Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccessRK Infection SWW


  • This topic is locked This topic is locked
16 replies to this topic

#1 SWWeatherGuy

SWWeatherGuy

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 16 October 2013 - 10:47 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 1.6.0_45

Run by DTSAdmin at 21:36:50 on 2013-10-16

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4046.2475 [GMT -6:00]

.

AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2014\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\vcsFPService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

C:\Program Files (x86)\Comodo\BackUp\CmdBkSvc.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe

C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe

C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\WxEx\WxEx.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\AVG\AVG2014\avgui.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\webmakerplus\webmakerplus.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mWinlogon: Userinit = userinit.exe,

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"

mRun: [QLBController] c:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [NUSB3MON] "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Program Files (x86)\PrintKey2000\Printkey2000.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Program Files (x86)\WxEx\WxEx.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Windows\System: CompatibleRUPSecurity = dword:1

mPolicies-Windows\System: UseOEMBackground = dword:1

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

LSP: C:\Windows\System32\webmakerplus.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab

TCP: NameServer = 192.168.78.58 192.168.78.58

TCP: Interfaces\{41511CA7-3EC0-4E1E-B156-DCB5590FB226} : DHCPNameServer = 192.168.78.58 192.168.78.58

TCP: Interfaces\{41511CA7-3EC0-4E1E-B156-DCB5590FB226}\053534 : DHCPNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{41511CA7-3EC0-4E1E-B156-DCB5590FB226}\05F4351405 : DHCPNameServer = 192.168.58.1

TCP: Interfaces\{41511CA7-3EC0-4E1E-B156-DCB5590FB226}\05F4351405D25374 : DHCPNameServer = 192.168.58.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages =  msv1_0 ZenV1_0

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [Ztoolkit.Mainrun] <no file>

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} -

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-9-2 192824]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-9-2 294712]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-8-20 123704]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-8 31544]

R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-9-25 148792]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-9-2 241464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-9-2 212280]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-29 46368]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-7-5 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-22 235520]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-3 3538480]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-25 301152]

R2 ComodoBackupService;ComodoBackupService;C:\Program Files (x86)\Comodo\BackUp\CmdBkSvc.exe [2013-7-5 1023488]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-2-28 92216]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]

R2 TeamViewer4;TeamViewer 4;C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2010-9-3 185640]

R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-3-24 3161904]

R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [2013-10-1 1734680]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]

R3 webmakerplus;webmakerplus;C:\Program Files (x86)\webmakerplus\webmakerplus.exe [2013-9-17 4153344]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-6-8 71168]

S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-3-8 174680]

S3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-2-9 26712]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-10-15 91352]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-7 19456]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-7 29696]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-7 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-7 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-20 1255736]

.

=============== Created Last 30 ================

.

2013-10-16 05:00:23 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-10-16 05:00:22 116440 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2013-10-16 04:48:06 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-10-12 03:08:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-10-12 02:31:28 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-10-12 02:31:28 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-10-12 02:31:28 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-10-12 02:31:28 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-10-12 02:31:28 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-10-12 02:31:28 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-10-12 02:31:28 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-10-12 01:29:04 65536 ----a-w- C:\Windows\SysWow64\updCA15dll

2013-10-12 01:29:04 0 ----a-w- C:\Windows\SysWow64\updCA15.tmp

2013-10-12 01:29:03 0 ----a-w- C:\Windows\SysWow64\updC7F2.tmp

2013-10-12 01:29:02 0 ----a-w- C:\Windows\SysWow64\updC533.tmp

2013-10-12 01:28:42 430080 ----a-w- C:\Windows\System32\webmakerplus64.dll

2013-10-12 01:28:36 364544 ----a-w- C:\Windows\SysWow64\webmakerplus.dll

2013-10-12 01:28:35 -------- d-----w- C:\Program Files (x86)\webmakerplus

2013-10-12 01:28:05 -------- d-----w- C:\ProgramData\Conduit

2013-10-12 01:27:51 -------- d-----w- C:\Program Files (x86)\SearchProtect

2013-10-12 01:27:43 -------- d-----w- C:\Users\Administrator\AppData\Local\CRE

2013-10-12 01:27:42 -------- d-----w- C:\Program Files (x86)\Conduit

2013-10-12 01:25:42 -------- d-----w- C:\Users\Administrator\AppData\Roaming\xVidly

2013-10-12 01:24:32 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Video Media Download

2013-10-12 01:24:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\5258a50d160ba02b0200a602

2013-10-11 00:31:10 -------- d-----w- C:\Install

2013-10-11 00:30:49 -------- d-----w- C:\Windows\SysWow64\Silabs

2013-10-10 09:39:59 185344 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2013-09-28 23:52:35 -------- d-----w- C:\Users\Administrator\AppData\Local\Octoshape

2013-09-28 23:52:34 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Octoshape

2013-09-26 03:07:30 148792 ----a-w- C:\Windows\System32\drivers\avgdiska.sys

2013-09-22 05:08:48 -------- d-----w- C:\Users\Administrator\AppData\Roaming\AVG2014

2013-09-22 05:05:49 -------- d-----w- C:\ProgramData\AVG2014

2013-09-21 19:31:34 -------- d-----w- C:\Users\Administrator\AppData\Local\Avg2014

.

==================== Find3M  ====================

.

2013-10-12 01:17:53 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-12 01:17:53 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-10-02 02:51:09 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll

2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-09-09 04:11:42 31544 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

2013-09-02 16:59:14 212280 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-09-02 16:29:18 294712 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-09-02 16:26:50 192824 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-09-02 16:26:42 241464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll

2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll

2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll

2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys

2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2013-08-21 04:53:58 123704 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-08-07 20:11:44 7680037 ----a-w- C:\xvidly.exe

2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe

2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2013-08-01 22:07:06 251192 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

.

============= FINISH: 21:37:06.66 ===============

 



BC AdBot (Login to Remove)

 


#2 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 16 October 2013 - 10:52 PM

FYI: I came from here:

http://www.bleepingcomputer.com/forums/t/510618/browsers-talking-to-unknown-sites-and-getting-popups-etc/



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 17 October 2013 - 01:54 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#4 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 October 2013 - 02:54 PM

Thank you for your assistance.  I've downloaded and run a FRST64 scan, below is the FRST.txt and attached is Addition.txt.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by DTSAdmin (administrator) on SRR1-eb8560p on 17-10-2013 13:48:29
Running from C:\Users\Administrator\Desktop\MalwareFix\ZeroAccessRK
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AMD) C:\Windows\system32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(COMODO) C:\Program Files (x86)\Comodo\BackUp\CmdBkSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(webmakerplus LTD) C:\Program Files (x86)\webmakerplus\webmakerplus.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Ztoolkit.Mainrun] - [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)
HKLM\...\Run: [UniPrint Client Init] - C:\Program Files (x86)\UniPrint Suite\Client\UPCInit.exe [203624 2011-11-28] (UniPrint)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-20] (IDT, Inc.)
HKCU\...\Run: [BackgroundSwitcher] - C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [120424 2013-05-20] (johnsadventures.com)
HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [312376 2011-04-15] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-07-05] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636072 2012-10-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-01] ()
HKU\Default\...\Run: [BackgroundSwitcher] - C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [120424 2013-05-20] (johnsadventures.com)
HKU\Default User\...\Run: [BackgroundSwitcher] - C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [120424 2013-05-20] (johnsadventures.com)
Lsa: [Authentication Packages] msv1_0 ZenV1_0

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7F09F434E923CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM-x32 - DefaultScope {F793F656-59F6-4150-8E16-15EB9DA58D5D} URL =
SearchScopes: HKCU - DefaultScope {F793F656-59F6-4150-8E16-15EB9DA58D5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295548&CUI=UN10710815961821212&UM=2
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={FBD6B720-01E6-434A-A4AE-81BB4A2AA90C}&mid=9fa9335e073f47d3ab781d1be99e18ca-e44e938890dfc607cb9d9cae253aac3f7219c139&lang=en&ds=AVG&pr=fr&d=2013-09-08 14:22:54&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {F793F656-59F6-4150-8E16-15EB9DA58D5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295548&CUI=UN10710815961821212&UM=2
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
ShellExecuteHooks: ZENworks Adaptive Agent - {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files (x86)\Novell\ZENworks\bin\NalShell.dll No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\webmakerplus.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 02 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 03 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 04 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Winsock: Catalog9-x64 16 C:\Windows\system32\webmakerplus64.dll [430080] (Sweesh LTD)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.78.58 192.168.78.58

