 42 8F 76 C8 C0 98 1D F3 37 91 E7 60 8C 6B 28 0B 4C D8 E1 C1 09 D8 D5 48 79 70 48 F0 58 AE E5 3A 88 9D 9C 95 46 70 68 D8 8E 85 21 6B 37 B6 AF 56 F1 35 C3 D0 8E 1B 86 31 46 8D 2B F6 B4 D5 06 B4 BC FE 7F 57 30 3E F8 E7 EB 2C 52 13 FF 67 1E 9C 4C 9C 0C 18 26 9E 76 7E 69 C5 FB 19 BF 05 1E 2E 28 7B FD 33 67 48 C4 79 9B E8 97 D2 40 02 8A E0 68 1B 7D 2F 80 6A B1 6F A4 10 2B 0D C2 33 E2 79 66 E4 20 D9 A7 04 33 E4 53 CD DB 90 42 4B 1E 9F 91 BB 56 15 B8 C2 4E 38 B6 BA CE EF A5 F3 81 E0 5E 63 31 58 BE 6B DD 9D 5A 92 D2 67 C0 32 60 52 B5 3A 73 8F 51 46 20 73 B5 45 D6 A9 87 1E 4A E3 38 AE 66 80 65 E3 61 E6 BD 00 E6 6B 22 30 A2 86 99 4C 22 2B CB BC C0 9C 13 8C 87 3F C2 0A DD BA 50 34 9E C3 12 DF 94 AD F3 3F DB 2D A7 7F 5E CE AB E5 F6 55 32 C8 7D 2E 4D CB C8 0A F8 B4 47 67 6F 74 FB AF 7B 7A D5 13 22 7A 73 8D CC 07 81 6C 8F 68 E8 B0 EF 9B 65 C0 C1 CA 7A F1 C6 3E 88 EE FA 01 9C 20 0E FC 4F 26 38 DF 34 35 E4 3A EB 85 A1 CC CA 0A FC 31 29 E7 91 2D AD EB 41 A5 51 B2 6B 45 24 54 EA 8C 37 CF BB 60 4C 7C D9 69 3C 2D 9B DC CE 1D B9 83 4C 40 E3 15 86 41 00 42 F1 15 7D 20 9E 17 57 2A 24 14 E5 F7 D7 69 B2 5E FB 2B 38 56 B6 23 79 65 A2 AE 3E 84 F3 0C 69 44 E8 EB FF B3 63 17 95 53 48 39 08 A1 B7 59 E4 8B 8D A5 BE 52 E7 89 CC EC DE CD CE F5 D0 B1 D3 0A 06 8F 66 EB 74 61 CF 11 B8 BD 5D 6B 69 96 38 3A EB AE 35 33 85 22 81 C3 D0 9B A3 9C A4 EF B5 92 D4 00 BC E4 76 39 43 69 4B 3D E7 00 B6 04 0A FA D9 25 57 00 48 E7 12 AC 9D 77 A0 54 26 9C 82 93 05 DB 7E 79 F2 A0 4F 99 81 69 8F 4F CE B8 12 56 C1 17 AC 9C 15 B5 D8 10 96 BE D2 0C B4 72 FA 4E 91 FA 24 17 91 22 91 02 ED 8E 6C D4 80 07 D8 62 EA 7E 34 2C FC A5 B1 A1 78 9E DE 26 B5 64 6F 47 BB FC CC DE 8C DC 77 4D FD B9 59 79 74 FF 74 C1 26 6E 76 89 D8 4A 9E 9B 33 81 F4 F3 20 8E 82 D4 A2 75 49 28 E8 1B FA E5 10 12 35 C5 3A C2 4C C1 40 50 94 EE 86 4B 66 91 AE 7D 1A D2 1A 75 46 AA D1 9F EC 34 72 CB C0 F2 B8 1D 45 E1 4E CE 10 EF 8C 4D 67 F6 88 89 9D 56 B8 04 7A 17 77 ED DB 7B 59 45 55 91 EC 30 6E B7 55 4D C0 51 78 BB 4F DF A7 94 76 53 9B 21 1A A7 E6 0C FA E6 FD 41 BC 74 26 10 