Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack This


  • This topic is locked This topic is locked
63 replies to this topic

#1 osap1968

osap1968

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 29 March 2012 - 05:10 PM

I need help with my Google results being redirected and I've noticed that overall performance on internet is slower than usual. Here is my HiJackThis log. Any help is much appreciated.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:08 PM, on 3/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Belkin Storage Manager\StorageManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229360667171
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: NecUsb3Sevices - Invalid registry found
O20 - Winlogon Notify: USB3Sw32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 13400 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 29 March 2012 - 11:50 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 31 March 2012 - 10:53 PM

I NEED HELP BAD!!! My laptop is infected with a "google redirect virus/malware" and any images I try to pull up in Google only show the first couple of lines for results, but then just hangs and hangs and hangs. I thought I had removed this before, but IT'S BACK!!!

My combofix & Hijackthis logs are below...

ComboFix 12-03-31.01 - Sean 03/31/2012 6:33.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1068 [GMT -4:00]
Running from: c:\documents and settings\Sean\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-29 22:01 . 2012-03-29 22:01 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-26 01:09 . 2011-09-09 21:45 429928 ----a-r- c:\windows\system32\hpinksts5912.dll
2012-03-26 01:09 . 2011-09-09 21:45 270696 ----a-r- c:\windows\system32\hpinksts5912LM.dll
2012-03-26 01:09 . 2011-09-09 21:45 216424 ----a-r- c:\windows\system32\hpinkcoi5912.dll
2012-03-26 01:09 . 2011-09-09 21:45 488808 ----a-r- c:\windows\system32\HPWia1_OJ8600.dll
2012-03-26 01:09 . 2011-09-09 21:45 1946472 ----a-r- c:\windows\system32\HPScanTRDrv_OJ8600.dll
2012-03-26 01:05 . 2012-03-26 01:05 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\HP
2012-03-21 13:46 . 2012-03-21 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-21 10:32 . 2012-03-21 20:34 -------- d-----w- c:\windows\system32\NtmsData
2012-03-18 23:05 . 2012-03-19 01:08 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-18 22:19 . 2012-03-18 22:19 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:19 . 2012-03-18 22:19 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 16:13 . 2012-03-13 16:14 -------- d-----w- c:\documents and settings\Sean\Application Data\Notepad++
2012-03-13 16:13 . 2012-03-13 16:13 -------- d-----w- c:\program files\Notepad++
2012-03-08 22:21 . 2012-03-08 22:21 -------- d-----w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 00:32 . 2012-01-20 00:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 22:19 . 2011-06-27 00:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-22_11.51.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-30 20:37 . 2012-03-30 20:37 16384 c:\windows\Temp\Perflib_Perfdata_444.dat
+ 2012-03-26 01:09 . 2011-09-09 21:45 44392 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvplui06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 44392 c:\windows\system32\spool\drivers\w32x86\3\hpvplui06.dll
+ 2008-12-16 14:05 . 2008-04-13 17:45 15104 c:\windows\system32\drivers\usbscan.sys
- 2008-12-16 14:05 . 2008-04-13 18:45 15104 c:\windows\system32\drivers\usbscan.sys
+ 2007-04-17 13:36 . 2008-04-13 17:40 57600 c:\windows\system32\drivers\redbook.sys
- 2007-04-17 13:36 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2008-12-16 14:05 . 2008-04-13 17:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2007-04-17 13:36 . 2008-04-13 17:40 57600 c:\windows\system32\dllcache\redbook.sys
+ 2012-03-26 01:09 . 2011-09-09 21:45 762368 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unires.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 747520 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unidrvui.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 375296 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unidrv.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 232808 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvplres06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 471912 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvpldrv06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 270696 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpinksts5912LM.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 429928 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpinksts5912.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 533352 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpfime51.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 761344 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unires.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 740864 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unidrvui.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 372736 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unidrv.dll
+ 2006-10-14 21:40 . 2011-09-09 21:45 762368 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-14 21:42 . 2011-09-09 21:45 747520 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2006-10-14 21:42 . 2011-09-09 21:45 375296 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2012-03-26 01:09 . 2011-09-09 21:45 232808 c:\windows\system32\spool\drivers\w32x86\3\hpvplres06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 471912 c:\windows\system32\spool\drivers\w32x86\3\hpvpldrv06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 270696 c:\windows\system32\spool\drivers\w32x86\3\hpinksts5912LM.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 429928 c:\windows\system32\spool\drivers\w32x86\3\hpinksts5912.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 533352 c:\windows\system32\spool\drivers\w32x86\3\hpfime51.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 762368 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\unires.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 375296 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\unidrv.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 232808 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpvplres06.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 471912 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpvpldrv06.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 270696 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpinksts5912LM.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 533352 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpfime51.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2854248 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendUIPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2293096 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendStatusUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2534760 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendStatus.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2334568 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendRenderPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2894184 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendDialogUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2854248 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendUIPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2293096 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendStatusUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2534760 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendStatus.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2334568 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendRenderPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2894184 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendDialogUI.dll
+ 2012-03-29 22:01 . 2012-03-29 22:01 1094656 c:\windows\Installer\bc4a5.msi
+ 2011-09-09 21:45 . 2011-09-09 21:45 3420160 c:\windows\Installer\7e72fba.msi
+ 2011-09-09 19:43 . 2011-09-09 19:43 12743016 c:\windows\twain_32\HP Officejet Pro 8600\HPScanUI.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]
"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Sean\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-6-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2008-12-16 738968]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Sw32]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 4:25 PM 14720]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/29/2011 7:02 AM 136360]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [5/11/2010 4:58 PM 247352]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [12/11/2011 7:00 PM 99896]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/13/2011 11:52 AM 652360]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:24 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/13/2011 11:52 AM 20464]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 4:24 PM 808448]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 12:13 PM 136192]
S2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [4/17/2007 4:24 PM 14336]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [12/11/2011 7:02 PM 13824]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [12/11/2011 7:01 PM 17408]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 4:25 PM 31104]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
PID_PEPI
UMPass
FreeTdi
ftrtsvc
proxyhostmirrordisplay
mrvw245
HWSCtrl
dbmanagerscheduler
npfmntor
WinVd32
hap17v2k
BootScreen
w810mdm
wg5n
ooclevercacheagent
mfebopk
IBMTPCHK
sit_flt
lmimaint
digisptiservice
mbackmonitor
curtainssyssvc
NTSIM
cltnetcnservice
clmtomcatstartersvc
mcvsrte
symfw
transarcafsdaemon
backupexecalertserver
raysatxsi5_0server
vaiomediaplatform-photoserver-appserver
emitray
se45nd5
syntp
se2Cnd5
n558
nv4
d-link_st3402
pav_security
se45unic
TClass2k
BRGSp50
s7oppitx
nvidesm
zpsc
epfwtdi
dpfusmgr
symevent
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.msn.com
.
.
------- File Associations -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-31 07:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1200)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\config.dll
.
- - - - - - - > 'explorer.exe'(42476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\xpsp3res.dll
.
Completion time: 2012-03-31 08:15:30
ComboFix-quarantined-files.txt 2012-03-31 12:14
ComboFix2.txt 2012-03-31 10:21
ComboFix3.txt 2012-03-29 13:36
ComboFix4.txt 2012-03-22 12:02
ComboFix5.txt 2012-03-31 10:32
.
Pre-Run: 6,616,481,792 bytes free
Post-Run: 6,610,833,408 bytes free
.
- - End Of File - - 7CE03DD76134BD29298CAE5CD3283846




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:49 PM, on 3/31/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
C:\WINDOWS\system32\HPSIsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Belkin Storage Manager\StorageManager.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIOSecurity] "C:\Program Files\Sony\VAIO Security Center\VSC.exe" 1
O4 - HKLM\..\Run: [QuickBooks Simple Start] "C:\Program Files\Intuit\SimpleStartEntice\entice.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [PartSeal] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" -c Direct -p DOT4_001 -pn "hp LaserJet 1010 Series Driver" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Belkin Storage Manager] "C:\Program Files\Belkin Storage Manager\StorageManager.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229360667171
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: NecUsb3Sevices - Invalid registry found
O20 - Winlogon Notify: USB3Sw32 - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP LaserJet Professional M1210 MFP Series Receive Fax Service (HPM1210RcvFaxSrvc) - HP - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\WINDOWS\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14052 bytes

Edited by Orange Blossom, 01 April 2012 - 03:50 PM.
Merged topics. ~ OB


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:51 PM

Posted 01 April 2012 - 03:53 PM

Hello osap1968,

I have merged your topic with the ComboFix log to your previously existing topic in the Malware Removal Logs forum. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of the topic. Starting new topics confuses things for all concerned and delays the assistance you receive. Also, please refrain from running tools on your own as this will confuse things for your helper and make the malware removal process more difficult.

Please await Gringo's instructions.

Back to you Gringo,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 01 April 2012 - 05:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 01 April 2012 - 09:10 PM

Thanks for the reply and l appreciate the help.

Unfortunately, AVAST doesn't give me the option to save a log as a .txt file, so I took a screen shot of the results after a scan. Here are the logs...