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A"]},"sync":{"suppress_start":true},"sync_promo":{"startup_count":1,"user_skipped":true},"variations_seed":"Cig0MTljNTI5YmVjYTMxMDQzODdlMmUyNTU4YmM1YzA3NTIyMzNjM2U2EpoBCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKGAoTQXN5bmNEbnNOb0ZhbGxiYWNrQRCQA0oYChNBc3luY0Ruc05vRmFsbGJhY2tCEJADSg0KCUFzeW5jRG5zQRBLSg0KCUFzeW5jRG5zQhBLUggSBDI2LiooAxJuCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKDQoJQXN5bmNEbnNBEBlKDQoJQXN5bmNEbnNCEBlSEBIEMjkuKiAAIAEoACgBKAISagoIQXN5bmNEbnMYxIzDjgU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEDJKDgoKU3lzdGVtRG5zQhAySg0KCUFzeW5jRG5zQRAySg0KCUFzeW5jRG5zQhAyUgwSBDI4LiogAigBKAISPAoIQXN5bmNEbnMYxMnmjwU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEAFSDBIEMjYuKiADKAEoAhKPAQoaQXV0b2NvbXBsZXRlRHluYW1pY1RyaWFsXzAYgMPQjAU4AUITTGl2ZVNwZWxsaW5nQ29udHJvbEogChZMaXZlU3BlbGxpbmdFeHBlcmltZW50ELYHGIaEygFKHAoTTGl2ZVNwZWxsaW5nQ29udHJvbBAyGIeEygFSFBIEMjYuKiAAIAEgAiADKAAoASgCEtIBChpBdXRvY29tcGxldGVEeW5hbWljVHJpYWxfMRiAhNyPBTgBQg5EZWZhdWx0Q29udHJvbEodChREaXNhYmxlZFByb3ZpZGVyc18xNhAKGJeEygFKGwoSTmF2U3VnZ2VzdERlbW90aW9uEAoYmYTKAUoiChlOYXZTdWdnZXN0RGVtb3Rpb25Db250cm9sEAoYmoTKAUoYCg5EZWZhdWx0Q29udHJvbBDiBxibhMoBUhwSDDI2LjAuMTQxMC4xORoEMjguKiADKAAoASgCWI3Qj48CEn4KGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8yGICn4Y8FOAFCDkRlZmF1bHRDb250cm9sSh0KFEVuYWJsZUN1cnNvclBvc2l0aW9uEAEYlYTKAUoXCg5EZWZhdWx0Q29udHJvbBAEGJaEygFSEBIEMjguKiABIAIoACgBKAISygEKGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8zGICE3I8FOAFCDkRlZmF1bHRDb250cm9sSiEKGEVuYWJsZVplcm9TdWdnZXN0UXVlcmllcxAAGJGEygFKHgoVRW5hYmxlWmVyb1N1Z2dlc3RVcmxzEAAYkoTKAUolChxFbmFibGVaZXJvU3VnZ2VzdFF1ZXJpZXNVcmxzEAAYk4TKAUoYCg5EZWZhdWx0Q29udHJvbBDoBxiUhMoBUhASBDI5LiogACABKAAoASgCEpIBChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxMfyjgU4AEICTm9KDAoIQ29udHJvbEEQBUoMCghDb250cm9sQhAFSggKBDEwMEEQBUoICgQxMDBCEAVKCAoEMjAwQRAFSggKBDIwMEIQBUoICgQ0MDBBEAVKCAoENDAwQhAFSgYKAk5vEDxSChIEMjguKiACKAQSmgEKGENhY2hlU2Vuc2l0aXZpdHlBbmFseXNpcxjEyv2KBTgAQgJOb0oGCgJObxAkSgwKCENvbnRyb2xBEAhKDAoIQ29udHJvbEIQCEoICgQxMDBBEAhKCAoEMTAwQhAISggKBDIwMEEQCEoICgQyMDBCEAhKCAoENDAwQRAISggKBDQwMEIQCFISEgQyNS4qIAAgASACKAAoASgCEp0BChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxLLTigU4AEICTm9KBwoCTm8Q4AdKDAoIQ29udHJvbEEQAUoMCghDb250cm9sQhABSggKBDEwMEEQAUoICgQxMDBCEAFKCAoEMjAwQRABSggKBDIwMEIQAUoICgQ0MDBBEAFKCAoENDAwQhABUhQIgKe+igUSBDI1LiogAygAKAEoAhJICg9EM0QxMUV4cGVyaW1lbnQYgJKIlgU4AUIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQAEoLCgdFbmFibGVkEGRSCBIEMjkuKigAElQKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQgdFbmFibGVkSgwKCERpc2FibGVkEABKDAoHRW5hYmxlZBDoB1IIIAAgASACKAQSUQobRGF0YUNvbXByZXNzaW9uUHJveHlSb2xsb3V0GMSCl7QFOAFCCERpc2FibGVkSg0KCERpc2FibGVkEN4HSgsKB0VuYWJsZWQQClIEIAMoBBJUChtEYXRhQ29tcHJlc3Npb25Qcm94eVJvbGxvdXQYxIKXtAU4AUIHRW5hYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSCCAAIAEgAigFElEKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQghEaXNhYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSBCADKAUSRAoRRG5zUHJvYmUtQXR0ZW1wdHMYgLWNlgU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EFpKBQoBMRAKUgoSBDI1LiogACABEkcKD0Ruc1Byb2JlLUVuYWJsZRiAtY2WBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQAEoKCgZlbmFibGUQZFIKEgQyNS4qIAAgARJjCiNVTUEtRHluYW1pYy1CaW5hcnktVW5pZm9ybWl0eS1UcmlhbBiAnJKlBTgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQARiptskBShEKCGdyb3VwXzAxEAEYqrbJAVIGIAAgASACEl8KI1VNQS1EeW5hbWljLUJpbmFyeS1Vbmlmb3JtaXR5LVRyaWFsGICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBBjGKm2yQFKEQoIZ3JvdXBfMDEQARiqtskBUgIgAxJXChRGb3JjZUNvbXBvc2l0aW5nTW9kZRiAkoiWBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQZEoLCgdlbmFibGVkEABKCgoGdGhyZWFkEABSCBIEMjQuKigCElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyOC4qKAESWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEGRKCwoHZW5hYmxlZBAASgoKBnRocmVhZBAAUgoaBDI3LiogAygBElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyNC4qKAASWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEABKCwoHZW5hYmxlZBAySgoKBnRocmVhZBAyUgoSBDI0LiogAygAErcBCglHb29nbGVOb3c4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKCgoGRW5hYmxlEABKCwoHQ29udHJvbBAASjMKD0Rpc2FibGVkVmlhRmxhZxAAKh5kaXNhYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25KMQoORW5hYmxlZFZpYUZsYWcQACodZW5hYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25SESAAIAEoACgBKAMyBWVuLVVTEosBCg1Ib3N0Q2FjaGVTaXplGMTNiIcFOABCB0RlZmF1bHRKCwoHRGVmYXVsdBAASggKBDEwMEEQCkoICgQxMDBCEApKCAoEMzAwQRAKSggKBDMwMEIQCkoJCgUxMDAwQRAKSgkKBTEwMDBCEApKCQoFMzAwMEEQCkoJCgUzMDAwQhAKUggSBDI1LiooAxKTAQoNSG9zdENhY2hlU2l6ZRjErPeHBTgAQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoICgQxMDBBEApKCAoEMTAwQhAKSggKBDMwMEEQCkoICgQzMDBCEApKCQoFMTAwMEEQCkoJCgUxMDAwQhAKSgkKBTMwMDBBEApKCQoFMzAwMEIQClIQEgQyNS4qIAAgASgAKAEoAhJECg1JbmZpbml0ZUNhY2hlGMS0jZYFOAFCAk5vSgcKAk5vENQHSgcKA1llcxAKSgsKB0NvbnRyb2wQClIIIAIoACgBKAISRgoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxCEB0oHCgNZZXMQMkoLCgdDb250cm9sEDJSCiAAIAEoACgBKAISRAoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxDmB0oHCgNZZXMQAUoLCgdDb250cm9sEAFSCCADKAAoASgCEt8ECgxJbnN0YW50RHVtbXkYgITcjwU4AUIMRGVmYXVsdEdyb3VwSi8KIUR1bW15R3JvdXAxIGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMeFygEgx4XKAUovCiFEdW1teUdyb3VwMiBjaGFubmVsOnN0YWJsZSBtb2RzOjEQARjIhcoBIMiFygFKLwohRHVtbXlHcm91cDMgY2hhbm5lbDpzdGFibGUgbW9kczoxEAEYyYXKASDJhcoBSi8KIUR1bW15R3JvdXA0IGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMqFygEgyoXKAUovCiFEdW1teUdyb3VwNSBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjLhcoBIMuFygFKLwohRHVtbXlHcm91cDYgY2hhbm5lbDpzdGFibGUgbW9kczo5EAkYzIXKASDMhcoBSi8KIUR1bW15R3JvdXA3IGNoYW5uZWw6c3RhYmxlIG1vZHM6ORAJGM2FygEgzYXKAUovCiFEdW1teUdyb3VwOCBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjOhcoBIM6FygFKMQojRHVtbXlHcm91cDkgY2hhbm5lbDpzdGFibGUgbW9kczoxMDAQZBjPhcoBIM+FygFKMgokRHVtbXlHcm91cDEwIGNoYW5uZWw6c3RhYmxlIG1vZHM6MTAwEGQY0IXKASDQhcoBSioKG0R1bW15UGFkZGluZyBjaGFubmVsOnN0YWJsZRD4BRjRhcoBINGFygFKEAoMRGVmYXVsdEdyb3VwEABSDBIEMjcuKiADKAAoARKkAgoPSW5zdGFudEV4dGVuZGVkGIDB/5AFOAFCDERlZmF1bHRHcm91cEo+Ci9Hcm91cDEgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6YmV0YRD6ARi9hcoBIL2FygFKRwo4R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmJldGEQ+gEYvoXKASC+hcoBSiQKFUNvbnRyb2wxIGNoYW5uZWw6YmV0YRD6ARi/hcoBIL+FygFKJAoVQ29udHJvbDIgY2hhbm5lbDpiZXRhEPoBGMCFygEgwIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOS4qIAIoACgBKANY2o+ihwkSpgIKD0luc3RhbnRFeHRlbmRlZBiA6r2OBTgBQgxEZWZhdWx0R3JvdXBKQAoxR3JvdXAxIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARjng8oBIOeDygFKSQo6R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARiEhMoBIISEygFKJgoXQ29udHJvbDEgY2hhbm5lbDpjYW5hcnkQ+gEY6IPKASDog8oBSiYKF0NvbnRyb2wyIGNoYW5uZWw6Y2FuYXJ5EPoBGIKEygEggoTKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOC4qIAAoACgBKAMSsQIKD0luc3RhbnRFeHRlbmRlZBiAhNyPBTgBQgxEZWZhdWx0R3JvdXBKJQoXQ29udHJvbDEgbTI5ZGV2MjpuYXRpdmUQARjWhcoBINaFygFKJQoXQ29udHJvbDIgbTI5ZGV2MjpuYXRpdmUQARjXhcoBINeFygFKPwoxR3JvdXAxIG0yOWRldjI6bmF0aXZlIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MRABGNiFygEg2IXKAUpICjpHcm91cDIgbTI5ZGV2MjpuYXRpdmUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGVzcHY6MjA1EAEY2YXKASDZhcoBShAKDERlZmF1bHRHcm91cBAAUhcSCTI5LjAuMTUzNRoEMjkuKiABKAAoA1jpib/HChKLAwoPSW5zdGFudEV4dGVuZGVkGICE3I8FOAFCDERlZmF1bHRHcm91cEpRCkNHcm91cDEgZXNwdjoyMDUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6c3RhYmxlIERJU0FCTEVEEAEYwYXKASDBhcoBSlEKQ0dyb3VwMiBlc3B2OjIwNSB1c2VfcmVtb3RlX250cF9vbl9zdGFydHVwOjEgY2hhbm5lbDpzdGFibGUgRElTQUJMRUQQCRjFhcoBIMWFygFKJgoXUGFkZGluZzEgY2hhbm5lbDpzdGFibGUQ6gMYwoXKASDChcoBSiUKF0NvbnRyb2wxIGNoYW5uZWw6c3RhYmxlEAEYw4XKASDDhcoBSiUKF0NvbnRyb2wyIGNoYW5uZWw6c3RhYmxlEAkYxoXKASDGhcoBSiYKF1BhZGRpbmcyIGNoYW5uZWw6c3RhYmxlEOoDGMSFygEgxIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIMEgQyNy4qIAMoACgBEo4CChZJbnRlcnN0aXRpYWxNYWx3YXJlMzEwGMDpw5MFOAFCB0RlZmF1bHRKFwoTY29uZDFNYWx3YXJlQ29udHJvbBADShcKE2NvbmQyTWFsd2FyZU5vQnJhbmQQA0oXChNjb25kNU1hbHdhcmVPbmVTdGVwEANKFwoTY29uZDdNYWx3YXJlRmVhck1zZxADShkKFWNvbmQ5TWFsd2FyZUNvbGxhYk1zZxADShkKFWNvbmQxMU1hbHdhcmVRdWVzdGlvbhADShcKE2NvbmQxM01hbHdhcmVHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEpcCChdJbnRlcnN0aXRpYWxQaGlzaGluZzU2NBjA6cOTBTgBQgdEZWZhdWx0ShgKFGNvbmQzUGhpc2hpbmdDb250cm9sEANKGAoUY29uZDRQaGlzaGluZ05vQnJhbmQQA0oYChRjb25kNlBoaXNoaW5nT25lU3RlcBADShgKFGNvbmQ4UGhpc2hpbmdGZWFyTXNnEANKGwoXY29uZDEwUGhpc2hpbmdDb2xsYWJNc2cQA0oaChZjb25kMTJQaGlzaGluZ1F1ZXN0aW9uEANKGAoUY29uZDE0UGhpc2hpbmdHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEqQCChJJbnRlcnN0aXRpYWxTU0w1MTcYwOnDkwU4AUIHRGVmYXVsdEoZChVDb25kaXRpb24xNVNTTENvbnRyb2wQA0oZChVDb25kaXRpb24xNlNTTEZpcmVmb3gQA0oeChpDb25kaXRpb24xN1NTTEZhbmN5RmlyZWZveBADShoKFkNvbmRpdGlvbjE4U1NMTm9JbWFnZXMQA0obChdDb25kaXRpb24xOVNTTFBvbGljZW1hbhADShsKF0NvbmRpdGlvbjIwU1NMU3RvcGxpZ2h0EANKGAoUQ29uZGl0aW9uMjFTU0xCYWRndXkQA0oMCgdEZWZhdWx0ELMBUikIwNmjjAUSCzI5LjAuMTU0My4qKAAoASgCKAMyBWVuLVVTMgVlbi1HQhJRChFNYW5hZ2VkTW9kZUxhdW5jaBiA88eSBTgBQghJbmFjdGl2ZUoKCgZBY3RpdmUQZEoMCghJbmFjdGl2ZRAAUhASBDI5LiogACABKAAoASgCEk0KEU1hbmFnZWRNb2RlTGF1bmNoGIDzx5IFOAFCCEluYWN0aXZlSgoKBkFjdGl2ZRBkSgwKCEluYWN0aXZlEABSDBIEMjkuKiAAIAEoAxKwAgoYTW9zdFZpc2l0ZWRUaWxlUGxhY2VtZW50GICtmo0FOAFCB0RlZmF1bHRKFgoST25lRWlnaHRfQV9GbGlwcGVkEANKFgoST25lRWlnaHRfQl9GbGlwcGVkEANKFgoST25lRWlnaHRfQ19GbGlwcGVkEANKFgoST25lRWlnaHRfRF9GbGlwcGVkEANKFQoRT25lRm91cl9BX0ZsaXBwZWQQA0oVChFPbmVGb3VyX0JfRmxpcHBlZBADShUKEU9uZUZvdXJfQ19GbGlwcGVkEANKFQoRT25lRm91cl9EX0ZsaXBwZWQQA0oLCgdDb250cm9sEANKFAoQRG9udFNob3dPcGVuVGFicxADSgsKB0RlZmF1bHQQRlIXEgsyOC4wLjE0OTYuMCABKAAoASgCKAMSlAEKFE1vdXNlRXZlbnRQcmVjb25uZWN0GMS0jZYFOABCCERpc2FibGVkSg0KCU1vdXNlRG93bhAKSg0KCU1vdXNlT3ZlchAAShIKDlRhcFVuY29uZmlybWVkEABKCwoHVGFwRG93bhAASgsKB0NvbnRyb2wQCkoMCghEaXNhYmxlZBBQUhASBDI5LiogACABKAAoASgCEl0KDE5ld01lbnVTdHlsZRiA0J+NBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoNCghOZXdTdHlsZRDmB0oMCghPbGRTdHlsZRACUhISBDI2LioaBDI3LiogAygAKAMSfgoMTmV3TWVudVN0eWxlGICn4Y8FOAFCB0RlZmF1bHRKCwoHRGVmYXVsdBA8SgwKCENvbXBhY3QxEApKDAoIQ29tcGFjdDIQCkoSCg5IaWdoZXJDb250cmFzdBAKShAKDENvbnRyb2xHcm91cBAKUg4SBDI4LiogASAAKAAoAxJ+CgxOZXdNZW51U3R5bGUYgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGBKDAoIQ29tcGFjdDEQAUoMCghDb21wYWN0MhABShIKDkhpZ2hlckNvbnRyYXN0EAFKEAoMQ29udHJvbEdyb3VwEAFSDhIEMjkuKiADIAIoACgDElcKDE5ld1RhYkJ1dHRvbhiAtY2WBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQYkoLCgdDb250cm9sEAFKCAoEUGx1cxABUhISDDIxLjAuMTE4MC4xNSADKAASzQEKHk9tbmlib3hSZXBsYWNlSFVQQW5kTmV3U2NvcmluZxjAhbOQBTgBQghTdGFuZGFyZEoMCghTdGFuZGFyZBA8Sg0KCVN0YW5kYXJkMhAKSh0KGUhRUC1wb3N0cGVyaW9kLVJlcGxhY2VIVVAQCkoOCgpOZXdTY29yaW5nEApKNAowSFFQLXBvc3RwZXJpb2QtUmVwbGFjZUhVUF9OZXctcG9zdHBlcmlvZC1TY29yaW5nEApSFwjAn4uHBRILMjguMC4xNDk5LiogASACEmkKF09tbmlib3hTaG9ydGN1dHNTY29yaW5nGMTClpcFOAFCCFN0YW5kYXJkSgwKCFN0YW5kYXJkEFpKFQoRTWF4UmVsZXZhbmNlXzEzOTkQClIXCMSAro4FEgsyOS4wLjE1NDcuMCABIAISZQoQT21uaWJveFN0b3BUaW1lchjA0ZmTBTgBQghTdGFuZGFyZEoSCghTdGFuZGFyZBD0Axi3hcoBShYKDFVzZVN0b3BUaW1lchD0Axi4hcoBUhMIwMzUiwUSCzI4LjAuMTQ4OC4wEmYKF1ByZXJlbmRlckxvY2FsUHJlZGljdG9yGMSHoYwFOABCCERpc2FibGVkSg0KCERpc2FibGVkENQHSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApSEBIEMjUuKiADIAIoACgBKAISZgoXUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3IYxLSNlgU4AEIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQZEoMCgdFbmFibGVkEKAGSgsKB0NvbnRyb2wQZFIQEgQyNS4qIAAgASgAKAEoAhJwCi5QcmVyZW5kZXJMb2NhbFByZWRpY3Rvck1heENvbmN1cnJlbnRQcmVyZW5kZXJzGMS0jZYFOAFCATFKBQoBMRAUSgUKATIQFEoFCgEzEBRKBQoBNBAUSgUKATUQFFIQEgQyOS4qIAAgASgAKAEoAhJxCjtQcmVyZW5kZXJMb2NhbFByZWRpY3RvclByZXJlbmRlclByaW9yaXR5SGFsZkxpZmVUaW1lU2Vjb25kcxjEtI2WBTgBQgEwSgUKATAQMkoGCgIzMBAZSgYKAjYwEBlSEBIEMjkuKiAAIAEoACgBKAISbgoqUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3JQcmVyZW5kZXJUVExTZWNvbmRzGMS0jZYFOAFCAzE4MEoHCgMxODAQNEoHCgMxMjAQEEoHCgMyNDAQEEoGCgI2MBAQUhASBDI5LiogACABKAAoASgCEqUBCg9Qcm9ncmVzc2l2ZVNjYW4YxLSNlgU4AUIIRGlzYWJsZWRKFQoRMzNQZXJjZW50XzRNaW5NYXgQHkoVChE1MFBlcmNlbnRfNE1pbk1heBAeShUKETUwUGVyY2VudF84TWluTWF4EB5KFgoSMTAwUGVyY2VudF84TWluTWF4EB5KDAoIRnVsbFNjYW4QHkoNCghEaXNhYmxlZBDSBlIGIAAgASgDEpkBCgRRVUlDGMTnpogFOABCCERpc2FibGVkSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApKDAoIRGlzYWJsZWQQUEoeCg1FbmFibGVkQnlGbGFnEAAqC2VuYWJsZS1xdWljSiAKDkRpc2FibGVkQnlGbGFnEAAqDGRpc2FibGUtcXVpY1IVEgsyOS4wLjE1NDYuMCAAKAAoASgCEjYKDlNCSW50ZXJzdGl0aWFsGMDSjYkFOAFCAlYxSgYKAlYxEAFKBgoCVjIQY1IIKAAoASgCKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y/ITKAUoVCgxhbHQtbG9jYXRpb24QDxiChcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIiFygFSFRILMjcuMC4xNDUzLiogAigAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj/hMoBShUKDGFsdC1sb2NhdGlvbhAPGIWFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8Yi4XKAVIREgsyNy4wLjE0NTMuKiACKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y+oTKAUoVCgxhbHQtbG9jYXRpb24QDxiAhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIaFygFSFRILMjcuMC4xNDUzLiogASgAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj9hMoBShUKDGFsdC1sb2NhdGlvbhAPGIOFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8YiYXKAVIREgsyNy4wLjE0NTMuKiABKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQPBiphcoBShAKB2NvbnRyb2wQChj4hMoBShEKCGFsdC10ZXh0EAoY+4TKAUoVCgxhbHQtbG9jYXRpb24QChiBhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAKGIeFygFSFRILMjcuMC4xNDUzLiogAygAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBA8GKmFygFKEAoHY29udHJvbBAKGPmEygFKEQoIYWx0LXRleHQQChj+hMoBShUKDGFsdC1sb2NhdGlvbhAKGISFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEAoYioXKAVIREgsyNy4wLjE0NTMuKiADKAMSdQoUU2hvd0FwcExhdW5jaGVyUHJvbW84AUIHRGVmYXVsdEogChdTaG93UHJvbW9VbnRpbERpc21pc3NlZBAyGJ6GygFKGwoSUmVzZXRTaG93UHJvbW9QcmVmEDIYn4bKAUoLCgdEZWZhdWx0EABSBiAAIAEoABJiChNTaG93UHJvZmlsZVN3aXRjaGVyGMDK4IoFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBBQSgsKB2NvbnRyb2wQCkoOCgpBbHdheXNTaG93EApSEBIEMjYuKiAAIAEoACgBKAISVwoPU2lkZWxvYWRXaXBlb3V0GMScnYsFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEABKCwoHRW5hYmxlZBBkUhcSCzI1LjAuMTM2MC4qIAAgASACIAMoABJ3ChpTaWduSW5Ub0Nocm9tZUNvbmZpcm1hdGlvbhjAyuCKBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQUEoUChBjb250cm9sX0RJU0FCTEVEEApKEwoPQnViYmxlX0RJU0FCTEVEEApSEBIEMjYuKiAAIAEoACgBKAIShAEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxBkShEKDUV4cGVyaW1lbnRZZXMQAEoSCg5FeHBlcmltZW50WWVzMhAAShUKEUV4cGVyaW1lbnRDb250cm9sEABSChIEMjguKiACKAQShgEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxAAShEKDUV4cGVyaW1lbnRZZXMQUEoSCg5FeHBlcmltZW50WWVzMhAKShUKEUV4cGVyaW1lbnRDb250cm9sEApSDBIEMjguKiAAIAEoBBKVAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFRILMjUuMC4xMzY0LiogAigAKAEoAhKXAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFxILMjUuMC4xMzY0LiogACABKAAoASgCElIKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIVEgsyNi4wLjE0MDMuMCACIAEgACgAElQKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIXEgsyNi4wLjE0MDMuMCADIAIgASgCKAMSTgoKU3BlbGxjaGVjaxjE27SNBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQZEoPCgtTdWdnZXN0aW9ucxAAUhESCzI2LjAuMTQwMy4wIAMoABJPCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBC2B0oPCgtibGFja2xpc3RlZBAyUg4SBDIyLiogACABIAIoABJRCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBDoB0oPCgtibGFja2xpc3RlZBAAUhASBDIyLioaBDIyLiogAygAEmgKDUVuYWJsZVN0YWdlM0QYgN+/iQU4AUIPZW5hYmxlZF9kZWZhdWx0ShMKD2VuYWJsZWRfZGVmYXVsdBAASgwKB2VuYWJsZWQQ6AdKDwoLYmxhY2tsaXN0ZWQQAFIKEgQyMy4qIAMoABKrAgoLVGFiRXZpY3Rpb24YgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EABKCwoHQ29udHJvbBAKShEKDU1lbW9yeUtlZXBBbGwQAUoTCg9NZW1vcnlFdmljdEhhbGYQCkoTCg9NZW1vcnlLZWVwVGhyZWUQCkoUChBNZW1vcnlFdmljdFRocmVlEApKGAoUQmFja2dyb3VuZGluZ0tlZXBBbGwQCkoaChZCYWNrZ3JvdW5kaW5nRXZpY3RIYWxmEApKGAoUQmFja2dyb3VuZGluZ0tlZXBPbmUQCkobChdCYWNrZ3JvdW5kaW5nRXZpY3RUaHJlZRAKShIKDk5vUHJlcmVuZGVyaW5nEApKDwoLTm9RdWlja2JhY2sQClIMEgQyOS4qIAAgAigFEk4KE1Rlc3QwUGVyY2VudERlZmF1bHQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EABKDAoIZ3JvdXBfMDEQZEoLCgdkb2dmb29kEAAS2gEKHFVNQS1EeW5hbWljLVVuaWZvcm1pdHktVHJpYWwYgJySpQU4AUIHRGVmYXVsdEoUCgZHcm91cDEQARi/tskBIL+2yQFKFAoGR3JvdXAyEAkYwLbJASDAtskBShUKBkdyb3VwMxDqAxjBtskBIMG2yQFKFAoGR3JvdXA0EAEYwrbJASDCtskBShQKBkdyb3VwNRAJGMO2yQEgw7bJAUoVCgZHcm91cDYQ6gMYxLbJASDEtskBShUKB0RlZmF1bHQQABjFtskBIMW2yQFSDBIEMjcuKiADKAAoARK9AQofVU1BLVVuaWZvcm1pdHktVHJpYWwtMTAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABSgwKCGdyb3VwXzA1EAFKDAoIZ3JvdXBfMDYQAUoMCghncm91cF8wNxABSgwKCGdyb3VwXzA4EAFKDAoIZ3JvdXBfMDkQARKmDwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtMS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGKC1yQFKEQoIZ3JvdXBfMDEQARihtckBShEKCGdyb3VwXzAyEAEYorXJAUoRCghncm91cF8wMxABGKO1yQFKEQoIZ3JvdXBfMDQQARiktckBShEKCGdyb3VwXzA1EAEYpbXJAUoRCghncm91cF8wNhABGKa1yQFKEQoIZ3JvdXBfMDcQARintckBShEKCGdyb3VwXzA4EAEYqLXJAUoRCghncm91cF8wORABGKm1yQFKEQoIZ3JvdXBfMTAQARiqtckBShEKCGdyb3VwXzExEAEYq7XJAUoRCghncm91cF8xMhABGKy1yQFKEQoIZ3JvdXBfMTMQARittckBShEKCGdyb3VwXzE0EAEYrrXJAUoRCghncm91cF8xNRABGK+1yQFKEQoIZ3JvdXBfMTYQARiwtckBShEKCGdyb3VwXzE3EAEYsbXJAUoRCghncm91cF8xOBABGLK1yQFKEQoIZ3JvdXBfMTkQARiztckBShEKCGdyb3VwXzIwEAEYtLXJAUoRCghncm91cF8yMRABGLW1yQFKEQoIZ3JvdXBfMjIQARi2tckBShEKCGdyb3VwXzIzEAEYt7XJAUoRCghncm91cF8yNBABGLi1yQFKEQoIZ3JvdXBfMjUQARi5tckBShEKCGdyb3VwXzI2EAEYurXJAUoRCghncm91cF8yNxABGLu1yQFKEQoIZ3JvdXBfMjgQARi8tckBShEKCGdyb3VwXzI5EAEYvbXJAUoRCghncm91cF8zMBABGL61yQFKEQoIZ3JvdXBfMzEQARi/tckBShEKCGdyb3VwXzMyEAEYwLXJAUoRCghncm91cF8zMxABGMG1yQFKEQoIZ3JvdXBfMzQQARjCtckBShEKCGdyb3VwXzM1EAEYw7XJAUoRCghncm91cF8zNhABGMS1yQFKEQoIZ3JvdXBfMzcQARjFtckBShEKCGdyb3VwXzM4EAEYxrXJAUoRCghncm91cF8zORABGMe1yQFKEQoIZ3JvdXBfNDAQARjItckBShEKCGdyb3VwXzQxEAEYybXJAUoRCghncm91cF80MhABGMq1yQFKEQoIZ3JvdXBfNDMQARjLtckBShEKCGdyb3VwXzQ0EAEYzLXJAUoRCghncm91cF80NRABGM21yQFKEQoIZ3JvdXBfNDYQARjOtckBShEKCGdyb3VwXzQ3EAEYz7XJAUoRCghncm91cF80OBABGNC1yQFKEQoIZ3JvdXBfNDkQARjRtckBShEKCGdyb3VwXzUwEAEY0rXJAUoRCghncm91cF81MRABGNO1yQFKEQoIZ3JvdXBfNTIQARjUtckBShEKCGdyb3VwXzUzEAEY1bXJAUoRCghncm91cF81NBABGNa1yQFKEQoIZ3JvdXBfNTUQARjXtckBShEKCGdyb3VwXzU2EAEY2LXJAUoRCghncm91cF81NxABGNm1yQFKEQoIZ3JvdXBfNTgQARjatckBShEKCGdyb3VwXzU5EAEY27XJAUoRCghncm91cF82MBABGNy1yQFKEQoIZ3JvdXBfNjEQARjdtckBShEKCGdyb3VwXzYyEAEY3rXJAUoRCghncm91cF82MxABGN+1yQFKEQoIZ3JvdXBfNjQQARjgtckBShEKCGdyb3VwXzY1EAEY4bXJAUoRCghncm91cF82NhABGOK1yQFKEQoIZ3JvdXBfNjcQARjjtckBShEKCGdyb3VwXzY4EAEY5LXJAUoRCghncm91cF82ORABGOW1yQFKEQoIZ3JvdXBfNzAQARjmtckBShEKCGdyb3VwXzcxEAEY57XJAUoRCghncm91cF83MhABGOi1yQFKEQoIZ3JvdXBfNzMQARjptckBShEKCGdyb3VwXzc0EAEY6rXJAUoRCghncm91cF83NRABGOu1yQFKEQoIZ3JvdXBfNzYQARjstckBShEKCGdyb3VwXzc3EAEY7bXJAUoRCghncm91cF83OBABGO61yQFKEQoIZ3JvdXBfNzkQARjvtckBShEKCGdyb3VwXzgwEAEY8LXJAUoRCghncm91cF84MRABGPG1yQFKEQoIZ3JvdXBfODIQARjytckBShEKCGdyb3VwXzgzEAEY87XJAUoRCghncm91cF84NBABGPS1yQFKEQoIZ3JvdXBfODUQARj1tckBShEKCGdyb3VwXzg2EAEY9rXJAUoRCghncm91cF84NxABGPe1yQFKEQoIZ3JvdXBfODgQARj4tckBShEKCGdyb3VwXzg5EAEY+bXJAUoRCghncm91cF85MBABGPq1yQFKEQoIZ3JvdXBfOTEQARj7tckBShEKCGdyb3VwXzkyEAEY/LXJAUoRCghncm91cF85MxABGP21yQFKEQoIZ3JvdXBfOTQQARj+tckBShEKCGdyb3VwXzk1EAEY/7XJAUoRCghncm91cF85NhABGIC2yQFKEQoIZ3JvdXBfOTcQARiBtskBShEKCGdyb3VwXzk4EAEYgrbJAUoRCghncm91cF85ORABGIO2yQFSCCgAKAEoAigDEq4LCh5VTUEtVW5pZm9ybWl0eS1UcmlhbC0xLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQAUoMCghncm91cF8wMhABSgwKCGdyb3VwXzAzEAFKDAoIZ3JvdXBfMDQQAUoMCghncm91cF8wNRABSgwKCGdyb3VwXzA2EAFKDAoIZ3JvdXBfMDcQAUoMCghncm91cF8wOBABSgwKCGdyb3VwXzA5EAFKDAoIZ3JvdXBfMTAQAUoMCghncm91cF8xMRABSgwKCGdyb3VwXzEyEAFKDAoIZ3JvdXBfMTMQAUoMCghncm91cF8xNBABSgwKCGdyb3VwXzE1EAFKDAoIZ3JvdXBfMTYQAUoMCghncm91cF8xNxABSgwKCGdyb3VwXzE4EAFKDAoIZ3JvdXBfMTkQAUoMCghncm91cF8yMBABSgwKCGdyb3VwXzIxEAFKDAoIZ3JvdXBfMjIQAUoMCghncm91cF8yMxABSgwKCGdyb3VwXzI0EAFKDAoIZ3JvdXBfMjUQAUoMCghncm91cF8yNhABSgwKCGdyb3VwXzI3EAFKDAoIZ3JvdXBfMjgQAUoMCghncm91cF8yORABSgwKCGdyb3VwXzMwEAFKDAoIZ3JvdXBfMzEQAUoMCghncm91cF8zMhABSgwKCGdyb3VwXzMzEAFKDAoIZ3JvdXBfMzQQAUoMCghncm91cF8zNRABSgwKCGdyb3VwXzM2EAFKDAoIZ3JvdXBfMzcQAUoMCghncm91cF8zOBABSgwKCGdyb3VwXzM5EAFKDAoIZ3JvdXBfNDAQAUoMCghncm91cF80MRABSgwKCGdyb3VwXzQyEAFKDAoIZ3JvdXBfNDMQAUoMCghncm91cF80NBABSgwKCGdyb3VwXzQ1EAFKDAoIZ3JvdXBfNDYQAUoMCghncm91cF80NxABSgwKCGdyb3VwXzQ4EAFKDAoIZ3JvdXBfNDkQAUoMCghncm91cF81MBABSgwKCGdyb3VwXzUxEAFKDAoIZ3JvdXBfNTIQAUoMCghncm91cF81MxABSgwKCGdyb3VwXzU0EAFKDAoIZ3JvdXBfNTUQAUoMCghncm91cF81NhABSgwKCGdyb3VwXzU3EAFKDAoIZ3JvdXBfNTgQAUoMCghncm91cF81ORABSgwKCGdyb3VwXzYwEAFKDAoIZ3JvdXBfNjEQAUoMCghncm91cF82MhABSgwKCGdyb3VwXzYzEAFKDAoIZ3JvdXBfNjQQAUoMCghncm91cF82NRABSgwKCGdyb3VwXzY2EAFKDAoIZ3JvdXBfNjcQAUoMCghncm91cF82OBABSgwKCGdyb3VwXzY5EAFKDAoIZ3JvdXBfNzAQAUoMCghncm91cF83MRABSgwKCGdyb3VwXzcyEAFKDAoIZ3JvdXBfNzMQAUoMCghncm91cF83NBABSgwKCGdyb3VwXzc1EAFKDAoIZ3JvdXBfNzYQAUoMCghncm91cF83NxABSgwKCGdyb3VwXzc4EAFKDAoIZ3JvdXBfNzkQAUoMCghncm91cF84MBABSgwKCGdyb3VwXzgxEAFKDAoIZ3JvdXBfODIQAUoMCghncm91cF84MxABSgwKCGdyb3VwXzg0EAFKDAoIZ3JvdXBfODUQAUoMCghncm91cF84NhABSgwKCGdyb3VwXzg3EAFKDAoIZ3JvdXBfODgQAUoMCghncm91cF84ORABSgwKCGdyb3VwXzkwEAFKDAoIZ3JvdXBfOTEQAUoMCghncm91cF85MhABSgwKCGdyb3VwXzkzEAFKDAoIZ3JvdXBfOTQQAUoMCghncm91cF85NRABSgwKCGdyb3VwXzk2EAFKDAoIZ3JvdXBfOTcQAUoMCghncm91cF85OBABSgwKCGdyb3VwXzk5EAFSBCgEKAUSdwofVU1BLVVuaWZvcm1pdHktVHJpYWwtMjAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABEk0KH1VNQS1Vbmlmb3JtaXR5LVRyaWFsLTUwLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQARK2AwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGIS2yQFKEQoIZ3JvdXBfMDEQARiFtskBShEKCGdyb3VwXzAyEAEYhrbJAUoRCghncm91cF8wMxABGIe2yQFKEQoIZ3JvdXBfMDQQARiItskBShEKCGdyb3VwXzA1EAEYibbJAUoRCghncm91cF8wNhABGIq2yQFKEQoIZ3JvdXBfMDcQARiLtskBShEKCGdyb3VwXzA4EAEYjLbJAUoRCghncm91cF8wORABGI22yQFKEQoIZ3JvdXBfMTAQARiOtskBShEKCGdyb3VwXzExEAEYj7bJAUoRCghncm91cF8xMhABGJC2yQFKEQoIZ3JvdXBfMTMQARiRtskBShEKCGdyb3VwXzE0EAEYkrbJAUoRCghncm91cF8xNRABGJO2yQFKEQoIZ3JvdXBfMTYQARiUtskBShEKCGdyb3VwXzE3EAEYlbbJAUoRCghncm91cF8xOBABGJa2yQFKEQoIZ3JvdXBfMTkQARiXtskBUggoACgBKAIoAxLOAgoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBABSgwKCGdyb3VwXzAxEAFKDAoIZ3JvdXBfMDIQAUoMCghncm91cF8wMxABSgwKCGdyb3VwXzA0EAFKDAoIZ3JvdXBfMDUQAUoMCghncm91cF8wNhABSgwKCGdyb3VwXzA3EAFKDAoIZ3JvdXBfMDgQAUoMCghncm91cF8wORABSgwKCGdyb3VwXzEwEAFKDAoIZ3JvdXBfMTEQAUoMCghncm91cF8xMhABSgwKCGdyb3VwXzEzEAFKDAoIZ3JvdXBfMTQQAUoMCghncm91cF8xNRABSgwKCGdyb3VwXzE2EAFKDAoIZ3JvdXBfMTcQAUoMCghncm91cF8xOBABSgwKCGdyb3VwXzE5EAFSBCgEKAU=","webkit":{"webprefs":{"allow_running_insecure_content":true}},"homepage":"hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A","homepage_is_newtabpage"
CHR Extension: (Google Docs) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (xvidly3) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn\10.20.106.5_0
CHR Extension: (AVG SafeGuard) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [kimdndlhnimhdcchmglaendkednpejjn] - C:\Users\Administrator\AppData\Local\CRE\kimdndlhnimhdcchmglaendkednpejjn.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.1.12\avg.crx

