Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me!


  • Please log in to reply

#1
moodyflyer

moodyflyer

    New Member

  • Member
  • Pip
  • 6 posts
I am having a problem when windows is running a dos prompt screen will open with a dispay c:\windows\system32\WINCTR~1.exe on top. If I close it it will reopen in about 20 min or so. Also multiple will open if I am away from my computer and leave it running.

Here is my hijack this file.

Logfile of HijackThis v1.99.1
Scan saved at 10:03:58 PM, on 11/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msupd6.exe
C:\WINDOWS\system32\popcorn72.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Barrett\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://fastsearchweb.com/srh.php?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\system32\msblank.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2EFE1D69-4E4E-E6AA-EB23-E1C704B32776} -
C:\WINDOWS\system32\ikdqjywx.dll
O2 - BHO: (no name) - {4B1D9115-CBF4-A875-2FE3-2583F45FF5B0} -
C:\WINDOWS\System32\zhgfbcck.dll (file missing)
O2 - BHO: (no name) - {B25CCF33-F211-465B-A462-4E3027392677} -
C:\WINDOWS\system32\mscd.dll
O2 - BHO: (no name) - {BDE69C4E-C9C4-F50D-4E9A-E4A5BF6E6D0A} -
C:\WINDOWS\System32\aqeazhmb.dll (file missing)
O2 - BHO: (no name) - {F3D1EC4D-EB1A-C559-7CE4-AC9ADA3A5085} -
C:\WINDOWS\system32\lemlmifg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program
Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program
Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [cUVGRgEx] C:\PROGRA~1\uxrvpxux\GogDHAAN.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe
rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\RunServices: [System Support] syscfg.exe
O4 - HKLM\..\RunOnce: [qappsrvc32.exe] qappsrvc32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -
http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class)
- http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -
http://www.pacimedia...ll/pcs_0022.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zon...wn.cab31267.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31
O17 -
HKLM\System\CCS\Services\Tcpip\..\{BBBBE4C0-0FE8-4D5A-9571-267179EEEAEB}:
NameServer = 69.50.176.156,195.225.176.31
O17 -
HKLM\System\CS1\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31
O17 -
HKLM\System\CS2\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: dmswkczcwytr (MsUpdate6) - Unknown owner -
C:\WINDOWS\system32\msupd6.exe
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi moodyflyer

Welcome to GTG! :tazz:

*Download Cleanup from Here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • DO NOT RUN IT YET
* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"


* Click Start > Run > and type in:

services.msc

Click OK.

In the services window find dmswkczcwytr.
Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. Exit the Services utility.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =
http://fastsearchweb.com/srh.php?q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
C:\WINDOWS\system32\msblank.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {2EFE1D69-4E4E-E6AA-EB23-E1C704B32776} -
C:\WINDOWS\system32\ikdqjywx.dll

O2 - BHO: (no name) - {4B1D9115-CBF4-A875-2FE3-2583F45FF5B0} -
C:\WINDOWS\System32\zhgfbcck.dll (file missing)

O2 - BHO: (no name) - {B25CCF33-F211-465B-A462-4E3027392677} -
C:\WINDOWS\system32\mscd.dll

O2 - BHO: (no name) - {BDE69C4E-C9C4-F50D-4E9A-E4A5BF6E6D0A} -C:\WINDOWS\System32\aqeazhmb.dll (file missing)

O2 - BHO: (no name) - {F3D1EC4D-EB1A-C559-7CE4-AC9ADA3A5085} - C:\WINDOWS\system32\lemlmifg.dll

O4 - HKLM\..\Run: [cUVGRgEx] C:\PROGRA~1\uxrvpxux\GogDHAAN.exe

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe
rundll.dll,LoadMouseProfile

O4 - HKLM\..\RunServices: [System Support] syscfg.exe

O4 - HKLM\..\RunOnce: [qappsrvc32.exe] qappsrvc32.exe

O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -
http://www.pacimedia...ll/pcs_0022.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31

O17 - HKLM\System\CCS\Services\Tcpip\..\{BBBBE4C0-0FE8-4D5A-9571-267179EEEAEB}:
NameServer = 69.50.176.156,195.225.176.31
O17 -
HKLM\System\CS1\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31

O17 - HKLM\System\CS2\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}:
NameServer = 69.50.176.156,195.225.176.31



* Next in Hijack This click on the "Config" button in the lower right corner. In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Copy and paste the following line in that box:

MsUpdate6

Click OK.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\system32\popcorn72.exe

C:\PROGRA~1\uxrvpxux\GogDHAAN.exe

C:\WINDOWS\system32\msupd6.exe

C:\WINDOWS\system32\syscfg.exe


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the Killbox.