20:29:08.0703 2672 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
20:29:09.0203 2672 ============================================================
20:29:09.0203 2672 Current date / time: 2012/04/01 20:29:09.0203
20:29:09.0203 2672 SystemInfo:
20:29:09.0203 2672
20:29:09.0203 2672 OS Version: 5.1.2600 ServicePack: 3.0
20:29:09.0203 2672 Product type: Workstation
20:29:09.0203 2672 ComputerName: VALUED-0243CCA1
20:29:09.0203 2672 UserName: Sean
20:29:09.0203 2672 Windows directory: C:\WINDOWS
20:29:09.0203 2672 System windows directory: C:\WINDOWS
20:29:09.0203 2672 Processor architecture: Intel x86
20:29:09.0203 2672 Number of processors: 2
20:29:09.0203 2672 Page size: 0x1000
20:29:09.0203 2672 Boot type: Normal boot
20:29:09.0203 2672 ============================================================
20:29:11.0156 2672 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:11.0171 2672 \Device\Harddisk0\DR0:
20:29:11.0171 2672 MBR used
20:29:11.0171 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xE00800, BlocksNum 0x870E8B0
20:29:11.0546 2672 Initialize success
20:29:11.0546 2672 ============================================================
20:29:13.0093 5056 ============================================================
20:29:13.0093 5056 Scan started
20:29:13.0093 5056 Mode: Manual;
20:29:13.0093 5056 ============================================================
20:29:14.0218 5056 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:29:14.0218 5056 Aavmker4 - ok
20:29:14.0234 5056 Abiosdsk - ok
20:29:14.0265 5056 abp480n5 - ok
20:29:14.0312 5056 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:14.0328 5056 ACPI - ok
20:29:14.0359 5056 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:29:14.0359 5056 ACPIEC - ok
20:29:14.0375 5056 adpu160m - ok
20:29:14.0421 5056 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:29:14.0421 5056 aec - ok
20:29:14.0484 5056 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:29:14.0484 5056 AegisP - ok
20:29:14.0562 5056 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:29:14.0562 5056 AFD - ok
20:29:14.0656 5056 Aha154x - ok
20:29:14.0671 5056 aic78u2 - ok
20:29:14.0687 5056 aic78xx - ok
20:29:14.0750 5056 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:29:14.0750 5056 Alerter - ok
20:29:14.0781 5056 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:29:14.0781 5056 ALG - ok
20:29:14.0796 5056 AliIde - ok
20:29:14.0828 5056 amsint - ok
20:29:14.0921 5056 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:29:14.0937 5056 AntiVirSchedulerService - ok
20:29:14.0984 5056 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:29:14.0984 5056 AntiVirService - ok
20:29:15.0109 5056 ApfiltrService (2f8717075620666b40a19dc41e08ace6) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:29:15.0109 5056 ApfiltrService - ok
20:29:15.0171 5056 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:29:15.0171 5056 AppMgmt - ok
20:29:15.0234 5056 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:29:15.0234 5056 Arp1394 - ok
20:29:15.0250 5056 asc - ok
20:29:15.0281 5056 asc3350p - ok
20:29:15.0296 5056 asc3550 - ok
20:29:15.0406 5056 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:29:15.0453 5056 aspnet_state - ok
20:29:15.0531 5056 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:29:15.0531 5056 aswFsBlk - ok
20:29:15.0593 5056 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
20:29:15.0593 5056 aswMon2 - ok
20:29:15.0625 5056 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
20:29:15.0625 5056 AswRdr - ok
20:29:15.0687 5056 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
20:29:15.0703 5056 aswSnx - ok
20:29:15.0750 5056 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
20:29:15.0765 5056 aswSP - ok
20:29:15.0796 5056 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
20:29:15.0812 5056 aswTdi - ok
20:29:15.0921 5056 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:15.0921 5056 AsyncMac - ok
20:29:15.0953 5056 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:15.0953 5056 atapi - ok
20:29:15.0968 5056 Atdisk - ok
20:29:16.0031 5056 Ati HotKey Poller (982ce0265b922f5f27f36894d51ba990) C:\WINDOWS\system32\Ati2evxx.exe
20:29:16.0046 5056 Ati HotKey Poller - ok
20:29:16.0203 5056 ati2mtag (ec933673cf0131c4f1422b348d915f48) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:29:16.0250 5056 ati2mtag - ok
20:29:16.0375 5056 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:16.0390 5056 Atmarpc - ok
20:29:16.0421 5056 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:29:16.0437 5056 AudioSrv - ok
20:29:16.0484 5056 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:16.0484 5056 audstub - ok
20:29:16.0562 5056 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:29:16.0562 5056 avast! Antivirus - ok
20:29:16.0625 5056 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:29:16.0625 5056 avgio - ok
20:29:16.0906 5056 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:29:16.0906 5056 avgntflt - ok
20:29:17.0062 5056 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:29:17.0062 5056 avipbb - ok
20:29:17.0140 5056 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
20:29:17.0140 5056 BcmSqlStartupSvc - ok
20:29:17.0187 5056 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:29:17.0187 5056 Beep - ok
20:29:17.0250 5056 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:29:17.0312 5056 BITS - ok
20:29:17.0359 5056 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
20:29:17.0375 5056 Bonjour Service - ok
20:29:17.0468 5056 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:29:17.0484 5056 Browser - ok
20:29:17.0593 5056 catchme - ok
20:29:17.0671 5056 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:17.0671 5056 cbidf2k - ok
20:29:17.0687 5056 cd20xrnt - ok
20:29:17.0718 5056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:17.0734 5056 Cdaudio - ok
20:29:17.0828 5056 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:17.0843 5056 Cdfs - ok
20:29:17.0890 5056 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:17.0890 5056 Cdrom - ok
20:29:17.0906 5056 Changer - ok
20:29:17.0937 5056 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:29:17.0937 5056 CiSvc - ok
20:29:17.0968 5056 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:29:17.0984 5056 ClipSrv - ok
20:29:18.0093 5056 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:29:18.0187 5056 clr_optimization_v2.0.50727_32 - ok
20:29:18.0296 5056 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:29:18.0296 5056 CmBatt - ok
20:29:18.0312 5056 CmdIde - ok
20:29:18.0343 5056 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:29:18.0343 5056 Compbatt - ok
20:29:18.0359 5056 COMSysApp - ok
20:29:18.0390 5056 Cpqarray - ok
20:29:18.0437 5056 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:29:18.0437 5056 CryptSvc - ok
20:29:18.0453 5056 dac2w2k - ok
20:29:18.0468 5056 dac960nt - ok
20:29:18.0531 5056 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:29:18.0562 5056 DcomLaunch - ok
20:29:18.0609 5056 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:29:18.0625 5056 Dhcp - ok
20:29:18.0703 5056 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:18.0718 5056 Disk - ok
20:29:18.0734 5056 dmadmin - ok
20:29:18.0812 5056 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:29:18.0828 5056 dmboot - ok
20:29:18.0875 5056 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:29:18.0875 5056 DMICall - ok
20:29:18.0906 5056 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:29:18.0921 5056 dmio - ok
20:29:18.0968 5056 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:29:18.0968 5056 dmload - ok
20:29:19.0015 5056 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:29:19.0015 5056 dmserver - ok
20:29:19.0140 5056 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:29:19.0140 5056 DMusic - ok
20:29:19.0171 5056 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:29:19.0187 5056 Dnscache - ok
20:29:19.0234 5056 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:29:19.0250 5056 Dot3svc - ok
20:29:19.0312 5056 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:29:19.0312 5056 Dot4 - ok
20:29:19.0359 5056 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:29:19.0375 5056 Dot4Print - ok
20:29:19.0453 5056 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
20:29:19.0453 5056 dot4usb - ok
20:29:19.0500 5056 dpti2o - ok
20:29:19.0546 5056 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:19.0546 5056 drmkaud - ok
20:29:19.0593 5056 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:29:19.0609 5056 EapHost - ok
20:29:19.0640 5056 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:29:19.0656 5056 ERSvc - ok
20:29:19.0703 5056 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:19.0734 5056 Eventlog - ok
20:29:19.0781 5056 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
20:29:19.0796 5056 EventSystem - ok
20:29:19.0953 5056 EvtEng (4c6fa3fd55087b7c35707068723a1710) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
20:29:19.0968 5056 EvtEng - ok
20:29:20.0093 5056 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:20.0093 5056 Fastfat - ok
20:29:20.0156 5056 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:20.0187 5056 FastUserSwitchingCompatibility - ok
20:29:20.0218 5056 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:29:20.0218 5056 Fdc - ok
20:29:20.0281 5056 FileDisk2 (30967822edd32fb37f8209500724ae6c) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
20:29:20.0281 5056 FileDisk2 - ok
20:29:20.0296 5056 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:29:20.0312 5056 Fips - ok
20:29:20.0375 5056 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:29:20.0390 5056 FLEXnet Licensing Service - ok
20:29:20.0515 5056 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:29:20.0515 5056 Flpydisk - ok
20:29:20.0578 5056 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:20.0578 5056 FltMgr - ok
20:29:20.0718 5056 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:29:20.0718 5056 FontCache3.0.0.0 - ok
20:29:20.0843 5056 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:20.0843 5056 Fs_Rec - ok
20:29:20.0890 5056 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:20.0890 5056 Ftdisk - ok
20:29:20.0937 5056 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:20.0953 5056 Gpc - ok
20:29:21.0015 5056 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:21.0015 5056 HDAudBus - ok
20:29:21.0062 5056 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:29:21.0062 5056 helpsvc - ok
20:29:21.0078 5056 HidServ - ok
20:29:21.0125 5056 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:21.0125 5056 HidUsb - ok
20:29:21.0171 5056 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:29:21.0171 5056 hkmsvc - ok
20:29:21.0265 5056 HP LaserJet Service (f90dd89e8a482ac976dd4e1029802e49) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
20:29:21.0265 5056 HP LaserJet Service - ok
20:29:21.0375 5056 HP1210FAX (7330493e27af4dc73de0f3293e8b5514) C:\WINDOWS\system32\Drivers\HPM1210FAX.sys
20:29:21.0375 5056 HP1210FAX - ok
20:29:21.0453 5056 HPM1210RcvFaxSrvc (1451ab76d18af31d9be3176fc90f58d1) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
20:29:21.0453 5056 HPM1210RcvFaxSrvc - ok
20:29:21.0468 5056 hpn - ok
20:29:21.0515 5056 HPSIService (86d9f218677e8b9357a5d9309cd495dc) C:\WINDOWS\system32\HPSIsvc.exe
20:29:21.0531 5056 HPSIService - ok
20:29:21.0578 5056 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:29:21.0593 5056 HPZid412 - ok
20:29:21.0625 5056 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:29:21.0625 5056 HPZipr12 - ok
20:29:21.0828 5056 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:29:21.0828 5056 HPZius12 - ok
20:29:21.0890 5056 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:29:21.0890 5056 HSFHWAZL - ok
20:29:21.0953 5056 HSF_DPV (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:29:21.0984 5056 HSF_DPV - ok
20:29:22.0031 5056 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:22.0046 5056 HTTP - ok
20:29:22.0140 5056 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:29:22.0156 5056 HTTPFilter - ok
20:29:22.0187 5056 i2omgmt - ok
20:29:22.0203 5056 i2omp - ok
20:29:22.0234 5056 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:22.0234 5056 i8042prt - ok
20:29:22.0546 5056 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
20:29:22.0812 5056 ialm - ok
20:29:22.0921 5056 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:29:22.0921 5056 IDriverT - ok
20:29:23.0140 5056 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:29:23.0156 5056 idsvc - ok
20:29:23.0234 5056 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
20:29:23.0250 5056 IFXTPM - ok
20:29:23.0328 5056 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:23.0343 5056 Imapi - ok
20:29:23.0375 5056 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:29:23.0390 5056 ImapiService - ok
20:29:23.0406 5056 ini910u - ok
20:29:23.0671 5056 IntcAzAudAddService (474d59c18652c8ef0151a9efae9ee619) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:29:23.0875 5056 IntcAzAudAddService - ok
20:29:23.0953 5056 IntelIde - ok
20:29:24.0000 5056 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:24.0000 5056 intelppm - ok
20:29:24.0031 5056 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:24.0031 5056 Ip6Fw - ok
20:29:24.0093 5056 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:24.0093 5056 IpFilterDriver - ok
20:29:24.0140 5056 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:24.0140 5056 IpInIp - ok
20:29:24.0187 5056 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:24.0187 5056 IpNat - ok
20:29:24.0218 5056 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:24.0234 5056 IPSec - ok
20:29:24.0281 5056 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:24.0281 5056 IRENUM - ok
20:29:24.0375 5056 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:24.0375 5056 isapnp - ok
20:29:24.0484 5056 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
20:29:24.0500 5056 JavaQuickStarterService - ok
20:29:24.0531 5056 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:24.0531 5056 Kbdclass - ok
20:29:24.0562 5056 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:24.0578 5056 kmixer - ok
20:29:24.0609 5056 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:24.0609 5056 KSecDD - ok
20:29:24.0656 5056 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:29:24.0671 5056 lanmanserver - ok
20:29:24.0765 5056 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:29:24.0796 5056 lanmanworkstation - ok
20:29:24.0828 5056 lbrtfdc - ok
20:29:24.0890 5056 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:29:24.0906 5056 LmHosts - ok
20:29:24.0937 5056 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
20:29:24.0937 5056 MBAMProtector - ok
20:29:25.0062 5056 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:29:25.0093 5056 MBAMService - ok
20:29:25.0203 5056 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:29:25.0203 5056 mdmxsdk - ok
20:29:25.0250 5056 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:29:25.0265 5056 Messenger - ok
20:29:25.0312 5056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:25.0312 5056 mnmdd - ok
20:29:25.0359 5056 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
20:29:25.0375 5056 mnmsrvc - ok
20:29:25.0421 5056 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:29:25.0421 5056 Modem - ok
20:29:25.0484 5056 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:25.0484 5056 Mouclass - ok
20:29:25.0593 5056 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:29:25.0593 5056 mouhid - ok
20:29:25.0625 5056 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:25.0640 5056 MountMgr - ok
20:29:25.0812 5056 mraid35x - ok
20:29:25.0828 5056 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:25.0843 5056 MRxDAV - ok
20:29:25.0906 5056 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:25.0921 5056 MRxSmb - ok
20:29:25.0968 5056 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
20:29:25.0984 5056 MSDTC - ok
20:29:26.0078 5056 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:26.0078 5056 Msfs - ok
20:29:26.0093 5056 MSIServer - ok
20:29:26.0140 5056 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:29:26.0140 5056 MSKSSRV - ok
20:29:26.0171 5056 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:29:26.0171 5056 MSPCLOCK - ok
20:29:26.0218 5056 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:29:26.0218 5056 MSPQM - ok
20:29:26.0265 5056 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:26.0265 5056 mssmbios - ok
20:29:26.0359 5056 MSSQL$MSSMLBIZ - ok
20:29:26.0421 5056 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
20:29:26.0421 5056 MSSQLServerADHelper - ok
20:29:26.0515 5056 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:29:26.0515 5056 Mup - ok
20:29:26.0578 5056 mvusbews (da52265242677e1c03b2560a03172612) C:\WINDOWS\system32\Drivers\mvusbews.sys
20:29:26.0578 5056 mvusbews - ok
20:29:26.0640 5056 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:29:26.0671 5056 napagent - ok
20:29:26.0687 5056 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:26.0703 5056 NDIS - ok
20:29:26.0843 5056 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:26.0843 5056 NdisTapi - ok
20:29:27.0078 5056 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:27.0125 5056 Ndisuio - ok
20:29:27.0187 5056 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:27.0187 5056 NdisWan - ok
20:29:27.0296 5056 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:27.0296 5056 NDProxy - ok
20:29:27.0312 5056 NecUsb3 - ok
20:29:27.0343 5056 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:27.0343 5056 NetBIOS - ok
20:29:27.0359 5056 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:27.0375 5056 NetBT - ok
20:29:27.0406 5056 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:27.0421 5056 NetDDE - ok
20:29:27.0437 5056 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:29:27.0437 5056 NetDDEdsdm - ok
20:29:27.0484 5056 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:27.0484 5056 Netlogon - ok
20:29:27.0515 5056 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:29:27.0531 5056 Netman - ok
20:29:27.0671 5056 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:29:27.0671 5056 NetTcpPortSharing - ok
20:29:27.0906 5056 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
20:29:27.0968 5056 NETw4x32 - ok
20:29:28.0015 5056 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:29:28.0031 5056 NIC1394 - ok
20:29:28.0125 5056 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:29:28.0140 5056 Nla - ok
20:29:28.0187 5056 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:28.0187 5056 Npfs - ok
20:29:28.0250 5056 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:28.0265 5056 Ntfs - ok
20:29:28.0296 5056 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:28.0312 5056 NtLmSsp - ok
20:29:28.0375 5056 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:29:28.0406 5056 NtmsSvc - ok
20:29:28.0500 5056 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:28.0500 5056 Null - ok
20:29:28.0562 5056 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:29:28.0578 5056 NwlnkFlt - ok
20:29:28.0593 5056 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:29:28.0593 5056 NwlnkFwd - ok
20:29:28.0703 5056 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:29:28.0718 5056 odserv - ok
20:29:28.0843 5056 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:29:28.0843 5056 ohci1394 - ok
20:29:28.0875 5056 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:29:28.0890 5056 ose - ok
20:29:28.0984 5056 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:29:29.0000 5056 Parport - ok
20:29:29.0031 5056 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:29.0031 5056 PartMgr - ok
20:29:29.0078 5056 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:29.0078 5056 ParVdm - ok
20:29:29.0125 5056 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:29.0125 5056 PCI - ok
20:29:29.0140 5056 PCIDump - ok
20:29:29.0171 5056 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:29:29.0187 5056 PCIIde - ok
20:29:29.0218 5056 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:29:29.0218 5056 Pcmcia - ok
20:29:29.0234 5056 PDCOMP - ok
20:29:29.0265 5056 PDFRAME - ok
20:29:29.0281 5056 PDRELI - ok
20:29:29.0296 5056 PDRFRAME - ok
20:29:29.0312 5056 perc2 - ok
20:29:29.0343 5056 perc2hib - ok
20:29:29.0390 5056 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:29:29.0421 5056 PlugPlay - ok
20:29:29.0515 5056 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
20:29:29.0531 5056 Pml Driver HPZ12 - ok
20:29:29.0578 5056 Point32 (08b11f5c60edca255b18cedef8efba2a) C:\WINDOWS\system32\DRIVERS\point32.sys
20:29:29.0578 5056 Point32 - ok
20:29:29.0609 5056 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:29.0625 5056 PolicyAgent - ok
20:29:29.0703 5056 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:29.0718 5056 PptpMiniport - ok
20:29:29.0734 5056 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:29.0750 5056 ProtectedStorage - ok
20:29:29.0781 5056 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:29:29.0781 5056 PSched - ok
20:29:29.0828 5056 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:29.0828 5056 Ptilink - ok
20:29:29.0906 5056 ql1080 - ok
20:29:29.0921 5056 Ql10wnt - ok
20:29:29.0937 5056 ql12160 - ok
20:29:29.0953 5056 ql1240 - ok
20:29:29.0984 5056 ql1280 - ok
20:29:30.0031 5056 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:30.0046 5056 RasAcd - ok
20:29:30.0078 5056 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:29:30.0093 5056 RasAuto - ok
20:29:30.0125 5056 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:30.0125 5056 Rasl2tp - ok
20:29:30.0171 5056 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:29:30.0203 5056 RasMan - ok
20:29:30.0250 5056 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:30.0250 5056 RasPppoe - ok
20:29:30.0281 5056 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:30.0281 5056 Raspti - ok
20:29:30.0312 5056 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:30.0328 5056 Rdbss - ok
20:29:30.0437 5056 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:30.0437 5056 RDPCDD - ok
20:29:30.0484 5056 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:29:30.0500 5056 rdpdr - ok
20:29:30.0562 5056 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:29:30.0562 5056 RDPWD - ok
20:29:30.0609 5056 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:29:30.0625 5056 RDSessMgr - ok
20:29:30.0750 5056 RegSrvc (8ac155995f5d10fc0d3ad949a1a68075) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
20:29:30.0765 5056 RegSrvc - ok
20:29:30.0859 5056 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:29:30.0875 5056 RemoteAccess - ok
20:29:30.0937 5056 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:29:30.0953 5056 RemoteRegistry - ok
20:29:31.0000 5056 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
20:29:31.0015 5056 RpcLocator - ok
20:29:31.0062 5056 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:29:31.0093 5056 RpcSs - ok
20:29:31.0140 5056 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
20:29:31.0171 5056 RSVP - ok
20:29:31.0328 5056 S24EventMonitor (131d50f081d2e29ebd1365b21f6b9736) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
20:29:31.0359 5056 S24EventMonitor - ok
20:29:31.0453 5056 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:29:31.0468 5056 s24trans - ok
20:29:31.0484 5056 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:29:31.0500 5056 SamSs - ok
20:29:31.0562 5056 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:29:31.0578 5056 SCardSvr - ok
20:29:31.0640 5056 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:29:31.0640 5056 Schedule - ok
20:29:31.0703 5056 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:31.0718 5056 Secdrv - ok
20:29:31.0750 5056 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:29:31.0750 5056 seclogon - ok
20:29:31.0843 5056 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:29:31.0859 5056 SENS - ok
20:29:31.0921 5056 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
20:29:31.0921 5056 Ser2pl - ok
20:29:31.0953 5056 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:31.0953 5056 Serenum - ok
20:29:32.0000 5056 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:29:32.0000 5056 Serial - ok
20:29:32.0046 5056 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:29:32.0046 5056 Sfloppy - ok
20:29:32.0109 5056 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:29:32.0125 5056 SharedAccess - ok
20:29:32.0171 5056 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:32.0171 5056 ShellHWDetection - ok
20:29:32.0281 5056 shpf (c3fde0e50499cce2948959dd79403d83) C:\WINDOWS\system32\DRIVERS\shpf.sys
20:29:32.0281 5056 shpf - ok
20:29:32.0296 5056 Simbad - ok
20:29:32.0375 5056 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:29:32.0390 5056 SNC - ok
20:29:32.0406 5056 SonyImgF (ffdb6f1cb87b42f41b6de116cd6ef809) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:29:32.0421 5056 SonyImgF - ok
20:29:32.0437 5056 Sparrow - ok
20:29:32.0484 5056 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:32.0484 5056 splitter - ok
20:29:32.0531 5056 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:29:32.0562 5056 Spooler - ok
20:29:32.0656 5056 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:29:32.0671 5056 SQLBrowser - ok
20:29:32.0812 5056 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:29:32.0812 5056 SQLWriter - ok
20:29:32.0937 5056 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:32.0937 5056 sr - ok
20:29:32.0984 5056 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:29:33.0015 5056 srservice - ok
20:29:33.0078 5056 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:33.0093 5056 Srv - ok
20:29:33.0125 5056 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:29:33.0140 5056 SSDPSRV - ok
20:29:33.0234 5056 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:29:33.0250 5056 ssmdrv - ok
20:29:33.0296 5056 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:29:33.0328 5056 stisvc - ok
20:29:33.0375 5056 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:33.0390 5056 swenum - ok
20:29:33.0406 5056 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:33.0421 5056 swmidi - ok
20:29:33.0437 5056 SwPrv - ok
20:29:33.0453 5056 symc810 - ok
20:29:33.0484 5056 symc8xx - ok
20:29:33.0500 5056 sym_hi - ok
20:29:33.0515 5056 sym_u3 - ok
20:29:33.0546 5056 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:33.0546 5056 sysaudio - ok
20:29:33.0593 5056 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:29:33.0625 5056 SysmonLog - ok
20:29:33.0703 5056 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:29:33.0734 5056 TapiSrv - ok
20:29:33.0843 5056 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:33.0859 5056 Tcpip - ok
20:29:33.0906 5056 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
20:29:33.0906 5056 TcUsb - ok
20:29:33.0953 5056 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:33.0953 5056 TDPIPE - ok
20:29:34.0000 5056 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:34.0000 5056 TDTCP - ok
20:29:34.0062 5056 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:34.0078 5056 TermDD - ok
20:29:34.0140 5056 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:29:34.0156 5056 TermService - ok
20:29:34.0203 5056 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:29:34.0234 5056 Themes - ok
20:29:34.0312 5056 ti21sony (3106074a87bd5a16e2a3af6902bb6d91) C:\WINDOWS\system32\drivers\ti21sony.sys
20:29:34.0343 5056 ti21sony - ok
20:29:34.0421 5056 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
20:29:34.0453 5056 TlntSvr - ok
20:29:34.0546 5056 TOSHIBA Bluetooth Service (5480abfc2c6b19972d2871f576ebcaa3) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
20:29:34.0546 5056 TOSHIBA Bluetooth Service - ok
20:29:34.0609 5056 TosIde - ok
20:29:34.0671 5056 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:29:34.0687 5056 tosporte - ok
20:29:34.0750 5056 tosrfbd (42a23ff09bd172fa3f6a3a0a589ef1b0) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
20:29:34.0750 5056 tosrfbd - ok
20:29:34.0843 5056 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:29:34.0843 5056 tosrfbnp - ok
20:29:34.0890 5056 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:29:34.0890 5056 Tosrfcom - ok
20:29:34.0937 5056 Tosrfhid (410aa85d04cfe697a2c3368286ddd128) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:29:34.0953 5056 Tosrfhid - ok
20:29:34.0984 5056 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:29:35.0000 5056 tosrfnds - ok
20:29:35.0046 5056 tosrfusb (967316fb4777bc6eaaa0e15552fef768) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
20:29:35.0062 5056 tosrfusb - ok
20:29:35.0109 5056 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:29:35.0140 5056 TrkWks - ok
20:29:35.0187 5056 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:35.0187 5056 Udfs - ok
20:29:35.0250 5056 ultra - ok
20:29:35.0312 5056 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:35.0328 5056 Update - ok
20:29:35.0359 5056 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:29:35.0390 5056 upnphost - ok
20:29:35.0437 5056 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:29:35.0453 5056 UPS - ok
20:29:35.0500 5056 USBAAPL - ok
20:29:35.0531 5056 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:35.0531 5056 usbccgp - ok
20:29:35.0562 5056 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:35.0578 5056 usbehci - ok
20:29:35.0640 5056 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:35.0640 5056 usbhub - ok
20:29:35.0718 5056 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:29:35.0718 5056 usbprint - ok
20:29:35.0765 5056 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:35.0765 5056 usbscan - ok
20:29:35.0812 5056 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:35.0812 5056 usbstor - ok
20:29:35.0875 5056 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:35.0875 5056 usbuhci - ok
20:29:35.0937 5056 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
20:29:35.0937 5056 usb_rndisx - ok
20:29:36.0046 5056 VAIO Event Service (1d5425783d92f34c63075fa0c4e2c3d5) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:29:36.0046 5056 VAIO Event Service - ok
20:29:36.0125 5056 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:36.0125 5056 VgaSave - ok
20:29:36.0156 5056 ViaIde - ok
20:29:36.0187 5056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:36.0187 5056 VolSnap - ok
20:29:36.0265 5056 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:29:36.0296 5056 VSS - ok
20:29:36.0328 5056 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:29:36.0359 5056 W32Time - ok
20:29:36.0406 5056 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:36.0406 5056 Wanarp - ok
20:29:36.0453 5056 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
20:29:36.0453 5056 wceusbsh - ok
20:29:36.0578 5056 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:29:36.0593 5056 Wdf01000 - ok
20:29:36.0625 5056 WDICA - ok
20:29:36.0687 5056 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:36.0765 5056 wdmaud - ok
20:29:37.0015 5056 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:29:37.0046 5056 WebClient - ok
20:29:37.0140 5056 winachsf (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:29:37.0156 5056 winachsf - ok
20:29:37.0265 5056 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:29:37.0265 5056 winmgmt - ok
20:29:37.0328 5056 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:29:37.0328 5056 WinUSB - ok
20:29:37.0406 5056 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:29:37.0421 5056 WLSetupSvc - ok
20:29:37.0500 5056 WmcCds (20263dafd033d30f151bb87568386769) c:\program files\windows media connect\mswmccds.exe
20:29:37.0500 5056 WmcCds - ok
20:29:37.0515 5056 WmcCdsLs (1dd015a69235dcfae18b5f98fb50be23) C:\Program Files\Windows Media Connect\mswmcls.exe
20:29:37.0515 5056 WmcCdsLs - ok
20:29:37.0609 5056 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:29:37.0625 5056 WmdmPmSN - ok
20:29:37.0703 5056 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:29:37.0703 5056 Wmi - ok
20:29:37.0781 5056 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:29:37.0781 5056 WmiApSrv - ok
20:29:37.0921 5056 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:29:37.0953 5056 WMPNetworkSvc - ok
20:29:38.0031 5056 WMZuneComm (017695393afffed8de58abd1b085be6d) c:\Program Files\Zune\WMZuneComm.exe
20:29:38.0046 5056 WMZuneComm - ok
20:29:38.0140 5056 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:29:38.0140 5056 WS2IFSL - ok
20:29:38.0187 5056 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:29:38.0218 5056 wscsvc - ok
20:29:38.0250 5056 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:29:38.0265 5056 wuauserv - ok
20:29:38.0312 5056 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:38.0328 5056 WudfPf - ok
20:29:38.0359 5056 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:29:38.0359 5056 WudfRd - ok
20:29:38.0390 5056 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
20:29:38.0421 5056 WudfSvc - ok
20:29:38.0500 5056 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:29:38.0531 5056 WZCSVC - ok
20:29:38.0656 5056 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:29:38.0671 5056 xmlprov - ok
20:29:38.0859 5056 yukonwxp (a5d4eae27e68625296d685a786897491) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
20:29:38.0859 5056 yukonwxp - ok
20:29:38.0906 5056 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
20:29:38.0921 5056 zumbus - ok
20:29:39.0000 5056 ZuneBusEnum (37f339b64f19e2775284ed7161b96683) c:\Program Files\Zune\ZuneBusEnum.exe
20:29:39.0015 5056 ZuneBusEnum - ok
20:29:39.0421 5056 ZuneNetworkSvc (1076df9ade4e13ea3bf39d2165aeb903) c:\Program Files\Zune\ZuneNss.exe
20:29:39.0796 5056 ZuneNetworkSvc - ok
20:29:39.0906 5056 ZuneWlanCfgSvc (de1cdb333a402b279f04d627122fa08e) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
20:29:39.0921 5056 ZuneWlanCfgSvc - ok
20:29:39.0968 5056 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:29:40.0031 5056 \Device\Harddisk0\DR0 - ok
20:29:40.0031 5056 Boot (0x1200) (e008aa37e8fc2afbd12631aa90948f96) \Device\Harddisk0\DR0\Partition0
20:29:40.0031 5056 \Device\Harddisk0\DR0\Partition0 - ok
20:29:40.0031 5056 ============================================================
20:29:40.0031 5056 Scan finished
20:29:40.0031 5056 ============================================================
20:29:40.0046 3900 Detected object count: 0
20:29:40.0046 3900 Actual detected object count: 0