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 ComodoBackupService; C:\Program Files (x86)\Comodo\BackUp\CmdBkSvc.exe [1023488 2013-07-05] (COMODO)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-01] (AVG Secure Search)
R3 webmakerplus; C:\Program Files (x86)\webmakerplus\webmakerplus.exe [4153344 2013-09-17] (webmakerplus LTD)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-01] (AVG Technologies)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-02-09] (JMicron Technology Corp.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-10-15] (Malwarebytes Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2013-10-15] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
S3 dfmirage; system32\DRIVERS\dfmirage.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-17 13:48 - 2013-10-17 13:48 - 00000000 ____D C:\FRST
2013-10-16 21:55 - 2013-10-16 21:55 - 00000264 _____ C:\Users\Administrator\Desktop\ZeroAccessRK Infection SWW - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2013-10-15 23:00 - 2013-10-15 23:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-15 23:00 - 2013-10-15 23:00 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-15 22:48 - 2013-10-15 22:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-15 20:49 - 2013-10-15 23:26 - 00049143 _____ C:\Users\Administrator\Desktop\MalwareFix-Results.txt
2013-10-15 20:12 - 2013-10-16 21:34 - 00000000 ____D C:\Users\Administrator\Desktop\MalwareFix
2013-10-12 15:57 - 2013-10-12 15:57 - 00000294 _____ C:\Users\Administrator\Desktop\Browsers talking to unknown site(s) and getting popups, etc. - Am I infected What do I do.URL
2013-10-12 14:49 - 2013-10-12 14:49 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-12 14:49 - 2013-10-12 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-12 14:49 - 2013-10-12 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-12 14:48 - 2013-10-12 14:48 - 00281640 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 24.0.exe
2013-10-12 14:24 - 2013-10-17 01:22 - 00003354 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3635694149-3289295068-4116976629-500
2013-10-12 14:24 - 2013-10-17 01:22 - 00003226 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3635694149-3289295068-4116976629-500
2013-10-11 21:08 - 2013-10-11 21:08 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-10-11 21:07 - 2013-10-11 21:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2013-10-11 20:48 - 2013-10-11 20:48 - 00000455 _____ C:\Windows\wininit.ini
2013-10-11 20:31 - 2013-09-04 06:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 20:31 - 2013-09-04 06:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 19:29 - 2013-10-11 19:29 - 00065536 _____ C:\Windows\SysWOW64\updCA15dll
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updCA15.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC7F2.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC533.tmp
2013-10-11 19:28 - 2013-10-17 01:22 - 00000000 ____D C:\Program Files (x86)\webmakerplus
2013-10-11 19:28 - 2013-10-11 20:25 - 00000000 ____D C:\ProgramData\Conduit
2013-10-11 19:28 - 2013-09-17 14:43 - 00430080 _____ (Sweesh LTD) C:\Windows\system32\webmakerplus64.dll
2013-10-11 19:28 - 2013-09-17 14:41 - 00364544 _____ (Sweesh LTD) C:\Windows\SysWOW64\webmakerplus.dll
2013-10-11 19:27 - 2013-10-11 20:48 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-10-11 19:27 - 2013-10-11 19:28 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-10-11 19:27 - 2013-10-11 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
2013-10-11 19:25 - 2013-10-11 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\xVidly
2013-10-11 19:24 - 2013-10-11 20:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\5258a50d160ba02b0200a602
2013-10-11 19:24 - 2013-10-11 19:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Video Media Download
2013-10-11 03:32 - 2013-09-22 17:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 03:32 - 2013-09-22 17:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 03:32 - 2013-09-22 17:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 03:32 - 2013-09-22 16:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 03:32 - 2013-09-22 16:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 03:32 - 2013-09-22 16:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 03:32 - 2013-09-22 16:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 03:32 - 2013-09-22 16:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 03:32 - 2013-09-20 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 03:32 - 2013-09-20 21:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 03:32 - 2013-09-20 20:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 03:32 - 2013-09-20 20:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 18:31 - 2013-10-10 18:31 - 00000000 ____D C:\Install
2013-10-10 18:30 - 2013-10-10 18:31 - 00000000 ____D C:\Windows\SysWOW64\Silabs
2013-10-10 18:30 - 2013-10-10 18:30 - 00002587 _____ C:\Users\Public\Desktop\WeatherLink 6.0.3.exe.lnk
2013-10-10 18:30 - 2013-10-10 18:30 - 00000000 ____D C:\Users\Public\Weather
2013-10-10 03:40 - 2013-07-04 06:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 03:40 - 2013-07-04 05:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 03:40 - 2013-06-25 16:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 03:40 - 2013-06-05 23:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 03:40 - 2013-06-05 23:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 03:40 - 2013-06-05 23:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 03:40 - 2013-06-05 23:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 03:40 - 2013-06-05 22:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 03:40 - 2013-06-05 22:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 03:40 - 2013-06-05 22:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 03:40 - 2013-06-05 21:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 03:40 - 2013-06-05 21:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 03:40 - 2013-06-05 21:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 03:39 - 2013-09-13 19:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 03:39 - 2013-09-07 20:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 03:39 - 2013-09-07 20:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 03:39 - 2013-09-07 20:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 03:39 - 2013-08-28 20:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 03:39 - 2013-08-28 20:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 03:39 - 2013-08-28 20:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 03:39 - 2013-08-28 20:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 03:39 - 2013-08-28 20:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 03:39 - 2013-08-28 19:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 03:39 - 2013-08-28 19:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 03:39 - 2013-08-28 19:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 03:39 - 2013-08-28 19:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 03:39 - 2013-08-28 19:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 03:39 - 2013-08-28 19:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 03:39 - 2013-08-28 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 03:39 - 2013-08-28 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 03:39 - 2013-08-28 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 03:39 - 2013-08-28 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 03:39 - 2013-08-27 19:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 03:39 - 2013-08-27 19:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 03:39 - 2013-08-01 06:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 03:39 - 2013-07-20 04:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:39 - 2013-07-20 04:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 03:39 - 2013-07-12 04:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 03:39 - 2013-07-12 04:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 03:39 - 2013-07-04 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 03:39 - 2013-07-04 06:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 03:39 - 2013-07-04 05:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 03:39 - 2013-07-04 05:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 03:39 - 2013-07-04 04:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 03:39 - 2013-07-02 22:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 03:39 - 2013-07-02 22:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-09-28 17:52 - 2013-09-28 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Octoshape
2013-09-28 17:52 - 2013-09-28 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Octoshape
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-25 03:21 - 2013-10-15 20:07 - 00046960 _____ C:\Windows\PFRO.log
2013-09-24 21:36 - 2013-09-24 21:39 - 319099134 _____ C:\Users\Administrator\Downloads\WSU 12-13 (2).mov.mp4
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2014
2013-09-21 23:06 - 2013-10-10 08:18 - 00000972 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-09-21 23:05 - 2013-10-11 19:56 - 00000000 ____D C:\ProgramData\AVG2014
2013-09-21 18:26 - 2013-10-11 03:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-09-21 18:26 - 2013-10-11 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-21 18:26 - 2013-09-21 18:26 - 13078152 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Silverlight_x64.exe
2013-09-21 13:31 - 2013-09-23 21:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2014

==================== One Month Modified Files and Folders =======

2013-10-17 13:48 - 2013-10-17 13:48 - 00000000 ____D C:\FRST
2013-10-17 13:48 - 2013-07-08 14:00 - 00000000 __SHD C:\Users\Default
2013-10-17 13:36 - 2013-07-05 09:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-17 13:21 - 2013-07-05 09:05 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-17 12:09 - 2013-07-05 13:17 - 01110940 _____ C:\Windows\WindowsUpdate.log
2013-10-17 11:21 - 2013-07-05 09:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-17 09:30 - 2009-07-13 22:45 - 00016336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-17 09:30 - 2009-07-13 22:45 - 00016336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 09:20 - 2013-08-29 21:28 - 00000000 ____D C:\ProgramData\MFAData
2013-10-17 01:22 - 2013-10-12 14:24 - 00003354 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3635694149-3289295068-4116976629-500
2013-10-17 01:22 - 2013-10-12 14:24 - 00003226 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3635694149-3289295068-4116976629-500
2013-10-17 01:22 - 2013-10-11 19:28 - 00000000 ____D C:\Program Files (x86)\webmakerplus
2013-10-17 01:21 - 2013-08-29 20:00 - 00003238 _____ C:\Windows\setupact.log
2013-10-17 01:21 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-16 21:55 - 2013-10-16 21:55 - 00000264 _____ C:\Users\Administrator\Desktop\ZeroAccessRK Infection SWW - Virus, Trojan, Spyware, and Malware Removal Logs.URL
2013-10-16 21:34 - 2013-10-15 20:12 - 00000000 ____D C:\Users\Administrator\Desktop\MalwareFix
2013-10-15 23:26 - 2013-10-15 20:49 - 00049143 _____ C:\Users\Administrator\Desktop\MalwareFix-Results.txt
2013-10-15 23:08 - 2013-10-15 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-15 23:00 - 2013-10-15 23:00 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-15 22:48 - 2013-10-15 22:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-15 22:11 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 20:07 - 2013-09-25 03:21 - 00046960 _____ C:\Windows\PFRO.log
2013-10-12 15:57 - 2013-10-12 15:57 - 00000294 _____ C:\Users\Administrator\Desktop\Browsers talking to unknown site(s) and getting popups, etc. - Am I infected What do I do.URL
2013-10-12 14:50 - 2013-07-05 08:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2013-10-12 14:49 - 2013-10-12 14:49 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-12 14:49 - 2013-10-12 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-12 14:49 - 2013-10-12 14:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-12 14:49 - 2013-07-05 08:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2013-10-12 14:48 - 2013-10-12 14:48 - 00281640 _____ (Mozilla) C:\Users\Administrator\Downloads\Firefox Setup Stub 24.0.exe
2013-10-11 21:08 - 2013-10-11 21:08 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2013-10-11 21:08 - 2013-10-11 21:07 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup.exe
2013-10-11 20:48 - 2013-10-11 20:48 - 00000455 _____ C:\Windows\wininit.ini
2013-10-11 20:48 - 2013-10-11 19:27 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-10-11 20:35 - 2013-07-05 09:31 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-11 20:25 - 2013-10-11 19:28 - 00000000 ____D C:\ProgramData\Conduit
2013-10-11 20:24 - 2013-10-11 19:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\5258a50d160ba02b0200a602
2013-10-11 19:56 - 2013-09-21 23:05 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-11 19:37 - 2013-07-05 09:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-11 19:29 - 2013-10-11 19:29 - 00065536 _____ C:\Windows\SysWOW64\updCA15dll
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updCA15.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC7F2.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC533.tmp
2013-10-11 19:28 - 2013-10-11 19:27 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-10-11 19:27 - 2013-10-11 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
2013-10-11 19:25 - 2013-10-11 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\xVidly
2013-10-11 19:24 - 2013-10-11 19:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Video Media Download
2013-10-11 19:17 - 2013-07-05 09:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-11 19:17 - 2013-07-05 09:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-11 19:17 - 2013-07-05 09:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-11 19:17 - 2013-07-05 09:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-10-11 19:14 - 2013-07-05 09:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-10-11 04:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 03:53 - 2009-07-13 22:45 - 00417392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 03:52 - 2013-09-21 18:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 03:52 - 2013-09-21 18:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 03:35 - 2009-07-13 20:34 - 00000499 _____ C:\Windows\win.ini
2013-10-11 03:04 - 2013-08-30 03:05 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:03 - 2012-01-20 09:56 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 18:31 - 2013-10-10 18:31 - 00000000 ____D C:\Install
2013-10-10 18:31 - 2013-10-10 18:30 - 00000000 ____D C:\Windows\SysWOW64\Silabs
2013-10-10 18:30 - 2013-10-10 18:30 - 00002587 _____ C:\Users\Public\Desktop\WeatherLink 6.0.3.exe.lnk
2013-10-10 18:30 - 2013-10-10 18:30 - 00000000 ____D C:\Users\Public\Weather
2013-10-10 16:39 - 2013-08-29 23:33 - 00357888 _____ C:\Users\Administrator\Documents\R1Wx23-AllVP2Tags.xls
2013-10-10 11:16 - 2013-07-05 09:05 - 00003898 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-10 11:16 - 2013-07-05 09:05 - 00003646 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 08:18 - 2013-09-21 23:06 - 00000972 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-01 20:51 - 2013-08-29 21:33 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-10-01 20:51 - 2013-08-29 21:32 - 00003734 _____ C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2013-10-01 20:51 - 2013-08-29 21:32 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-09-29 20:58 - 2013-07-05 11:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-09-28 17:52 - 2013-09-28 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Octoshape
2013-09-28 17:52 - 2013-09-28 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Octoshape
2013-09-28 14:31 - 2013-08-29 21:32 - 00000000 ___HD C:\$AVG
2013-09-25 21:07 - 2013-09-25 21:07 - 00148792 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2013-09-25 05:08 - 2013-07-02 12:33 - 00109296 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-25 03:01 - 2013-07-05 11:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2013-09-24 21:39 - 2013-09-24 21:36 - 319099134 _____ C:\Users\Administrator\Downloads\WSU 12-13 (2).mov.mp4
2013-09-23 21:41 - 2013-09-21 13:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2014
2013-09-22 17:28 - 2013-10-11 03:32 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 17:28 - 2013-10-11 03:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 17:27 - 2013-10-11 03:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 16:55 - 2013-10-11 03:32 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:55 - 2013-10-11 03:32 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:55 - 2013-10-11 03:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-22 16:54 - 2013-10-11 03:32 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:54 - 2013-10-11 03:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-21 23:08 - 2013-09-21 23:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2014
2013-09-21 23:08 - 2013-08-29 21:31 - 00000000 ____D C:\Program Files (x86)\AVG
2013-09-21 18:26 - 2013-09-21 18:26 - 13078152 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\Silverlight_x64.exe
2013-09-20 21:38 - 2013-10-11 03:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-20 21:30 - 2013-10-11 03:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 20:48 - 2013-10-11 03:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-20 20:39 - 2013-10-11 03:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-19 20:33 - 2013-08-29 23:33 - 02376704 _____ C:\Users\Administrator\Documents\TeamViewer.xls
2013-09-17 14:43 - 2013-10-11 19:28 - 00430080 _____ (Sweesh LTD) C:\Windows\system32\webmakerplus64.dll
2013-09-17 14:41 - 2013-10-11 19:28 - 00364544 _____ (Sweesh LTD) C:\Windows\SysWOW64\webmakerplus.dll