* Delete this folder:

C:\Program Files\uxrvpxux


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.
* Go to Start > Run and type in cmd

Click OK.

Type in the follwing command:

ipconfig /flushdns

Hit Enter.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan

Edited by flrman1, 21 November 2005 - 12:10 PM.

  • 0

#3
moodyflyer

moodyflyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Oh flrman1.........Thank you so much!!!!! It worked. You are the berries!!! :tazz:
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You're welcome, but I'd really like to see a new Hijack This log along with the results of the Activescan. There may be more to do
  • 0

#5
moodyflyer

moodyflyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here ya go.

Logfile of HijackThis v1.99.1
Scan saved at 11:53:16 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\iMesh Applications\iMesh6\iMesh6.exe
C:\WINDOWS\system32\igfxext.exe
C:\Documents and Settings\Barrett\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {2EFE1D69-4E4E-E6AA-EB23-E1C704B32776} - C:\WINDOWS\system32\ikdqjywx.dll
O2 - BHO: (no name) - {4B1D9115-CBF4-A875-2FE3-2583F45FF5B0} - C:\WINDOWS\System32\zhgfbcck.dll (file missing)
O2 - BHO: (no name) - {BDE69C4E-C9C4-F50D-4E9A-E4A5BF6E6D0A} - C:\WINDOWS\System32\aqeazhmb.dll (file missing)
O2 - BHO: (no name) - {F3D1EC4D-EB1A-C559-7CE4-AC9ADA3A5085} - C:\WINDOWS\system32\lemlmifg.dll
O2 - BHO: (no name) - {F407543E-B14E-44FF-AD49-3E2D9887851F} - C:\WINDOWS\system32\msbc.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O4 - HKLM\..\Run: [cUVGRgEx] C:\PROGRA~1\uxrvpxux\GogDHAAN.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [System Support] syscfg.exe
O4 - HKLM\..\RunOnce: [qappsrvc32.exe] qappsrvc32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zon...ry/ZAxRcMgr.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia...ll/pcs_0022.exe
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBBBE4C0-0FE8-4D5A-9571-267179EEEAEB}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS1\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
O17 - HKLM\System\CS2\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Here is the scan