data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQAAAAMGCAIAAAAiD76HAAAgAElEQVR4nOy9fXwcxZ3nX3e3T7e/u9vby97t3mZ3f7tJWB6MnyTLkvX8ZFmy3TbB5nFJiJenJsYQMGAwbR4CAZJMSAJsgCZg2Zj0D2WTyw65cMvPI8xDPMuD8RBiKUMwYuwEezwijGVZxCFR3R9fqVyq6u7pGbVGM9Ln/aqXXq2aT1dV13RX12equov9/F8vq19qNHaubVlxXptxQevK85XQZlzQsuK8xs61tW3G4sbOxY2dtW3QQw899NBDDz300EMPPfTQQ3/+xz7+qXk1bVMRPnVm1cL6ZeGmye6/6zO1bauWtK5sXLam46yL2ldd2LLiPBHaV13YcdZFjcvWLGldWdu2qrFzTWPnmsL0685tS9z956OPsNFH2NCDv7/1ujnhpg899NBDDz300EMPPfTQQw99kfVTZ4A/cfrCivrOkA3wZy4+v3n5OfUdZ9UvXd2+6oKuNZ/tPPszbcb5bcb5nWd/pmvNZ9tXXVC/dHV9x1nNy88RIV/9585pGXrg98n9ivD9zaeHlT700EMPPfTQQw899NBDDz30xddPnQH+21PnVTZ05ZQtqF26oHapf8xJA9y2Ym1T59rGZWvq289q7jqn3bhg+ZqLV513yarzLlm+5uJ244LmrnPq289qXLamqXOtCEJ/3efadtw4/9Hra/z1z9/2l4r7pXDhuav808+3PNBDDz300EMPPfTQQw899NAXTR/QAD/0uKMH/13++lNzFjUuz+l+b77jqzff8VXhePWYCQa4cdkaCk2daxs6zq5rW724qauytr2ytn1xU1dd2+qGjrPpCJXQ1Ll27Vmdwso+/PlP+Ohd3e/oI+yuSxb6pJ9veaCHHnrooYceeuihhx566KEvpn7qDPDH/+7UqqYVPoKK+mU33/FVSoocL7lfEVOhPULM6js+Xd/x6aautS0rzl3SZlQ1di5u6lrSZixpMxY3dVU1di5pM1pWnNvUtZaUsv7OSxYIK/vanR/z0t91WaWXAb79c3N90s+3PNBDDz300EMPPfTQQw899NAXUx/cAOeMUcJf/PUnFzev9B/+vd66W9hpGvgV/15v3T1/Sbs2Aty5ps04v33VBU1da6ubl1e3rKxbepYI1S0rq5uXN3WtbV91QZtxPj30LPSrV7QIK/vLr/+xq37duW1DD/6BlwG+6NONPunnWx7ooYceeuihhx566KGHHnroi6n3N8A+A785DfD/+PjfLm4xck6Blj2w7H7dp0B3nf3ZpasubOpcW9d+VnXziiWtq2rbVouwpHVVdfOKuvazmjrXLl11YdfZn1X0nz+vNvnlPxnzwPf98Wt3/tlrX/zYnjv/7PW7/vveu/88cc9feFnf0UfYD2/6m5zp51se6KGHHnrooYceeuihhx566IumnzoD/LE//6vq1lU5x5Z1D+zlfufVtLF5i5sqatsXN3bVtKysbVu1pNVQQm3bqpqWlYsbuypq2+ctbtL1N36mysflegVn4ycCpp9vefLSf/1B+7W9b9x579dJ/OkL/nHXi7t3vbD7wnWfD55+dx8/Sd82Wb+5d1D6rL+7deXJ8tTdujPDeaZ3U92E9Lv7OOeDsS0r5fLf1DvI+7br5ZmQNee8b4dIf9OErDnng71bxso/scBP1rSsrGq4fWeG79vaLKdft72fD+7a3LpybJe+HXJ9blWyHi+AWxY7puv7hR566KGHHnrooYceeuinVJ/TAHvF5DTAf/pnf1HTtjqnAZafBPZ5+nfMANORLFzSVtXY2dDx6br21TUtK0Woa1/d0PHpqsbOhUva6Dh1/dOb/jq4733+1v95w2cWtXUsC55+vuXJS79n709GR0dfe/0N0q+/bvPo6Ojo6Oiln782WPpf7B3kvG+HSH9r765Nde0Ll7RVNdzeOzhmesf02/v7tq86WZ5bnstkBjN8cOctE9Ifs46Duza3niz/ptgg79uul6e7n/O+HWPpt+7o4zzz3J2U/qbeQeE8pfS/GBs8uUtd++ru556/qaGzombLzgzv6+6coH/iZ1SMmpaVZIBd63NrH+d920/WT+vJLEi/tXfXpprWafl+oYceeuihhx566KGHHvop1RdggAO+BOu//Lf/vqT9rHzdr78HZtXNK6qbVyyqX1ZZ31HXvrq5a21T55ratlW1bauaOtc0d62ta19dWd+xqH4ZKRX9A1fNF+b28WtPP29NF+lXLmt8etNfqXOeb/6bfNOfav3riTdHR0e/3f0d0l9z461kgC+/6vpA6d/+QoYP7rRc0t/UO8gHd23p9CxPdx/P9N5BxlJOf1s/z/Tu6uM8s+tLQn9T7yDv26GXZ1s/5/2OSH/LrkE+uGtTQ8ei+mWbpV1Opn/7Cxk+2LtFLU9Vw22xDO/btnyCfns/H3xhS+faWhpq7ndc67O7j/O+J0T5RRal8P1CDz300EMPPfTQQw899FOq/9jHT5lb3VrACHDO8J/+5L/VLv10cPd7vXW38k4sl7dAL25avrhpeVVj16L6jurmFXXtq1uWn7N01QVLV13QsvycuvbV1c0rFtV3VDV2kVLWty3tGHrg98nc3np5Q8vyc9ZceOkd99x3211fbelas7hp+R2fmycb4LalHSL9r3zjW0PHjo1qHB06dsfdX6tq7Ip881ujo6NDQ8eU8rStOOeX7x0aHR392Vtv33H31/QURkdHh44Nf+Ub32pZfs7Fl19DYp3b7vpqdfMKGgEmXn/jTTECfMWGG/XjdaufJ/s47+vW6qdhRx/nfduWe9Znw44+Phjbsrxqy64M79/a0CnS397PB3fd0/5kkvNkd/sq0pMB1svT3c95vyPSv+W5Qd63g74veRep/E/2cd7/pF6e28kAy/qabf18cNeW5ecsXXXB9n7O+x3X82HrmIcfK3/rcqef8/4nc58/+Z5v0EMPPfTQQw899NBDD32p6f/ib884Y1HTVBjgP/5P/6Vu6dk+AvnpX3ruV4lxeQt0VWMnhcVNXYsallXUtc9f3DSnsm5OZd38xU0Vde2LGpbR+6+VsLipK3LZaeRsH7z8r+dU1ll33C372NvvjlQ1dj5n/bkwwCL96qYOkvUnf375huuvuPrGKzbccMWGG3721tsU39J1tv34E7StlKf3+ZcofuPm22nj1dcTV2y44Yqrb7x8w/WXrr+u/2dvjY6OHj06NH9xU3/y51SYjZtvpyyu2HDDq68naMeVaz/z6p69JN5w3aZz/uEfL11/3bgBvkE/Xtf6ual3kHOe6b19gr67n/P+rQ0dnvXZ3c8zu25q6Bxznt0n03+8j2d23jKnsu7xPs77tpOe3Kxenq19nPdto/Tn3dSb4YMxq4O+L2UXkf6mWIZzntl5y4TyjBdD1ld19/PMc5uqmudU1j22j/O+ba7nAxlguX5u3JnhnGdiW/zPn3zPN+ihhx566KGHHnrooYe+1PSfnFP1yTMX+xjgfJf/FeGP/uP/U9exxl9Djld+65UeM8EAL2pYtqhhWXXz8iWtKytq2+ZVNc6rbq6oba+obZ9X3TyvqrGitm1J68rq5uWklPWv3vGn5Gwbm5pXnH0hWcd/+eEzu17cPTo6enRoqLnz7AtW1QoDLNK/9PNjPvNbjzwup//IY9sp3rzmxke7n6RtuTzXbBwbobW37rh8w/W0ffmG6+Xyf8veSvFrL7rk6NGh0dHR1/a+IZf/gnVX2lt3PNr95IqzL3zl1ddHR0df3bOX0l93xQZRAP14veqnZsuuDOec80zvbaSv2dbPef/Wulav+uzuOykmpyrSf7yPZ3pvrahtn7e5N8MzO29pXdK6cnPvIO97Qi/P4/K7pjK9m6oaRH3epLwEa3DXJlGeW54bK3DMIn1N8x2xDO/r7piQfncfz/RuqmmuqG0np+16Pmwdez/WxPoRWfRu8Tp/8j3foIceeuihhx566KGHHvpS09c0rwi4FHC+4Q/+8I/ql63NKaOBX/+YkwZ4cWNXXduq+vbV1U3L51e3LKhurazrEGFBdev86pbqpuX17avr2lbRQ89C/8rt/3X0Efaze/5zZV3Hw9/ePjo6+sR3vkt6mlp8xYYbFzd2CQMs0r9s/UbymQ/Z3XL6YtT3qus224/voG1RmJVrLhoztK+/Ud++ev21N5Ng/bU3y+WnkoyOjl62fuMPnn6Gtvfs/cmevT957fXEa68n9uz9yWPbvrP63M/Nr2555bW9o6Ojr+5JUBaXmF8QBdCPN0f9bO+nNx7Xta1q2N7Pef/jNa2u+potu+gp2bH0t+zK8MHYlrH0t/bxTO9tpN8UG+SZ3s3Ny63nBnnfk3p5Hqfnb+s6Kuqe2Mf5vu6T5bll/CVYXuWv6KYCb69uWt7Q/sXewbGXYAn9PDLAdR2VdR1b+zjve8L1fOju47z/Sdf6mUdv9Orb4Xr+5Hu+QQ899NBDDz300EMPPfSlpm9dfs7fz6v5f09bGLoB/r3f/4OGztwGOK/AWrrWNiw9q7ppOR3ewiXtFbVLRVi4pJ2qoLppecPSs1q61sr6V27/09FHWP89/7midunD3942Ojq6w/ln0pN9/cKNt7Z0rRUGWKR/6efHDfCj2+T0tz7x1NgA7NU3Ch8rCiOmK69cc1F10/ING28hwYaNt8jlp5KMjo5e+vmNDe2rH7K7X92TeO31N/bs/cnriTdfT7w5NHSMBqgXVLeOG+C9lMV5n7n86NGho0NDq8/9nH68Oeun9fYXBvlg761nkcXdudldry1QNDZ6TOlvHRsBXlpRu7SiZvs+zjO9t23uHeT9T+rloTcwj4m7x1w3lcd6bpD3O/7lr9j8XIYP7rylo6b5jt5BPrjrS7J+Xncfzzy3qa69onYpZeR6PtCbqL3qZ97mXrL3BdQn9NBDDz300EMPPfTQQ1/i+qZlZ7etOPcTZ1T+zakLfR4GLiD8+//wHxo6zwnZAJ82r3pORf28xc0LatroCJVQUbt0QU3bvMXNcyrqT5tXLet/8bX/SM62obF5+afFFOj/89Cj3TQP+TPrzNUtc6Up0GPpiynQDz26TU7/gW/ZFL/uimseerSbtmmXhx4ds7W33vkV0l986VUUc/GlV8nlF8pLP3/dQ49ue/jb27Z88cty+R98+DHhkMkAv/LaXsqloX31V7/xra/c90+ux5uzfk6d172P831bG+ZVbdmZGXOMqr7u1p0ZnoltkdPfFMvQgsALyQDHbj2p7+7nvG9nLMP3devlEb504ZL2ippbd2Z4pvdWKs+NO8d28Sk/Gex93a2uejlxsa2fD/R4sGf91G3fx/m+rYXUJ/TQQw899NBDDz300ENf4vpF9csqapdW1C791JmL/+yvTvnEnKrTKxtCMav/7t/9+8ausA0wHckZC+vmVTVXNXRW1nUsqGkTobKuo6qhc15V8xkL6+ZU1NfW169bteDiFXNvPv+UV277r8LZPnTl3y2oadvyxS+Tsfxf0R/d85VvbNvx/81b3Lxz858J2YWrain9+rZVpPxZ8udXbLhh3RXXfPbS9Wef/znx+O5nL13/5a89QNvnXnTZJVdeS9u9z78kyrN0xRqKfPnVPZ+9dP26K665YsMN519sCud8yZXXvronQYPGV1276eJLr1p3xTXrrrimrz9JAmPtZ+mVWkeHhrZ88cuXXHmtmJv92UvX0/fqXz8VtzyX6dsh6mdTLMN532MVDWcsrJtXta2Pc555blNNK4nndfft6+6osnZleGbnpjo5/TmbejOc93V3VtZ1PN7HM7Etcv2PPei7r1svD/nSk+Xp7ud8cOdNzWcsrLtxZ4b3bVP0Fbc8l5H0m3oHOe9/nMq/qTcz7lTPWFg3b2sf54M7bxk7Xnojl3I+UHke28f5vm5RP/M294osKus6buod5LzvsYq6IPXpmj700EMPPfTQQw899NBDX7L6yrqOivER47lVTX93euX//Ls5H/v4p0ozsPnVrfOrW89c1DinsrGyrqOmeUV103IqfXXT8prmFZV1HXMqG89c1HjNuXOP3v97ytK+Itz6mTnVTcvPOm/dZes3kn5+dav1D6fLml7rf4j0b73zK0eHJiyD9Mpre79lj3nXz12+YU5lo3jhM/H0j55tW3GOKM/86lbrjnvpqWDBa6+/IR4eNq++8aJLrvrFL12WQTp6dGjzbXdX1nWcdd468erp0dHRiy4ZG1Vec8E6qplc9bNj34SJzH2P15zUV9TdFsvIs5x3bW5evrWP80zvjVUNcvpzqqydGc77nqhpXtE9PgX6ZP1v6s1wzvu26+WhZYSl8tyxMzOW/qaYOtF6X3dHTfOOvglx/Vul+py3uVcqb2bnLSePd+vE3Ximd1PNWGEe7+O8r1vUj1Yn/Y9VNFD6Aepzhfz9Qg899NBDDz300EMPPfTQh6hn86pb5lW3zF3cfOaixvk1rZX1HUtaVzZ0nNXQcdaS1pWV9R3za1rPXNQ4d3HzL772R17ul8LTN/31ymUNpF/buUge+xXhX278S6/0qSTBywM99NBDDz300EMPPfTQQw899MH1bO7iZgrzqlvOrGqaU1l/6oKaU85cdMqZi05dUDOnsv7MqiZK0dX0vnzbnxyM/KG/MVbCwcgfPn7ln9+49m8XLV4kp6+EnOWBHnrooYceeuihhx566KGHHvrgeja3qmluVdOCmtaK2vY5lfWnzq8+bf6SOZX1cyrrT5u/5NT51XMq6ytq2xfUtCrzn48+8HtnL11I+m1X/WVeHngshft/b9O5nxDpU0mClwd66KGHHnrooYceeuihhx566IPr2fzqlkX1HVUNyxbUtJ6+oPaMhbVnLmoU4YyFtacvqF1Q01rVsOyR9Z+U7esXzp0r65c2L9624eMv3/on+drgm8/7FKW/qL5jfnVL8PJADz300EMPPfTQQw899NBDD31wPattNRY3di2oaTtzUdPpC+vmVDTMqWw8GSoaTl9Yd+aipgU1bYsbuz5/Xu23r/57+6pPXXJWRU79qq7mXbf+RZBx4KXN1ZR+bauRV3mghx566KGHHnrooYceeuihhz6gnn3yjIpT5ladvqD2jIr6Mxc1zqlsUMKZixrPqKg/fUHtKXOrPnlGRb76717zsZwe+J6LP1Fw+tBDDz300EMPPfTQQw899NBDH0TPTl+w5O/nLj7lzKrTFiyZX90yt6rpjIp6EeZWNc2vbjltwZJTzqz6+7mLT1+wpAB9zrdkPXDZX00mfeihhx566KGHHnrooYceeuihz6ln9MFp82tOnVczb3FzZd3Sitr2uVVNc6uaKmrbK+uWzlvcfOq8mtPm18gJ5aXvzvWKrPsv/avJpA899NBDDz300EMPPfTQQw899Dn1Ywb4jIV1py1YMqeyYX51S1XDsiUtK5a0rKhqWDa/umVOZcNpC5acsbBOziAv/c3nn+JvgL/02b+dTPrQQw899NBDDz300EMPPfTQQ59Tz8Q+cyobTl9Yd9r8JaecuegTpy/8xOkLTzlz0Wnzl5y+sG5OZcOE1PPUL66pUZZQ0l6CVTWZ9KGHHnrooYceeuihhx566KGHPqd+zADPneK517dceKqXAb7pvE9NPn3ooYceeuihhx566KGHHnrooffXs7nFmntt/cNp2YnjwEfv/72bzv1kicwFhx566KGHHnrooYceeuihh35m61kx514vWlx18/mnPHj53zx4+d/cfP4pi2tqSmcuOPTQQw899NBDDz300EMPPfQzW8/KZa429NBDDz300EMPPfTQQw899NBPRl+MdYChhx566KGHHnrooYceeuihh37a9cVYBxh66KGHHnrooYceeuihhx566KddX4x1gKGHHnrooYceeuihhx566KGHftr17usAX3zp55/duevlV/YcTqdHAQAAAAAAAACAsmLkww/f3Nf/UvzlK67aKGyvug7wafOqfxD939NdVAAAAAAAAAAAIBz+dedzZy5qPENfB/iW27803WUDAAAAAAAAAADC5I67I3P1dYB7n39pugsGAAAAAAAAAACEySuv7V2irwO8/513p7tgAAAAAAAAAABAmBw5knFZB/jIkcHpLhgAAAAAAAAAABAmJ06ccFkHeLpLBQAAAAAAAAAAhM8Z+jrA010kAAAAAAAAAAAgfFzWAZ7uIgEAAAAAAAAAAOHjsg7wdBcJAAAAAAAAAAAIH5d1gAtOiwMAAAAAAAAAACWAq2l1WQd4ussJAAAAAAAAAACEg2yAXdYBnu7iAQAAAAAAAAAA4SAbYJd1gKe7eAAAAAAAAAAAQDjIBthlHeDpLh4AAAAAAAAAABAO6kuwlHWAp7t4AAAAAAAAAABAOHgY4PF1gKe7eAAAAAAAAAAAQDi4G2CxDvB0Fw8AAAAAAAAAAAgH1QAr6wBPd/EAAAAAAAAAAIBwwDrAAAAAAAAAAABmBVgHGAAAAAAAAADArADrAAMAAAAAAAAAmBVgHWAAAAAAAAAAALMCrAMMAAAAAAAAAGBWgHWAAQAAAAAAAADMCrAOMAAAAAAAAACAWQHWAQYAAAAAAAAAMCsIYR3gzKNsJ1PDy88e4fyn+xjbyR7NCOmRZ19mbOd1zx7nfPzTk2HfT0nkFc85P5K6ju08mYJ/7jLjO54M16VOSlxyzHVQrsWb8NHLzx7JM5EghZRjAAAAAAAAAADkQQjrAIdlgMfdnbfDpN0n+sBCDbAsC8MAnyxbiAZYLiR9CgMMAAAAAAAAAAUS4jrAmt0NZIDp0zFDuO+nrumMcfzZ63Yytu/RR90srudelPFE9yisppy7674BDkoqvzQ0/dPUyRIGTMS/kDDAAAAAAAAAADApQlwHePIGWB4B1u0oOcBHMxMS8cld39dl2rO/5Q7qXX/66E6/3AszwEohxw/fPQsAAAAAAAAAADkIcR1gL5unBa8p0I/+1G2vcUN40ve6joXma4DHxlfdJiTrFtTnoK5LHRkbmh4vfwE1Qzn6FxIGGAAAAAAAAAAmRYjrAE/OAJ90j+52lEwmzXyWt71zl/H0ltIIcOkaYHrMOPMoDDAAAAAAAAAAFE6I6wAXPAVaHud0TYe7vyBqwizowqZA+0+6DnZQfKqnQI/FwAADAAAAAAAAwGQIcR3gSTwDPMFAuplD7R3LAYZqJ+w/0Vsq76yatAEWxRODwEee3TfZl2DpL9YCAAAAAAAAAFA4IawDPM5kXoLl80Que/nZI/ocY1ph6GU/kynjusKQZjWlHHMdlCoeK+GkEvEvJN4CDQAAAAAAAACTIoR1gMeZjAEWg8DXpY7o5vCnE+dIcy4Mp7TsUH4G2GX69KQMsHQIY+Hk8sUFG+AJhYQBBgAAAAAAAIBJEeI6wAAAAAAAAAAAQOkS4jrAAAAAAAAAAABA6RLiOsAAAAAAAAAAAEDpEuI6wAAAAAAAAAAAQOkS4jrAAAAAAAAAAABA6RLiOsAAAAAAAAAAAEDpEs46wO8dOnzXvfctqG5eUO353qwF1c3vHTocJLUHH35MV8qRwZMKl7vuve/YseG8dimgqPKRFpCj4PkXf3z1xs0+30hYTPXXIdJ3PTEmk2BOgVf9+6RAHwnB++//akF1c2FfolcuShYAAAAAAACAgISzDvDVGze/8eY+f03w/rqrUo4so65/AUUN6+gWVDe/mzow+XSCZFQcAxxizQQ0wAUIHnz4MfGXc/78iz9eUN38/Is/DrGcShYAAAAAAACAgISzDvDVGzcn33pbifzeD55eUN0sPpJ788pHcgwNIyuDyUrkgurmN97cR2POsrXQkxW7kw9xlR07Nrz9yacWVDe//OoeV6+lRxaQoODBhx+jA3EtuX6kYndK86577xO21qse9Brz2l0+Cq9q9C+wfzFy1tUbb+67euNmSse/2l1PDNfiuZbH/0vRj0g/DVwFzzwbe+bZGPfm6o2btz/51F333idXCBVPPlG9It87dPjBhx+jo3j51T0wvQAAAAAAAEyGcNYBTr71tjIILIyBmAKqewbx0TPPxr73g6fFvkFGgEn/burAgurm99//lWuy8r4ifV32vR88TZ8m33o7uAHON0EFEouSex2+2BZpkmN0rQdlnq1i3nx2l/GqRv8C619HwMpXhqlzVrvXuKtcPNdq8f9SvL4C+aTVBTnd77upA8Iwy7870F5vvLlPmHmvyPcOHX7jzX3ke7c/+VTOeRYAAAAAAAAAH0JbB5geAxZ+QB6vEyN4wlR4fST2DT4F2idZr319cg9ugPNNUPD++7/a/uRTNNjr6usKKI9rRkFqzLWelcMprMABK//Bhx978OHHhM0uwAD7F6+AugqSNXlsf/fLORcaYb/zKh5t0M8E9G/BD4QDAAAAAAAAeLjrAFNPXYzCKQ+gyt16r49c/9UjvdyC1yOvit4n98IMcJAEBXfde9/Lr+7xSq2w8rhmVLABVg6nsAJ7fap/R888G7t642aydgUYYP/iTZ0BfubZ2PYnn+K+KIbfp7r8Ix98+DHMfwYAAAAAAGDyhLkOsDwN9Xs/eFoe2eNSb17/SB4fI6X+RLEc6eoW9GT1rF1lDz78mJgeLJRiNFuOdLUrAROUC/Nu6oA8UOxz+LpGmcMc0NTl3F3g+sXlLHDwYrh+R8Gr3fXEUIrnWh7/L8XriPwP+fkXf+wzCCxXNZdeFLdAmu0sfxeukZQ7lVk/dj6594QDAAAAAAAw2whnHWAa4Lp642YaiyPonUMLqptp5Ep2HcpH4gVF9K4gek2RbB6USC/HpSQrF082PIrs/fd/RS9Mkp8Opaea6Y1EOccDXRNU9hXQG6HkVzH5HL5+dHfde594yDavUU3/3WWUw8lZ4AKKIRKnqcvCRvpXu+uJoRfPtTz+X4rXEeU8ZJ/HgMXLq4hnno2JC4FWqLp642a5nK6RIvcFHstZwQADAAAAAAAQnHDWAZ4xeHlCAMLC9RzzP/GSb72tv64MAAAAAAAAkC/hrAM8Y4ABBlNNvgZYGbcHAAAAAAAAFEw46wADAAAAAKJA0rIAACAASURBVAAAAAAlTjjrAAMAAAAAAAAAACVOaOsAAwAAAAAAAAAApUyY6wADAAAAAAAAAAAlS5jrAAMAAAAAAAAAACVLOOsAAwAAAAAAAAAAJQ7WAQYAAAAAAAAAMCvAOsAAAAAAAAAAAGYFWAcYAAAAAAAAAMCsAOsAAwAAAAAAAACYFWAdYAAAAAAAAAAAswKsAwwAAAAAAAAAYFaAdYABAAAAAAAAAMwKwlkH+Mj72YOHjhwdGv7w17/+8Ne/Hh0d/R0AYdPT0zPdRchNWRQSAABmEmh4Jw/qEAAwjYyOjpKLPDo0fPDQkSPvf8A5f+udA0HCu784dOjI+8dHPhzlfDR/A1zgOsDHRz48eOjIb3/7W/kwTvzmNwgI4Yaenp5pL8PMKCQCAgLCTApoeFGHCAgIZR0UP3zw0BFhaHOGwQ+GDmc+ePfgoSODvyrAABe4DvChzK8+yB776KPfyoFMPAJCiKGnp2fayzAzComAgIAwkwIa3tDrkI1z2WWXpQ4cmEzKjLG3fv7zD3/965tuuok2EBAQEJSgGMkPsscOZX4V0ACL8O4vDh8f+TBfA1zgOsDv/uLw8PERxccziWPDx48NH7/kkkt/+d6hY8PHGWN9/T+jSASE4KGnp0f+t6//Z5dccql8jk0yiFP0xhs3FXyK5iykf+KTyRoBAQFhdgal4T02fPydgXcZY9Skuwa5sRWN/2wOSh2KrlrPd797ySWXTiZlkRS6fwgICF5BMZLDx0fe/cXhfA1wevCDQ0cG8zXABa4D/PPUL4+PfKj4eMbYvn19R4eO6cHnIwQEn9DT0yP/29XVtTMWm4qMJnOK5iykf+K4OhAQEBDyDUrDe3To2FNP9TDGnnpKjRcBja1/HYr62bevjzEm4u+//wHGWFdX10s/3n106NjOWKyrq6urq0uvVbFNG/K4yLQfLAICQqkFxUgeH/nw56lf5muARzl/9+ChfA1wgesAJwcOHh/5UAmMsTfe3Pf+B0dFEDHyR1//5v2Msc7OrudffEkR/+uzO9et+0fG2Hecpyhy4/U3UNMpYmi7s7PrO85Tz7/4EmPs69+8XyTilThCmYaenh75X9dvVv7SN15/A50q33Ge2nj9Dbrg/fFTiDH2/viZKd+kRQo/+JeoSGEyhZQTf187pZVP5StFbP/rszs7O7s6O7um/etAQEBAKJGgNLzvf3C0s7Pri3fetW7dP8qRov33aWy/eOddjLF16/7x5Vf3UIxrh2TmBaUORZ18/Zv3f/HOuyjy0W8//ui3H3//g6M/e+ttxthA6iBjTFTU+x63LdfuHwICAoIcdC85ODj4u9HRfMPkDHA+6wAnBw7qA9ny3eVQOnMonWGMvbZnr7zx0MP2Qw/bh9KZN/f1Mcbeens/KUkT+dp9h9KZl3b/m/IRid/c10ey737v+6/t2csY2/7EDvkjn8QRyjT09PTI/+7s3dXRseyHP3pGxChf+ne/9/0vXHvdoXTmC9deRzL9rBBn2iG3U/SHP3qGUrjt9jvkjCZTSJG4CMopLT513WaMvbT736b9u0BAQEAonaA0vC/t/reOjmWHJjaYDz1si9b+kEcDG/nafaT54Y+eoRQO+XZIZlJQ6lB04W67/Q49knhtz94vXHvdF669TtSJ121L2UBAQEBQgu4lp8EA57UOcHLgoD6QzRh7cfe/7U8dFEHEyBsysl7+V2y/smfvzdaWtvalrkkFTxyhTENPT48S8+Luf7vwoou++cA/0b/6l84Yo/jET/u8BPqZJjYSP+1TUgilkCJHn1Paa3v9hqvXb7g6YGEQEBAQZkNQGt677/0yNbl33/vlu+/9MkUG6WYEj5x5QalDOtJX9uxta1+687nnRaTYFuGbD/xTW/tScZP1qcAZXHsICAiTDLqXLKoBLmAd4OTAwQ+yR5XAGHvuxR8n978rgoiRN/7Pzl5Zo4vl7fMv/IdtO77jlVTwxBHKNPT09OiRryXeZIztfuW1pNuXfuX6Ddt2fOfK9RvoX13geqbJkUoKoRRSJO5zSvts3/fNB1rb2l9LvDnt3wgCAgJCKQSl4VV+6xSRcrckZ+Ofs1meYUGvQzrSp/75+61t7RR55933XLl+g373kftp933zAdrLtWP2Lz98ZtqPFAEBoQSD7iWLZoALXAc4OXBQn8nNGIu98OO+twdEEDFi444v3WOuv+qVvT+RZYpY2fFH/38s9sKP9aTyShyhTENPT48e+eLLrzLGXnz51T63L9357vcZY99/+kf0ry7wOtPELkoKky+knJrrKS0+Pe/Cf4h8435RBvmC0q8vBAQEhFkb5IbX+e73W1rbxL8trW3Od7/f9/bAHV+6544v3SPilaZY9BxIIyfiepuYeUG5eclHeuPNt4iqu/HmW+hnBXP9VVS9jDG6VfW9PfD9p3/U0trW0tr2/ad/pHfMHn/iScaY/O0gICAgUNC9ZNEMcIHrACcHDg7+6gMlMMae7X3hzZ+9LYKIkT+6ftPN1JJefuV6V7G8/cBDNmPs291P6EnllThCmYaenh75X/pym1tav939hIhUvvT4q3sZY/JeisD1TKNzrLml1TWFSRZSTlw/peVP//kHTze3tDa3tP7zD54WguaWVsbYV772jWn/OhAQEBBKJMgN7+VXrn/gIVv8+5WvfUPcDqj9P/f8C9+c2NjqPYdzz7/w+R+/TDGut4mZF5SbFwICAkIxg+4lfQzwGz/5SeKNN8IywAWuA5wcOKg/yrznp0kEhHBDT09P8TN1vvcv1u13lnghERAQEGZzQMOLOkRAQCjroHtJLwP8bipl27Zt2wPvvhuKAS5wHeDkgMujzK/+pB8BIdzQ09NT5BwZY2vOPf9fd71UyoVEQEBAmOUBDS/qEAEBoayD7iVdDfD7v/rV1q1bH3nkkUceeWTr1q0ZTVPUdYDfHjighOTAQQSEcENPT8+0l2FmFBIBAQFhJgU0vKhDBASEsg66l9QN8PGREcdxHpFwHGf4+PHpWQc4YE4AAAAAAAAAAIA/igH+6Le/ffrppx/RiEajv/noo2lYBxgGGAAAAAAAAABAKCgG+IUXXtDdL7Fr165pWAcYBhgAAAAAAAAAQCiU+jrAMMAAAAAAAAAAAEKh1NcBhgEGAAAAAAAAABAKRTPABa4DrOeUTqcjkQhjjDEWiUREvLztgy5LJpOWZTHGDMOIRqP+u1uWlUqlaJsxJrYDUsAuXrkDwCSmLmUBzj3B9F6Jk2mFotGoYRh0wpimmc1mAyYyA06ASbbeJcIkS57X7vnmVYRalb9EcQIDAAAAeVE0A1zgOsBKTul0mjEWj8d1ZTweTyaTORNUZMlkkjGWSCQ459ls1rIsfw8s3+CLb4DLt9MGpoIinA8iC5x7MtNbG5NphRhjejs5SwzwJFvvEmGWG+Dy/eIAAACUDkUzwAWuA6zkZNu24ziKhn4Gzmaz+kc6ikxxvKlUSgym6b0lZcBNFtCgtGmacudSjxS7OI6jlJaMvWmahmGQIeecx+NxwzAMw+BTOdwHyhS9L8gYi0aj4vwU29zjbBQCr7EU2QDT+Ul7CYFt2zR7Qpy0Ykf9fM5ZJDlB1/TlK0L/V0ZOh6Z4yCV3PRyvY1TK6XUl6rn4HE7BR6e3QsG/F68WTD6R8vpCXfU5a153ofqRehUj4FeZ81sLWG/KGetTFUU7t11LrleLz+7+ty25kMzthqUUO5vNUjqxWExvkVwvCp9qdC2VqFuvE9hrL9evGAAAAJgOAzyJdYD1+yuX+u62bQdJU5bpCbp2Cv0jbdumNKnPIXLRI2kX3f3SRxQZj8eZZMLlronr4YNZi9IdpBhxesvbXmejEAQxwCSmSRPpdJpL3WKamiGn4HU++xfJcRz58tTT168I13kfSjoEJUIlVw5HzATWI30uZD1fJRf9cEI5OqUVyvd78WnW8v1CdX2QmnctgHykPsVwTbCAby1gvclnrH9VFO3cdi25a7X4nzxBCqnfsPRii3QSiYTXdSEXzL8ac7ZUwW/BricGAAAAwDkfHBwczp9pWwfY3wEmEglluCCnLBQDnFek6yC2l96yLMuyxJ0bBhjI+Jy9QbaDnE45z2cZObXgF4VPkfT0lStC+derZujFAfTsa+hXd8Bcpujowv1eCthR0RdW83pD51WM0L/KvA4nSB0GEbjmNZlvX6+WnLsHLKRyw/KvIr269IIVUI151W3OvQAAAICiGuDJrwOc8xndILOgZVleU6BDiXQcx/V9XV53a8dxDMMI/q4aMHsI2Kf02g5yOuU8n70evA/LJOjpy1eE/q9rzZimGYvFghzOZAywfy5TdHThfi8F7KjoC6t5rjV0XsUI/avM63CC1GEQgdcxFvzt69WSc/eAhVRuWP5VpFeXa8HyrUYYYAAAAOFSNAMczjrANJdJeQmWPHvTcRzaFpH6hixLJpOGYdCtUXkJlmma8gQtcU/VR4/znQIdjUaFA5dfxCqy05/603MHILgBzjkjNMgUaD1l27ZdR5m4x/mcs0giUvwbZIBXrwclHeq1y6NVwXvMXlWnX4l6LvrhhHJ0rq0QD/y9+Bx4vl+ors9Z867tal7lD/JV5vzWAtablwGexnPbx7qntCFrn92DFFK/YenFtixLpOOanWvBvKoxyNz1gLfgnM7cp4cAAABgZlM0AxzaOsDJZJJea8HGl0GS71vJZJLssf/tTcjkBA3DoN+qiUQiQS8RkR9tovd8KC8I4dIbOOTHnPRIsYt4kko2wLRCiTDknHOaOSY6H3LuADAJEePV5/M5G3mhBlgkyxizLEvZUT+fcxZJvFDHNE3X9JUrQvlXoKRDb9CRX9KT15CRXk7XK1HPRSlGWEfn1QoF/F78DzyvL1TX56x513ZVP1KvYgT8KnN+awHrzcsAT+O57VpyvVqC7J6zkPoNSy92Op0WL7LSq0svmH81upZK3jf4LdinMeQwwAAAMLspmgEObR3gnOjvLJmMrGi49rQAKFNwPoOZCs7tUEA1AgAAmC6KZoDDWQd4BoPeAJhJ4HwGMxWc26GAagQAADBdTMNboCezDjAAAAAAAAAAAFAY02GAJ7EOMAAAAAAAAAAAUBilvg7wIAAAAAAAAAAAEBLFM8CTXwcYAAAAAAAAAAAojKIZ4HDWAQYAAAAAAAAAAAqjaAY4tHWAAQAAAABAMXnnnQPpdEYPhyduHD6c2b8/lU5npru8AADgSdEMcPHWAQYAAAAAAGExMHBwaGg4oHhoaHhg4OCUlgcAACZD0Qww1gEGAAAAACg/8jW0MMAAgFKmqC/BCmUd4HQ6HYlEGGOMsUgkIuLlbR90WTqdZoxls1kRk81mTdM0DCORSFAMGycajeaMYYzF43ElxksTi8UMw5DTAaUAYyyVSun/mqYpnyr+e00pzI3J525Zllcipmk6jiP+NQwjnU7TdjQaNU2TB6gf5arxP//1a3MqatjrkPXS6p/KMtM0RYXIaernUjHPEwDAFKE3DvF4PKyr26cp1tH7RYUVwydTMrS/Gx0NEjgMMACgtJkOAzyJdYCpQ0zWUSEejyeTyZwJ6rJoNKrcxhzHcRwnmUwahqHnLt8evGKoH+x1B5I1sVhMiQGlgJcBzmuv4iAyDSV3n0SEy+WcJxIJ+aqxLCv4LzjyVeN//uvX5lTUsFeaFK9f48peYkOuH3kXfXcYYABmAIwxpZNgmmZYV3fwdFz7RYUVw2cvMrQnTvyGwu7du8W2HsNhgAEApc00GOC81gFWcrJtWx6DImjQKZvN6h/p6DLDMCKRiOi5UoJkkpVOeSqVUu52egyNaNG2171E1gh0cTweNwyDlMJgxGIxy7KUT0HoeBlgsZHNZi3LYozFYjH503g8Tn2gog3p++dO22IOgm3b1Gmj2Q10CEIvDyZzbThXHo+1bds0TdnvKT/6+FSFftXIO8qZ6temq9uXI+WDpSERcTm7RiqHrBdJH4X2KkkqlVLGhMW/JKBf1jgMMAAzAsaYbdv0Kx7nPJlMUvMirm6ltRH38Wg0SvdxrrXJImWlXXJtzUQKeufHqwVWspM7Ej6NIR83tCMjJ0ZGTuweh/7VYzgMMACgtCmzdYBdO46ix2zbdpA0ZZkY5mWMifuKVyebMabfouQYznkkEhG3IhIoNzZFQyQSCVdLIIoUj8fpfhmJRMT86iAj3qAwmIZySti2TScSjYWKTykymUyyYg3p++cuIrlkwBRT5zVtQZ/PbJpmIpHIZrN0+tFe8lwJr8KIdFyvGvn8F5nmdW0qmXLpC6Ienk+klx0VX71lWfpX6XpKiCcs9OKJyvfJEQBQRlDTJH6hi0Qi1Nwp9wjR2oj7uGVZdB/3apP5xFbCteFyVcqR+u1Az07pSPg0TWRojw1/SEE4XmWbAocBBgCUNmW2DrB/xzGRSCgd65wy8dOpuMFwj042H7c6SlJKjN65p4eClBubojEMQ5/XbVmWZVm0I92oaF+KkT8FoaN89fop4WXAfCa+TnVRgxRJsfT05Bg9hRtkHnU0GrVtW3TjbNuORqPRaFS3dj5VoV81rud/8GszZ6bB93KtWP9Op6hP+f0CSkbKEA0MMAAzAPHbVjweT6fT5IR9Whv9Pu76M6u8i/+2V4zXLnp2SkcipwHOZodF2D0R+SMOAwwAKG3KbB3gnI8aBpkFLcuU+wFFGoYh7haKw/S/9yiDXQE1lmV5jV07jmMYhnC8Yv6z/ikIl5lqgJVZA6Zp0vy9gAaYRmXF8EUikTBN07KsgCO0epm59/nvem1OqQH2ysv/ENj4TwmGYej1QNuO43jZYwBAmSJsLb0gUEzO8mltlPu43iYriftvE679Iq+2Ts9O7kjkNMAfZIflINyvEs9hgAEApU2ZrQNM7lEZLJInajqOQ9siUt8QMmVgRwxD0biWPLWJyDkCLL8FR6Dkomgcx1F2UeadihsSjSQrQ8foSU8ROQ2wsG3yaz9L3ADbtq3MGqD+UCqVkvXiHHN9pTMNFytTmgMWhpCvGq/z3+vaFEmJV1J71X9eU6BdZ46I1LyeUFAy9UqTBK7j5ACA8kVcyPKrCkSka2uj3Mf1NllOXJb5TIF27Re5tsBe2bm2/wquBpg8sB7JYYABAKVN+a0DTL6Uut00qCJ305PJJN0G/A0wyZTfTR3Hod9laS6TMp7DGKMHIL1iKAvljbVMe2uFq4agsThRTnIaotMsZk8RyqcgXHIaYHGSKM8Al7IB5uNvUmGM0alOr4yS3+NF29THcjXAymCmPD85SGFcryP9/Pe6NhVT6lP/XHptjPwErx4pH7JSsa6XsM+RRiIRqg05TSHAS7AAmEmIC5kmQiuR3K21Ue7jXGuTBUq75NqaCfR+kdfNSMlO6Uh4NYbc2wC7Bg4DDAAobUp9HeCBYDnJFPAqrLIgkUiUXZlnA9FoFO/inoVMxsTCAAMAyouBgYPHj4+I11z5h+PHR2CAAQClTGEGOKAtDWEd4AIM8IzE56dfMC2IBYRcXxEMZjz07Re8IwwwAKCMOHHio/37UwcOvBckvL0/lU5nprvIAADgyTQY4LzWAYYBBgAAAAAAAAAQCkU1wAWsAwwDDAAAAAAAAAAgFIpmgAtcB3gQAAAAAAAAAAAIieIY4ALXAcYIMAAAAAAAAACAUCiaAS5wHWAYYAAAAAAAAAAAoVA0A1zgOsAwwAAAAAAA08s77xxIpzN6ODxx4/DhzH68BRoAUNoUzQAXbx1gAAAAAAAQFgMDB4eGhgOKh4aGsQ4wAKCUmQ4DjHWAAQAAAADKhHwNLQwwAKCUmQYDPMl1gNPpdCQSYYwxxiKRiIiXt33QZel0mjGWzWZFTDabNU3TMIxEIkExbJxoNJozhjEWj8eVGJGXknIsFjMMQ04HlAKMsVQqpf9rmqZ8qvjvNaUwNyafu2VZXomYpuk4jvjXMIx0Ok3b0WjUNE0eoH6Uq8b//NevzamoYa9D1kurfyrLTNMUFSKnqZ9LxTxPAABThN44xOPxsK5un6ZYR+8XFVYMn0zJ0P5udDRI4DDAAIDSpqgGePLrAFOHmOylQjweTyaTORPUZdFoVLmNOY7jOE4ymTQMQ89dvj14xVA/WL8DWZYVi8VSqZRIORaLKXuBUsDLAOe1V3EQmYaSu08iwuVyzhOJhHzVWJYV/Bcc+arxP//1a3MqatgrTYrXr3FlL7Eh14+8i747DDAAMwDGmNJJME0zrKs7eDqu/aLCiuGzFxnaEyd+Q2H37t1iW4/hMMAAgNKmaAa4wHWAlZxs25bHoAgadMpms/pHOrrMMIxIJCJ6rpQgmWSlUy4bV68YGtGibZ+Ob5A+cTweNwyDUhMGIxaLWZalfApCx8sAi41sNmtZFmMsFovJn8bjceoDFW1I3z932hZzEGzbpk4bzUGgQxB6Zc6CMpwrj8fatm2apuz3lB99fKpCv2rkHeVM9WvT9QqSI+WDpSERcTm7RiqHrBdJH4X2KkkqlVLGhMW/JKBf1jgMMAAzAsaYbdv0Kx7nPJlMUvMirm6ltRH38Wg0SvdxrrXJImWlXXJtzUQKeufHqwVWspM7Ej6NIR83tCMjJ0ZGTuweh/7VYzgMMACgtCmzdYBdO46ix2zbdpA0ZZkY5mWMifuKVyebMabfouQYznkkEhG3IhLINzbTNGOxmD6mlEgkXC2BKFI8Hqf7ZSQSEfOrg4x4g8JgGsopYds2nUg0Fio+pchkMsmKNaTvn7uI5JIBU0yd17QFfT6zaZqJRCKbzdLpR3vJcyW8CiPScb1q5PNfZJrXtalkyqUviHp4PpFedlR89ZZl6V+l6ykhnrDQiycq3ydHAEAZQU2T+IUuEolQc6fcI0RrI+7jlmXRfdyrTeYTWwnXhstVKUfqtwM9O6Uj4dM0kaE9NvwhBeF4lW0KHAYYAFDalNk6wP4dx0QioXSsc8rET6fiBsM9Otl83OooSSkxeueeHgqiGxvpHcdRUjYMQ5/XbVmWZVm0I92oKH2KkT8FoaN8Qfop4WXAfCa+TnVRgxRJsfT05Bg9hRtkHnU0GrVtW3TjbNuORqPRaFS3dj5VoV81rud/8GszZ6bB93KtWP9Op6hP+f0CSkbKEA0MMAAzAPHbVjwepxd8cN/WRr+P622ykrj/tleM1y56dkpHIqcBzmaHRdg9EfkjDgMMAChtymwd4JyPGgaZBS3LlPsBRRqGIe4WisP0v/cog13+e8nvy/Eau3YcxzAM4XjF/Gf9UxAuM9UAK7MGaEqCl16HRmXF8EUikTBN07KsgCO0epm59/nvem1OqQH2ysv/ENj4TwmGYej1QNuO43jZYwBAmSJsLb0gUEzO8mltlPu43iYriftvE679Iq+2Ts9O7kjkNMAfZIflINyvEs9hgAEApU2ZrQNMDlMZLJInajqOQ9siUt8QMmVgRwxD0biWPLWJyDkCLL8FR6APHyWTSXH/cxxH2UWZdypuSDSSrAwvoyc9ReQ0wMK2ya/9LHEDbNu2MmuA+kOpVErWyzP29Z9XaLhYmdIcsDCEfNV4nf9e16ZISryS2qv+85oC7TpzRKTm9YSCkqlXmiRwHScHAJQv4kKWX1UgIl1bG+U+rrfJcuKyzGcKtGu/yLUF9srOtf1XcDXA5IH1SA4DDAAobcpvHWDypdTtpkEVuZueTCbpNuBvgEmm/G7qOA75UrFYkTyewxijByC9YigL5Y21bOJbK8g8KGNBAhqLE+Ukseg0i9lTclIBR7xBvuQ0wPKKVuVigPn4m1QYY3Sq0yuj5Pd40Tb1sVwNsDKYKc9PDlIY1+tIP/+9rk3FlPrUP5deGyM/watHyoesVKx+CfsfaSQSodqQ0xQCvAQLgJmEuJBpIrQSyd1aG+U+zrU2WaC0S66tmUDvF3ndjJTslI6EV2PIvQ2wa+AwwACA0qb81gHOSQGvwioLEolE2ZV5NhCNRvEu7lnIZEwsDDAAoLwYGDh4/PiIeM2Vfzh+fAQGGABQypTZOsCzFp+ffsG0IBYQcn1FMJjx0Ldf8I4wwACAMuLEiY/2708dOPBekPD2/lQ6nZnuIgMAgCdltg4wAAAAAAAAAABQGGW2DjAAAAAAAAAAAFAYpb4O8CAAAAAAAAAAABASxTHA4awDDAAAAAAAAAAAFEbRDHA46wADAAAAAAAAAACFMR0GeHLrAAMAAAAAgGLyzjsH0umMHg5P3Dh8OLMfb4EGAJQ202CAp3odYAAAAAAAEBYDAweHhoYDioeGhrEOMACglCmqAcY6wAAAAAAA5UW+hhYGGABQyhTNAIe2DnA6nY5EIowxxlgkEhHx8rYPuiydTjPGstmsiMlms6ZpGoaRSCQoho0TjUaV1BhjOfcSmnQ6rWj0vUApwBhLpVL6v6ZpyqeK/15TCnNj8rlbluWViGmajuOIfw3DSKfTtB2NRk3T5AHqR7mOYrGYYRj6lUXo1+ZU1LDXIXtd9fKnssw0TVEhcpr6uVTM8wQAMEXojUM8Hg/r6vZpinX0flFhxfDJlAzt70ZHgwQOAwwAKG2KZoDDWQeYOsTxeFxXxuPxZDKZM0FdFo1GlduY4ziO4ySTScMw9NzF7SGVSskGWN9LvwNZlhWLxVKplNB45QWmFy8DnNdexUFkGkruPokIl8s5TyQS8lVjWZarS3RFvo5isZiIEe5RzlG5Nqeihr3SpHjlqtf3Ehty/ci76LvDAAMwA2CMKTdu0zTDurqDp+PaLyqsGD57kaE9ceI3FHbv3i229RgOAwwAKG2KZoALXAdYycm2bXkMiqBBp2w2q3+ko8sMw4hEIqLnSgmSSVY65bJx5ZxHIpFkMikMsL6XT8dXHlF0zYtzHo/HDcOgHIXBiMVilmUpn4LQ8TLAYiObzVqWxRiLxWLyp/F4nPpAwQ1hWEV1zZ22xVlq2zZ12mjGAR2C0CtzFpThXHk81rZt0zRlv6ec8z5VoVxHylHImerXpqvblyPlg6Xfp8Ql5hqpkTVNyAAAIABJREFUHLJeJH0U2qskqVRKGRMW/5KAfu3ihfZNAQAlBWPMtm36FY9znkwmqXkRV7fS2oj7eDQapfs419pkkbLSLrm2ZiIFvfPj1QIr2ckdCZ/GkI8b2pGREyMjJ3aPQ//qMRwGGABQ2pTZOsCuHUfRY7ZtO0iaskwMvTLGxH3Fq5PNGBO3qHQ67TiO6PK67kW7yDc20zRjsZg8puSal0hQFCkej9P9MhKJ0A+98qcgdJiG8jXZtk0nEo2Fik8pkn4Z0Yc0p6ioPrmLSC4ZMMXUyQOw8nmoz2c2TTORSGSzWTr9aC/XWQ9KYUQ6ynVEJBIJkYLINK9rU8mUS18Q9fB8Ir3sqPjqLcvSv0rXU0I8YaEXT1S+T44AgDKCmibxC534TVy5R4jWRtzHLcui+7hXm8wnthKuDZerUo7Ubwd6dkpHwqdpIkN7bPhDCsLxKtsUOAwwAKC0KbN1gP07jolEIsiTtLJM/HQqbjDc25SS1aFtx3Gy2ay/ASbooSC6sVEKjuMEMcCWZVmWRTvSjYpkFCN/CkJH+Tr8vy//yKIVNUiRFEtPT47RU7hB5lFHo1HbtkU3zrbtaDQajUZ1a+dTFfJ1RBiGoT/XEPzazJlp8L1cK9a/0ynqU36/gJKRMkQDAwzADED8thWPx+kFH9y3tdHv43qbrCTuv+0V47WLnp3SkchpgLPZYRF2T0T+iMMAAwBKmzJbBzjno4ZBZkHLMuV+QJGGYYi7heIwvW4kAfeSY+gXWZ+9qJyGYQjHK+Y/65+CcJmpBliZNUBTErz0OjQqK4YvEomEaZqWZQUcodXLzDm3LMt17obrtTmlBtgrL/9DYOM/JRiGodcDbTuO42WPAQBlirC19IJAMTnLp7VR7uN6m6wk7r9NuPaLvNo6PTu5I5HTAH+QHZaDcL9KPIcBBgCUNmW2DjBN5lEGi+SJmjQwK0fqG0KmDOyIYSga15KnNhH6yJU8Auy1lz58lEwm5ed/lL2UeafihkQjycoQN3rSU0ROAyxsm/zazxI3wLZtK7MGqD9Ep7HQyzP29Z9XaLhYmdIcsDCEMpNCuV4oU69rUyQlXkntVf95TYF2nTkiUpNnaPscqVeaJHAdJwcAlC/iQpZfVSAiXVsb5T6ut8ly4rLMZwq0a7/ItQX2ys61/VdwNcDkgfVIDgMMAChtym8dYPKK1O2mQRW5m55MJuk24G+ASab8buo4DvlSsViRPJ7DGKMHIOXCyAbYZy8RQ+ZBHgvS9xLlJLHoNIvZU3JSAUe8Qb7kNMDyilblYoD5+JtUGGN0qtMro+T3eNE29bFcDbAymCnPTw5SGOU6YhI0Fk2Zel2biin1qX8uvTZGfoJXj5QPWalY/RL2P9JIJEK1IacpBHgJFgAzCXEh00RoJZK7tTbKfZxrbbJAaZdcWzOB3i/yuhkp2SkdCa/GkHsbYNfAYYABAKVN+a0DnJMCXoVVFiQSibIr82wgGo3iXdyzkMmYWBhgAEB5MTBw8PjxEfGaK/9w/PgIDDAAoJQps3WAZy0+P/2CaUEsIOT6imAw41Hmfue7IwwwAKCMOHHio/37UwcOvBckvL0/lU5nprvIAADgSZmtAwwAAAAAAAAAABRGma0DDAAAAAAAAAAAFEaprwM8CAAAAAAAAAAAhETRDfAk1gEGAAAAAAAAAAAKYxoM8GTWAQYAAAAAAAAAAAqjqAY4lHWAAQAAAABAMXnnnQPpdEYPhyduHD6c2Y+3QAMASpuiGeDirQMMAAAAAADCYmDg4NDQcEDx0NAw1gEGAJQyRTPAWAcYAAAAAKD8yNfQwgADAEqZohng0NYBTqfTkUiEMcYYi0QiIl7e9kGXpdNpxlg2mxUx2WzWNE3DMBKJBMWwcaLRqJIaY0z8m0gkLMsS/zIJkZeSsp4XKAUYY6lUSv/XNE35VPHfa0phbkw+d8uyvBIxTdNxHPGvYRjpdJq2o9GoaZo8QP0o11EsFjMMQ7+yCP3anIoa9jpkr6te/lSWmaYpKkROUz+XinmeAACmCL1xiMfjYV3dPk2xjt4vKqwYPpmSof3d6GiQwGGAAQClTdEMcDjrAFOHOB6P68p4PJ5MJnMmqMui0ahyG3Mcx3GcZDJpGIaeu7g9pFIp2QBHIhHHcWQ/rN+BLMuKxWKpVEqk7JUXmF68DHBeexUHkWkoufskIlwu5zyRSMhXjWVZri7RFfk6isViIka4RzlH5dqcihr2SpPilate30tsyPUj76LvDgMMwAyAMabcuE3TDOvqDp6Oa7+osGL47EWG9sSJ31DYvXu32NZjOAwwAKC0mY5lkPJZB1jJybZteQyKoEGnbDarf6SjywzDiEQioudKCZJJVjrlsnHlnEcikWQyKTveVCrlb4D1TrNXXpzzeDxuGAblKAxGLBajQWb5UxA6XgZYbGSzWcuyGGOxWEz+NB6PUx8ouCEMq6iuudO2OC1t26ZOG804oEMQemXOgjKcK4/H2rZtmqbs9+jsDVIVynWkHIWcqX5turp9OVI+WPp9SlxirpHKIetF0kehvUoiLn8lTSGgX7s4DDAAMwLGmG3b9Cse5zyZTFLzIq5upbUR9/FoNComiyltskhZaZdcWzORgt758WqBlezkjoRPY8jHDe3IyImRkRO7x6F/9RgOAwwAKG3KbB1g146j6DHbth0kTVkmhl4ZY+K+4tXJZoyJW1Q6nXYcR3G8ugFWbmymacZiMXlMyTUvsbsoUjwep/tlJBKhH3rlT0HoMA3la7Jtm04kGgsVn1Ik/TKiD2lOUVF9cheRXDJgiqmTB2Dl81Cfz2yaZiKRyGazdPrRXvL8Ba/CiHSU64hIJBIiBZFpXtemkimXviDq4flEetlR8dVblqV/la6nhHjCQi+eqHyfHAEAZQQ1TeIXOvGbuHKPEK2NuI9blkX3ca82mU9sJVwbLlelHKnfDvTslI6ET9NEhvbY8IcUhONVtilwGGAAQGlTZusA+3ccE4lEkCdpZZn46VTcYLi3KSWrQ9uO42SzWX8DTNBDQXRjoxRopnROA2xZlmVZtCPdqEhGMfKnIHSUr8P/+/KPLFpRgxRJsfT05Bg9hRtkHnU0GrVtW3TjbNuORqPRaFS3dj5VIV9HhGEY+nMNwa/NnJkG38u1Yv07naI+5fcLKBkpQzQwwADMAMRvW/F4nF7wwX1bG/0+rrfJSuL+214xXrvo2SkdiZwGOJsdFmH3ROSPOAwwAKC0KbN1gHM+ahhkFrQsU+4HFGkYhrhbKA7T60ZCn7oaYO5xx6JfZH3yonIahiEcr5j/rH8KwmWmGmBl1gBNSfDS69CorBi+SCQSpmlalhVwhFYvM+fcsizXuRuul9iUGmCvvPwPgY3/lGAYhl4PtO04jpc9BgCUKcLW0gsCxeQsn9ZGuY/rbbKSuP824dov8mrr9OzkjkROA/xBdlgOwv0q8RwGGABQ2pTZOsA0mUcZLJInatLArBypbwiZMrAjhqFoXEue2kToI1cBR4CV4aNkMik//6Pkpcw7FTckGklWhrjRk54ichpgYdvk136WuAG2bVuZNUD9ITpvhV6esa//vELDxcqU5oCFIZSZFMpVRpl6XZsiKfFKaq/6z2sKtOvMEZGaPEPb50i90iSB6zg5AKB8ERey/KoCEena2ij3cb1NlhOXZT5ToF37Ra4tsFd2ru2/gqsBJg+sR3IYYABAaVN+6wCTV6RuNw2qyN30ZDJJtwF/A0wy5XdTx3HIl4rFiuTxHMYYPQApF0Z2vK6jVWziWyvIPMhjQXpeopwkFp1mMXtKTirgiDfIl5wGWF7RqlwMMB9/kwpjjE51emWU/B4v2qY+lqsBVgYz5fnJQQqjXEfyVUNj0ZSp17WpmFKf+ufSa2PkJ3j1SPmQlYrVL2H/I41EIlQbcppCgJdgATCTEBcyTYRWIrlba6Pcx7nWJguUdsm1NRPo/SKvm5GSndKR8GoMubcBdg0cBhgAUNqU3zrAOSngVVhlQSKRKLsyzwai0SjexT0LmYyJhQEGAJQXAwMHjx8fEa+58g/Hj4/AAAMASpkyWwd41uLz0y+YFsQCQq6vCAYzHnmuRwE7wgADAMqIEyc+2r8/deDAe0HC2/tT6XRmuosMAACelNk6wAAAAAAAAAAAQGGU2TrAAAAAAAAAAABAYZT6OsCDAAAAAAAAAABASBTPAE9+HWAAAAAAAAAAAKAwimaAw1kHGAAAAAAAAAAAKIyiGeDQ1gEGAAAAAADF5J13DqTTGT0cnrhx+HBmP94CDQAobYpmgIu3DjAAAAAAAAiLgYGDQ0PDAcVDQ8NYBxgAUMoUzQBjHWAAAAAAgPIjX0MLAwwAKGWK+hKsUNYBTqfTkUiEMcYYi0QiIl7e9kGXpdNpxlg2mxUx2WzWNE3DMBKJBMWwcaLRqJIaY0z8m0gkLMsS/zKJeDzumo6sCVJ+UBwYY6lUSv/XNE35VPHfa0phbkw+d8uyvBIxTdNxHPGvYRjpdJq2o9GoaZo8QP0o538sFjMMQ7+yCP3anIoa9jpkr6te/lSWmaYpKkROUz+XinmeAACmCL1xiMfjYV3dPk2xjt4vKqwYPpmSof3d6GiQwGGAAQClzXQY4EmsA0wdYjKTCvF4PJlM5kxQl0WjUeU25jiO4zjJZNIwDD13cXtIpVKyAY5EIo7j6D6W9hI9YyUddIVLEy8DnNdexSHcc8knEeFyOeeJREK+aizLcnWJrsjnfywW427XiMhRuTanooa90qR45arX9xIbcv3Iu+i746oHYAbAGFM6CaZphnV1B0/HtV9UWDF89iJDe+LEbyjs3r1bbOsxHAYYAFDaTIMBzmsdYCUn27blMSiCBp2y2az+kY4uMwwjEomInislSCZZ6ZSnUin5bheJRJLJpOx4U6mUboBpjEuOkdPxud/E43HDMEgpDEYsFqNBZvlTEDpeBlhsZLNZy7IYY7FYTP40Ho9THyi4IQyrqK6507Y4LW3bpk4bzW6gQxB6ZT6CMpwrj8fatm2apuz36EoJUhXKdaQchZypfm26un05Uj5Y+n1KXM6ukcoh60XSR6G9SiIufyVNIaBf1jgMMAAzAsaYbdv0Kx7nPJlMUvMirm6ltRH38Wg0KiaLKW2ySFlpl1xbM5GC3vnxaoGV7OSOhE9jyMcN7cjIiZGRE7vHoX/1GA4DDAAobcpsHWDXjqPoMdu2HSRNWSaGeRlj4r7i1clmjIlbVDqddhxHcbyuBphGhuVDkNOhf5Wbn/hIFCkej9P9MhKJiNnUQUa8QWEwDeWUsG2bTiQaCxWfUiT9MqIPaU5RUX1yF5FcMmCKqZMHYOVzXp/PbJpmIpHIZrN0+tFe8lwJr8KIdJTzn0gkEiIFkWle16aSKZe+IOrh+UR62VHx1VuWpX+VrqeEeMJCL56ofJ8cAQBlBDVN4hc68Zu4co8QrY24j1uWRfdxrzaZT2wlXBsuV6Ucqd8O9OyUjoRP00SG9tjwhxSE41W2KXAYYABAaVNm6wD7dxwTiYRuI/1l4qdTcYPhHp1sPm51aNtxnGw2G8QAu3b3FRk9OKSYDcuyLMuiSLpRUWoUI38KQkf56vVTwsuA+Ux8neqiBimSYunpyTF6CjfIPOpoNGrbtujG2bYdjUaj0ahu7XyqQj//DcPQn2sIfm3mzDT4Xq4V69/pFPUpv19AyUgZooEBBmAGIH7bisfj6XSanLBPa6Pfx/U2WUncf9srxmsXPTulI5HTAGezwyLsnoj8EYcBBgCUNmW2DnDORw2DzIKWZcr9gCINwxB3C8Vhet1I6FPdACvDX3o6PjFUTsMwhOMV85/1T0G4zFQDrMwaME2T5u8FNMA0KiuGLxKJhGmalmUFHKHVy8w5tyzLde6G6yU2pQbYKy//Q2DjPyUYhqHXA207juNljwEAZYqwtfSCQDE5y6e1Ue7jepusJO6/Tbj2i7zaOj07uSOR0wB/kB2Wg3C/SjyHAQYAlDZltg4w+UllsEieqEkDs3KkviFkysCOGIaicS15ahOhj1zlHAGW34vjk45cEmXeqbgh0SixMpiMnvQUkdMAC9smv/azxA2wbdvKrAHqD9F5K/TiHHN9pTMNFytTmgMWhlBmUigXCGXqdW2KpMQrqb3qP68p0K4zR0Rq8gxtnyP1SpMEruPkAIDyRVzI8qsKRKRra6Pcx/U2WU5clvlMgXbtF7m2wF7Zubb/Cq4GmDywHslhgAEApU35rQNMvpS63TSoInfTk8kk3Qb8DTDJlN9NHceh32VpLpMynsMYowcg5cLIjlcfraJMlXfYKumIGJGXKCc5DdFpFrOnCOVTEC45DbA4SZRngEvZAPPxN6kwxuhUp1dGye/xom3qY7kaYGUwU56fHKQwruc/QWPRlKnXtamYUp/659JrY+QnePVI+ZCVitUvT/8jjUQiVBtymkKAl2ABMJMQFzJNhFYiuVtro9zHudYmC5R2ybU1E+j9Iq+bkZKd0pHwagy5twF2DRwGGABQ2pTfOsA5KeBVWGVBIpEouzLPBqLRKN7FPQuZjImFAQYAlBcDAwePHx8Rr7nyD8ePj8AAAwBKmTJbB3jW4vPTL5gWxAJCrq8IBjMeZa5HvjvCAAMAyogTJz7avz914MB7QcLb+1PpdGa6iwwAAJ6U2TrAAAAAAAAAAABAYZTZOsAAAAAAAAAAAEBhlPo6wIMAAAAAAAAAAEBIFMcAh7MOMAAAAAAAAAAAUBhFM8DhrAMMAAAAAAAAAAAURtEMcGjrAAMAAAAAgGLyzjsH0umMHg5P3Dh8OLMfb4EGAJQ2RTPAxVsHGAAAAAAAhMXAwMGhoeGA4qGhYawDDAAoZabDAGMdYAAAAACAMiFfQwsDDAAoZabBAE9yHeB0Oh2JRBhjjLFIJCLi5W0fdFk6nWaMZbNZEZPNZk3TNAwjkUhQDBsnGo0qqTHGaDuRSBiGIe+lx6TTaSVlWRak/KA4MMZSqZT+r2ma8qniv9eUwtyYfO6WZXklYpqm4zjiX8Mw0uk0bUejUdM0eYD6Ua6jWCxmGIZ+ZRH6tTkVNex1yF5XvfypLDNNU1SInKZ+LhXzPAEATBF64xCPx8O6un2aYh29X1RYMXwyJUP7u9HRIIHDAAMASpuiGuDJrwNMHeJ4PK4r4/F4MpnMmaAui0ajym3McRzHcZLJpGJKKXdxe0ilUrIBJlubSCR8YizLisViqVRKpEzbPp4BTAteBjivvYqDyDSU3H0SES6Xc05ntbhqLMtydYmuyNdRLBYTMcI9yjkq1+ZU1LBXmhSvXPX6XmJDrh95F313GGAAZgCMMaWTYJpmWFd38HRc+0WFFcNnLzK0J078hsLu3bvFth7DYYABAKVN0QxwgesAKznZti2PQRE06JTNZvWPdHSZYRiRSET0XClBMslKp1w2rpzzSCSSTCaFuaW9EomESEqP0TvNtm27+nnOeTweFyPDwmDEYjHLspRPQeh4GWCxkc1mLctijMViMfnTeDxOfaDghjCsorrmTtviLLVtmzptNAeBDkHo5cFkrg3nyuOxtm2bpimf2HSlBKkK5TpSjkLOVL82Xd2+HCkfLP0+JS5n10jlkPUi6aPQXiVJpVLKmLD4lwT0yxqHAQZgRsAYs22bfsXjnCeTSWpexNWttDbiPh6NRuk+zrU2WaSstEuurZlIQe/8eLXASnZyR8KnMeTjhnZk5MTIyInd49C/egyHAQYAlDZltg6wa8dR9Jht2w6SpiwTw7yMMXFf8epkM8bkycyO44guLx+f3ixPg9RjTNOMxWLymBJjzHEc+quUUy5SPB6n+2UkEiHDLH8KQodp6L9c0IlEY6HiU4qkX0b0Ic0pKqpP7iKSSwZMMXXyAKx8zuvzmU3TTCQS2WyWTj/aS54r4VUYkY5yHRH0FICSaV7XppIpl74g6uH5RHrZUfHVW5alf5Wup4R4wkIvnqh8nxwBAGUENU3iFzrxm7hyjxCtjbiPW5ZF93GvNplPbCVcGy5XpRyp3w707JSOhE/TRIb22PCHFITjVbYpcBhgAEBpU2brAPt3HGm+cc40ZZn46VTcYLhHJ5uPWx3adhwnm83KBjgajVJq4pddPYZSIMcrshCWWOlkW5ZlWRbdEelGRXqKkT8FoaN89fop4WXAfCa+TnVRgxRJsfT05Bg9hRtkHjWd0qIbZ9t2NBqNRqO6tfOpCvk6IgzD0OdBBL82c2YafC/XivXvdIr6lN8voGSkDNHAAAMwAxC/bcXjcfq9m/u2Nvp9XG+TlcT9t71ivHbRs1M6EjkNcDY7LMLuicgfcRhgAEBpU2brAOd81DDILGhZptwPKNIwDHG3UBym142Eu932fHrYwu7Keek3HsdxxBPC9Pyw8NLKpyBcZqoBVmYN0JQEL70OjcqK4Qua3m9ZVsARWr3MnHPLslznbrhem1NqgL3y8j8ENv5TgmEYej3w8VkeXvYYAFCmCFtLLwgUk7N8WhvlPq63yUri/tuEa7/Iq63Ts5M7EjkN8AfZYTkI96vEcxhgAEBpU2brANNkHmWwSJ6oSQOzcqS+IWTKwI4YhqJxLXlqE6GPXMkjwLS7PJarx4ijkJ//iUajcjrKvFNxQ6LXSypD3OhJTxE5DbCwbfJrP0vcANu2rcwaoP4QnX5CL84x11c603CxMqU5YGEIZSaFcpVRpl7XpkhKvJLaq/7zmgLtOnNEpCbP0PY5Uq80SeA6Tg4AKF/EhSy/qkBEurY2yn1cb5PlxGWZzxRo136RawvslZ1r+6/gaoDJA+uRHAYYAFDalN86wORLqdtNgypyNz2ZTNJtwN8Ak0z53VTMVRaLFcnjOYwxegBSLoxsXMVqRiJNPYbMgzwWpC+MJMpJYtFpFrOn5KQCjniDfMlpgOUvrlwMMB9/kwpjjE51emWU/B4v2qY+lqsBVgYz5fnJQQqjXEdMgsaiKVOva1MxpT71z6XXxsg/P+mR8iErFSsKrA+buGYaiUSoNuQ0hQAvwQJgJiEuZJoIrURyt9ZGuY9zrU0WKO2Sa2sm0PtFXjcjJTulI+HVGHJvA+waOAwwAKC0Kb91gHNSwKuwyoJEIlF2ZZ4NRKNRvIt7FjIZEwsDDAAoLwYGDh4/PiJec+Ufjh8fgQEGAJQyZbYO8KzF56dfMC2IBYRcXxEMZjzK3O98d4QBBgCUESdOfLR/f+rAgfeChLf3p9LpzHQXGQAAPCmzdYABAAAAAAAAAIDCKLN1gAEAAAAAAAAAgMIo9XWABwEAAAAAAAAAgJAojgEOZx1gAAAAAAAAAACgMIpmgMNZBxgAAAAAAAAAACiM6TDAk1sHGAAAAAAAAAAAKIBpMMBTvQ4wAAAAAAAAAACgU1QDjHWAAQAAAAAAAABMF0UzwKGtA5xOpyORCGOMMRaJRES8vG2apuM44l/DMNLpNG1Ho1HTNNk4qVRKSYciaYMwTTMWi8llSCaTlmUxxgzDiEajATPlnKdSKZG7UmYfFJkomMg6rxjKmkgkEpb1f9u7++iq7vNO9HvW6rqrc9tkrem6M6u3a+5dt3+ksQ3G5kWAQQIDxuC6yqRt5ibNTV+SkI4mjptMe7OTzKjptHFeuEOSepKmiZI471YSg02EYxvZEOzYlrHBiDfBEQgjjI0FAsSreJXuHxvv7pwjHR2Jw94S+/NZz8o62uervX/nHFk5D3vrPI2lh4sz7e3t9fX19fX17e3tw+0nuaWtra3MnqmuIV/Tqu85+R9L5XtoaWmpr6+PFtbQ0NDX1zeY+I9rPGhsbCxdzLha4YhKVzuq9SefgWv6wId8qkelp6cn+hU6WPK7Jbor+Ttq3bp10c9e/Nuvr68vmWloaIh/OQMAeZNaA1ydOcA9PT3JLiupra2tUChEt+OGc3BwsL29PflOqLGxMbqdbHTr6+vj701uj2709PTE3zU4OFgoFIIgiN5I9fX1xXdVctD6+vrk4pNrLmPIWPRUJN9Wlt9S+gZ3xYoVzc3NRb1Td3d3sgGO3jJGD6fo+RlyPdHbyiH3TNWl0K2V+fkZ8RtLf2jHVXs55GLG1QpHdJUNcDJ8TR/41e+8paUl+hVa+rulsbFx3bp13d3d9fX10Zbo3yuTv5Gam5ubm5sLhUKUifcGAORQag3wGOcAFx2pqakpeZY1Ep1f6uvri++K3vpEJ52ampoaGhri1jR+S5R8Z9/W1pYMlL7jj04UR7eTzXDyrkoOmjxNMTg4mFxzGUPGkm/4Ktky5HvQ5OOKrFixIurwoy8bGhoKhUJ7e3vp81MkOutSZs9U3ZD9T0tLS/TMJ28PvnliP3pBS8PxSdrhDhH/Z5L8l53BwcGmpqbon5CSP9hFp6aH/G9qyG8sumtwcDC61CL41WsZhlxJ+XuLHv5wJ8/jby9a2HCrLV1e0frLfBntqq2tLbrIIrq36MvSfF9fX/RY1q1bN+QPQNH6499X69atS544LX2NKn99i9ZZeojkvaVPddE+oyNGV9NE/9bW1NRU9LKuWLEi/qfDot8tZf6NJt6SfN17enra2toqvPoGALj+TLA5wEN2X/F79+TbpoaGhvb29r6+vuhMVPS+Jz4DMFjytqm5uTl+Nzbk26kK32aVP2h0RXHyJHDpW70hFcWid5OlLUeZLdGXRW9ki95K9vT0NDc3JzdGlxcmrxgccj+Db56ZGW7PXAulrUWyeUjebmpqim5HnUlpoJIGOArHP9iDb55YG/zVf/0p+sbBof7bKfONzc3Npf9RJM/mFa2kaNlD3jvcwx/yDHC0sLa2tvhZLbPa0uUVrb/0y6JdBb96qrzoy9J8/FiiXrH0d1HR+tva2qKmNNlDlj4DY3h943WWHqL0QcUHGvIZiE7hRp1w8skccg9Fv1uiP1Epvf4l+mVb9O3RDb+dACDPJtgc4CHfs8aii3Wj2y0tLU1NTfE7s6ampuiyt7hJK3pLFP2RWOn20kOXaYBHPOjgm38GHG9JrrmM0lhuIO+uAAAgAElEQVTysuTKt0Rvi+M3skVvBJubm/v6+pIbo0fU3Nxc9Ae9RfuJnoQyrTXXQpkfxUpul/+vqUw4uTFpyP9ehtxJhd84+Obf/Ed/0llmJRUed8SHP9qHWX55Q35ZtKvGxsbGxsb4P6WiL0vzo334UYcZfVn6jwUj/oQM98CT6yw9ROmjSO58uEdU5qVJbin63RL9louui05+V/KfGov27LcTAOTZBJsDXHT5cam4sYzOuzY2NkbvgaKLeBsbG8v8re+6deuSJ1WSb6eSZ3GHuwS6koNGoveL8SmOSq6CHjJW/m1iJVtKLyZMGvJZGnI/pefivMVMQYXt33C3h+wAhzvEcHsY7o/Yyx+xwm8cfPP83ogrqfC4Iz780T7M8ssb8svSXTU3N9fX18f/+SS/LM2P4eFHfyVb+qF0lfyElPmQguQ6Sw9R9CiSOx/uEY2tAU5m4l+qjY2NyRPv9fX18Z6L/o0PAMibCTYHOGq0ii7kS169GZ3DjG5Hp2WKzqXE3zXkm63oL/qKtnd3dyev+I263Oiu5IdgVXLQSNE1fvGa4wdSeqPooQ1exRngEf9SN7kxOotSelFi0X6SHwBWZs9UV+UN8IjXAFdyCXTpnpuampIn+kZcSSXfGC81/t5CoTDkecLKn4HhHn7pxRdB4hLi5F/tlnmYRcsrWn/pl0Puari2uTQft3bRVRilD790/VFyyAeb/BOJUb2+RckhD5F8yeK7SvdZlQY4+mT+6HZzc3PRr6PoYpxCoRB/Gr/fTgCQWxNvDnD0JiZqLKMPMkm+dy8UCnF73NzcnPykk+Q70fgkZ9ElhcnPlYkzpadw4zXU19cXTUgqc9B4n0XfFa+5fAMcx6KdRH9vnNxthVuS58BjyYeQfHcYj0EqGqeU3E+0zuS/Agy3Z6qr9Hku0xzGnwKV/HPuq2yA491G/5kM+Y3D7WS4b4w/5CnqVaKP6Sr6D3O0DfCQDz/aZ9HnxgVvfiBT/I9c5Vdburyi9Rd9Wbqr6J/M4us7ir4szSen/gz58EvXH1+iXCT5DIz29S1aZ9Ehiu4teqqL9ln6ypY+ruRfFxf9zEfHKhplF4s/ETp60qLfWj4ECwDybOLNAR5RhR8rNa6M7aOwAEbU3t5+rX91XOtDVHdwkTFIAJBnE2wOMACVKzrvPUEPEZ3CrdbervVqAYDxbILNAQYAAICxmWBzgAEAAGBsxvsc4F4AAACoktQb4KuYAwwAAABjk0EDfDVzgAEAAGBsUm2AqzIHGAAAAMYgtQY4vTnAAAAAUCq1BtgcYAAAALKUWgNsDjAAAABZSq0BNgcYAACALGUxBmk0c4BfOfD61T1AAAAAGBwccwNcWVtajTnAGmAAAACqIYMGeHRzgDXAAAAAVEOqDfBY5gBrgAEAAKiG1Brgsc4B1gADAABQDak1wGOdA6wBBgAAoBpSa4DHOgdYAwwAAEA1pNYAj3UOsAYYAACAashiDJI5wAAAAKTOHGAAAAByYbzPAe4FAACAKkmvATYHGAAAgKyk1gCbAwwAAECWUmuAzQEGAAAgS6k1wOYAAwAAkKXUGmBzgAEAAMhSqh+CZQ4wAAAAWcmiATYHGAAAgNRl0ACPag6wBhgAAICqMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcGO9zgHsBAACgStJpgM0BBgAAIEupNcDmAAMAAJCl1Bpgc4ABAADIUmoNsDnAAAAAZCmLBtgcYAAAAFKXQQNsDjAAAADpS7UBNgcYAACArKTWAI9xDrAGGAAAgKowBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwY73OAewEAAKBK0mmAzQEGAAAgS6k1wD4ECwAAgCyl1gD7ECwAAACylFoD7EOwAAAAyFJqDfAYPwRLAwwAAEBV+BAsAAAAciHVD8GKGuCbps694dbbXAINAABAmrJogKfVTpped+PUuZXsQgMMAABAVWTQAN9cM/+WWQt8CjQAAABpMgcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwY73OAewEAAKBK0mmAzQEGAAAgS6k1wOYAAwAAkKXUGmBzgAEAAMhSag2wOcAAAABkKbUG2BxgAAAAspRFA2wOMAAAAKnLoAE2BxgAAID0pdoAj2EOsAYYAACAqjAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXBjvc4B7AQAAoErSaYDNAQYAACBLqTXA5gADAACQpdQaYHOAAQAAyFIWDbA5wAAAAKQugwbYHGAAAADSl2oDbA4wAAAAWUmtATYHGAAAgCyl1gCPcQ6wBhgAAICqMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcGO9zgHsBAACgStJpgM0BBgAAIEtZNMDmAAMAAJC6DBpgc4ABAABIX6oNsDnAAAAAZCW1BtgcYAAAALKUWgNsDjAAAABZSq0BNgcYAACALKXWAI9xDrAGGAAAgKowBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwwBxgAAIBcMAcYAACAXDAHGAAAgFwY73OAewEAAKBK0m6AzQEGAAAgfak2wOYAAwAAkJXUGmBzgAEAAMhSag2wOcAAAABkKbUG2BxgAAAAspRaA2wOMAAAAFnK4FOgzQEGAAAgfVk0wKOZA6wBBgAAoCrMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfG+xzgXgAAAKiSdBpgc4ABAADIUmoNsDnAAAAAZCm1BtgcYAAAALKUWgNsDjAAAABZSq0BNgcYAACALGXRAJsDDAAAQOoyaIDNAQYAACB9qTbAY5gDrAEGAACgKswBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8b7HOBeAAAAqJJ0GmBzgAEAAMhSag2wOcAAAABkKbUG2BxgAAAAspRFA2wOMAAAAKnLoAE2BxgAAID0pdoAmwMMAABAVlJrgM0BBgAAIEupNcBjnAOsAQYAAKAqzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXxvsc4F4AAACoknQaYHOAAQAAyFIWDbA5wAAAAKQugwbYHGAAAADSl2oDbA4wAAAAWUmtATYHGAAAgCyl1gCbAwwAAECWUmuAzQEGAAAgS6k1wGOcA6wBBgAAoCrMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfMAQYAACAXzAEGAAAgF8wBBgAAIBfG+xzgXgAAAKiStBtgc4ABAABIX6oNsDnAAAAAZCW1BtgcYAAAALKUWgNsDjAAAABZSq0BNgcYAACALKXWAJsDDAAAQJYy+BRoc4ABAABIXxYN8GjmAGuAAQAAqApzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyIXxPge4FwAAAKoknQbYHGAAAACylFoDbA4wAAAAWUqtATYHGAAAgCyl1gCbAwwAAECWUmuAzQEGAAAgS1k0wOYAAwAAkLoMGmBzgAEAAEhfqg3wGOYAa4ABAACoCnOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIhfE+B7gXAAAAqiSdBtgcYAAAALKUWgNsDjAAAABZSq0BNgcYAACALGXRAJsDDAAAQOoyaIDNAQYAACB9qTbA5gADAACQldQaYHOAAQAAyFJqDfAY5wBrgAEAAKgKc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMiF8T4HuBcAAACqJJ0G2BxgAAAAspRFA2wOMAAAAKnLoAE2BxgAAID0pdoAmwMMAABAVlJrgM0BBgAAIEupNcDmAAMAAJCl1Bpgc4ABAADIUmoN8BjnAGuAAQAAqApzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyAVzgAEAAMgFc4ABAADIBXOAAQAAyIXxPge4FwAAAKok7QbYHGAAAADSl2oDbA4wAAAAWUmtATYHGAAAgCyl1gCbAwwAAECWUmuAzQEGAAAgS6k1wOYAAwAAkKUMPgXaHGAAAADSl0UDPJo5wBpgAAAAqsIcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcmG8zwHuBQAAgCpJpwE2BxgAAIAspdYAmwMMAABAllJrgM0BBgAAIEupNcDmAAMAAJCl1Bpgc4ABAADIUhYNsDnAAAAApC6DBtgcYAAAANKXagM8hjnAGmAAAACqwhxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAAByYbzPAe4FAACAKkmnATYHGAAAgCyl1gCbAwwAAECWUmuAzQEGAAAgS1k0wOYAAwAAkLoMGmBzgAEAAEhfqg2wOcAAAABkJbUG2BxgAAAAspRaAzzGOcAaYAAAAKrCHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHJhvM8B7gUAAIAqSacB9iFYAAAAZCm1BtiHYAEAAJCl1BpgH4IFAABAllJrgH0IFgAAAFlKrQEe44dgaYABAACoilQ/BCtqgG+aOveGW29zCTQAAABpyqIBnlY7aXrdjVPnVrILDTAAAABVkUEDfHPN/FtmLfAp0AAAAKTJHGAAAABywRxgAAAAcsEcYAAAAHLBHGAAAABywRxgAAAAcsEcYAAAAHKht7f38sDAaMscYAAAACaYDBpgc4ABAABIX6oNsDnAAAAAZCW1BniMc4B7AQAAoErSaYDNAQYAACBLqTXA5gADAACQpdQaYHOAAQAAyFJRA/zMM898Yxhr166t0hgkc4ABAABIXVEDfPHSpTVr1pR2v6tWrTp/4YI5wAAAAExUpZdA958719zcnOx+f/DDH548dcocYAAAACawIf8G+Njx49/5znei7vdb3/pWT0+POcAAAABMbMN9CNarr77a1NT0jW98o2vfviznAGuAAQAAqIoynwK9fceOl19+2RxgAAAArgfmAAMAAJAL5gADAACQC6k1wOYAAwAAkKUsGmBzgAEAAEjdwJjKHGAAAAAmmFQbYHOAAQAAyEpqDbA5wAAAAGQptQbYHGAAAACylFoDPMY5wL0AAABQJek0wGOfAzy2Hl0ppZRSSimllLr6SnUOcOaPVimllFJKKaVUbivVOcCZP1qllFJKKaWUUrmtVOcAZ/5olVJKKaWUUkrltlKdA5z5o1VKKaWUUkopldtKdQ5w5o9WKaWUUkoppVRuK9U5wJk/WqWUUkoppZRSua305gBrgJVSSimllFJKZVjpzQHe/+qhzB+tUkoppZRSSqnc1v5XD422AR7jHOBDh4++ceR45g9YKaWUUkoppVQOq6f3+KHDvVfRAI9mDvCZs/37D76R+WNWSimllFJKKZXD2n/wjTNn+8feAI9qDvDA4ODh3mP7Xz30xpHjvcdPZv7glVJKKaWUUkpd99V7/OQbR47vf/XQ4d5jA5X0roPVmAMcHfvM2f5Dh4/uP/hG574DSimllFJKKaXUNa39Bw8dOnz0zNn+qCcdbQM8xjnAAAAAMP5VYQ4wAAAAjH9VmAMMAAAA418V5gADAADA+FeFOcAAAAAw/lVhDjAAAACMf1WYAwwAAADjXxXmAAMAAGTrcO/RZzdufrT1Fw+1PFFUj7b+wvbxvP3ZjZsP9x5N5+fEHGAAAGBi29XZteG5jQcOvn7mbP9AiTNn+20fz9sPHHx9w3Mbd3V2pfCjklyAOcAAAMAEc7j36Mo1a0+fOVvaYjFRnD5zduWatUd6j13rn5bkQc0BBgAAJphfPPvCgYOvZ9W5US3dr7624bmN1/qnJXlEc4ABAIAJZvVjT52/cCFqabJeC2MRvXbnL1xY/dhT6RwrYg4wAAAwwaxcs/bSpUsa4Ikreu0uXbq0cs3adI5V0gCbAwwAAMPo6ekJgqCvr28M3xsEQXd3d5lAY2NjHBgy3NDQMLZDD3mIq9lbS0tLfX19EARXs5jBxMMc8ckZ0kMtT8QtTRAELS0tyXvb2trGtttSyedtRD09PStWrAiCIAiCFStWDI710