Files to move or delete:
====================
ZeroAccess:
C:\Users\Administrator\AppData\Local\Google\Desktop\Install


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 00:45

==================== End Of Log ============================

Attached Files



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 17 October 2013 - 04:30 PM

Hi,

 

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#6 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 October 2013 - 06:48 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-10-2013
Ran by DTSAdmin at 2013-10-17 17:44:27 Run:1
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKCU - DefaultScope {F793F656-59F6-4150-8E16-15EB9DA58D5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295548&CUI=UN10710815961821212&UM=2
SearchScopes: HKCU - {F793F656-59F6-4150-8E16-15EB9DA58D5D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3295548&CUI=UN10710815961821212&UM=2
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A"]},"sync":{"suppress_start":true},"sync_promo":{"startup_count":1,"user_skipped":true},"variations_seed":"Cig0MTljNTI5YmVjYTMxMDQzODdlMmUyNTU4YmM1YzA3NTIyMzNjM2U2EpoBCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKGAoTQXN5bmNEbnNOb0ZhbGxiYWNrQRCQA0oYChNBc3luY0Ruc05vRmFsbGJhY2tCEJADSg0KCUFzeW5jRG5zQRBLSg0KCUFzeW5jRG5zQhBLUggSBDI2LiooAxJuCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKDQoJQXN5bmNEbnNBEBlKDQoJQXN5bmNEbnNCEBlSEBIEMjkuKiAAIAEoACgBKAISagoIQXN5bmNEbnMYxIzDjgU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEDJKDgoKU3lzdGVtRG5zQhAySg0KCUFzeW5jRG5zQRAySg0KCUFzeW5jRG5zQhAyUgwSBDI4LiogAigBKAISPAoIQXN5bmNEbnMYxMnmjwU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEAFSDBIEMjYuKiADKAEoAhKPAQoaQXV0b2NvbXBsZXRlRHluYW1pY1RyaWFsXzAYgMPQjAU4AUITTGl2ZVNwZWxsaW5nQ29udHJvbEogChZMaXZlU3BlbGxpbmdFeHBlcmltZW50ELYHGIaEygFKHAoTTGl2ZVNwZWxsaW5nQ29udHJvbBAyGIeEygFSFBIEMjYuKiAAIAEgAiADKAAoASgCEtIBChpBdXRvY29tcGxldGVEeW5hbWljVHJpYWxfMRiAhNyPBTgBQg5EZWZhdWx0Q29udHJvbEodChREaXNhYmxlZFByb3ZpZGVyc18xNhAKGJeEygFKGwoSTmF2U3VnZ2VzdERlbW90aW9uEAoYmYTKAUoiChlOYXZTdWdnZXN0RGVtb3Rpb25Db250cm9sEAoYmoTKAUoYCg5EZWZhdWx0Q29udHJvbBDiBxibhMoBUhwSDDI2LjAuMTQxMC4xORoEMjguKiADKAAoASgCWI3Qj48CEn4KGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8yGICn4Y8FOAFCDkRlZmF1bHRDb250cm9sSh0KFEVuYWJsZUN1cnNvclBvc2l0aW9uEAEYlYTKAUoXCg5EZWZhdWx0Q29udHJvbBAEGJaEygFSEBIEMjguKiABIAIoACgBKAISygEKGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8zGICE3I8FOAFCDkRlZmF1bHRDb250cm9sSiEKGEVuYWJsZVplcm9TdWdnZXN0UXVlcmllcxAAGJGEygFKHgoVRW5hYmxlWmVyb1N1Z2dlc3RVcmxzEAAYkoTKAUolChxFbmFibGVaZXJvU3VnZ2VzdFF1ZXJpZXNVcmxzEAAYk4TKAUoYCg5EZWZhdWx0Q29udHJvbBDoBxiUhMoBUhASBDI5LiogACABKAAoASgCEpIBChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxMfyjgU4AEICTm9KDAoIQ29udHJvbEEQBUoMCghDb250cm9sQhAFSggKBDEwMEEQBUoICgQxMDBCEAVKCAoEMjAwQRAFSggKBDIwMEIQBUoICgQ0MDBBEAVKCAoENDAwQhAFSgYKAk5vEDxSChIEMjguKiACKAQSmgEKGENhY2hlU2Vuc2l0aXZpdHlBbmFseXNpcxjEyv2KBTgAQgJOb0oGCgJObxAkSgwKCENvbnRyb2xBEAhKDAoIQ29udHJvbEIQCEoICgQxMDBBEAhKCAoEMTAwQhAISggKBDIwMEEQCEoICgQyMDBCEAhKCAoENDAwQRAISggKBDQwMEIQCFISEgQyNS4qIAAgASACKAAoASgCEp0BChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxLLTigU4AEICTm9KBwoCTm8Q4AdKDAoIQ29udHJvbEEQAUoMCghDb250cm9sQhABSggKBDEwMEEQAUoICgQxMDBCEAFKCAoEMjAwQRABSggKBDIwMEIQAUoICgQ0MDBBEAFKCAoENDAwQhABUhQIgKe+igUSBDI1LiogAygAKAEoAhJICg9EM0QxMUV4cGVyaW1lbnQYgJKIlgU4AUIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQAEoLCgdFbmFibGVkEGRSCBIEMjkuKigAElQKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQgdFbmFibGVkSgwKCERpc2FibGVkEABKDAoHRW5hYmxlZBDoB1IIIAAgASACKAQSUQobRGF0YUNvbXByZXNzaW9uUHJveHlSb2xsb3V0GMSCl7QFOAFCCERpc2FibGVkSg0KCERpc2FibGVkEN4HSgsKB0VuYWJsZWQQClIEIAMoBBJUChtEYXRhQ29tcHJlc3Npb25Qcm94eVJvbGxvdXQYxIKXtAU4AUIHRW5hYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSCCAAIAEgAigFElEKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQghEaXNhYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSBCADKAUSRAoRRG5zUHJvYmUtQXR0ZW1wdHMYgLWNlgU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EFpKBQoBMRAKUgoSBDI1LiogACABEkcKD0Ruc1Byb2JlLUVuYWJsZRiAtY2WBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQAEoKCgZlbmFibGUQZFIKEgQyNS4qIAAgARJjCiNVTUEtRHluYW1pYy1CaW5hcnktVW5pZm9ybWl0eS1UcmlhbBiAnJKlBTgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQARiptskBShEKCGdyb3VwXzAxEAEYqrbJAVIGIAAgASACEl8KI1VNQS1EeW5hbWljLUJpbmFyeS1Vbmlmb3JtaXR5LVRyaWFsGICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBBjGKm2yQFKEQoIZ3JvdXBfMDEQARiqtskBUgIgAxJXChRGb3JjZUNvbXBvc2l0aW5nTW9kZRiAkoiWBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQZEoLCgdlbmFibGVkEABKCgoGdGhyZWFkEABSCBIEMjQuKigCElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyOC4qKAESWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEGRKCwoHZW5hYmxlZBAASgoKBnRocmVhZBAAUgoaBDI3LiogAygBElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyNC4qKAASWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEABKCwoHZW5hYmxlZBAySgoKBnRocmVhZBAyUgoSBDI0LiogAygAErcBCglHb29nbGVOb3c4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKCgoGRW5hYmxlEABKCwoHQ29udHJvbBAASjMKD0Rpc2FibGVkVmlhRmxhZxAAKh5kaXNhYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25KMQoORW5hYmxlZFZpYUZsYWcQACodZW5hYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25SESAAIAEoACgBKAMyBWVuLVVTEosBCg1Ib3N0Q2FjaGVTaXplGMTNiIcFOABCB0RlZmF1bHRKCwoHRGVmYXVsdBAASggKBDEwMEEQCkoICgQxMDBCEApKCAoEMzAwQRAKSggKBDMwMEIQCkoJCgUxMDAwQRAKSgkKBTEwMDBCEApKCQoFMzAwMEEQCkoJCgUzMDAwQhAKUggSBDI1LiooAxKTAQoNSG9zdENhY2hlU2l6ZRjErPeHBTgAQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoICgQxMDBBEApKCAoEMTAwQhAKSggKBDMwMEEQCkoICgQzMDBCEApKCQoFMTAwMEEQCkoJCgUxMDAwQhAKSgkKBTMwMDBBEApKCQoFMzAwMEIQClIQEgQyNS4qIAAgASgAKAEoAhJECg1JbmZpbml0ZUNhY2hlGMS0jZYFOAFCAk5vSgcKAk5vENQHSgcKA1llcxAKSgsKB0NvbnRyb2wQClIIIAIoACgBKAISRgoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxCEB0oHCgNZZXMQMkoLCgdDb250cm9sEDJSCiAAIAEoACgBKAISRAoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxDmB0oHCgNZZXMQAUoLCgdDb250cm9sEAFSCCADKAAoASgCEt8ECgxJbnN0YW50RHVtbXkYgITcjwU4AUIMRGVmYXVsdEdyb3VwSi8KIUR1bW15R3JvdXAxIGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMeFygEgx4XKAUovCiFEdW1teUdyb3VwMiBjaGFubmVsOnN0YWJsZSBtb2RzOjEQARjIhcoBIMiFygFKLwohRHVtbXlHcm91cDMgY2hhbm5lbDpzdGFibGUgbW9kczoxEAEYyYXKASDJhcoBSi8KIUR1bW15R3JvdXA0IGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMqFygEgyoXKAUovCiFEdW1teUdyb3VwNSBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjLhcoBIMuFygFKLwohRHVtbXlHcm91cDYgY2hhbm5lbDpzdGFibGUgbW9kczo5EAkYzIXKASDMhcoBSi8KIUR1bW15R3JvdXA3IGNoYW5uZWw6c3RhYmxlIG1vZHM6ORAJGM2FygEgzYXKAUovCiFEdW1teUdyb3VwOCBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjOhcoBIM6FygFKMQojRHVtbXlHcm91cDkgY2hhbm5lbDpzdGFibGUgbW9kczoxMDAQZBjPhcoBIM+FygFKMgokRHVtbXlHcm91cDEwIGNoYW5uZWw6c3RhYmxlIG1vZHM6MTAwEGQY0IXKASDQhcoBSioKG0R1bW15UGFkZGluZyBjaGFubmVsOnN0YWJsZRD4BRjRhcoBINGFygFKEAoMRGVmYXVsdEdyb3VwEABSDBIEMjcuKiADKAAoARKkAgoPSW5zdGFudEV4dGVuZGVkGIDB/5AFOAFCDERlZmF1bHRHcm91cEo+Ci9Hcm91cDEgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6YmV0YRD6ARi9hcoBIL2FygFKRwo4R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmJldGEQ+gEYvoXKASC+hcoBSiQKFUNvbnRyb2wxIGNoYW5uZWw6YmV0YRD6ARi/hcoBIL+FygFKJAoVQ29udHJvbDIgY2hhbm5lbDpiZXRhEPoBGMCFygEgwIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOS4qIAIoACgBKANY2o+ihwkSpgIKD0luc3RhbnRFeHRlbmRlZBiA6r2OBTgBQgxEZWZhdWx0R3JvdXBKQAoxR3JvdXAxIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARjng8oBIOeDygFKSQo6R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARiEhMoBIISEygFKJgoXQ29udHJvbDEgY2hhbm5lbDpjYW5hcnkQ+gEY6IPKASDog8oBSiYKF0NvbnRyb2wyIGNoYW5uZWw6Y2FuYXJ5EPoBGIKEygEggoTKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOC4qIAAoACgBKAMSsQIKD0luc3RhbnRFeHRlbmRlZBiAhNyPBTgBQgxEZWZhdWx0R3JvdXBKJQoXQ29udHJvbDEgbTI5ZGV2MjpuYXRpdmUQARjWhcoBINaFygFKJQoXQ29udHJvbDIgbTI5ZGV2MjpuYXRpdmUQARjXhcoBINeFygFKPwoxR3JvdXAxIG0yOWRldjI6bmF0aXZlIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MRABGNiFygEg2IXKAUpICjpHcm91cDIgbTI5ZGV2MjpuYXRpdmUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGVzcHY6MjA1EAEY2YXKASDZhcoBShAKDERlZmF1bHRHcm91cBAAUhcSCTI5LjAuMTUzNRoEMjkuKiABKAAoA1jpib/HChKLAwoPSW5zdGFudEV4dGVuZGVkGICE3I8FOAFCDERlZmF1bHRHcm91cEpRCkNHcm91cDEgZXNwdjoyMDUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6c3RhYmxlIERJU0FCTEVEEAEYwYXKASDBhcoBSlEKQ0dyb3VwMiBlc3B2OjIwNSB1c2VfcmVtb3RlX250cF9vbl9zdGFydHVwOjEgY2hhbm5lbDpzdGFibGUgRElTQUJMRUQQCRjFhcoBIMWFygFKJgoXUGFkZGluZzEgY2hhbm5lbDpzdGFibGUQ6gMYwoXKASDChcoBSiUKF0NvbnRyb2wxIGNoYW5uZWw6c3RhYmxlEAEYw4XKASDDhcoBSiUKF0NvbnRyb2wyIGNoYW5uZWw6c3RhYmxlEAkYxoXKASDGhcoBSiYKF1BhZGRpbmcyIGNoYW5uZWw6c3RhYmxlEOoDGMSFygEgxIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIMEgQyNy4qIAMoACgBEo4CChZJbnRlcnN0aXRpYWxNYWx3YXJlMzEwGMDpw5MFOAFCB0RlZmF1bHRKFwoTY29uZDFNYWx3YXJlQ29udHJvbBADShcKE2NvbmQyTWFsd2FyZU5vQnJhbmQQA0oXChNjb25kNU1hbHdhcmVPbmVTdGVwEANKFwoTY29uZDdNYWx3YXJlRmVhck1zZxADShkKFWNvbmQ5TWFsd2FyZUNvbGxhYk1zZxADShkKFWNvbmQxMU1hbHdhcmVRdWVzdGlvbhADShcKE2NvbmQxM01hbHdhcmVHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEpcCChdJbnRlcnN0aXRpYWxQaGlzaGluZzU2NBjA6cOTBTgBQgdEZWZhdWx0ShgKFGNvbmQzUGhpc2hpbmdDb250cm9sEANKGAoUY29uZDRQaGlzaGluZ05vQnJhbmQQA0oYChRjb25kNlBoaXNoaW5nT25lU3RlcBADShgKFGNvbmQ4UGhpc2hpbmdGZWFyTXNnEANKGwoXY29uZDEwUGhpc2hpbmdDb2xsYWJNc2cQA0oaChZjb25kMTJQaGlzaGluZ1F1ZXN0aW9uEANKGAoUY29uZDE0UGhpc2hpbmdHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEqQCChJJbnRlcnN0aXRpYWxTU0w1MTcYwOnDkwU4AUIHRGVmYXVsdEoZChVDb25kaXRpb24xNVNTTENvbnRyb2wQA0oZChVDb25kaXRpb24xNlNTTEZpcmVmb3gQA0oeChpDb25kaXRpb24xN1NTTEZhbmN5RmlyZWZveBADShoKFkNvbmRpdGlvbjE4U1NMTm9JbWFnZXMQA0obChdDb25kaXRpb24xOVNTTFBvbGljZW1hbhADShsKF0NvbmRpdGlvbjIwU1NMU3RvcGxpZ2h0EANKGAoUQ29uZGl0aW9uMjFTU0xCYWRndXkQA0oMCgdEZWZhdWx0ELMBUikIwNmjjAUSCzI5LjAuMTU0My4qKAAoASgCKAMyBWVuLVVTMgVlbi1HQhJRChFNYW5hZ2VkTW9kZUxhdW5jaBiA88eSBTgBQghJbmFjdGl2ZUoKCgZBY3RpdmUQZEoMCghJbmFjdGl2ZRAAUhASBDI5LiogACABKAAoASgCEk0KEU1hbmFnZWRNb2RlTGF1bmNoGIDzx5IFOAFCCEluYWN0aXZlSgoKBkFjdGl2ZRBkSgwKCEluYWN0aXZlEABSDBIEMjkuKiAAIAEoAxKwAgoYTW9zdFZpc2l0ZWRUaWxlUGxhY2VtZW50GICtmo0FOAFCB0RlZmF1bHRKFgoST25lRWlnaHRfQV9GbGlwcGVkEANKFgoST25lRWlnaHRfQl9GbGlwcGVkEANKFgoST25lRWlnaHRfQ19GbGlwcGVkEANKFgoST25lRWlnaHRfRF9GbGlwcGVkEANKFQoRT25lRm91cl9BX0ZsaXBwZWQQA0oVChFPbmVGb3VyX0JfRmxpcHBlZBADShUKEU9uZUZvdXJfQ19GbGlwcGVkEANKFQoRT25lRm91cl9EX0ZsaXBwZWQQA0oLCgdDb250cm9sEANKFAoQRG9udFNob3dPcGVuVGFicxADSgsKB0RlZmF1bHQQRlIXEgsyOC4wLjE0OTYuMCABKAAoASgCKAMSlAEKFE1vdXNlRXZlbnRQcmVjb25uZWN0GMS0jZYFOABCCERpc2FibGVkSg0KCU1vdXNlRG93bhAKSg0KCU1vdXNlT3ZlchAAShIKDlRhcFVuY29uZmlybWVkEABKCwoHVGFwRG93bhAASgsKB0NvbnRyb2wQCkoMCghEaXNhYmxlZBBQUhASBDI5LiogACABKAAoASgCEl0KDE5ld01lbnVTdHlsZRiA0J+NBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoNCghOZXdTdHlsZRDmB0oMCghPbGRTdHlsZRACUhISBDI2LioaBDI3LiogAygAKAMSfgoMTmV3TWVudVN0eWxlGICn4Y8FOAFCB0RlZmF1bHRKCwoHRGVmYXVsdBA8SgwKCENvbXBhY3QxEApKDAoIQ29tcGFjdDIQCkoSCg5IaWdoZXJDb250cmFzdBAKShAKDENvbnRyb2xHcm91cBAKUg4SBDI4LiogASAAKAAoAxJ+CgxOZXdNZW51U3R5bGUYgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGBKDAoIQ29tcGFjdDEQAUoMCghDb21wYWN0MhABShIKDkhpZ2hlckNvbnRyYXN0EAFKEAoMQ29udHJvbEdyb3VwEAFSDhIEMjkuKiADIAIoACgDElcKDE5ld1RhYkJ1dHRvbhiAtY2WBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQYkoLCgdDb250cm9sEAFKCAoEUGx1cxABUhISDDIxLjAuMTE4MC4xNSADKAASzQEKHk9tbmlib3hSZXBsYWNlSFVQQW5kTmV3U2NvcmluZxjAhbOQBTgBQghTdGFuZGFyZEoMCghTdGFuZGFyZBA8Sg0KCVN0YW5kYXJkMhAKSh0KGUhRUC1wb3N0cGVyaW9kLVJlcGxhY2VIVVAQCkoOCgpOZXdTY29yaW5nEApKNAowSFFQLXBvc3RwZXJpb2QtUmVwbGFjZUhVUF9OZXctcG9zdHBlcmlvZC1TY29yaW5nEApSFwjAn4uHBRILMjguMC4xNDk5LiogASACEmkKF09tbmlib3hTaG9ydGN1dHNTY29yaW5nGMTClpcFOAFCCFN0YW5kYXJkSgwKCFN0YW5kYXJkEFpKFQoRTWF4UmVsZXZhbmNlXzEzOTkQClIXCMSAro4FEgsyOS4wLjE1NDcuMCABIAISZQoQT21uaWJveFN0b3BUaW1lchjA0ZmTBTgBQghTdGFuZGFyZEoSCghTdGFuZGFyZBD0Axi3hcoBShYKDFVzZVN0b3BUaW1lchD0Axi4hcoBUhMIwMzUiwUSCzI4LjAuMTQ4OC4wEmYKF1ByZXJlbmRlckxvY2FsUHJlZGljdG9yGMSHoYwFOABCCERpc2FibGVkSg0KCERpc2FibGVkENQHSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApSEBIEMjUuKiADIAIoACgBKAISZgoXUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3IYxLSNlgU4AEIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQZEoMCgdFbmFibGVkEKAGSgsKB0NvbnRyb2wQZFIQEgQyNS4qIAAgASgAKAEoAhJwCi5QcmVyZW5kZXJMb2NhbFByZWRpY3Rvck1heENvbmN1cnJlbnRQcmVyZW5kZXJzGMS0jZYFOAFCATFKBQoBMRAUSgUKATIQFEoFCgEzEBRKBQoBNBAUSgUKATUQFFIQEgQyOS4qIAAgASgAKAEoAhJxCjtQcmVyZW5kZXJMb2NhbFByZWRpY3RvclByZXJlbmRlclByaW9yaXR5SGFsZkxpZmVUaW1lU2Vjb25kcxjEtI2WBTgBQgEwSgUKATAQMkoGCgIzMBAZSgYKAjYwEBlSEBIEMjkuKiAAIAEoACgBKAISbgoqUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3JQcmVyZW5kZXJUVExTZWNvbmRzGMS0jZYFOAFCAzE4MEoHCgMxODAQNEoHCgMxMjAQEEoHCgMyNDAQEEoGCgI2MBAQUhASBDI5LiogACABKAAoASgCEqUBCg9Qcm9ncmVzc2l2ZVNjYW4YxLSNlgU4AUIIRGlzYWJsZWRKFQoRMzNQZXJjZW50XzRNaW5NYXgQHkoVChE1MFBlcmNlbnRfNE1pbk1heBAeShUKETUwUGVyY2VudF84TWluTWF4EB5KFgoSMTAwUGVyY2VudF84TWluTWF4EB5KDAoIRnVsbFNjYW4QHkoNCghEaXNhYmxlZBDSBlIGIAAgASgDEpkBCgRRVUlDGMTnpogFOABCCERpc2FibGVkSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApKDAoIRGlzYWJsZWQQUEoeCg1FbmFibGVkQnlGbGFnEAAqC2VuYWJsZS1xdWljSiAKDkRpc2FibGVkQnlGbGFnEAAqDGRpc2FibGUtcXVpY1IVEgsyOS4wLjE1NDYuMCAAKAAoASgCEjYKDlNCSW50ZXJzdGl0aWFsGMDSjYkFOAFCAlYxSgYKAlYxEAFKBgoCVjIQY1IIKAAoASgCKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y/ITKAUoVCgxhbHQtbG9jYXRpb24QDxiChcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIiFygFSFRILMjcuMC4xNDUzLiogAigAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj/hMoBShUKDGFsdC1sb2NhdGlvbhAPGIWFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8Yi4XKAVIREgsyNy4wLjE0NTMuKiACKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y+oTKAUoVCgxhbHQtbG9jYXRpb24QDxiAhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIaFygFSFRILMjcuMC4xNDUzLiogASgAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj9hMoBShUKDGFsdC1sb2NhdGlvbhAPGIOFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8YiYXKAVIREgsyNy4wLjE0NTMuKiABKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQPBiphcoBShAKB2NvbnRyb2wQChj4hMoBShEKCGFsdC10ZXh0EAoY+4TKAUoVCgxhbHQtbG9jYXRpb24QChiBhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAKGIeFygFSFRILMjcuMC4xNDUzLiogAygAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBA8GKmFygFKEAoHY29udHJvbBAKGPmEygFKEQoIYWx0LXRleHQQChj+hMoBShUKDGFsdC1sb2NhdGlvbhAKGISFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEAoYioXKAVIREgsyNy4wLjE0NTMuKiADKAMSdQoUU2hvd0FwcExhdW5jaGVyUHJvbW84AUIHRGVmYXVsdEogChdTaG93UHJvbW9VbnRpbERpc21pc3NlZBAyGJ6GygFKGwoSUmVzZXRTaG93UHJvbW9QcmVmEDIYn4bKAUoLCgdEZWZhdWx0EABSBiAAIAEoABJiChNTaG93UHJvZmlsZVN3aXRjaGVyGMDK4IoFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBBQSgsKB2NvbnRyb2wQCkoOCgpBbHdheXNTaG93EApSEBIEMjYuKiAAIAEoACgBKAISVwoPU2lkZWxvYWRXaXBlb3V0GMScnYsFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEABKCwoHRW5hYmxlZBBkUhcSCzI1LjAuMTM2MC4qIAAgASACIAMoABJ3ChpTaWduSW5Ub0Nocm9tZUNvbmZpcm1hdGlvbhjAyuCKBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQUEoUChBjb250cm9sX0RJU0FCTEVEEApKEwoPQnViYmxlX0RJU0FCTEVEEApSEBIEMjYuKiAAIAEoACgBKAIShAEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxBkShEKDUV4cGVyaW1lbnRZZXMQAEoSCg5FeHBlcmltZW50WWVzMhAAShUKEUV4cGVyaW1lbnRDb250cm9sEABSChIEMjguKiACKAQShgEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxAAShEKDUV4cGVyaW1lbnRZZXMQUEoSCg5FeHBlcmltZW50WWVzMhAKShUKEUV4cGVyaW1lbnRDb250cm9sEApSDBIEMjguKiAAIAEoBBKVAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFRILMjUuMC4xMzY0LiogAigAKAEoAhKXAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFxILMjUuMC4xMzY0LiogACABKAAoASgCElIKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIVEgsyNi4wLjE0MDMuMCACIAEgACgAElQKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIXEgsyNi4wLjE0MDMuMCADIAIgASgCKAMSTgoKU3BlbGxjaGVjaxjE27SNBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQZEoPCgtTdWdnZXN0aW9ucxAAUhESCzI2LjAuMTQwMy4wIAMoABJPCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBC2B0oPCgtibGFja2xpc3RlZBAyUg4SBDIyLiogACABIAIoABJRCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBDoB0oPCgtibGFja2xpc3RlZBAAUhASBDIyLioaBDIyLiogAygAEmgKDUVuYWJsZVN0YWdlM0QYgN+/iQU4AUIPZW5hYmxlZF9kZWZhdWx0ShMKD2VuYWJsZWRfZGVmYXVsdBAASgwKB2VuYWJsZWQQ6AdKDwoLYmxhY2tsaXN0ZWQQAFIKEgQyMy4qIAMoABKrAgoLVGFiRXZpY3Rpb24YgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EABKCwoHQ29udHJvbBAKShEKDU1lbW9yeUtlZXBBbGwQAUoTCg9NZW1vcnlFdmljdEhhbGYQCkoTCg9NZW1vcnlLZWVwVGhyZWUQCkoUChBNZW1vcnlFdmljdFRocmVlEApKGAoUQmFja2dyb3VuZGluZ0tlZXBBbGwQCkoaChZCYWNrZ3JvdW5kaW5nRXZpY3RIYWxmEApKGAoUQmFja2dyb3VuZGluZ0tlZXBPbmUQCkobChdCYWNrZ3JvdW5kaW5nRXZpY3RUaHJlZRAKShIKDk5vUHJlcmVuZGVyaW5nEApKDwoLTm9RdWlja2JhY2sQClIMEgQyOS4qIAAgAigFEk4KE1Rlc3QwUGVyY2VudERlZmF1bHQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EABKDAoIZ3JvdXBfMDEQZEoLCgdkb2dmb29kEAAS2gEKHFVNQS1EeW5hbWljLVVuaWZvcm1pdHktVHJpYWwYgJySpQU4AUIHRGVmYXVsdEoUCgZHcm91cDEQARi/tskBIL+2yQFKFAoGR3JvdXAyEAkYwLbJASDAtskBShUKBkdyb3VwMxDqAxjBtskBIMG2yQFKFAoGR3JvdXA0EAEYwrbJASDCtskBShQKBkdyb3VwNRAJGMO2yQEgw7bJAUoVCgZHcm91cDYQ6gMYxLbJASDEtskBShUKB0RlZmF1bHQQABjFtskBIMW2yQFSDBIEMjcuKiADKAAoARK9AQofVU1BLVVuaWZvcm1pdHktVHJpYWwtMTAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABSgwKCGdyb3VwXzA1EAFKDAoIZ3JvdXBfMDYQAUoMCghncm91cF8wNxABSgwKCGdyb3VwXzA4EAFKDAoIZ3JvdXBfMDkQARKmDwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtMS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGKC1yQFKEQoIZ3JvdXBfMDEQARihtckBShEKCGdyb3VwXzAyEAEYorXJAUoRCghncm91cF8wMxABGKO1yQFKEQoIZ3JvdXBfMDQQARiktckBShEKCGdyb3VwXzA1EAEYpbXJAUoRCghncm91cF8wNhABGKa1yQFKEQoIZ3JvdXBfMDcQARintckBShEKCGdyb3VwXzA4EAEYqLXJAUoRCghncm91cF8wORABGKm1yQFKEQoIZ3JvdXBfMTAQARiqtckBShEKCGdyb3VwXzExEAEYq7XJAUoRCghncm91cF8xMhABGKy1yQFKEQoIZ3JvdXBfMTMQARittckBShEKCGdyb3VwXzE0EAEYrrXJAUoRCghncm91cF8xNRABGK+1yQFKEQoIZ3JvdXBfMTYQARiwtckBShEKCGdyb3VwXzE3EAEYsbXJAUoRCghncm91cF8xOBABGLK1yQFKEQoIZ3JvdXBfMTkQARiztckBShEKCGdyb3VwXzIwEAEYtLXJAUoRCghncm91cF8yMRABGLW1yQFKEQoIZ3JvdXBfMjIQARi2tckBShEKCGdyb3VwXzIzEAEYt7XJAUoRCghncm91cF8yNBABGLi1yQFKEQoIZ3JvdXBfMjUQARi5tckBShEKCGdyb3VwXzI2EAEYurXJAUoRCghncm91cF8yNxABGLu1yQFKEQoIZ3JvdXBfMjgQARi8tckBShEKCGdyb3VwXzI5EAEYvbXJAUoRCghncm91cF8zMBABGL61yQFKEQoIZ3JvdXBfMzEQARi/tckBShEKCGdyb3VwXzMyEAEYwLXJAUoRCghncm91cF8zMxABGMG1yQFKEQoIZ3JvdXBfMzQQARjCtckBShEKCGdyb3VwXzM1EAEYw7XJAUoRCghncm91cF8zNhABGMS1yQFKEQoIZ3JvdXBfMzcQARjFtckBShEKCGdyb3VwXzM4EAEYxrXJAUoRCghncm91cF8zORABGMe1yQFKEQoIZ3JvdXBfNDAQARjItckBShEKCGdyb3VwXzQxEAEYybXJAUoRCghncm91cF80MhABGMq1yQFKEQoIZ3JvdXBfNDMQARjLtckBShEKCGdyb3VwXzQ0EAEYzLXJAUoRCghncm91cF80NRABGM21yQFKEQoIZ3JvdXBfNDYQARjOtckBShEKCGdyb3VwXzQ3EAEYz7XJAUoRCghncm91cF80OBABGNC1yQFKEQoIZ3JvdXBfNDkQARjRtckBShEKCGdyb3VwXzUwEAEY0rXJAUoRCghncm91cF81MRABGNO1yQFKEQoIZ3JvdXBfNTIQARjUtckBShEKCGdyb3VwXzUzEAEY1bXJAUoRCghncm91cF81NBABGNa1yQFKEQoIZ3JvdXBfNTUQARjXtckBShEKCGdyb3VwXzU2EAEY2LXJAUoRCghncm91cF81NxABGNm1yQFKEQoIZ3JvdXBfNTgQARjatckBShEKCGdyb3VwXzU5EAEY27XJAUoRCghncm91cF82MBABGNy1yQFKEQoIZ3JvdXBfNjEQARjdtckBShEKCGdyb3VwXzYyEAEY3rXJAUoRCghncm91cF82MxABGN+1yQFKEQoIZ3JvdXBfNjQQARjgtckBShEKCGdyb3VwXzY1EAEY4bXJAUoRCghncm91cF82NhABGOK1yQFKEQoIZ3JvdXBfNjcQARjjtckBShEKCGdyb3VwXzY4EAEY5LXJAUoRCghncm91cF82ORABGOW1yQFKEQoIZ3JvdXBfNzAQARjmtckBShEKCGdyb3VwXzcxEAEY57XJAUoRCghncm91cF83MhABGOi1yQFKEQoIZ3JvdXBfNzMQARjptckBShEKCGdyb3VwXzc0EAEY6rXJAUoRCghncm91cF83NRABGOu1yQFKEQoIZ3JvdXBfNzYQARjstckBShEKCGdyb3VwXzc3EAEY7bXJAUoRCghncm91cF83OBABGO61yQFKEQoIZ3JvdXBfNzkQARjvtckBShEKCGdyb3VwXzgwEAEY8LXJAUoRCghncm91cF84MRABGPG1yQFKEQoIZ3JvdXBfODIQARjytckBShEKCGdyb3VwXzgzEAEY87XJAUoRCghncm91cF84NBABGPS1yQFKEQoIZ3JvdXBfODUQARj1tckBShEKCGdyb3VwXzg2EAEY9rXJAUoRCghncm91cF84NxABGPe1yQFKEQoIZ3JvdXBfODgQARj4tckBShEKCGdyb3VwXzg5EAEY+bXJAUoRCghncm91cF85MBABGPq1yQFKEQoIZ3JvdXBfOTEQARj7tckBShEKCGdyb3VwXzkyEAEY/LXJAUoRCghncm91cF85MxABGP21yQFKEQoIZ3JvdXBfOTQQARj+tckBShEKCGdyb3VwXzk1EAEY/7XJAUoRCghncm91cF85NhABGIC2yQFKEQoIZ3JvdXBfOTcQARiBtskBShEKCGdyb3VwXzk4EAEYgrbJAUoRCghncm91cF85ORABGIO2yQFSCCgAKAEoAigDEq4LCh5VTUEtVW5pZm9ybWl0eS1UcmlhbC0xLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQAUoMCghncm91cF8wMhABSgwKCGdyb3VwXzAzEAFKDAoIZ3JvdXBfMDQQAUoMCghncm91cF8wNRABSgwKCGdyb3VwXzA2EAFKDAoIZ3JvdXBfMDcQAUoMCghncm91cF8wOBABSgwKCGdyb3VwXzA5EAFKDAoIZ3JvdXBfMTAQAUoMCghncm91cF8xMRABSgwKCGdyb3VwXzEyEAFKDAoIZ3JvdXBfMTMQAUoMCghncm91cF8xNBABSgwKCGdyb3VwXzE1EAFKDAoIZ3JvdXBfMTYQAUoMCghncm91cF8xNxABSgwKCGdyb3VwXzE4EAFKDAoIZ3JvdXBfMTkQAUoMCghncm91cF8yMBABSgwKCGdyb3VwXzIxEAFKDAoIZ3JvdXBfMjIQAUoMCghncm91cF8yMxABSgwKCGdyb3VwXzI0EAFKDAoIZ3JvdXBfMjUQAUoMCghncm91cF8yNhABSgwKCGdyb3VwXzI3EAFKDAoIZ3JvdXBfMjgQAUoMCghncm91cF8yORABSgwKCGdyb3VwXzMwEAFKDAoIZ3JvdXBfMzEQAUoMCghncm91cF8zMhABSgwKCGdyb3VwXzMzEAFKDAoIZ3JvdXBfMzQQAUoMCghncm91cF8zNRABSgwKCGdyb3VwXzM2EAFKDAoIZ3JvdXBfMzcQAUoMCghncm91cF8zOBABSgwKCGdyb3VwXzM5EAFKDAoIZ3JvdXBfNDAQAUoMCghncm91cF80MRABSgwKCGdyb3VwXzQyEAFKDAoIZ3JvdXBfNDMQAUoMCghncm91cF80NBABSgwKCGdyb3VwXzQ1EAFKDAoIZ3JvdXBfNDYQAUoMCghncm91cF80NxABSgwKCGdyb3VwXzQ4EAFKDAoIZ3JvdXBfNDkQAUoMCghncm91cF81MBABSgwKCGdyb3VwXzUxEAFKDAoIZ3JvdXBfNTIQAUoMCghncm91cF81MxABSgwKCGdyb3VwXzU0EAFKDAoIZ3JvdXBfNTUQAUoMCghncm91cF81NhABSgwKCGdyb3VwXzU3EAFKDAoIZ3JvdXBfNTgQAUoMCghncm91cF81ORABSgwKCGdyb3VwXzYwEAFKDAoIZ3JvdXBfNjEQAUoMCghncm91cF82MhABSgwKCGdyb3VwXzYzEAFKDAoIZ3JvdXBfNjQQAUoMCghncm91cF82NRABSgwKCGdyb3VwXzY2EAFKDAoIZ3JvdXBfNjcQAUoMCghncm91cF82OBABSgwKCGdyb3VwXzY5EAFKDAoIZ3JvdXBfNzAQAUoMCghncm91cF83MRABSgwKCGdyb3VwXzcyEAFKDAoIZ3JvdXBfNzMQAUoMCghncm91cF83NBABSgwKCGdyb3VwXzc1EAFKDAoIZ3JvdXBfNzYQAUoMCghncm91cF83NxABSgwKCGdyb3VwXzc4EAFKDAoIZ3JvdXBfNzkQAUoMCghncm91cF84MBABSgwKCGdyb3VwXzgxEAFKDAoIZ3JvdXBfODIQAUoMCghncm91cF84MxABSgwKCGdyb3VwXzg0EAFKDAoIZ3JvdXBfODUQAUoMCghncm91cF84NhABSgwKCGdyb3VwXzg3EAFKDAoIZ3JvdXBfODgQAUoMCghncm91cF84ORABSgwKCGdyb3VwXzkwEAFKDAoIZ3JvdXBfOTEQAUoMCghncm91cF85MhABSgwKCGdyb3VwXzkzEAFKDAoIZ3JvdXBfOTQQAUoMCghncm91cF85NRABSgwKCGdyb3VwXzk2EAFKDAoIZ3JvdXBfOTcQAUoMCghncm91cF85OBABSgwKCGdyb3VwXzk5EAFSBCgEKAUSdwofVU1BLVVuaWZvcm1pdHktVHJpYWwtMjAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABEk0KH1VNQS1Vbmlmb3JtaXR5LVRyaWFsLTUwLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQARK2AwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGIS2yQFKEQoIZ3JvdXBfMDEQARiFtskBShEKCGdyb3VwXzAyEAEYhrbJAUoRCghncm91cF8wMxABGIe2yQFKEQoIZ3JvdXBfMDQQARiItskBShEKCGdyb3VwXzA1EAEYibbJAUoRCghncm91cF8wNhABGIq2yQFKEQoIZ3JvdXBfMDcQARiLtskBShEKCGdyb3VwXzA4EAEYjLbJAUoRCghncm91cF8wORABGI22yQFKEQoIZ3JvdXBfMTAQARiOtskBShEKCGdyb3VwXzExEAEYj7bJAUoRCghncm91cF8xMhABGJC2yQFKEQoIZ3JvdXBfMTMQARiRtskBShEKCGdyb3VwXzE0EAEYkrbJAUoRCghncm91cF8xNRABGJO2yQFKEQoIZ3JvdXBfMTYQARiUtskBShEKCGdyb3VwXzE3EAEYlbbJAUoRCghncm91cF8xOBABGJa2yQFKEQoIZ3JvdXBfMTkQARiXtskBUggoACgBKAIoAxLOAgoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBABSgwKCGdyb3VwXzAxEAFKDAoIZ3JvdXBfMDIQAUoMCghncm91cF8wMxABSgwKCGdyb3VwXzA0EAFKDAoIZ3JvdXBfMDUQAUoMCghncm91cF8wNhABSgwKCGdyb3VwXzA3EAFKDAoIZ3JvdXBfMDgQAUoMCghncm91cF8wORABSgwKCGdyb3VwXzEwEAFKDAoIZ3JvdXBfMTEQAUoMCghncm91cF8xMhABSgwKCGdyb3VwXzEzEAFKDAoIZ3JvdXBfMTQQAUoMCghncm91cF8xNRABSgwKCGdyb3VwXzE2EAFKDAoIZ3JvdXBfMTcQAUoMCghncm91cF8xOBABSgwKCGdyb3VwXzE5EAFSBCgEKAU=","webkit":{"webprefs":{"allow_running_insecure_content":true}},"homepage":"hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&
CHR Extension: (xvidly3) - C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn\10.20.106.5_0
CHR HKLM-x32\...\Chrome\Extension: [kimdndlhnimhdcchmglaendkednpejjn] - C:\Users\Administrator\AppData\Local\CRE\kimdndlhnimhdcchmglaendkednpejjn.crx
File: C:\Windows\SysWOW64\updCA15dll
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updCA15.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC7F2.tmp
2013-10-11 19:29 - 2013-10-11 19:29 - 00000000 _____ C:\Windows\SysWOW64\updC533.tmp
2013-10-11 19:28 - 2013-10-11 20:25 - 00000000 ____D C:\ProgramData\Conduit
2013-10-11 19:27 - 2013-10-11 20:48 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-10-11 19:27 - 2013-10-11 19:28 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-10-11 19:27 - 2013-10-11 19:27 - 00000000 ____D C:\Users\Administrator\AppData\Local\CRE
2013-10-11 19:25 - 2013-10-11 19:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\xVidly
2013-10-11 19:24 - 2013-10-11 20:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\5258a50d160ba02b0200a602
C:\Users\Administrator\AppData\Local\Google\Desktop\Install
end