DC 12 47 9F 9A 89 2C F6 F2 60 DF 3A 46 E2 FC D4 AE 89 2E 59 F9 1F 30 2E 67 A4 5C 76 9A EF 06 A9 35 C6 B0 42 FF 05 9D 4D 3E DB A9 9C 7F 32 E0 31 FC 1B 3D AB 0E B8 D4 0C 6D 7F 1F AB EF EA 49 C4 5C A1 D8 98 2D 7C 6C 31 F2 D5 3D 39 8D 13 8E 64 80 25 89 62 B6 9D C5 B2 91 4F 63 0D 6D 3E E4 CF 6A 2C E0 14 27 49 FC 25 F4 26 69 E3 FA AE 6E A2 26 80 F1 99 AC 0D 4D 53 98 7D 65 2B B8 C9 7C 56 F6 54 C8 BF 68 25 6E 6C C0 6C BC 34 84 C0 A0 E9 D5 25 5A 95 68 7B 33 23 DC 3B 8B 57 5B D7 10 1E 5B E1 9D 25 37 09 66 8A 12 7A 0B E4 C7 DF 1F 66 5E C2 1E B1 4E E5 4C 57 CA AF 82 E4 D1 D1 F4 24 B1 52 E4 1E 46 0B DB 0E 2E 1C 1A 5B 18 2D A2 04 3C 04 5D 79 E8 30 3F 57 F9 79 77 C9 79 F8 FA 1E E9 68 BC 8C 3D 6B 7D D1 8F E6 49 32 F7 08 F1 9D D5 A3 05 AB FE A8 1B AF 44 5E 12 2B 76 BD 1D 39 5F 91 1B 22 5D 18 D8 F5 F4 E3 84 C2 EE 61 CA 98 07 E5 73 0E 49 53 44 6E E1 60 A5 75 8C 3F 72 3D 07 27 B3 C8 1D E2 BD 0B C0 45 F2 7B 01 C6 F0 7F BD 2C D1 8D 93 8D 48 19 D0 C4 10 04 6B 7C DD 98 4C AF EA C5 49 9A 28 80 D1 25 9C 0E 2D 7A E5 41 2F B4 27 9E AA 3A 68 E1 46 84 C7 3D 2E 91 24 2B 5D 39 60 81 DD 5B 86 F5 45 46 01 E8 E9 6D AD 08 83 D3 E3 69 1F A5 D0 4F 07 0D D9 01 1E E7 0F CA 76 24 B4 0C CA 85 C0 0D 10 DD 89 4B 00 66 FD 91 65 D4 D7 50 14 63 F7 69 E9 B2 73 2C 54 5C EF D8 03 63 04 2A 7F F7 4B 97 7A 20 75 37 54 E1 DF 40 76 C3 9D 32 30 EA 4A EA 0C 83 DA 33 4E A4 8E 09 69 FD 25 12 E9 B0 62 FD 07 88 AD 5E 44 BC CF 65 BE 0D A4 28 A5 0C 3F 28 FA 28 AA 0F F3 E2 07 89 D3 2B 1A A5 04 26 CC A5 BE 14 8F 3B E2 1F D4 B5 A3 31 F0 79 89 18 16 4D F7 CF 2B EE 31 FA 3A D5 82 45 D7 6E 48 40 D3 01 86 97 EF 62 A5 28 E6 27 A5 C3 97 73 6F F6 EA 00 8F 73 A9 2F 08 CA CD A5 25 D3 90 EC A9 04 81 C5 C2 4D B6 55 A9 C1 DC 41 67 21 81 6B 13 21 B4 CE 9D 1B 8B 4F B6 65 73 68 40 13 32 E3 B7 AF 69 73 B9 42 0A 59 C7 05 33 1E 3C 17 E5 FD 73 CD 42 F5 07 00 8D 21 AB 1D 7D 46 87 B9 03 F0 3A 2A C8 72 77 B5 60 49 A9 CC 5E 34 DE 63 EC 02 90 AA 24 0E C7 58 3D DB DD 08 CA D2 E4 52 DA 8E 86 0E 72 40 CD 02 D4 EE 10 EE 8F 55 DB BA 0C AA 96 12 A6 A1 27 B0 3F 90 63 E0 95 B0 