Y3qoOPWxz/+8aklPvrRj0b3xi/fQy1PXOuVDN0AmwMMAADDaWlpKW20KjRiF5QMVKtzG+0aKt9PoVCo4nqq0gDX19cn721oaKji461wP9E/kbS1tY3t26/+u8abI0eOzJ8/P9n9zp8/v6enJ7o3ywbYHGAAACivvr5+xYoVDQ0N8Zao22loaKivr29vby+/sbu7u7GxMeqf161b19jYmNxPLLmHZL8dd0RtbW319fVF/d7g4GBjY2O0h2SL3tTUFDWHpYeI+6vojGVDQ0Pc1g65gCGXOty3R/9YUH55pQ3wqM5LFzXATU1N69ati+4qFArRqoZ7jPEL0dLSEr8Q8XMVv2oVPt7ks93c3Fy0cbgns+hwyZe19KAT15o1a5IN8M9+9rP4rqwaYHOAAQBgBIVCIW5Okp1e1PBEF9yW39jd3d3W1ha1WytWrChznjBq56KDBkEQnTFLtotlTsBGJyGjb2lubo72M+QhottNTU1RJmrAhlxAUVOa3E/5by+/vOo2wIVCIf63iRUrVkQrH+4xxi9EY2Nj9EI0NzdHr1rphe4jPt4hk8mNpa9m6eGKXtbr4wxw5KMf/WjU/d5zzz3J7Vk1wOYAAwDACOKTe3ELNDhMS1lmY9TnRF+W6SrL77axsbGxsbG0UYz++jQ62TvkpcWjXW3pd412qRUub2zNXlED3N3d3dzc3NbW1tPTE3XCZR5O6QsR/KoRn7cRn5ny3156uKKX9XpqgHt6eurq6urq6uKLnyNZNcDmAAMAwAiKOpZ442hbysbGxqLrn8vsarjdNjc319fXF/XADQ0N0TXA47MBLrO8ajXAfX19DQ0NURs84sMpeiHKnFevvAGOr6we8duHPFzyZb2eGuDBwcFHHnnkkUceKdqYVQNsDjAAAJRTdL1rfX193GLFVzsnLwAecmP8F7xBECT/yjQOFP3BcNHtMt1svKVQKHR3d8d3JU9WD3eI4a5hrrABHvHbyyyv9MbVXAId7SH5R9rlH2PRC9HU1DTkefWi5638JdDRRc7lL26PlzTk4ZLPSekPyXUmyw/BMgcYAACGU3Rmr7m5OTpzGARBNBOovr4+2eQMuTG6HV98W2TdunXBmx9lXL4Bjq4iLv2wpehzp6L9xMeKP7GpzCHiTHyF6qgu9C3/7WWWd5UN8KpHWy9evFjUAEcXQpcuo3SRpS9EPL6o6Px88nkbcldJ0Z8iR/spHYNUuqT4cEUva9FBr0vRa3fx4qVVj5oDDAAA495wpzrLXLza3t4+3AdEMSqrH3vq/IULUUuT9VoYi+i1u3Dh4iM/fzKdYxU3wOYAAwBA5UbbAJc5c8ho/eLZFw4cfH2ACa771dc2PLfxWv+0JI9oDjAAADDBHO49unLN2tNnzmbVuXH1Tp85u3LN2iO9x671T0vyoOYAAwAAE8+uzq4Nz208cPD1s/39UW8TVuBsf3+cT7I95e0HDr6+4bmNuzq7UvhRSS7AHGAAAGBCOtx79NmNm9esXf9QyxNhGLa2tl66PFCmWltbwzCM8kW1Zu1629Pc/uzGzYd7j6bzc5JsgM0BBgAAJrwwDM9duDRihWGY9UpJW7IBNgcYAACY8MIwPNF34UTfhSAIfvLjR6LbUT315C+DINi5Y++Jvgsa4BxKNsDmAAMAABNeGIbHTp0/dup8EARL77o7uh3V+z/4l0EQbOvYe+zUeQ1wDg3TAJsDDAAATExhGB45ce7IiXNBEHzpf37t4ZYnoi9f2Lz97+/7QhAEW3buOXLinAY4h4ZugM0BBgAAJqgwDA8d6z90rD8Igmdf3PZn7/9Q9OXffeYLz764LQiCTds6Dx3r1wDnUHEDbA4wAAAwoYVhuP+N0/vfOB0EwXObd33l6999+OfrN+145f/58w/GG/e/cVoDnEPJBtgcYAAAYMILw7Dr0OmuQ6eDIPjlpl3tna+/988+eP8/f3flo+vjjV2HNMB5ZA4wAABwXQnDsPO1U52vnQqCYMOLHZ2vnfrkpz/3J3/6waKNGuAcMgcYAAC4roRh2HHgZMeBk0EQrGvb2XHg5Lq2nSu++kDRRg1wDpkDDAAAXFfCMGzf0DdiaYBzyBxgAADguhKGYWtr6+a9fWWqtbVVA5xD5gADAADXm7ACWa+RDJgDDAAAQC6YAwwAAEAumAMMAABALpgDDAAAQC6YAwwAAEAumAMMAABALpgDDACDg4ODly9fvnDx4tn+c6fPnDlx8lTf9VgnTp46febM2f5zFy5evHz5ctZPOQCkzRxgABi8dOnS2f5zJ47uu7TvEwN73zGwt/b6rXdc2veJE0f3ne0/d+nSpYGBgayfewBIjznAAOTd5cuXz/afO/rG1oHOxQNHfzRw/vDl69fA+cMDR3800Ln42Btbzvafu+w8MAB5Yg4wAHl34cLF3mPHz+++d+DoyouXLuWhBo4+fGH3Pb1Hj1+4cDHrpx8A0mMOMAB5d7b/3IGDrw/smHPx3PEL+XDx3ImBnXMOHHz9bH9/1k8/AKTHHGAA8u7U6TOdXa8M7Jh8Lk8Gdkwu7H3l1OkzWT/9AJAec4AByLsTJ091FPYObLvhzNn+/NTAths6CntPnDyV9dMPAOkxBxiAvOs7eWrH7s6BLb976vSZ/NTAlt/dsbuzTwMMQJ6YAwxA3l1pgDf/+xMnT+WnBjb/ew0wAHljDjAAeXelAX7pt/tOnMxPDbz02xpgAPLGHGAA8u5KA/zibx3vO5GfGnjxtzTAAOSNOcAA5N2VBviF3zh2vC8/NfDCb2iAAcgbc4AByLsrDXDbrx091leV+lbLB77V8oGq7GrZ8uCRDfdVa2HJGmj7NQ0wAHljDjAAeXelAX7uXx05euzqq2Pfi9/82fu/2Lx0T/e2q9/bsuXBwxs+U5WFFdXAc/9KAwxA3pgDDEDeXWmAfxkc7j169fXkxm+2bVv95MZvPrnxm1e/t2XLg1W/+IeqLKyoBn4ZaIAByBtzgAHIuysN8NPBoZ7Dh3oOhxWIkkPWsuXBK6/u3bO/Y9nyoGj7ynV/v72z7Rur/3zZ8uAbq/98e2dbhXcd6jn8g8f/+sXtj8V7e3H7Yz94/K/LLGPEGnhaAwxA7pgDDEDeXWmAfxEcOPh6GIatra2XLg+UqdbW1jAMDxx8vbSeb1/zvZ9/LLr9zw//2fPta+K7li0P/r8fLn7s2a9FX37v5x9btjzo3FcY8a6fPPnpoj1HmeTOx1ADv9AAA5A75gADkHdXGuD1wd79B8IwPHfh0ogVhuHe/QdK659Wvu/pTauj2+s2Nv/TyvfFdy1bHiS/3Lr75WXLgyeef2DEux58onHv/gM79+xctjzYuWdnfHvIBVReA+s1wADkjjnAAOTdlQb4qaBzX3cYhif6LiRr756DQRC8eqA3uTEMw8593UW1acfzy5YH2ws7oi+3F3YsWx5s2vF89OWy5cGPHm9M5uMtFd710FNf2PDSI537uje89MhDT32hdAGjqoGnNMAA5I45wADk3ZUGuDUodO0Pw/DYqfPJevCnDwdB8OBPH05uDMOw0LW/qFZv+Mqy5UFRrd7wlejeZcuDHz7+35L5ZcuDh578fOV3/XLz49/+2b2Frv3f/tm9v9z8eOkCRlUDrRpgAHLHHGAA8u5KA/xEsHvvK2EYHjlxLllL7rr77+/7wl984EPJjWEY7t77SlF9/vuLntn0WHLLM5se+/z3F0W3ly0PvvWzj8R3Pb9l3bLlwfqND4941w8e+2/xXcuWBy/veCne59XUwBMaYAByxxxgAPLuSgP8eNCxZ18YhoeO9cf17Ivb7lx696Fj/UEQPPvitnh7GIYde/Yl6+lNP//c9xYVbezYs2/Z8uDpTT+PbixbHqzbuKpjz74tHVu/ufojcb78Xd9/7L/Ge3t4/f3fXP2Rh9ffX3qg0dbA4xpgAHLHHGAA8u5KA/xYsKOzKwzD/W+cjuvzK776la9/N7rx+RVfjbeHYbijsytZTavvWbX+/qKNOzq7Vq2/v2n1PTs6u5YtD7738089/twPP/e9RdHtF7e/GGVGvCve2y83P7VseRDfezU18JgGGIDcMQcYgLy70gA/GmzfvScMw65Dp+MKflW8PQzD7bv3jKqWLQ++9+gnR3tXUa3f2HL/T/5ktIcesgYe1QADkDvmAAOQd1ca4JZg267OMAw7XzsV1U9b1i1cfFf85cLFd/20ZV10OwzDbbs6R1XLlgffffSTo70rWS+0t332uwvXPvfT0R56yBpo0QADkDvmAAOQd1ca4NXBlo7OMAw7DpyMquGvPv61B34Sf7niqw80/DVXTmgAAA/8SURBVNXHo9thGG7p6BxVLVsefGfNJ0d7VzJz33cXrnnme6M97nA1sFoDDEDumAMMQN4VNcDtG/pGrDE0wOOtNMAA5JA5wADk3YmTpzoKewce/vXtWzeFYdja2rp5b1+Zam1tDcPw5e27J25t3frywMP/S0dh7wkNMAB5Yg4wAHl36vSZzq5X+h+ZfPTpxk1bO8IKbNraMaHr6NON/Y9MLux95dTpM1k//QCQHnOAAci7s/39Bw6+3v70gwMP/fqJ9fe2b3rmhfad12u1b3rmxPp7Bx769fanHzxw8PWz/f1ZP/0AkB5zgAHIuwsXLvYePb59V+czT6488eO3DTT/64EfB9dtNf/rEz9+2zNPrty+q7P36PELFy5m/fQDQHrMAQYg7y5fvny2/9wbh4/s2N254bmNLWvXr1zzxE9/9vj1VyvXPNGydv2G5zbu2N35xuEjZ/vPXb58OeunHwDSYw4wAHk3MDBw6dKls/3njh7vO3Dw9c6uVzoKe3fs3rNjd2dJ7ZnQ2zsKezu7Xjlw8PWjx/vO9p+7dOnSwMBA1k8/AKTHHGAAGBwcHLx8+fKFixfP9p87dfrMiZOn+q7HOnHy1KnTZ872n7tw8aJzvwDkkDnAAAAA5II5wAAAAOSCOcAAAADkgjnAAAAA5II5wAAAAOSCOcAAAADkgjnAAAAA5II5wAAAAOSCOcAAAADkgjnAAAAA5II5wAAAAOSCOcAAAADkwghzgAfGKuvHBQAAAIODv9r3xv5lDnA8BmnMDTAAAACMW0OMQeo9eizrVQEAAEA1nT9/fogxSN2vHsx6YQAAAFBNR48eG2IM0oann8t6YQAAAFBNG196eYgxSP/pI3+T9cIAAACgmj4W/u0QY5Bumla75rG1Wa8NAAAAquOJ1nVvmzxjiDFIN9fMv2la7Yfu+ev1G57dtLn9eF9f1ksFAACA0bl06dKOjt3Pv/DSsg//l7dNrvm9m2f+yxikG26Z/fYps6fMvH363MXT5txxc838or8NvuGW2fHnRcvLy8vLy8vLy8vLy8vLT7h88RzgW2YtqKlbctuCu4v+NvimqXOTB5CXl5eXl5eXl5eXl5eXn1j54jnAN9xyW3RtdOnfBheVvLy8vLy8vLy8vLy8vPwEyhfPAY6vjR7yb4PjkpeXl5eXl5eXl5eXl5efWPniOcDj9lpteXl5eXl5eXl5eXl5efmryRfPAR6312rLy8vLy8vLy8vLy8vLy19Nfog5wEU1aXxcqy0vLy8vLy8vLy8vLy8vfzX5oecAx3XzuLlWW15eXl5eXl5eXl5eXl7+avLmAMvLy8vLy8vLy8vLy0/4/KTpdZNnzJtcM29KzfzJ02onTa2detuimXVLa2qX3Dp74a2zF9bULplZt3TqbYsmTa2dPK12Ss38uK5RfnLNvMkz5k2aXjf8+u+4ZdbtN94656Zpc6qynpq6JTPm3jll5u3DPZ/mAMvLy8vLy8vLy8vLy0/s/OTpdQuW/uF3fvTQ85vaC13d46Se39T+nR89tGDpH06eXjfk+qfOXrTwrj964Ec/rday2za3f//HD9e/60/nLPyDIZ9Pc4Dl5eXl5eXl5eXl5eUncP7mmvm//0fv3byto/fY8fMXLlweN85fuNB77PjmbR13//Gf3lwzv2j9b58ya+l/eM/mrdVc9pUjbt15Z/1/fPuUWaXPpznA8vLy8vLy8vLy8vLyEzV/49Q50+cu/uFPHuk93nfx0qVxWEePn3jwoZbpc++8ceqceP03TZ0zadrc7zevvBbLPnr8xI9+unrStNrfu3lW0fNpDrC8vLy8vLy8vLy8vPxEzd9465yauiXtO3afO3f+wrh07vz5bR2dNXVLbpw6J17/5Bnzps25Y8u1Wfa58+e3dnROm3PHTdPmFD2f5gDLy8vLy8vLy8vLy8tP1PxN02tr6pYUurrPjWOFru6auqU3Ta+N1z+5Zv6M2juv3bILXd0zapdMnjGv6Pk0B1heXl5eXl5eXl5eXn6i5m+ZefuM2iWFru4zZ/vHbUXt6C0zb4+XPaVmfk3d0mu37KjlnlIzv+j5NAdYXl5eXl5eXl5eXl5+ouanzVk8o+7OQlf3qdNnxm0Vurpn1N05bc7ieP1TZt5eM2/ptVt2oau7Zt7SW29bVPR8mgMsLy8vLy8vLy8vLy8/UfNT59wxfe7iQld334mTFdaevV333ffZIAiCILjvvs/2nTgZBMGOnTsr38Noq9DVHS81Wv+tty2ae8c7Kl/2tx94IFrwtx94oMIjzr3jHTPnLS16Ps0BlpeXl5eXl5eXl5eXn6j5KbMWRGeAjx3vq6QKnXuCIFjb+mRyYxAE27bvqHAPY6joDPCUWQvi9c+94x3zlryz8mVHC44WX8lSC13d85a8c9qcxUXPpznA8vLy8vLy8vLy8vLyEzV/c838mfPvKnR19x49Vkl9+cv/2PTNbxVtDIKgfeu26PY//MNngiD4i/e//4WNL0Zbnli7dsnSpUuWLk3uJAiCJUuXbnj6mUoOWujqnjn/rptr5sfr/70pM6fNWVj5sqPa8PQzf/M3/2+FR5w2Z+Hk6XVFz6c5wPLy8vLy8vLy8vLy8hM1P3lG3W0L/6DQ1d1z+EglFQTB5pe3DLfxi1/60he/9KWew0cee+zxO5csie99vu2FOPz1bzR9/RtNPYeP7OzoCIJg796uEQ9a6Oq+beEfTJ5RF6//5hl10+YuqnzZPYePrFr1cLS2SqrQ1T1t7qIbb51T9HyaAywvLy8vLy8vLy8vLz9R85Om1c5ecHehq7v71dcqqSAInn/hxeE2Ju+Nb9/7Vx+9968+uqNjd7w9qXRvpVXo6p694O5J02rj9U9580OwKlx296uv3bF48S+efqbCcPQhWJOn1xY9n+YAy8vLy8vLy8vLy8vLT9T85Bl10SXQnV37K6kP33Pv15u+XbQxCIINv3wueaPo9pfv/8rCRXdsbt8ebV/71PoKDxdVdAn05Bl18frjBnhU+xnVEWvmLZ1SM7/o+TQHWF5eXl5eXl5eXl5efqLmp8xaUDNvSaGre/eefZXU463rgiD48UOrkhuDIFj/9LO79+z7zH2f+8x9n9u9Z9+PH1q1YOGi4TL/+cMfeenlrRUecfeefYWu7pp5S6bMWvAvy36zAa58J+/5k/dWftArDfDM24ueT3OA5eXl5eXl5eXl5eXlJ2o+ngO8s7B3Z2FvWIGfP/Hku9/z3ugC5o9/4lM7C3uDIHjqF89Ee/j4Jz4VBMG73/PeZ57fGG25feHCIAj+x5f+MfoyzgRB8J/+8z3xxjJVZg5wJd8e1bvf896Nm7ZUGDYHWF5eXl5eXl5eXl5e/nrLx3OAt+/qDMOwtbX10uWBMtXa2hqG4fZdnWlWmTnA1+6Ic80BlpeXl5eXl5eXl5eXv57y8Rzg9p2FMAzPXbg0YoVh2L6zkGaVmQN87Y5oDrC8vLy8vLy8vLy8vPx1lb95xryZ85Zu2VnYsn13GIYn+i4ka++eg/fdtzy6XPm++5ZHG8MwfHnbrtRqy/Zd2zoKM+ctvXnGvHj9v3dzzdTZC7fsKGzZvvsaHXHq7IWTp9UVPZ/mAMvLy8vLy8vLy8vLy0/U/E3Ta2ff/vs/XvXoto7OMAyPnTofV2Hfq0EQrF33THLjsVPnwzDc1L4ztdrW0fnjVY/Ovv3um6bXxuufNL126uwFD65s2dbReS2O2LxyzdTZC2+4ZXbR82kOsLy8vLy8vLy8vLy8/ETN3zh1Tk3dkvd+4MNbtu8Kw/DIiXNxfel/fq3pge8nt0QVhuHGLTtSqJfad27t6Nyyfdd7P/DhmrolN06dE69/8ox50+bc8a73ffDlbbu2dnS+1L6zikd8efuu//infzltzh03TZtT9HyaAywvLy8vLy8vLy8vLz9R8zdOnXPLrIW3Lbz7Xe/7UBiGh471xxUEwaZtncktUYVhWOjqTqFe2rLzJ4889q73fei2hXffMmvhjVPnxOufNL0uGuD0jv/7z5pXPfrSlh1VOeKLW3Y0r3r0P7z7L2rmLZ0ya8GkabVFz6c5wPLy8vLy8vLy8vLy8hM4P2l63ZSZ86fNWRiG4f43TscVBMFzm3clt0QVhuHtS/9o3pJ31i5+R+3id8xb8s7bl/7R7Xf98YLff9eQdftdfzy2/NxFd8+ct2TanIVTZs6P1plc+eQZ826ZvXDm/LvmLqqfd+c7q7Ke+Uv/sPaOd9TMW3rL7IWTZ8wrfT7NAZaXl5eXl5eXl5eXl5/Y+bdPmT1p2twwDLsOnY7rno+FTd9/KLklqjAMp85eOO22RTNqF8+oXTzttkVTZy+cXrv4tgV3z5r/+zV1S+OaNf/3b1tw9/TaxWPLT597x9TZCyZNm/v2KcV/ixvVLbMWTJ+7+NbZC26dvaAq65k5f+m0OXfcMmtB1P2WPp/mAMvLy8vLy8vLy8vLy0/4/KTpdWEYdr52Kq61z7wcBMFPW9YlN3a+dioMw8nTaqfUzI9r8rTaSVNrp962aGbd0praJbfOXnjr7IU1tUtm1i2detuiSVNrx5afXDN/8ox5k6bXDb/+O26ZdfuNt865adrcqqynpm7JjLl3Tpl5+3DPpznA8vLy8vLy8vLy8vLy10M+DMOOAyeT9diGl9/9vg9GY5DCxs9GG8MwHJ/rTyFvDrC8vLy8vLy8vLy8vPz1kA/DsH1D34gVhuH4XH8K+eCWGXNvGsfXssvLy8vLy8vLy8vLy8tXkg/DsLW1dfPevjLV2toahuH4XH8K+eDuRTPH+bXs8vLy8vLy8vLy8vLy8pXkwwqM5/Vf63yw4i8nTYhrteXl5eXl5eXl5eXl5eXlryYf7Lrv12+4efr4v1ZbXl5eXl5eXl5eXl5eXv5q8sGkD/9f/2v4luupfvMTv/GWT/7mWz/1ln/zt2/9d5/+rd/57//2//yH347qd/7+3/7vf/e//btP/9a/+du3vvVTb3nLJ3/zNz/xG/E3/u7nfuftX/g/Zv3z5Nqv3XzD5972t5/+hlJKKaWUunb1nj+5d9fuzkGAtATNL/6P5Zs/lp/64tb/cv/2v/nHnR//p53/9asdjV/b9emvFz79ve7PPXjg86sOfnH94e/+oOsLP+j6wtQVb1u//WeDg4Ode99QSimllFLXoqIGeGBgUCml0qlgbaHpgT2fzlP99+/s/bsfvPLZB1/9wk8OfnHl619e2XP/6iP/3HL4m48f+c7LR9ZvPbZm67E1q17/4q+9/62XBy5m/S8UAADXLWeAgZQFmw6tbOn5clSrD385vp2sVT1fXpW4nbxR+r/RjdWHr3wZ30geYlWihjv0qmFWUn6FpcdKLunK9t77HzvytSePfGt97w82HGl+9shPXuxt2Xz05519G+PaemxN8Je/9mjbQ4NOAu9947vfe+jB5tXqOiuv7/Vd8ev7/ns/qa6/8t/v9V2Z//9+mvXmGWCAlPz/7Nk2G36TSe0AAAAASUVORK5CYII=