*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F793F656-59F6-4150-8E16-15EB9DA58D5D} => Key deleted successfully.
HKCR\CLSID\{F793F656-59F6-4150-8E16-15EB9DA58D5D} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll

=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

CHR HomePage: hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813&UM=2&sspv=CHNTR4A"]},"sync":{"suppress_start":true},"sync_promo":{"startup_count":1,"user_skipped":true},"variations_seed":"Cig0MTljNTI5YmVjYTMxMDQzODdlMmUyNTU4YmM1YzA3NTIyMzNjM2U2EpoBCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKGAoTQXN5bmNEbnNOb0ZhbGxiYWNrQRCQA0oYChNBc3luY0Ruc05vRmFsbGJhY2tCEJADSg0KCUFzeW5jRG5zQRBLSg0KCUFzeW5jRG5zQhBLUggSBDI2LiooAxJuCghBc3luY0RucxjEyeaPBTgAQgpTeXN0ZW1EbnNBSg4KClN5c3RlbURuc0EQGUoOCgpTeXN0ZW1EbnNCEBlKDQoJQXN5bmNEbnNBEBlKDQoJQXN5bmNEbnNCEBlSEBIEMjkuKiAAIAEoACgBKAISagoIQXN5bmNEbnMYxIzDjgU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEDJKDgoKU3lzdGVtRG5zQhAySg0KCUFzeW5jRG5zQRAySg0KCUFzeW5jRG5zQhAyUgwSBDI4LiogAigBKAISPAoIQXN5bmNEbnMYxMnmjwU4AEIKU3lzdGVtRG5zQUoOCgpTeXN0ZW1EbnNBEAFSDBIEMjYuKiADKAEoAhKPAQoaQXV0b2NvbXBsZXRlRHluYW1pY1RyaWFsXzAYgMPQjAU4AUITTGl2ZVNwZWxsaW5nQ29udHJvbEogChZMaXZlU3BlbGxpbmdFeHBlcmltZW50ELYHGIaEygFKHAoTTGl2ZVNwZWxsaW5nQ29udHJvbBAyGIeEygFSFBIEMjYuKiAAIAEgAiADKAAoASgCEtIBChpBdXRvY29tcGxldGVEeW5hbWljVHJpYWxfMRiAhNyPBTgBQg5EZWZhdWx0Q29udHJvbEodChREaXNhYmxlZFByb3ZpZGVyc18xNhAKGJeEygFKGwoSTmF2U3VnZ2VzdERlbW90aW9uEAoYmYTKAUoiChlOYXZTdWdnZXN0RGVtb3Rpb25Db250cm9sEAoYmoTKAUoYCg5EZWZhdWx0Q29udHJvbBDiBxibhMoBUhwSDDI2LjAuMTQxMC4xORoEMjguKiADKAAoASgCWI3Qj48CEn4KGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8yGICn4Y8FOAFCDkRlZmF1bHRDb250cm9sSh0KFEVuYWJsZUN1cnNvclBvc2l0aW9uEAEYlYTKAUoXCg5EZWZhdWx0Q29udHJvbBAEGJaEygFSEBIEMjguKiABIAIoACgBKAISygEKGkF1dG9jb21wbGV0ZUR5bmFtaWNUcmlhbF8zGICE3I8FOAFCDkRlZmF1bHRDb250cm9sSiEKGEVuYWJsZVplcm9TdWdnZXN0UXVlcmllcxAAGJGEygFKHgoVRW5hYmxlWmVyb1N1Z2dlc3RVcmxzEAAYkoTKAUolChxFbmFibGVaZXJvU3VnZ2VzdFF1ZXJpZXNVcmxzEAAYk4TKAUoYCg5EZWZhdWx0Q29udHJvbBDoBxiUhMoBUhASBDI5LiogACABKAAoASgCEpIBChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxMfyjgU4AEICTm9KDAoIQ29udHJvbEEQBUoMCghDb250cm9sQhAFSggKBDEwMEEQBUoICgQxMDBCEAVKCAoEMjAwQRAFSggKBDIwMEIQBUoICgQ0MDBBEAVKCAoENDAwQhAFSgYKAk5vEDxSChIEMjguKiACKAQSmgEKGENhY2hlU2Vuc2l0aXZpdHlBbmFseXNpcxjEyv2KBTgAQgJOb0oGCgJObxAkSgwKCENvbnRyb2xBEAhKDAoIQ29udHJvbEIQCEoICgQxMDBBEAhKCAoEMTAwQhAISggKBDIwMEEQCEoICgQyMDBCEAhKCAoENDAwQRAISggKBDQwMEIQCFISEgQyNS4qIAAgASACKAAoASgCEp0BChhDYWNoZVNlbnNpdGl2aXR5QW5hbHlzaXMYxLLTigU4AEICTm9KBwoCTm8Q4AdKDAoIQ29udHJvbEEQAUoMCghDb250cm9sQhABSggKBDEwMEEQAUoICgQxMDBCEAFKCAoEMjAwQRABSggKBDIwMEIQAUoICgQ0MDBBEAFKCAoENDAwQhABUhQIgKe+igUSBDI1LiogAygAKAEoAhJICg9EM0QxMUV4cGVyaW1lbnQYgJKIlgU4AUIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQAEoLCgdFbmFibGVkEGRSCBIEMjkuKigAElQKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQgdFbmFibGVkSgwKCERpc2FibGVkEABKDAoHRW5hYmxlZBDoB1IIIAAgASACKAQSUQobRGF0YUNvbXByZXNzaW9uUHJveHlSb2xsb3V0GMSCl7QFOAFCCERpc2FibGVkSg0KCERpc2FibGVkEN4HSgsKB0VuYWJsZWQQClIEIAMoBBJUChtEYXRhQ29tcHJlc3Npb25Qcm94eVJvbGxvdXQYxIKXtAU4AUIHRW5hYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSCCAAIAEgAigFElEKG0RhdGFDb21wcmVzc2lvblByb3h5Um9sbG91dBjEgpe0BTgBQghEaXNhYmxlZEoMCghEaXNhYmxlZBAASgwKB0VuYWJsZWQQ6AdSBCADKAUSRAoRRG5zUHJvYmUtQXR0ZW1wdHMYgLWNlgU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EFpKBQoBMRAKUgoSBDI1LiogACABEkcKD0Ruc1Byb2JlLUVuYWJsZRiAtY2WBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQAEoKCgZlbmFibGUQZFIKEgQyNS4qIAAgARJjCiNVTUEtRHluYW1pYy1CaW5hcnktVW5pZm9ybWl0eS1UcmlhbBiAnJKlBTgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQARiptskBShEKCGdyb3VwXzAxEAEYqrbJAVIGIAAgASACEl8KI1VNQS1EeW5hbWljLUJpbmFyeS1Vbmlmb3JtaXR5LVRyaWFsGICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBBjGKm2yQFKEQoIZ3JvdXBfMDEQARiqtskBUgIgAxJXChRGb3JjZUNvbXBvc2l0aW5nTW9kZRiAkoiWBTgBQgdkaXNhYmxlSgsKB2Rpc2FibGUQZEoLCgdlbmFibGVkEABKCgoGdGhyZWFkEABSCBIEMjQuKigCElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyOC4qKAESWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEGRKCwoHZW5hYmxlZBAASgoKBnRocmVhZBAAUgoaBDI3LiogAygBElcKFEZvcmNlQ29tcG9zaXRpbmdNb2RlGICSiJYFOAFCB2Rpc2FibGVKCwoHZGlzYWJsZRAASgsKB2VuYWJsZWQQAEoKCgZ0aHJlYWQQZFIIEgQyNC4qKAASWQoURm9yY2VDb21wb3NpdGluZ01vZGUYgJKIlgU4AUIHZGlzYWJsZUoLCgdkaXNhYmxlEABKCwoHZW5hYmxlZBAySgoKBnRocmVhZBAyUgoSBDI0LiogAygAErcBCglHb29nbGVOb3c4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKCgoGRW5hYmxlEABKCwoHQ29udHJvbBAASjMKD0Rpc2FibGVkVmlhRmxhZxAAKh5kaXNhYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25KMQoORW5hYmxlZFZpYUZsYWcQACodZW5hYmxlLWdvb2dsZS1ub3ctaW50ZWdyYXRpb25SESAAIAEoACgBKAMyBWVuLVVTEosBCg1Ib3N0Q2FjaGVTaXplGMTNiIcFOABCB0RlZmF1bHRKCwoHRGVmYXVsdBAASggKBDEwMEEQCkoICgQxMDBCEApKCAoEMzAwQRAKSggKBDMwMEIQCkoJCgUxMDAwQRAKSgkKBTEwMDBCEApKCQoFMzAwMEEQCkoJCgUzMDAwQhAKUggSBDI1LiooAxKTAQoNSG9zdENhY2hlU2l6ZRjErPeHBTgAQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoICgQxMDBBEApKCAoEMTAwQhAKSggKBDMwMEEQCkoICgQzMDBCEApKCQoFMTAwMEEQCkoJCgUxMDAwQhAKSgkKBTMwMDBBEApKCQoFMzAwMEIQClIQEgQyNS4qIAAgASgAKAEoAhJECg1JbmZpbml0ZUNhY2hlGMS0jZYFOAFCAk5vSgcKAk5vENQHSgcKA1llcxAKSgsKB0NvbnRyb2wQClIIIAIoACgBKAISRgoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxCEB0oHCgNZZXMQMkoLCgdDb250cm9sEDJSCiAAIAEoACgBKAISRAoNSW5maW5pdGVDYWNoZRjEtI2WBTgBQgJOb0oHCgJObxDmB0oHCgNZZXMQAUoLCgdDb250cm9sEAFSCCADKAAoASgCEt8ECgxJbnN0YW50RHVtbXkYgITcjwU4AUIMRGVmYXVsdEdyb3VwSi8KIUR1bW15R3JvdXAxIGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMeFygEgx4XKAUovCiFEdW1teUdyb3VwMiBjaGFubmVsOnN0YWJsZSBtb2RzOjEQARjIhcoBIMiFygFKLwohRHVtbXlHcm91cDMgY2hhbm5lbDpzdGFibGUgbW9kczoxEAEYyYXKASDJhcoBSi8KIUR1bW15R3JvdXA0IGNoYW5uZWw6c3RhYmxlIG1vZHM6MRABGMqFygEgyoXKAUovCiFEdW1teUdyb3VwNSBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjLhcoBIMuFygFKLwohRHVtbXlHcm91cDYgY2hhbm5lbDpzdGFibGUgbW9kczo5EAkYzIXKASDMhcoBSi8KIUR1bW15R3JvdXA3IGNoYW5uZWw6c3RhYmxlIG1vZHM6ORAJGM2FygEgzYXKAUovCiFEdW1teUdyb3VwOCBjaGFubmVsOnN0YWJsZSBtb2RzOjkQCRjOhcoBIM6FygFKMQojRHVtbXlHcm91cDkgY2hhbm5lbDpzdGFibGUgbW9kczoxMDAQZBjPhcoBIM+FygFKMgokRHVtbXlHcm91cDEwIGNoYW5uZWw6c3RhYmxlIG1vZHM6MTAwEGQY0IXKASDQhcoBSioKG0R1bW15UGFkZGluZyBjaGFubmVsOnN0YWJsZRD4BRjRhcoBINGFygFKEAoMRGVmYXVsdEdyb3VwEABSDBIEMjcuKiADKAAoARKkAgoPSW5zdGFudEV4dGVuZGVkGIDB/5AFOAFCDERlZmF1bHRHcm91cEo+Ci9Hcm91cDEgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6YmV0YRD6ARi9hcoBIL2FygFKRwo4R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmJldGEQ+gEYvoXKASC+hcoBSiQKFUNvbnRyb2wxIGNoYW5uZWw6YmV0YRD6ARi/hcoBIL+FygFKJAoVQ29udHJvbDIgY2hhbm5lbDpiZXRhEPoBGMCFygEgwIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOS4qIAIoACgBKANY2o+ihwkSpgIKD0luc3RhbnRFeHRlbmRlZBiA6r2OBTgBQgxEZWZhdWx0R3JvdXBKQAoxR3JvdXAxIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARjng8oBIOeDygFKSQo6R3JvdXAyIGVzcHY6MjA1IHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MSBjaGFubmVsOmNhbmFyeRD6ARiEhMoBIISEygFKJgoXQ29udHJvbDEgY2hhbm5lbDpjYW5hcnkQ+gEY6IPKASDog8oBSiYKF0NvbnRyb2wyIGNoYW5uZWw6Y2FuYXJ5EPoBGIKEygEggoTKAUoQCgxEZWZhdWx0R3JvdXAQAFIOEgQyOC4qIAAoACgBKAMSsQIKD0luc3RhbnRFeHRlbmRlZBiAhNyPBTgBQgxEZWZhdWx0R3JvdXBKJQoXQ29udHJvbDEgbTI5ZGV2MjpuYXRpdmUQARjWhcoBINaFygFKJQoXQ29udHJvbDIgbTI5ZGV2MjpuYXRpdmUQARjXhcoBINeFygFKPwoxR3JvdXAxIG0yOWRldjI6bmF0aXZlIHVzZV9yZW1vdGVfbnRwX29uX3N0YXJ0dXA6MRABGNiFygEg2IXKAUpICjpHcm91cDIgbTI5ZGV2MjpuYXRpdmUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGVzcHY6MjA1EAEY2YXKASDZhcoBShAKDERlZmF1bHRHcm91cBAAUhcSCTI5LjAuMTUzNRoEMjkuKiABKAAoA1jpib/HChKLAwoPSW5zdGFudEV4dGVuZGVkGICE3I8FOAFCDERlZmF1bHRHcm91cEpRCkNHcm91cDEgZXNwdjoyMDUgdXNlX3JlbW90ZV9udHBfb25fc3RhcnR1cDoxIGNoYW5uZWw6c3RhYmxlIERJU0FCTEVEEAEYwYXKASDBhcoBSlEKQ0dyb3VwMiBlc3B2OjIwNSB1c2VfcmVtb3RlX250cF9vbl9zdGFydHVwOjEgY2hhbm5lbDpzdGFibGUgRElTQUJMRUQQCRjFhcoBIMWFygFKJgoXUGFkZGluZzEgY2hhbm5lbDpzdGFibGUQ6gMYwoXKASDChcoBSiUKF0NvbnRyb2wxIGNoYW5uZWw6c3RhYmxlEAEYw4XKASDDhcoBSiUKF0NvbnRyb2wyIGNoYW5uZWw6c3RhYmxlEAkYxoXKASDGhcoBSiYKF1BhZGRpbmcyIGNoYW5uZWw6c3RhYmxlEOoDGMSFygEgxIXKAUoQCgxEZWZhdWx0R3JvdXAQAFIMEgQyNy4qIAMoACgBEo4CChZJbnRlcnN0aXRpYWxNYWx3YXJlMzEwGMDpw5MFOAFCB0RlZmF1bHRKFwoTY29uZDFNYWx3YXJlQ29udHJvbBADShcKE2NvbmQyTWFsd2FyZU5vQnJhbmQQA0oXChNjb25kNU1hbHdhcmVPbmVTdGVwEANKFwoTY29uZDdNYWx3YXJlRmVhck1zZxADShkKFWNvbmQ5TWFsd2FyZUNvbGxhYk1zZxADShkKFWNvbmQxMU1hbHdhcmVRdWVzdGlvbhADShcKE2NvbmQxM01hbHdhcmVHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEpcCChdJbnRlcnN0aXRpYWxQaGlzaGluZzU2NBjA6cOTBTgBQgdEZWZhdWx0ShgKFGNvbmQzUGhpc2hpbmdDb250cm9sEANKGAoUY29uZDRQaGlzaGluZ05vQnJhbmQQA0oYChRjb25kNlBoaXNoaW5nT25lU3RlcBADShgKFGNvbmQ4UGhpc2hpbmdGZWFyTXNnEANKGwoXY29uZDEwUGhpc2hpbmdDb2xsYWJNc2cQA0oaChZjb25kMTJQaGlzaGluZ1F1ZXN0aW9uEANKGAoUY29uZDE0UGhpc2hpbmdHb0JhY2sQA0oMCgdEZWZhdWx0ELMBUiIIwNmjjAUSBDI5LiooACgBKAIoAzIFZW4tVVMyBWVuLUdCEqQCChJJbnRlcnN0aXRpYWxTU0w1MTcYwOnDkwU4AUIHRGVmYXVsdEoZChVDb25kaXRpb24xNVNTTENvbnRyb2wQA0oZChVDb25kaXRpb24xNlNTTEZpcmVmb3gQA0oeChpDb25kaXRpb24xN1NTTEZhbmN5RmlyZWZveBADShoKFkNvbmRpdGlvbjE4U1NMTm9JbWFnZXMQA0obChdDb25kaXRpb24xOVNTTFBvbGljZW1hbhADShsKF0NvbmRpdGlvbjIwU1NMU3RvcGxpZ2h0EANKGAoUQ29uZGl0aW9uMjFTU0xCYWRndXkQA0oMCgdEZWZhdWx0ELMBUikIwNmjjAUSCzI5LjAuMTU0My4qKAAoASgCKAMyBWVuLVVTMgVlbi1HQhJRChFNYW5hZ2VkTW9kZUxhdW5jaBiA88eSBTgBQghJbmFjdGl2ZUoKCgZBY3RpdmUQZEoMCghJbmFjdGl2ZRAAUhASBDI5LiogACABKAAoASgCEk0KEU1hbmFnZWRNb2RlTGF1bmNoGIDzx5IFOAFCCEluYWN0aXZlSgoKBkFjdGl2ZRBkSgwKCEluYWN0aXZlEABSDBIEMjkuKiAAIAEoAxKwAgoYTW9zdFZpc2l0ZWRUaWxlUGxhY2VtZW50GICtmo0FOAFCB0RlZmF1bHRKFgoST25lRWlnaHRfQV9GbGlwcGVkEANKFgoST25lRWlnaHRfQl9GbGlwcGVkEANKFgoST25lRWlnaHRfQ19GbGlwcGVkEANKFgoST25lRWlnaHRfRF9GbGlwcGVkEANKFQoRT25lRm91cl9BX0ZsaXBwZWQQA0oVChFPbmVGb3VyX0JfRmxpcHBlZBADShUKEU9uZUZvdXJfQ19GbGlwcGVkEANKFQoRT25lRm91cl9EX0ZsaXBwZWQQA0oLCgdDb250cm9sEANKFAoQRG9udFNob3dPcGVuVGFicxADSgsKB0RlZmF1bHQQRlIXEgsyOC4wLjE0OTYuMCABKAAoASgCKAMSlAEKFE1vdXNlRXZlbnRQcmVjb25uZWN0GMS0jZYFOABCCERpc2FibGVkSg0KCU1vdXNlRG93bhAKSg0KCU1vdXNlT3ZlchAAShIKDlRhcFVuY29uZmlybWVkEABKCwoHVGFwRG93bhAASgsKB0NvbnRyb2wQCkoMCghEaXNhYmxlZBBQUhASBDI5LiogACABKAAoASgCEl0KDE5ld01lbnVTdHlsZRiA0J+NBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQAEoNCghOZXdTdHlsZRDmB0oMCghPbGRTdHlsZRACUhISBDI2LioaBDI3LiogAygAKAMSfgoMTmV3TWVudVN0eWxlGICn4Y8FOAFCB0RlZmF1bHRKCwoHRGVmYXVsdBA8SgwKCENvbXBhY3QxEApKDAoIQ29tcGFjdDIQCkoSCg5IaWdoZXJDb250cmFzdBAKShAKDENvbnRyb2xHcm91cBAKUg4SBDI4LiogASAAKAAoAxJ+CgxOZXdNZW51U3R5bGUYgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGBKDAoIQ29tcGFjdDEQAUoMCghDb21wYWN0MhABShIKDkhpZ2hlckNvbnRyYXN0EAFKEAoMQ29udHJvbEdyb3VwEAFSDhIEMjkuKiADIAIoACgDElcKDE5ld1RhYkJ1dHRvbhiAtY2WBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQYkoLCgdDb250cm9sEAFKCAoEUGx1cxABUhISDDIxLjAuMTE4MC4xNSADKAASzQEKHk9tbmlib3hSZXBsYWNlSFVQQW5kTmV3U2NvcmluZxjAhbOQBTgBQghTdGFuZGFyZEoMCghTdGFuZGFyZBA8Sg0KCVN0YW5kYXJkMhAKSh0KGUhRUC1wb3N0cGVyaW9kLVJlcGxhY2VIVVAQCkoOCgpOZXdTY29yaW5nEApKNAowSFFQLXBvc3RwZXJpb2QtUmVwbGFjZUhVUF9OZXctcG9zdHBlcmlvZC1TY29yaW5nEApSFwjAn4uHBRILMjguMC4xNDk5LiogASACEmkKF09tbmlib3hTaG9ydGN1dHNTY29yaW5nGMTClpcFOAFCCFN0YW5kYXJkSgwKCFN0YW5kYXJkEFpKFQoRTWF4UmVsZXZhbmNlXzEzOTkQClIXCMSAro4FEgsyOS4wLjE1NDcuMCABIAISZQoQT21uaWJveFN0b3BUaW1lchjA0ZmTBTgBQghTdGFuZGFyZEoSCghTdGFuZGFyZBD0Axi3hcoBShYKDFVzZVN0b3BUaW1lchD0Axi4hcoBUhMIwMzUiwUSCzI4LjAuMTQ4OC4wEmYKF1ByZXJlbmRlckxvY2FsUHJlZGljdG9yGMSHoYwFOABCCERpc2FibGVkSg0KCERpc2FibGVkENQHSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApSEBIEMjUuKiADIAIoACgBKAISZgoXUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3IYxLSNlgU4AEIIRGlzYWJsZWRKDAoIRGlzYWJsZWQQZEoMCgdFbmFibGVkEKAGSgsKB0NvbnRyb2wQZFIQEgQyNS4qIAAgASgAKAEoAhJwCi5QcmVyZW5kZXJMb2NhbFByZWRpY3Rvck1heENvbmN1cnJlbnRQcmVyZW5kZXJzGMS0jZYFOAFCATFKBQoBMRAUSgUKATIQFEoFCgEzEBRKBQoBNBAUSgUKATUQFFIQEgQyOS4qIAAgASgAKAEoAhJxCjtQcmVyZW5kZXJMb2NhbFByZWRpY3RvclByZXJlbmRlclByaW9yaXR5SGFsZkxpZmVUaW1lU2Vjb25kcxjEtI2WBTgBQgEwSgUKATAQMkoGCgIzMBAZSgYKAjYwEBlSEBIEMjkuKiAAIAEoACgBKAISbgoqUHJlcmVuZGVyTG9jYWxQcmVkaWN0b3JQcmVyZW5kZXJUVExTZWNvbmRzGMS0jZYFOAFCAzE4MEoHCgMxODAQNEoHCgMxMjAQEEoHCgMyNDAQEEoGCgI2MBAQUhASBDI5LiogACABKAAoASgCEqUBCg9Qcm9ncmVzc2l2ZVNjYW4YxLSNlgU4AUIIRGlzYWJsZWRKFQoRMzNQZXJjZW50XzRNaW5NYXgQHkoVChE1MFBlcmNlbnRfNE1pbk1heBAeShUKETUwUGVyY2VudF84TWluTWF4EB5KFgoSMTAwUGVyY2VudF84TWluTWF4EB5KDAoIRnVsbFNjYW4QHkoNCghEaXNhYmxlZBDSBlIGIAAgASgDEpkBCgRRVUlDGMTnpogFOABCCERpc2FibGVkSgsKB0VuYWJsZWQQCkoLCgdDb250cm9sEApKDAoIRGlzYWJsZWQQUEoeCg1FbmFibGVkQnlGbGFnEAAqC2VuYWJsZS1xdWljSiAKDkRpc2FibGVkQnlGbGFnEAAqDGRpc2FibGUtcXVpY1IVEgsyOS4wLjE1NDYuMCAAKAAoASgCEjYKDlNCSW50ZXJzdGl0aWFsGMDSjYkFOAFCAlYxSgYKAlYxEAFKBgoCVjIQY1IIKAAoASgCKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y/ITKAUoVCgxhbHQtbG9jYXRpb24QDxiChcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIiFygFSFRILMjcuMC4xNDUzLiogAigAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj/hMoBShUKDGFsdC1sb2NhdGlvbhAPGIWFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8Yi4XKAVIREgsyNy4wLjE0NTMuKiACKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQKBiphcoBShAKB2NvbnRyb2wQDxj4hMoBShEKCGFsdC10ZXh0EA8Y+oTKAUoVCgxhbHQtbG9jYXRpb24QDxiAhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAPGIaFygFSFRILMjcuMC4xNDUzLiogASgAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBAoGKmFygFKEAoHY29udHJvbBAPGPmEygFKEQoIYWx0LXRleHQQDxj9hMoBShUKDGFsdC1sb2NhdGlvbhAPGIOFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEA8YiYXKAVIREgsyNy4wLjE0NTMuKiABKAMSqgEKGFNlbmRGZWVkYmFja0xpbmtMb2NhdGlvbjgBQgdkZWZhdWx0ShAKB2RlZmF1bHQQPBiphcoBShAKB2NvbnRyb2wQChj4hMoBShEKCGFsdC10ZXh0EAoY+4TKAUoVCgxhbHQtbG9jYXRpb24QChiBhcoBSh4KFWFsdC10ZXh0LWFuZC1sb2NhdGlvbhAKGIeFygFSFRILMjcuMC4xNDUzLiogAygAKAIoARKmAQoYU2VuZEZlZWRiYWNrTGlua0xvY2F0aW9uOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBA8GKmFygFKEAoHY29udHJvbBAKGPmEygFKEQoIYWx0LXRleHQQChj+hMoBShUKDGFsdC1sb2NhdGlvbhAKGISFygFKHgoVYWx0LXRleHQtYW5kLWxvY2F0aW9uEAoYioXKAVIREgsyNy4wLjE0NTMuKiADKAMSdQoUU2hvd0FwcExhdW5jaGVyUHJvbW84AUIHRGVmYXVsdEogChdTaG93UHJvbW9VbnRpbERpc21pc3NlZBAyGJ6GygFKGwoSUmVzZXRTaG93UHJvbW9QcmVmEDIYn4bKAUoLCgdEZWZhdWx0EABSBiAAIAEoABJiChNTaG93UHJvZmlsZVN3aXRjaGVyGMDK4IoFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBBQSgsKB2NvbnRyb2wQCkoOCgpBbHdheXNTaG93EApSEBIEMjYuKiAAIAEoACgBKAISVwoPU2lkZWxvYWRXaXBlb3V0GMScnYsFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEABKCwoHRW5hYmxlZBBkUhcSCzI1LjAuMTM2MC4qIAAgASACIAMoABJ3ChpTaWduSW5Ub0Nocm9tZUNvbmZpcm1hdGlvbhjAyuCKBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQUEoUChBjb250cm9sX0RJU0FCTEVEEApKEwoPQnViYmxlX0RJU0FCTEVEEApSEBIEMjYuKiAAIAEoACgBKAIShAEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxBkShEKDUV4cGVyaW1lbnRZZXMQAEoSCg5FeHBlcmltZW50WWVzMhAAShUKEUV4cGVyaW1lbnRDb250cm9sEABSChIEMjguKiACKAQShgEKEFNpbXBsZUNhY2hlVHJpYWwYxLSNlgU4AUIMRXhwZXJpbWVudE5vShAKDEV4cGVyaW1lbnRObxAAShEKDUV4cGVyaW1lbnRZZXMQUEoSCg5FeHBlcmltZW50WWVzMhAKShUKEUV4cGVyaW1lbnRDb250cm9sEApSDBIEMjguKiAAIAEoBBKVAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFRILMjUuMC4xMzY0LiogAigAKAEoAhKXAwoeU3BlY3VsYXRpdmVSZXNvdXJjZVByZWZldGNoaW5nGICc44oFOAFCCERpc2FibGVkSgwKCERpc2FibGVkEChKEAoMTGVhcm5pbmdIb3N0EApKDwoLTGVhcm5pbmdVUkwQCkoMCghMZWFybmluZxAKShMKD1ByZWZldGNoaW5nSG9zdBAKShIKDlByZWZldGNoaW5nVVJMEApKDwoLUHJlZmV0Y2hpbmcQCkocChhQcmVmZXRjaGluZ0xvd0NvbmZpZGVuY2UQAEodChlQcmVmZXRjaGluZ0hpZ2hDb25maWRlbmNlEABKHAoYUHJlZmV0Y2hpbmdNb3JlUmVzb3VyY2VzEABKEwoPTGVhcm5pbmdTbWFsbERCEABKFgoSUHJlZmV0Y2hpbmdTbWFsbERCEABKIwofUHJlZmV0Y2hpbmdTbWFsbERCTG93Q29uZmlkZW5jZRAASiQKIFByZWZldGNoaW5nU21hbGxEQkhpZ2hDb25maWRlbmNlEABSFxILMjUuMC4xMzY0LiogACABKAAoASgCElIKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIVEgsyNi4wLjE0MDMuMCACIAEgACgAElQKClNwZWxsY2hlY2sYxNu0jQU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EGRKDwoLU3VnZ2VzdGlvbnMQAFIXEgsyNi4wLjE0MDMuMCADIAIgASgCKAMSTgoKU3BlbGxjaGVjaxjE27SNBTgBQgdEZWZhdWx0SgsKB0RlZmF1bHQQZEoPCgtTdWdnZXN0aW9ucxAAUhESCzI2LjAuMTQwMy4wIAMoABJPCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBC2B0oPCgtibGFja2xpc3RlZBAyUg4SBDIyLiogACABIAIoABJRCg1FbmFibGVTdGFnZTNEGICI/oYFOAFCB2VuYWJsZWRKDAoHZW5hYmxlZBDoB0oPCgtibGFja2xpc3RlZBAAUhASBDIyLioaBDIyLiogAygAEmgKDUVuYWJsZVN0YWdlM0QYgN+/iQU4AUIPZW5hYmxlZF9kZWZhdWx0ShMKD2VuYWJsZWRfZGVmYXVsdBAASgwKB2VuYWJsZWQQ6AdKDwoLYmxhY2tsaXN0ZWQQAFIKEgQyMy4qIAMoABKrAgoLVGFiRXZpY3Rpb24YgP6ikgU4AUIHRGVmYXVsdEoLCgdEZWZhdWx0EABKCwoHQ29udHJvbBAKShEKDU1lbW9yeUtlZXBBbGwQAUoTCg9NZW1vcnlFdmljdEhhbGYQCkoTCg9NZW1vcnlLZWVwVGhyZWUQCkoUChBNZW1vcnlFdmljdFRocmVlEApKGAoUQmFja2dyb3VuZGluZ0tlZXBBbGwQCkoaChZCYWNrZ3JvdW5kaW5nRXZpY3RIYWxmEApKGAoUQmFja2dyb3VuZGluZ0tlZXBPbmUQCkobChdCYWNrZ3JvdW5kaW5nRXZpY3RUaHJlZRAKShIKDk5vUHJlcmVuZGVyaW5nEApKDwoLTm9RdWlja2JhY2sQClIMEgQyOS4qIAAgAigFEk4KE1Rlc3QwUGVyY2VudERlZmF1bHQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EABKDAoIZ3JvdXBfMDEQZEoLCgdkb2dmb29kEAAS2gEKHFVNQS1EeW5hbWljLVVuaWZvcm1pdHktVHJpYWwYgJySpQU4AUIHRGVmYXVsdEoUCgZHcm91cDEQARi/tskBIL+2yQFKFAoGR3JvdXAyEAkYwLbJASDAtskBShUKBkdyb3VwMxDqAxjBtskBIMG2yQFKFAoGR3JvdXA0EAEYwrbJASDCtskBShQKBkdyb3VwNRAJGMO2yQEgw7bJAUoVCgZHcm91cDYQ6gMYxLbJASDEtskBShUKB0RlZmF1bHQQABjFtskBIMW2yQFSDBIEMjcuKiADKAAoARK9AQofVU1BLVVuaWZvcm1pdHktVHJpYWwtMTAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABSgwKCGdyb3VwXzA1EAFKDAoIZ3JvdXBfMDYQAUoMCghncm91cF8wNxABSgwKCGdyb3VwXzA4EAFKDAoIZ3JvdXBfMDkQARKmDwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtMS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGKC1yQFKEQoIZ3JvdXBfMDEQARihtckBShEKCGdyb3VwXzAyEAEYorXJAUoRCghncm91cF8wMxABGKO1yQFKEQoIZ3JvdXBfMDQQARiktckBShEKCGdyb3VwXzA1EAEYpbXJAUoRCghncm91cF8wNhABGKa1yQFKEQoIZ3JvdXBfMDcQARintckBShEKCGdyb3VwXzA4EAEYqLXJAUoRCghncm91cF8wORABGKm1yQFKEQoIZ3JvdXBfMTAQARiqtckBShEKCGdyb3VwXzExEAEYq7XJAUoRCghncm91cF8xMhABGKy1yQFKEQoIZ3JvdXBfMTMQARittckBShEKCGdyb3VwXzE0EAEYrrXJAUoRCghncm91cF8xNRABGK+1yQFKEQoIZ3JvdXBfMTYQARiwtckBShEKCGdyb3VwXzE3EAEYsbXJAUoRCghncm91cF8xOBABGLK1yQFKEQoIZ3JvdXBfMTkQARiztckBShEKCGdyb3VwXzIwEAEYtLXJAUoRCghncm91cF8yMRABGLW1yQFKEQoIZ3JvdXBfMjIQARi2tckBShEKCGdyb3VwXzIzEAEYt7XJAUoRCghncm91cF8yNBABGLi1yQFKEQoIZ3JvdXBfMjUQARi5tckBShEKCGdyb3VwXzI2EAEYurXJAUoRCghncm91cF8yNxABGLu1yQFKEQoIZ3JvdXBfMjgQARi8tckBShEKCGdyb3VwXzI5EAEYvbXJAUoRCghncm91cF8zMBABGL61yQFKEQoIZ3JvdXBfMzEQARi/tckBShEKCGdyb3VwXzMyEAEYwLXJAUoRCghncm91cF8zMxABGMG1yQFKEQoIZ3JvdXBfMzQQARjCtckBShEKCGdyb3VwXzM1EAEYw7XJAUoRCghncm91cF8zNhABGMS1yQFKEQoIZ3JvdXBfMzcQARjFtckBShEKCGdyb3VwXzM4EAEYxrXJAUoRCghncm91cF8zORABGMe1yQFKEQoIZ3JvdXBfNDAQARjItckBShEKCGdyb3VwXzQxEAEYybXJAUoRCghncm91cF80MhABGMq1yQFKEQoIZ3JvdXBfNDMQARjLtckBShEKCGdyb3VwXzQ0EAEYzLXJAUoRCghncm91cF80NRABGM21yQFKEQoIZ3JvdXBfNDYQARjOtckBShEKCGdyb3VwXzQ3EAEYz7XJAUoRCghncm91cF80OBABGNC1yQFKEQoIZ3JvdXBfNDkQARjRtckBShEKCGdyb3VwXzUwEAEY0rXJAUoRCghncm91cF81MRABGNO1yQFKEQoIZ3JvdXBfNTIQARjUtckBShEKCGdyb3VwXzUzEAEY1bXJAUoRCghncm91cF81NBABGNa1yQFKEQoIZ3JvdXBfNTUQARjXtckBShEKCGdyb3VwXzU2EAEY2LXJAUoRCghncm91cF81NxABGNm1yQFKEQoIZ3JvdXBfNTgQARjatckBShEKCGdyb3VwXzU5EAEY27XJAUoRCghncm91cF82MBABGNy1yQFKEQoIZ3JvdXBfNjEQARjdtckBShEKCGdyb3VwXzYyEAEY3rXJAUoRCghncm91cF82MxABGN+1yQFKEQoIZ3JvdXBfNjQQARjgtckBShEKCGdyb3VwXzY1EAEY4bXJAUoRCghncm91cF82NhABGOK1yQFKEQoIZ3JvdXBfNjcQARjjtckBShEKCGdyb3VwXzY4EAEY5LXJAUoRCghncm91cF82ORABGOW1yQFKEQoIZ3JvdXBfNzAQARjmtckBShEKCGdyb3VwXzcxEAEY57XJAUoRCghncm91cF83MhABGOi1yQFKEQoIZ3JvdXBfNzMQARjptckBShEKCGdyb3VwXzc0EAEY6rXJAUoRCghncm91cF83NRABGOu1yQFKEQoIZ3JvdXBfNzYQARjstckBShEKCGdyb3VwXzc3EAEY7bXJAUoRCghncm91cF83OBABGO61yQFKEQoIZ3JvdXBfNzkQARjvtckBShEKCGdyb3VwXzgwEAEY8LXJAUoRCghncm91cF84MRABGPG1yQFKEQoIZ3JvdXBfODIQARjytckBShEKCGdyb3VwXzgzEAEY87XJAUoRCghncm91cF84NBABGPS1yQFKEQoIZ3JvdXBfODUQARj1tckBShEKCGdyb3VwXzg2EAEY9rXJAUoRCghncm91cF84NxABGPe1yQFKEQoIZ3JvdXBfODgQARj4tckBShEKCGdyb3VwXzg5EAEY+bXJAUoRCghncm91cF85MBABGPq1yQFKEQoIZ3JvdXBfOTEQARj7tckBShEKCGdyb3VwXzkyEAEY/LXJAUoRCghncm91cF85MxABGP21yQFKEQoIZ3JvdXBfOTQQARj+tckBShEKCGdyb3VwXzk1EAEY/7XJAUoRCghncm91cF85NhABGIC2yQFKEQoIZ3JvdXBfOTcQARiBtskBShEKCGdyb3VwXzk4EAEYgrbJAUoRCghncm91cF85ORABGIO2yQFSCCgAKAEoAigDEq4LCh5VTUEtVW5pZm9ybWl0eS1UcmlhbC0xLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQAUoMCghncm91cF8wMhABSgwKCGdyb3VwXzAzEAFKDAoIZ3JvdXBfMDQQAUoMCghncm91cF8wNRABSgwKCGdyb3VwXzA2EAFKDAoIZ3JvdXBfMDcQAUoMCghncm91cF8wOBABSgwKCGdyb3VwXzA5EAFKDAoIZ3JvdXBfMTAQAUoMCghncm91cF8xMRABSgwKCGdyb3VwXzEyEAFKDAoIZ3JvdXBfMTMQAUoMCghncm91cF8xNBABSgwKCGdyb3VwXzE1EAFKDAoIZ3JvdXBfMTYQAUoMCghncm91cF8xNxABSgwKCGdyb3VwXzE4EAFKDAoIZ3JvdXBfMTkQAUoMCghncm91cF8yMBABSgwKCGdyb3VwXzIxEAFKDAoIZ3JvdXBfMjIQAUoMCghncm91cF8yMxABSgwKCGdyb3VwXzI0EAFKDAoIZ3JvdXBfMjUQAUoMCghncm91cF8yNhABSgwKCGdyb3VwXzI3EAFKDAoIZ3JvdXBfMjgQAUoMCghncm91cF8yORABSgwKCGdyb3VwXzMwEAFKDAoIZ3JvdXBfMzEQAUoMCghncm91cF8zMhABSgwKCGdyb3VwXzMzEAFKDAoIZ3JvdXBfMzQQAUoMCghncm91cF8zNRABSgwKCGdyb3VwXzM2EAFKDAoIZ3JvdXBfMzcQAUoMCghncm91cF8zOBABSgwKCGdyb3VwXzM5EAFKDAoIZ3JvdXBfNDAQAUoMCghncm91cF80MRABSgwKCGdyb3VwXzQyEAFKDAoIZ3JvdXBfNDMQAUoMCghncm91cF80NBABSgwKCGdyb3VwXzQ1EAFKDAoIZ3JvdXBfNDYQAUoMCghncm91cF80NxABSgwKCGdyb3VwXzQ4EAFKDAoIZ3JvdXBfNDkQAUoMCghncm91cF81MBABSgwKCGdyb3VwXzUxEAFKDAoIZ3JvdXBfNTIQAUoMCghncm91cF81MxABSgwKCGdyb3VwXzU0EAFKDAoIZ3JvdXBfNTUQAUoMCghncm91cF81NhABSgwKCGdyb3VwXzU3EAFKDAoIZ3JvdXBfNTgQAUoMCghncm91cF81ORABSgwKCGdyb3VwXzYwEAFKDAoIZ3JvdXBfNjEQAUoMCghncm91cF82MhABSgwKCGdyb3VwXzYzEAFKDAoIZ3JvdXBfNjQQAUoMCghncm91cF82NRABSgwKCGdyb3VwXzY2EAFKDAoIZ3JvdXBfNjcQAUoMCghncm91cF82OBABSgwKCGdyb3VwXzY5EAFKDAoIZ3JvdXBfNzAQAUoMCghncm91cF83MRABSgwKCGdyb3VwXzcyEAFKDAoIZ3JvdXBfNzMQAUoMCghncm91cF83NBABSgwKCGdyb3VwXzc1EAFKDAoIZ3JvdXBfNzYQAUoMCghncm91cF83NxABSgwKCGdyb3VwXzc4EAFKDAoIZ3JvdXBfNzkQAUoMCghncm91cF84MBABSgwKCGdyb3VwXzgxEAFKDAoIZ3JvdXBfODIQAUoMCghncm91cF84MxABSgwKCGdyb3VwXzg0EAFKDAoIZ3JvdXBfODUQAUoMCghncm91cF84NhABSgwKCGdyb3VwXzg3EAFKDAoIZ3JvdXBfODgQAUoMCghncm91cF84ORABSgwKCGdyb3VwXzkwEAFKDAoIZ3JvdXBfOTEQAUoMCghncm91cF85MhABSgwKCGdyb3VwXzkzEAFKDAoIZ3JvdXBfOTQQAUoMCghncm91cF85NRABSgwKCGdyb3VwXzk2EAFKDAoIZ3JvdXBfOTcQAUoMCghncm91cF85OBABSgwKCGdyb3VwXzk5EAFSBCgEKAUSdwofVU1BLVVuaWZvcm1pdHktVHJpYWwtMjAtUGVyY2VudBiAnJKlBTgBQgdkZWZhdWx0SgsKB2RlZmF1bHQQAUoMCghncm91cF8wMRABSgwKCGdyb3VwXzAyEAFKDAoIZ3JvdXBfMDMQAUoMCghncm91cF8wNBABEk0KH1VNQS1Vbmlmb3JtaXR5LVRyaWFsLTUwLVBlcmNlbnQYgJySpQU4AUIHZGVmYXVsdEoLCgdkZWZhdWx0EAFKDAoIZ3JvdXBfMDEQARK2AwoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKEAoHZGVmYXVsdBABGIS2yQFKEQoIZ3JvdXBfMDEQARiFtskBShEKCGdyb3VwXzAyEAEYhrbJAUoRCghncm91cF8wMxABGIe2yQFKEQoIZ3JvdXBfMDQQARiItskBShEKCGdyb3VwXzA1EAEYibbJAUoRCghncm91cF8wNhABGIq2yQFKEQoIZ3JvdXBfMDcQARiLtskBShEKCGdyb3VwXzA4EAEYjLbJAUoRCghncm91cF8wORABGI22yQFKEQoIZ3JvdXBfMTAQARiOtskBShEKCGdyb3VwXzExEAEYj7bJAUoRCghncm91cF8xMhABGJC2yQFKEQoIZ3JvdXBfMTMQARiRtskBShEKCGdyb3VwXzE0EAEYkrbJAUoRCghncm91cF8xNRABGJO2yQFKEQoIZ3JvdXBfMTYQARiUtskBShEKCGdyb3VwXzE3EAEYlbbJAUoRCghncm91cF8xOBABGJa2yQFKEQoIZ3JvdXBfMTkQARiXtskBUggoACgBKAIoAxLOAgoeVU1BLVVuaWZvcm1pdHktVHJpYWwtNS1QZXJjZW50GICckqUFOAFCB2RlZmF1bHRKCwoHZGVmYXVsdBABSgwKCGdyb3VwXzAxEAFKDAoIZ3JvdXBfMDIQAUoMCghncm91cF8wMxABSgwKCGdyb3VwXzA0EAFKDAoIZ3JvdXBfMDUQAUoMCghncm91cF8wNhABSgwKCGdyb3VwXzA3EAFKDAoIZ3JvdXBfMDgQAUoMCghncm91cF8wORABSgwKCGdyb3VwXzEwEAFKDAoIZ3JvdXBfMTEQAUoMCghncm91cF8xMhABSgwKCGdyb3VwXzEzEAFKDAoIZ3JvdXBfMTQQAUoMCghncm91cF8xNRABSgwKCGdyb3VwXzE2EAFKDAoIZ3JvdXBfMTcQAUoMCghncm91cF8xOBABSgwKCGdyb3VwXzE5EAFSBCgEKAU=","webkit":{"webprefs":{"allow_running_insecure_content":true}},"homepage":"hxxp://search.conduit.com/?ctid=CT3295548&SearchSource=48&CUI=UN11365412089727813& ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\ADMINI~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn => Key deleted successfully.
C:\Users\Administrator\AppData\Local\CRE\kimdndlhnimhdcchmglaendkednpejjn.crx => Moved successfully.