48 16 99 98 C7 8B BE 0B 6A 9F 7A 4E 24 2A 5B 07 E4 D5 4C 8A 15 89 BC 00 C6 19 8D 13 1A 61 F3 7C 37 BE 84 1B 61 0A 27 2F 62 71 47 27 E4 70 09 87 A3 F7 66 C2 E0 D4 50 FB BF B9 FF A8 54 C6 F6 23 07 C1 F3 68 EB 5D 57 1E CE E1 B0 E9 C0 9B BE EB E7 FB 4F C4 C5 C7 2B 9A 6E 27 F6 60 AD 8A 9D 49 B8 F3 7B 76 5D C7 7C F7 E1 43 58 43 2B ED 6D 22 5C E9 88 49 34 91 22 4D 4E B3 A6 CD 13 4A F7 EE 7C A6 F5 75 33 6B A4 B8 16 54 5B 84 4E 9D AB 2E FE 96 54 63 6A 03 19 AE D7 72 CC F8 CD 35 B1 07 B9 FB 2B 07 03 8A 1F 15 81 B3 E6 E7 B2 A4 E6 A2 FF A5 4F F4 79 62 4C B9 95 FD BF 5A 61 3B 58 FF EE 6B B0 C4 D3 A4 0D 2C 3C 6B 34 16 89 52 C8 E6 25 75 B7 E5 71 5D 52 CC 51 62 5C EA A3 51 4F 36 26 C6 B7 B6 CF BD 35 1C BF D9 3E 0C 37 D4 25 76 3B 32 D7 CD 2B 53 45 64 42 CA 36 9A E1 4F 5D F0 2D 5E BC 8D E9 96 A8 C1 FE E3 F1 7C 2E 4D 04 E3 A8 93 3A 90 A9 D6 30 10 DA D7 EA FE 74 4D 1F D6 4E 62 38 51 1E 0F 9E A2 AC 12 9E AF C8 86 72 D0 E4 B1 84 E6 F8 54 1A C5 1A 04 57 27 DC B3 BF E2 EF 69 32 74 3F E4 16 67 08 8C 0C 98 F3 CB 07 7F 9D 66 19 34 87 60 04 68 26 5D 0E CA AB E5 1D 85 D0 76 5A A4 DE 94 A8 7E 60 BB CC CB 46 41 0F BB CC F2 F4 24 AC C0 D4 33 EF CB DF 1C D6 9F 21 3D 2A BA 1A DE 6C 11 AF FA 2D B7 F8 FC 87 F2 83 01 9F 28 4A 3B 0B 31 EA 27 CF 75 1D FE AB 52 F9 FE 7D 9A 78 C3 A1 0C B1 D4 7F 74 59 D0 1E DD 07 D5 09 4E 9E 07 F6 6A 1F 2B 7E AC 5C 41 A5 2B 3D 51 98 82 76 B8 C7 A5 49 BF 55 CD 1E F6 71 E8 2D 70 63 8C 84 31 96 E1 9F 24 AD 9C 86 C3 1F B8 B7 5C 2D BB 83 44 33 31 AA 6F 70 9C 20 9E BF 84 DD 33 28 85 57 19 96 27 FD 8E 45 80 59 4F E2 8B 4A 60 8C EE FD 66 86 A6 BA 06 C8 A3 6E 1E FF 14 85 26 EF A3 E5 F1 A0 DE 0D AE CF 7F 25 8E DE 9F DB EE EC BE C3 5D 6E A0 12 3B 5D 84 F5 9A 87 13 E8 AF 8E E2 45 31 E3 DC A8 1A 8D AC DD A6 D9 CA F3 83 31 1C 77 CC 96 42 7A 83 80 71 B1 DF 69 C8 0F DA F1 FC 54 5B 5B 7D DF 1C C5 E4 A3 F9 2A 4A E7 AE 00 01 48 49 61 AC B8 55 99 D8 F0 DC E8 2D 52 C8 7B 56 2A 1E E1 D7 80 F1 8D F4 AA F8 37 C7 F0 9F 08 83 02 AD C7 BA 7D 31 24 BB 5E B1 E3 29 89 89 D7 99 DF DE AE 79 01 9A 64 81 93 D5 E6 38 37 15 D9 