Incident Status Location

Spyware:spyware/cydoor Not disinfected C:\WINDOWS\SYSTEM32\cd_clint.dll
Adware:adware/dloader Not disinfected C:\WINDOWS\SYSTEM32\msblank.html
Adware:adware/p2pnetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Adware:adware/globosearch Not disinfected C:\WINDOWS\SYSTEM32\winuptd.exe
Hacktool:hacktool/rootkit.m Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\winik.sys
Adware:adware/cws Not disinfected C:\Documents and Settings\Barrett\Favorites\Free Online Dating.url
Adware:adware/cws.searchmeup Not disinfected C:\Documents and Settings\Barrett\Desktop\1.dat
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/comet Not disinfected C:\WINDOWS\INF\dm.inf
Adware:adware/ncase Not disinfected C:\WINDOWS\msbb.exe.temp
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall4_85.exe
Adware:adware/dyfuca Not disinfected C:\WINDOWS\optimize.exe
Adware:adware/twain-tech Not disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/wareout Not disinfected C:\WINDOWS\tmp.hta
Adware:adware/sidesearch Not disinfected C:\PROGRAM FILES\Lycos
Adware:adware/gator Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/blazefind Not disinfected Windows Registry
Virus:Trj/Downloader.ANM Not disinfected C:\!KillBox\msupd6.exe
Virus:Trj/Downloader.EES Not disinfected C:\!KillBox\popcorn72.exe
Virus:W32/Gaobot.ITM.worm Not disinfected C:\!KillBox\syscfg.exe
Virus:JS/Psyme.gen Not disinfected C:\ba978728.hta
Virus:Trj/Legmir.D Not disinfected C:\Documents and Settings\All Users\Documents\My Music\Sample Music\download.mp3.exe
Virus:Trj/Demetib.A Not disinfected C:\Documents and Settings\Barrett\1.dat
Virus:Trj/Demetib.A Not disinfected C:\Documents and Settings\Barrett\2.dat
Virus:Trj/Demetib.A Not disinfected C:\Documents and Settings\Barrett\3.dat
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Count.class-1ecee188-5b093d79.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-1466ed40-350693c0.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-406a5a50-254a2328.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-457453b7-1ff3e2b6.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-4edc350f-51340f31.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-6be6be61-32ec4de6.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-74e146cd-1e554d0a.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-109b2d52-7c01fecb.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-4953e328-7361971a.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\ok.class-2b8e9-1e23b785.class
Dialer:Dialer.BOO Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-305f4c99-1d4c0399.class
Adware:Adware/CWS Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-6f61e81e.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\stat.class-4de7a3a1-206a5061.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-32aba5e6-563143db.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-39d9577b-614b3adc.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-49ac80a3-6431d001.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-61f62565-3115bbe9.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-66ed47d6-7427becd.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-6ac6da25-2bbb6096.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-2e764d53-43a27918.zip[Bubble.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-2e764d53-43a27918.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-2e764d53-43a27918.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-6bb41746-763577c0.zip[a.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-6bb41746-763577c0.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-6bb41746-763577c0.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1199dff7-703c0fea.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1199dff7-703c0fea.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1199dff7-703c0fea.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-6482522b.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-6482522b.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-6482522b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cbf2f79.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cbf2f79.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cbf2f79.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-52570249.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-52570249.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-52570249.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-335bb1fe.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-335bb1fe.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-335bb1fe.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-51b26348-25c5e59e.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-51b26348-25c5e59e.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-51b26348-25c5e59e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5252a708-2ddbfa34.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5252a708-2ddbfa34.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5252a708-2ddbfa34.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-19d884ab.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-19d884ab.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-19d884ab.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6c4a1420.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6c4a1420.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-6c4a1420.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60845880-65542e1e.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60845880-65542e1e.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-60845880-65542e1e.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-64a652fa.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-64a652fa.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-64a652fa.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-693c6b5-5f095265.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-693c6b5-5f095265.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-693c6b5-5f095265.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-7832df63.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-7832df63.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-7832df63.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-f30ee60-19d33e03.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-f30ee60-19d33e03.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-f30ee60-19d33e03.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[Counter.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[Gummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[Worker.class]
Adware:Adware/CWS.Yexe Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.zip-39e70cf5-21e077b8.zip[web.exe]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-79d9b789.zip[Mein.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-79d9b789.zip[ProbeLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-79d9b789.zip[Dummy.class]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-246797d4-79d9b789.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6572cdc1-2edecc4f.zip[Mein.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6572cdc1-2edecc4f.zip[ProbeLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6572cdc1-2edecc4f.zip[Dummy.class]
Virus:Trojan Horse Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6572cdc1-2edecc4f.zip[Beyond.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-235e6e07.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-235e6e07.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-235e6e07.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-235e6e07.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6868e317.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6868e317.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6868e317.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6868e317.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6a0f9e06.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6a0f9e06.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6a0f9e06.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-6a0f9e06.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-70b11aee.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-70b11aee.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-70b11aee.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-70b11aee.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-210cdb6b-217ecca4.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-210cdb6b-217ecca4.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-210cdb6b-217ecca4.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-210cdb6b-217ecca4.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2359f1c7-2b325a37.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2359f1c7-2b325a37.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2359f1c7-2b325a37.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2359f1c7-2b325a37.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dd0698-28a58e79.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dd0698-28a58e79.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dd0698-28a58e79.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-2dd0698-28a58e79.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-34594759-71364319.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-34594759-71364319.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-34594759-71364319.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-34594759-71364319.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36bc4af-60771f4f.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36bc4af-60771f4f.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36bc4af-60771f4f.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-36bc4af-60771f4f.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-58d16779.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-58d16779.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-58d16779.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-3985cec3-58d16779.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4a51ee74-2f1e1a5a.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4a51ee74-2f1e1a5a.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4a51ee74-2f1e1a5a.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4a51ee74-2f1e1a5a.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4ae9b3bc-4dd3a868.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4ae9b3bc-4dd3a868.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4ae9b3bc-4dd3a868.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-4ae9b3bc-4dd3a868.zip[Installer.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-506bdfc9-40f859c8.zip[GetAccess.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Barrett\Application Data\Sun\Java\Deployment\cache\
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please download Rootkit Revealer from here (link is at the very bottom of the page).
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

* Download WinPFind
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!