#7 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 01 April 2012 - 09:13 PM

That didnt work out too well...I've attached a screen shot also...

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 01 April 2012 - 09:54 PM

Hello


I would like you to rerun aswmbr and when the scan is complete to click on the get report button

The report that you sent me is the backup for the MBR and the report that avast gave you are thing in system restore and is not a problem



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 03 April 2012 - 09:17 PM

Here is what I got...


* avast! Scan Report
* This file is generated automatically
*
* Scan name: Quick scan
* Started on: Tuesday, April 03, 2012 9:47:05 PM
* VPS: 120403-2, 04/03/2012
*

C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1047\A0337572.sys [L] Win32:Aluroot-B [Rtk] (0)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1047\A0337592.sys [L] Win32:Aluroot-B [Rtk] (0)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1047\A0340590.sys [L] Win32:Aluroot-B [Rtk] (0)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1047\A0341590.sys [L] Win32:Aluroot-B [Rtk] (0)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1048\A0341735.sys [L] Win32:Aluroot-B [Rtk] (0)
C:\System Volume Information\_restore{DD9D89C5-4C8D-43D3-A4A9-A8D712B11E0C}\RP1053\A0348896.sys [L] Win32:Aluroot-B [Rtk] (0)
Infected files: 6
Total files: 57039
Total folders: 16785
Total size: 16.4 GB

*
* Scan stopped: Tuesday, April 03, 2012 10:15:25 PM
* Run-time was 28 minute(s), 20 second(s)
*

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 03 April 2012 - 09:52 PM

Greetings

Those are in system restore and is not a problem at this time

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 April 2012 - 12:10 AM

Hey Gringo, no problems during the last request, but still having the redirect happen...

ComboFix 12-03-31.01 - Sean 04/03/2012 23:41:55.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1164 [GMT -4:00]
Running from: c:\documents and settings\Sean\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Sean\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-01 01:07 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-01 01:07 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-01 01:07 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-01 01:07 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-01 01:07 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-01 01:07 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-01 01:07 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-01 01:07 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-01 01:06 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-01 01:06 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-01 01:06 . 2012-04-01 01:06 -------- d-----w- c:\program files\AVAST Software
2012-04-01 01:06 . 2012-04-01 01:06 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-03-29 22:01 . 2012-03-29 22:01 388096 ----a-r- c:\documents and settings\Sean\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-26 01:09 . 2011-09-09 21:45 429928 ----a-r- c:\windows\system32\hpinksts5912.dll
2012-03-26 01:09 . 2011-09-09 21:45 270696 ----a-r- c:\windows\system32\hpinksts5912LM.dll
2012-03-26 01:09 . 2011-09-09 21:45 216424 ----a-r- c:\windows\system32\hpinkcoi5912.dll
2012-03-26 01:09 . 2011-09-09 21:45 488808 ----a-r- c:\windows\system32\HPWia1_OJ8600.dll
2012-03-26 01:09 . 2011-09-09 21:45 1946472 ----a-r- c:\windows\system32\HPScanTRDrv_OJ8600.dll
2012-03-26 01:05 . 2012-03-26 01:05 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\HP
2012-03-21 13:46 . 2012-03-21 13:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2012-03-21 10:32 . 2012-03-21 20:34 -------- d-----w- c:\windows\system32\NtmsData
2012-03-18 23:05 . 2012-03-19 01:08 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-03-18 22:19 . 2012-03-18 22:19 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:19 . 2012-03-18 22:19 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-13 16:13 . 2012-03-13 16:14 -------- d-----w- c:\documents and settings\Sean\Application Data\Notepad++
2012-03-13 16:13 . 2012-03-13 16:13 -------- d-----w- c:\program files\Notepad++
2012-03-08 22:21 . 2012-03-08 22:21 -------- d-----w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-20 00:32 . 2012-01-20 00:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-18 22:19 . 2011-06-27 00:01 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-03-22_11.51.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 04:02 . 2009-07-12 04:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-12 04:05 . 2009-07-12 04:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2012-04-04 01:39 . 2012-04-04 01:39 16384 c:\windows\Temp\Perflib_Perfdata_f4.dat
+ 2012-03-26 01:09 . 2011-09-09 21:45 44392 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvplui06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 44392 c:\windows\system32\spool\drivers\w32x86\3\hpvplui06.dll
+ 2008-12-16 14:05 . 2008-04-13 17:45 15104 c:\windows\system32\drivers\usbscan.sys
- 2008-12-16 14:05 . 2008-04-13 18:45 15104 c:\windows\system32\drivers\usbscan.sys
- 2007-04-17 13:36 . 2008-04-13 18:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2007-04-17 13:36 . 2008-04-13 17:40 57600 c:\windows\system32\drivers\redbook.sys
+ 2008-12-16 14:05 . 2008-04-13 17:45 15104 c:\windows\system32\dllcache\usbscan.sys
+ 2007-04-17 13:36 . 2008-04-13 17:40 57600 c:\windows\system32\dllcache\redbook.sys
+ 2009-07-12 04:02 . 2009-07-12 04:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 762368 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unires.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 747520 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unidrvui.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 375296 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\unidrv.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 232808 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvplres06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 471912 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpvpldrv06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 270696 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpinksts5912LM.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 429928 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpinksts5912.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 533352 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_8600fe35\hpfime51.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 761344 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unires.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 740864 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unidrvui.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 372736 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\unidrv.dll
+ 2006-10-14 21:40 . 2011-09-09 21:45 762368 c:\windows\system32\spool\drivers\w32x86\3\unires.dll
+ 2006-10-14 21:42 . 2011-09-09 21:45 747520 c:\windows\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2006-10-14 21:42 . 2011-09-09 21:45 375296 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2012-03-26 01:09 . 2011-09-09 21:45 232808 c:\windows\system32\spool\drivers\w32x86\3\hpvplres06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 471912 c:\windows\system32\spool\drivers\w32x86\3\hpvpldrv06.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 270696 c:\windows\system32\spool\drivers\w32x86\3\hpinksts5912LM.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 429928 c:\windows\system32\spool\drivers\w32x86\3\hpinksts5912.dll
+ 2012-03-26 01:09 . 2011-09-09 21:45 533352 c:\windows\system32\spool\drivers\w32x86\3\hpfime51.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 762368 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\unires.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 375296 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\unidrv.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 232808 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpvplres06.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 471912 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpvpldrv06.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 270696 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpinksts5912LM.dll
+ 2012-03-26 01:14 . 2011-09-09 21:45 533352 c:\windows\system32\DRVSTORE\hpvpl06_D6E02FA908D1B1B8ED1594CBB1941DC281CC5D7F\i386\hpfime51.dll
+ 2012-04-01 01:06 . 2012-04-01 01:06 219648 c:\windows\Installer\61ddb08.msi
+ 2009-07-12 04:02 . 2009-07-12 04:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-12 04:02 . 2009-07-12 04:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2854248 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendUIPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2293096 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendStatusUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2534760 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendStatus.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2334568 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendRenderPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2894184 c:\windows\system32\spool\drivers\w32x86\hpofficejet_pro_860081b5\HPOJ8600_FaxPCSendDialogUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2854248 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendUIPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2293096 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendStatusUI.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2534760 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendStatus.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2334568 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendRenderPlugin.dll
+ 2012-03-26 01:10 . 2011-09-09 21:45 2894184 c:\windows\system32\spool\drivers\w32x86\3\HPOJ8600_FaxPCSendDialogUI.dll
+ 2012-03-29 22:01 . 2012-03-29 22:01 1094656 c:\windows\Installer\bc4a5.msi
+ 2011-09-09 21:45 . 2011-09-09 21:45 3420160 c:\windows\Installer\7e72fba.msi
+ 2011-09-09 19:43 . 2011-09-09 19:43 12743016 c:\windows\twain_32\HP Officejet Pro 8600\HPScanUI.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-05 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-05 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-05 138008]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-09 172032]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-03-26 217088]
"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-02-05 546936]
"VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2007-04-17 2322432]
"QuickBooks Simple Start"="c:\program files\Intuit\SimpleStartEntice\entice.exe" [2007-01-31 371712]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]
"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"HPLJ Config"="c:\program files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" [2003-03-31 28672]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Sean\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2010-6-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2008-12-16 738968]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-3 2756608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 02:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\USB3Sw32]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-12-28 23:54 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\Belkin Storage Manager\\StorageManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [4/17/2007 4:25 PM 14720]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/31/2012 9:07 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2012 9:07 PM 337880]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/29/2011 7:02 AM 136360]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2012 9:07 PM 20696]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 10:13 PM 33024]
R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [5/11/2010 4:58 PM 247352]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [12/11/2011 7:00 PM 99896]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/13/2011 11:52 AM 652360]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/17/2007 4:24 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/13/2011 11:52 AM 20464]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [4/17/2007 4:24 PM 808448]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [10/15/2009 12:13 PM 136192]
S2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [4/17/2007 4:24 PM 14336]
S3 HP1210FAX;HP1210MFP FAX;c:\windows\system32\drivers\HPM1210FAX.sys [12/11/2011 7:02 PM 13824]
S3 mvusbews;USB EWS Device;c:\windows\system32\drivers\mvusbews.sys [12/11/2011 7:01 PM 17408]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [4/17/2007 4:25 PM 31104]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [8/5/2011 12:30 PM 268512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
PID_PEPI
UMPass
FreeTdi
ftrtsvc
proxyhostmirrordisplay
mrvw245
HWSCtrl
dbmanagerscheduler
npfmntor
WinVd32
hap17v2k
BootScreen
w810mdm
wg5n
ooclevercacheagent
mfebopk
IBMTPCHK
sit_flt
lmimaint
digisptiservice
mbackmonitor
curtainssyssvc
NTSIM
cltnetcnservice
clmtomcatstartersvc
mcvsrte
symfw
transarcafsdaemon
backupexecalertserver
raysatxsi5_0server
vaiomediaplatform-photoserver-appserver
emitray
se45nd5
syntp
se2Cnd5
n558
nv4
d-link_st3402
pav_security
se45unic
TClass2k
BRGSp50
s7oppitx
nvidesm
zpsc
epfwtdi
dpfusmgr
symevent
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-03 23:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1244)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'explorer.exe'(4508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-03 23:59:52
ComboFix-quarantined-files.txt 2012-04-04 03:59
ComboFix2.txt 2012-03-31 12:16
ComboFix3.txt 2012-03-31 10:21
ComboFix4.txt 2012-03-29 13:36
ComboFix5.txt 2012-04-04 03:39
.
Pre-Run: 5,608,132,608 bytes free
Post-Run: 5,726,924,800 bytes free
.
- - End Of File - - E7677D13C6B79A31FAC50B6FEFE55A25

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 04 April 2012 - 12:21 AM

Hello

I would like to know which browsers are redirecting - check all that are installed on the computer


Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 April 2012 - 12:39 AM

i use firefox as my default browser...

here is the otl log....

OTL logfile created on: 4/4/2012 1:32:58 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Sean\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.32% Memory free
3.84 Gb Paging File | 3.02 Gb Available in Paging File | 78.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.53 Gb Total Space | 5.36 Gb Free Space | 7.93% Space Free | Partition Type: NTFS

Computer Name: VALUED-0243CCA1 | User Name: Sean | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Sean\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
PRC - c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP)
PRC - C:\WINDOWS\system32\HPSIsvc.exe (HP)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\12040302\algo.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswOtl.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\102c49a1de675b417a45524f3522aa89\Microsoft.BusinessSolutions.eCRM.OutlookAddIn.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Iris.Mapi.MessageSt#\14a2a186df5c104612eccb3245355878\Iris.Mapi.MessageStore.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.BusinessS#\55173fd691166565dc73dae0d3433e73\Microsoft.BusinessSolutions.eCRM.DataSync.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BusinessLayer\3a89c898dbad5c1814424636c89f3374\BusinessLayer.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\a8056c5d0c4c019bf426009d0f4a068b\Microsoft.Office.Interop.Outlook.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\e17238fd24d0d5cc73044fa16f699ec1\Microsoft.Interop.Mapi.Impl.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\07021d10c3bc8a0ea378435a258f7b1b\Microsoft.Interop.Mapi.PropTags.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMRes\395fa127fff297809696fb28178f2bbb\BCMRes.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\office\2f1af80313dae24293036e97653e1968\office.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\BCMCommon\1b38913d7b398cc42238ea4aff37955d\BCMCommon.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Interop.M#\daa68c80020eb582452ec3173450505d\Microsoft.Interop.Mapi.Interfaces.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ec323cf1df697cc0a45f67de685db90c\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\HPM1210PP.dll ()
MOD - C:\WINDOWS\system32\HPM1210LM.DLL ()
MOD - C:\WINDOWS\assembly\GAC_32\BCMCommon\3.0.0.0__31bf3856ad364e35\BCMCommon.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\WINDOWS\assembly\GAC_32\Microsoft.Interop.Mapi.Impl\3.0.0.0__31bf3856ad364e35\Microsoft.Interop.Mapi.Impl.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll ()
MOD - C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()
MOD - C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll ()
MOD - C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BusinessLayer.resources.dll ()
MOD - C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\Microsoft.Interop.Mapi.Interfaces.resources.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Intel\Wireless\Bin\acAuth.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (NecUsb3) -- C:\WINDOWS\system32\NEUSBw32.dll File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HPM1210RcvFaxSrvc) -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe (HP)
SRV - (HPSIService) -- C:\WINDOWS\system32\HPSIsvc.exe (HP)
SRV - (HP LaserJet Service) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (WmcCds) Windows Media Connect (WMC) -- c:\Program Files\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) Windows Media Connect (WMC) -- C:\Program Files\Windows Media Connect\mswmcls.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Sean\LOCALS~1\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (mvusbews) -- C:\WINDOWS\system32\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV - (HP1210FAX) -- C:\WINDOWS\system32\drivers\HPM1210FAX.sys ()
DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (shpf) -- C:\WINDOWS\system32\drivers\shpf.sys (Sony Corporation)
DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{1ECA2188-C706-4ADB-A04C-B86881FB4247}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?wl=true
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WBR&o=13993&src=crm&q={searchTerms}&locale=en_US
IE - HKCU\..\SearchScopes\{1ECA2188-C706-4ADB-A04C-B86881FB4247}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "google.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/31 21:06:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 18:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/14 22:07:24 | 000,000,000 | ---D | M]

[2009/03/14 17:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Extensions
[2011/06/26 19:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\extensions
[2010/05/09 22:14:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/30 12:32:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/05/11 11:39:07 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2010/03/21 11:25:17 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\dqop1m2t.default\searchplugins\askcom.xml
[2011/11/10 21:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 21:06:40 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/06/29 09:33:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/18 18:19:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/29 09:33:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/01 17:27:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/01 17:27:49 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/29 05:57:30 | 000,000,882 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 94.63.147.16 www.google.com
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Belkin Storage Manager] C:\Program Files\Belkin Storage Manager\StorageManager.exe (Belkin International, Inc.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe (Hewlett-Packard Inc.)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [QuickBooks Simple Start] C:\Program Files\Intuit\SimpleStartEntice\entice.exe ()
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 3] C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229360667171 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A85F785-750E-4257-9C55-602510AD49C5}: DhcpNameServer = 192.168.2.1 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NecUsb3Sevices: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\USB3Sw32: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/04/17 16:41:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 21:41:23 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Sean\My Documents\My Safe
[2012/03/31 21:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/03/31 21:07:10 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/31 21:07:10 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/31 21:07:06 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/31 21:07:05 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/31 21:07:05 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/31 21:07:03 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/31 21:07:03 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/31 21:07:02 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/03/31 21:06:31 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/31 21:06:30 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/31 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/31 21:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/30 12:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Desktop\cartoon art
[2012/03/29 18:01:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Start Menu\Programs\HiJackThis
[2012/03/25 21:09:59 | 000,429,928 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912.dll
[2012/03/25 21:09:59 | 000,270,696 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912LM.dll
[2012/03/25 21:09:58 | 000,216,424 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5912.dll
[2012/03/25 21:09:21 | 001,946,472 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8600.dll
[2012/03/25 21:09:21 | 000,488,808 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8600.dll
[2012/03/25 21:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Local Settings\Application Data\HP
[2012/03/21 09:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2012/03/21 06:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/21 06:32:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/03/20 23:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/20 23:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/18 19:40:48 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/03/18 19:35:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Sean\Recent
[2012/03/18 19:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GridinSoft Trojan Killer
[2012/03/18 19:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/03/13 12:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Start Menu\Programs\Notepad++
[2012/03/13 12:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2012/03/13 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/03/13 12:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Sean\Application Data\Notepad++
[2012/03/08 18:21:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 30 Days ==========

[2012/04/03 21:41:45 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2012/04/03 21:40:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/03 21:39:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/03 21:39:49 | 2137,313,280 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 20:18:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/04/02 19:38:20 | 000,364,067 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\mdl-logo.png
[2012/04/02 17:18:22 | 000,002,225 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartFTP Client.lnk
[2012/04/01 22:13:08 | 000,045,888 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\scan-results.jpg
[2012/03/31 23:52:06 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Sean\Desktop\HiJackThis.lnk
[2012/03/31 21:07:11 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/31 21:07:04 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/31 20:57:34 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\MBR.dat
[2012/03/31 06:25:57 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Sean\defogger_reenable
[2012/03/30 14:46:20 | 000,218,736 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Admin-hdr.png
[2012/03/29 05:57:30 | 000,000,882 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/28 09:50:13 | 000,013,428 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\CP575_1332942575738.pdf
[2012/03/25 21:12:01 | 000,000,057 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/03/22 20:46:00 | 000,344,656 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\Publication2.pdf
[2012/03/22 07:53:41 | 000,492,382 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/22 07:53:41 | 000,090,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/21 18:11:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/20 23:53:51 | 000,115,686 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/20 23:53:51 | 000,000,198 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/19 09:25:33 | 000,413,653 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\l2t.pdf
[2012/03/18 19:33:31 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\wLpM3r5cJiQouR.lic
[2012/03/10 11:21:32 | 000,002,193 | ---- | M] () -- C:\Documents and Settings\Sean\My Documents\namecheap transfer.rtf
[2012/03/06 19:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/03/06 19:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/03/06 19:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/03/06 19:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/03/06 19:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/03/06 19:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/03/06 19:01:39 | 000,095,704 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/03/06 19:01:35 | 000,089,048 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/03/06 19:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/03/06 18:58:29 | 000,024,920 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

========== Files Created - No Company Name ==========

[2012/04/02 19:38:19 | 000,364,067 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\mdl-logo.png
[2012/04/01 22:13:07 | 000,045,888 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\scan-results.jpg
[2012/03/31 21:07:11 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/03/31 20:57:34 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\MBR.dat
[2012/03/31 06:25:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Sean\defogger_reenable
[2012/03/30 14:46:20 | 000,218,736 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Admin-hdr.png
[2012/03/29 18:01:25 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Sean\Desktop\HiJackThis.lnk
[2012/03/28 09:50:13 | 000,013,428 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\CP575_1332942575738.pdf
[2012/03/25 21:12:01 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/03/22 20:46:00 | 000,344,656 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\Publication2.pdf
[2012/03/20 23:53:51 | 000,115,686 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/03/20 23:53:51 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/03/19 09:25:33 | 000,413,653 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\l2t.pdf
[2012/03/18 21:04:21 | 2137,313,280 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/18 19:33:31 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\wLpM3r5cJiQouR.lic
[2012/03/10 11:21:32 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\Sean\My Documents\namecheap transfer.rtf
[2012/01/06 10:13:40 | 000,015,466 | -HS- | C] () -- C:\Documents and Settings\Sean\Local Settings\Application Data\mr1520oc8rid55h86s636ql4g5o1xusso204islm3y44sp
[2012/01/06 10:13:40 | 000,015,466 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mr1520oc8rid55h86s636ql4g5o1xusso204islm3y44sp
[2011/12/11 19:02:08 | 001,167,360 | ---- | C] () -- C:\WINDOWS\System32\HPM1210SM.exe
[2011/12/11 19:02:08 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\HPM1210LM.DLL
[2011/12/11 19:02:08 | 000,046,592 | R--- | C] () -- C:\WINDOWS\System32\HPM1210SMs.dll
[2011/12/11 19:02:05 | 000,013,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\HPM1210FAX.sys
[2011/12/11 19:01:59 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\m1210wia.dll
[2011/12/11 19:01:55 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2011/12/11 18:58:40 | 000,284,672 | R--- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2011/06/29 13:23:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/29 13:23:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/29 13:23:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/29 13:23:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/29 13:23:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/26 22:10:12 | 000,068,294 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
[2011/06/26 22:10:11 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
[2011/06/25 23:10:37 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Dboyutaz.dat
[2011/06/25 23:10:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Nheluxaf.bin
[2011/06/12 21:40:26 | 000,000,181 | ---- | C] () -- C:\WINDOWS\civ.ini
[2011/04/13 06:13:07 | 000,018,154 | -HS- | C] () -- C:\Documents and Settings\Sean\Local Settings\Application Data\3266532834
[2011/04/13 06:13:07 | 000,018,154 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3266532834
[2011/02/16 16:36:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 14:51:12 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fusioncache.dat
[2010/08/29 11:40:24 | 000,030,424 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2010/08/29 10:23:53 | 000,020,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/23 11:49:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:51 PM

Posted 04 April 2012 - 12:54 AM

I want you to uninstall firefox and if asked about user data or settings I want that removed also - then reinstall firefox and see if it still redirects


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 osap1968

osap1968
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:04:51 PM

Posted 04 April 2012 - 02:23 AM

Still redirecting




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users