34 F2 49 40 7E 85 57 02 BD 55 EB 0B 65 56 56 F4 86 7F F3 6E 48 67 61 39 CA F8 3E C8 75 7E F6 24 84 50 39 D6 13 A0 EC 14 FC 6B 49 B2 7E DF 67 77 6E 0B 96 B7 4A B6 33 26 FA C6 31 3C 0C 3E 4B 4B 4E 25 36 CD 79 BF AA 5D 52 03 90 01 F4 1F C2 06 16 51 D1 F1 C9 E6 80 7C CD BC 94 85 A8 2B C0 D2 82 EC 07 EB 91 2E 38 AE B9 31 E0 DD 62 BB DD 8F 6C D1 19 82 67 E2 CE 55 E7 2B 13 BB B0 72 9D 63 32 8F D4 82 7A 66 41 CB 80 88 84 5D 51 0C AA B6 5B 52 C0 40 17 AB 93 4C B9 02 B6 E5 47 92 37 7F C4 21 92 0F 8D 98 66 80 AC 09 26 EE 33 90 E6 BC D8 19 68 4F 31 63 F7 41 9D C3 02 3B C3 8E F2 05 AA 9D A9 E1 0C 21 B2 E7 28 7C B5 34 D9 11 9A FE 00 77 0C 4A E4 0A 7E F9 75 4F 47 35 76 47 E7 CF B7 9D 4B F7 23 40 A1 13 FA E5 B3 C8 EF DE 0A 60 FE 02 82 76 8E F4 82 78 A0 F1 DD C2 8C 85 D9 F3 3F 2D A2 59 BC 44 6F 85 E1 6A FB FE E9 60 BA 27 C8 B5 31 F8 2B 3E 23 75 47 E9 45 CF D2 A2 9F 8F 5C A5 5C 4B 11 0C BD A3 35 B5 BA C6 30 92 30 DF 61 BE 08 E4 74 6E BC E0 D0 3E 56 2F C5 9A 6E 80 5E 4E EE 9E 39 80 F4 AC F5 80 EB 30 1F 4B 77 63 0D 86 DB B1 B4 C6 D1 CE 07 A6 4A EB C7 26 8C D3 A2 C4 4B 2E 23 39 7C 08 F7 DF 2F 65 58 FB 2B 72 D3 1E B3 36 AF 67 2B 40 00 3C 0B 56 DE ED BA 22 48 57 EC CB C3 F1 E8 F4 AF 3C 11 C1 BB B7 2A B4 6C 63 67 E2 C5 CC AE 89 D3 20 97 BD D6 83 E0 1C F6 60 FC 24 DB B9 1F 5A 44 91 1A A3 23 81 59 27 F6 D8 8E 1B 48 A6 39 33 F8 A1 6B 8E 54 F5 A7 AA 56 72 C0 2D 19 46 36 5A 5F 39 6D 6F 9D 76 10 6F 79 66 4C 78 10 A8 A1 37 99 38 8F 30 A0 41 D1 C0 FD 1B 4A 7F 87 1B 41 D3 E1 31 B9 15 BE 30 ED 02 8D DE 77 06 EE 9E B8 36 D7 75 9D 3B 54 87 89 6F EF E5 D4 EF A4 EA 55 AD AF 41 0E F6 77 55 E9 95 1A 38 8F 73 7C B1 69 36 DA A0 69 03 4E 8B 43 EF 9A A2 D1 51 61 E3 82 93 7C C5 0C E2 F0 CC AE DC 8C 37 39 F9 FC 00 45 CF C3 E7 40 A9 CE B4 CE 4B 00 D6 53 49 70 38 75 9A 0F BC EF CB 33 38 E7 42 48 3D 22 39 C5 8B D7 E5 63 CC 4F 93 81 B1 2C B5 09 85 74 07 1C C7 CC C6 A2 C9 D0 BB 5B 84 D5 CE 72 85 8F D8 E5 4D 16 DD E5 7E CE F6 13 37 9A E3 E0 FF 4A 79 07 B2 6B A9 B7 54 AB 13 8E 42 4F F8 8A 1C 18 09 26 35 3D FA 8E 7A 92 0C 69 D6 1D A8 