Reboot into Safe Mode


Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient and let it complete.

Reboot back to Normal Mode!

  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Copy and paste WinPFind.txt in your next post here please.

  • 0

#7
moodyflyer

moodyflyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi flrman1,

Here is the rookit.txt
<AMIdServerRequest>
<ServerRequestDate>11/23/2005 06:44:03 AM</ServerRequestDate>
<scriptTimeout>60</ScriptTimeout>
<Txn>
<TxnType>IdRequest</TxnType>
<TxnGUID>8903fb80-5bec-1ada-bbfe-00055d6f3c18</TxnGUID>
<Details>
<ClientInfo>
<AppInfo>
<MfgVersion>1.3.14.1</MfgVersion>
<AppName>iMesh6</AppName>
<AppVersion>DKCjegm</AppVersion>
<AppOwner>DKCjegm</AppOwner>
</AppInfo>
<UserInfo>
<PostalCode>95032</PostalCode>
<Language>English</Language>
<GMTOffset>-300</GMTOffset>
<UserGUID>a4c883e0-5bba-1ada-bbfe-00055d6f3c18</UserGUID>
<Email>zzz@xxx.yyy</Email>
<FullName>joker2_7@hotmail.com:gh</FullName>
</UserInfo>
<SystemInfo>
<SystemGUID></SystemGUID>
<CPUInfo>XMLGen</CPUInfo>
<OSVersion>XMLGen</OSVersion>
<MemoryInUser>0%</MemoryInUser>
<TotalPhysical>64k</TotalPhysical>
<AvailablePhysical>64k</AvailablePhysical>
<TotalPageFile>64k</TotalPageFile>
<AvailablePageFile>64k</AvailablePageFile>
<TotalVirtual>64k</TotalVirtual>
<AvailableVirtual>64k</AvailableVirtual>
<UserName>DKCjegm</UserName>
<SystemName>DKCjegm</SystemName>
</SystemInfo>
</ClientInfo>
<IdRequestInfo>
<IdOffline>False</IdOffline>
<IdRequest>
<IdRequestGUID>8903fb80-5bec-1ada-bbfe-00055d6f3c18</IdRequestGUID>
<IdRetryCount>0</IdRetryCount>
<IdRequestDate>11/23/2005 01:44:03 AM</IdRequestDate>
<HashInfo>
<HashEntry>
<Protocol>AMPartialAudioHash</Protocol>
<Hash>r5vWrmArjEW6nnDYxme4vg==</Hash>
</HashEntry>
<HashEntry>
<Protocol>IM2</Protocol>
<Hash>2b182d36f63302c2cd662bf821bce754744ddb34</Hash>
</HashEntry>
</HashInfo>
<MiscInfo>&lt;ExtraInfo1&gt;&lt;/ExtraInfo1&gt;&lt;Country&gt;us&lt;/Country&gt;&lt;Downloaded&gt;false&lt;/Downloaded&gt;&lt;MetadataIn&gt;&lt;MetaInTrackTitle&gt;&lt;/MetaInTrackTitle&gt;&lt;MetaInTrackArtist&gt;&lt;/MetaInTrackArtist&gt;&lt;MetaInTrackAlbum&gt;&lt;/MetaInTrackAlbum&gt;&lt;MetaInFilename&gt;[04] rammstein - asche zu asche.mp3&lt;/MetaInFilename&gt;&lt;MetaInReleaseYear&gt;0&lt;/MetaInReleaseYear&gt;&lt;MetaInBitRate&gt;128&lt;/MetaInBitRate&gt;&lt;MetaInRecordingLengthSeconds&gt;231&lt;/MetaInRecordingLengthSeconds&gt;&lt;/MetadataIn&gt;</MiscInfo>