========================= File: C:\Windows\SysWOW64\updCA15dll ========================

MD5: 3ECC54D0D0C28941CA2C9435B0B35272
Creation and modification date: 2013-10-11 19:29 - 2013-10-11 19:29
Size: 0065536
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

C:\Windows\SysWOW64\updCA15.tmp => Moved successfully.
C:\Windows\SysWOW64\updC7F2.tmp => Moved successfully.
C:\Windows\SysWOW64\updC533.tmp => Moved successfully.
C:\ProgramData\Conduit => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Program Files (x86)\Conduit => Moved successfully.
C:\Users\Administrator\AppData\Local\CRE => Moved successfully.
C:\Users\Administrator\AppData\Roaming\xVidly => Moved successfully.
C:\Users\Administrator\AppData\Roaming\5258a50d160ba02b0200a602 => Moved successfully.
C:\Users\Administrator\AppData\Local\Google\Desktop\Install => Moved successfully.

==== End of Fixlog ====



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 17 October 2013 - 07:10 PM

Hello,

 

 

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Virustotal

When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Windows\SysWOW64\updCA15dll

note, if VT says these files have already been analysed, make sure you click reanalyse file now.

Please post back the link with the results of the scan in your next post.

If Virustotal is busy, try the same at Virscanhttp://virscan.org/

Please post the link to the results page rather than the contents of the page itself (its a little easier for me to read).

 

 

Also go ahead and restore the Google's Chrome settings => check this out Reset browser settings

 

 

Regards,

Georgi


cXfZ4wS.png


#8 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 October 2013 - 07:44 PM

https://www.virustotal.com/en/file/b391da6b8fd7e3c4d5e78ce9eaf945bf51caa45f81e31c3b8be41445344c2808/analysis/1382056833/



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 17 October 2013 - 08:20 PM

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 17 October 2013 - 11:07 PM

Thanks, things are running much, much better.

 

STEP 1:

I do not see a C:\rkill.log

rkill.txt opened and saved to the desktop, the results were posted here:

http://pastebin.com/haYhmJCL

 

STEP 2:

RKReport results posted here:

http://pastebin.com/zyKHScPz

 

STEP 3:

DTSSKiller results (two files) posted here:

http://pastebin.com/HYv8CRwP

 

STEP 4:

Malwarebytes results posted here:

http://pastebin.com/GKhCqZUa

 

STEP 5:

FarBar Service Scanner results posted here:

http://pastebin.com/J0XpC4yz

 

STEP 6:


Edited by SWWeatherGuy, 17 October 2013 - 11:46 PM.


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 18 October 2013 - 05:39 AM

Hi,

 

 

I am glad to hear that. The provided logs are both clean! :)

However you forgot to post the latest log from adwcleaner?

 

And 2 final steps:

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done please don't delete anything and close HitmanPro

8.Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 2

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Regards,

Georgi


Edited by B-boy/StyLe/, 18 October 2013 - 05:40 AM.

cXfZ4wS.png


#12 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 October 2013 - 07:29 PM

Hi,

 

 

I am glad to hear that. The provided logs are both clean! :)

However you forgot to post the latest log from adwcleaner?

 

Didn't forget, the bleepingcomputer site went down/unavailable.

 

Here is STEP 6:

AdwCleaner results posted here:
http://pastebin.com/4tudwmHL



#13 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 18 October 2013 - 07:45 PM

"FINAL STEPS" #1

HitMan results:

 

HitmanPro 3.7.8.207
www.hitmanpro.com

   Computer name . . . . : SRR1-eb8560p
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : SRR1-EB8560P\DTSAdmin
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-10-18 18:33:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 1,889,204
   Files scanned . . . . : 16,659
   Remnants scanned  . . : 605,206 files / 1,267,339 keys

Potential Unwanted Programs _________________________________________________

   C:\Users\Administrator\AppData\LocalLow\Conduit\ (Conduit)
   C:\Users\Administrator\AppData\LocalLow\Conduit\ChromeExtData\kimdndlhnimhdcchmglaendkednpejjn\Repository\ (Conduit)
   C:\Users\Administrator\AppData\LocalLow\Conduit\ChromeExtData\kimdndlhnimhdcchmglaendkednpejjn\Repository\ToolbarFullUserID.txt (Conduit)
   C:\Users\Administrator\AppData\LocalLow\Conduit\ChromeExtData\kimdndlhnimhdcchmglaendkednpejjn\Repository\ToolbarUserId.txt (Conduit)
   C:\Users\Administrator\AppData\LocalLow\Conduit\ChromeExtData\kimdndlhnimhdcchmglaendkednpejjn\Repository\WhiteList.txt (Conduit)
   HKLM\SOFTWARE\Classes\s\ (Softonic)
   HKU\S-1-5-21-3635694149-3289295068-4116976629-500\Software\AppDataLow\Software\SmartBar\ (Conduit)
   HKU\S-1-5-21-3635694149-3289295068-4116976629-500\Software\Conduit\ (Conduit)
 

"FINAL STEPS" #2

SecurityCheck results:

 

 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 45  
 Java version out of Date!
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:02:08 PM

Posted 19 October 2013 - 05:22 AM

Hi,

 

 

This one is a bit tricky and you need to concentrate on max strength. :)

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished untick the following entries if you use AVG Secure Search toolbar:
    <-

    Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\Software\AVG Security Toolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ->

  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

Note: Don't worry if you remove some of the AVG entries by mistake. You can always reinstall AVG in order to get this fixed.

 

 

 

Upgrading Java:


javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

 

  • Download the latest version of Java SE 7.
  • Click the Java™ 7 Update 45 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u45-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:

    Java™ 6 Update 45 
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u45-windows-i586.exe and select "Run as an Administrator.")

 

 

Or you can simple uninstall JAVA and try avoid installing Java unless absolutely required by your applications: (it's your call)...

 

http://www.techsupportforum.com/5494-java-time-to-wake-up-and-smell-the-coffee/

 

 

 

Next please run JavaRa.

  • Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and from the drop-down menu select any Java version (if listed) and press Run Uninstaller. (If Java is not listed please click on Next).
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please post the log in your next reply.
  • Close JavaRa by clicking the red cross button.

 

Regards,

Georgi


Edited by B-boy/StyLe/, 19 October 2013 - 05:23 AM.

cXfZ4wS.png


#15 SWWeatherGuy

SWWeatherGuy
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:05:08 AM

Posted 19 October 2013 - 12:37 PM

Hello.

 

I could not find this one:

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

only "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar"

I left it checked.

 

Here are the results:

 

# AdwCleaner v3.008 - Report created 19/10/2013 at 11:37:09
# Updated 17/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : DTSAdmin - SRR1-eb8560p
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[x] Not Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
[x] Not Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****

[x] Not Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[x] Not Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[x] Not Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
[x] Not Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[x] Not Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[x] Not Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[x] Not Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[x] Not Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3295548
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
[x] Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[x] Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
[x] Not Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url

*************************

AdwCleaner[R0].txt - [6132 octets] - [17/10/2013 22:48:46]
AdwCleaner[R1].txt - [6192 octets] - [19/10/2013 11:09:18]
AdwCleaner[S0].txt - [5832 octets] - [19/10/2013 11:37:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5892 octets] ##########

 

JAVA upgraded and here are JavaRA results:

 

== Cleaning JRE temporary files ==
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6dd2719d
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-6dd2719d.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\737c09be-2e68cab9
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\737c09be-2e68cab9.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\42d01fc6-6448f3cc
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\42d01fc6-6448f3cc.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3c9b80b1-16c50f95
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3c9b80b1-16c50f95.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6edda42c-2d87bc44
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\6edda42c-2d87bc44.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-745b3d35
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\1ca2666b-745b3d35.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\312db327-483a52e3
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\312db327-483a52e3.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\292460e2-646cc8cb
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\292460e2-646cc8cb.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\330a9c61-7fd14d44
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\330a9c61-7fd14d44.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2e13c6df-7e23d6ea
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\2e13c6df-7e23d6ea.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63c95ad7-71258812
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\63c95ad7-71258812.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\226b91d5-62c16a36
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\226b91d5-62c16a36.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5d050d82-67207153
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\5d050d82-67207153.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-4eab5b3a
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\3d7894d3-4eab5b3a.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-6.0.lap
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-7e482eb5
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\49a00451-7e482eb5.idx
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-11de4be7
Deleted file: C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\eef218c-11de4be7.idx
 


 


Edited by SWWeatherGuy, 19 October 2013 - 12:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users