B0 E8 64 50 D2 7D 9F A7 92 81 D7 E0 61 25 CC C0 6F 8A 02 3D C1 C7 CC 40 ED 95 A5 13 24 19 57 DD A7 D6 DC 8D 3C 25 7F 24 D6 4C 27 0F D6 CA BB 3B 1B B4 C9 B5 0C BA FB 6A 43 EB 14 5C 32 15 E8 9E BC 48 1C E5 C0 8E 4C 0A 7E A5 1B 95 64 29 52 30 5E A7 CD C9 8E C7 95 33 89 FC 15 77 88 09 98 6B AD 39 C6 38 45 A2 9F 03 D6 D3 A6 A6 B8 54 A8 52 2F C0 CF 27 BD 17 26 FD A2 3D 9A 3C EF 22 03 A5 2A E3 DC AF 55 4F 0D DE D1 7F 34 63 EA 50 7A 0A 66 9E CD F8 1E 50 5D 35 EC A0 CD A4 8A 58 D5 A4 4F 96 E0 B5 B5 6B 00 FB B2 FE ED 8F E6 B2 CC 51 44 3A FC 5E 5E 7B 20 91 44 A7 F8 D7 BF 5F A3 67 03 10 8A DB 1B DF F6 8E 62 70 5D 7E D5 AA 11 E2 18 43 10 F0 E1 C6 4B 9C 81 E8 76 FE 89 7D 2E 86 EB 5D 7E 72 D7 67 31 39 5C 2A C9 33 E5 31 78 94 68 BC E6 4F 69 8D EC E2 E0 4A 0E 6B C5 0B 48 2D 79 71 A9 6C 1B BA 5A 90 B8 2E BE BA A8 4A 2F 57 19 BF E9 59 B4 7C 7E 1F 49 AE 05 B7 50 33 BC A5 3B 7E 75 E5 FD 9C 51 4A 51 88 C2 E7 E6 E4 9A D9 E5 52 93 4F 35 B0 C3 EB A4 7B 99 D3 76 62 F6 4F 2D 8E B6 7E 3E FE 7A F6 F0 9F 49 FE 7D 77 5E 0D 83 27 29 1D CC 76 8E FB 9C 2D 14 EB CE 0C EE 31 04 03 61 08 BF B4 98 8C 54 26 2E 77 7F C8 37 18 F9 17 ED 39 F7 BD 0E F1 1C 1E E2 B1 77 10 2B D3 2F 75 D6 D3 53 CD 30 82 F4 0C BA D9 B6 53 B8 36 18 6E 5D 26 C6 D0 D8 6C F2 A5 54 76 A4 51 AD 3B FF C4 E9 58 A0 49 01 F7 99 68 28 A9 91 16 29 41 EB C7 91 75 F7 25 89 5F 25 F7 0C 0D 59 0B 92 7F 7A 35 88 28 BD 79 F2 FB 7C EF D9 AB 9E 89 AB 68 AF 48 9B 47 6B 34 CF ED 1F 08 E5 CB EF 71 28 A1 2C CF F9 01 6E F4 7F B8 CF 92 CE 80 86 27 33 29 E7 34 D3 79 87 1E AF 2B 47 FA 30 7A 0E 69 D7 94 A6 69 CF 3E 9D 84 A5 55 B8 6F CC 75 B1 94 A0 16 42 D9 B4 E4 B9 0F 99 69 97 35 25 E1 2D 02 6D 1E 92 58 0C 07 B8 E8 0C C7 8C FF B6 C8 D4 D0 92 D8 04 64 E9 AA 1F 8B 63 3C B6 15 A6 27 46 5E D8 20 A0 D5 18 CD 1C AF ED 10 3C EA 3F 8C 1C A5 7D 43 4A 77 02 52 ED 91 DC 74 5A 01 B2 CA 8B 35 05 B2 F7 BD B0 2F 82 19 5B E6 45 0C 70 C3 86 BA AF F5 21 A1 C6 CF C8 76 4A 2A 94 5C 5F 0D B9 DF 6A B0 B0 F5 B2 39 FF 17 7C E1 B1 A5 A2 38 8A 30 7E 98 5D 0F E3 36 93 AC 50 8B CD 35 1B C5 94 5E A1 66 5C A0 86 A6 1B 6B 56 D6 CF 1C 39 23 9B 8F A7 05 3E 25 0F 5E 0A 53 41 FD C0 6A F7 F3 3A 90 5F 9F EA A8 B9 41 99 B2 E1 2E B7 85 A3 F6 DC D4 B3 87 57 75 64 35 2E 5B FA 6B A2 BB 6E 46 A9 D0 4C 09 8A 7F C9 B9 87 C6 F8 37 1C 78 41 BD B6 4F 78 40 D2 7A 49 E1 9C F1 BC 65 3E 51 34 A0 84 FE A7 65 71 AC BE 32 2C 76 F3 A6 32 0C 0C 58 E3 8F 8B DF C7 AE 06 A7 34 59 55 03 2D 85 98 9B 5F 37 81 D3 2D 62 DF 7D BC 9D 3F 43 34 3D B5 21 F2 FC DF 19 EE 9B 24 16 CA 63 7D 4C 09 3D 7E 68 0A A9 63 07 60 D4 74 C7 AB 30 3A 60 9B FB F8 52 13 F2 79 3B B2 A3 BA F6 D1 7F 02 5C AE B8 BD FF 3A 12 21 FD 7E ED C3 94 13 52 76 BD A7 F1 3F 5D 42 92 F8 E8 4A 87 0D 67 FF D6 27 E0 07 E9 D1 EB 7F 24 C0 85 5D 15 34 5B FC E7 A8 F4 18 1E B4 68 44 1C C3 39 2B 75 BE D7 3E 23 57 6D BF 58 3C 04 7D 60 71 66 9D 1D A4 44 7D CD AD 18 D1 E7 ED A6 18 4D B5 03 81 04 C3 35 94 22 EF EE 8D 38 45 AB C7 31 19 15 40 EE 5D 1A 41 08 F2 B8 4D CF DC F8 1A 69 2C 27 F3 6A 13 62 43 49 44 FA D8 6A B8 78 EE 96 2E CD 6C B7 BC 38 C0 E2 5D DA 44 AA 2D 30 94 77 C1 E0 2C 05 B5 DD 13 73 85 31 A1 7E 8C 8E E7 E0 1B 92 5F 7E 79 CA 87 B5 F0 EF 3A 94 2E CD F7 C7 4E 53 DC 3C FB E4 33 FA 42 21 AD 0D F2 9B E7 8C F3 7C 5D 1F 7D 44 28 7E 34 4E C0 E1 9F 13 C1 70 BE D9 FE 3
 
L

Ladylike

New Member
Thread author
Jul 30, 2013
11
the computer is working fine, Thank you. But the server is very slow and some applications cant be accessed.
 
kuttus

kuttus

Level 2
Verified
Oct 5, 2012
2,697
Ladylike, I recommend to check the Server issues with some trained IT guys in your office itself....... Troubleshooting the Server Through log files are very critical.......
 

Similar threads

K
  • Locked
PowerShell/MaleficAms Powershell Infection Please Help
Replies
2
Views
1,995
Windows Malware Removal Help & Support
nasdaq
nasdaq
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,847
Windows Malware Removal Help & Support
nasdaq
nasdaq
F
    • Like
  • Locked
Service Host: Network List Service...Virus?
Replies
11
Views
1,855
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top