<Signature>RY0ELAAAAAAAAEpA/wEAALiZIgUKAAAAAAAAAAAA8D+amZmZmZm5PwAAAAAAAAAAAAAAAABA
r0AAAAAAAAAAAAAAAACAiOVAAQAAAAIAAAAGAAAAJQAAADg5MDNmYjgwLTViZWMtMWFkYS1i
YmZlLTAwMDU1ZDZmM2MxOAAXAAAAMTEvMjMvMjAwNSAwNjo0NDowMyBBTQBu3eK/dTcCwPV4
r8BdxtLA7gviwK44BsGyeB/By840wZGXRsHO2HPB1kPdv2KMCsAIMq3AKsTgwAIC4cDUyg7B
gH0ewQxCQsEhekjBHAuEwdIY1r83XQ/AEXerwJtN5cCpu9/Av0ARwXzDG8HQD0fB5phKwcGZ
icHQ1tG/zfoQwPq+qsBFNuTAG5jfwMMbD8FU9RjBEBtGwZRnTMF+xovBJ87Pv0QHE8DiNqrA
PcPhwOxS3sCIagzBf2EWwVpvRMGdTU3BejiNwbyL0r+UxxPAhDerwMF04sBkztzACHUKwWkD
E8Gv+UHBrbhMwajUjcEnstG/WsMVwNizq8BAEOLA3u/cwIeDCcFzvRDBGM0/wYobTcFdNY/B
0IPKv8/nFsD/C6vAQELgwByp3cDBRQnB+PwQwQjYPsEgRU/BQLKQwbs9xb84nRTACBepwH1d
3sB6St7AcOwIwTvkEcHjOj7BcZFQwazfj8HyJcS/QkgSwHI7qMDdp97AhhbfwEwmCcF1sBHB
2yo+wRZhUcE1OI7BdwXEv9C2EcCUBqfAdsfewLWy38BU9gnBu8QSwYCAP8HC31DBPh2MwSYQ
x79BJhHAXzmmwFEY4MB39t/A3kMKwW/8E8FiJUHB8atPwWm5icEC5s6/Ib4RwEj5p8BYZ+TA
4VvgwHleCsFJoRTBTYlCwb2eTMHVaobBqC7Uv5JfFcAZ0arAicXnwE0N4cAK4ArBSOIUwayX
QsFea0nBAkSFwfKM07+eJRjAwrOswBBe6cDlo+LAzsMLwTQgFcHbqEDBJE1HwdughcEwMtS/
xAQYwMb1rMDEAerATdrjwJ+QDMHqBhXBdl0+wXfWRsHKCYbBTiPTv39NF8CifKzAQETowOo3
5cCyjw3Bg+8Uwd8rPMHKAkfBu3GGwQL72L/rgxPAgZmpwJTW5cCGCeXADmYPwQvsE8HHGjrB
xEJGwb5+h8HpLeG/VpcPwJ2XpsCO7+PAaPjkwLfPEcE2WxPB0kE6wdZ+RsFVZYfBGJXov/qz
DsDP/6PAe1LiwKSX48Ab1xLBZtwSwehbO8HYGkfBn8OGwY3h7L9ZYg/AwPOiwFUf4MAZOOHA
nLESwRAyEsHMSDzBJUlHwW49h8Fz5fG/CtERwE1QpMBR49/AJuXdwDQNE8EKaxHBO309wSmz
R8He14fByjfyv7qcFsBTyKbAHp7fwETd2sBWvhLB4vYQwWo7PsH+2knBGxWJwdXC779DxBvA
P1epwAp/38Bu/dfAm6ERwUzeD8GxCj3B8JhLwXNoisHnEfC/IgMfwOVsrMDepN/AmSbWwGAf
EsG5Vg/BgqI8wVk1TMEnOIvB83P1v5nhH8BB8K7AMKjhwN4i18B1JhTBbhIPwd3xO8GhL0vB
OPGKwfoC+b8E7h7AeMSvwGnC48AD19nAGjQVwfzRDsEPZzvB6rFJwSt+isFE8fi/MWcfwF3b
rsCy++PATEnewPoGFsGDAA/BvUk7wT/LR8GIDonBLNTyvwipIMDARa3AkPThwDAg48Cj2hXB
/XcQwRcFPMFIV0fBFoKIwTSq67/cGR/Aw8ipwL7U38BR1ubA38sTwfSfEcGgmjzBkMxGwXhW
iMF7WeK/xHAgwKYCpsAXQt3Ax7XowFGcEMG2uBLBy+A9wVznR8EaMIjB5avav/6uIsBbRKLA
BszZwJZs6cDUog7BGPsTwYRjPsEdR0jBAECHwTrH1b/DsSLADrmfwD2o18CIAunA33oMwTsY
FcECPj/BfOtIwX2hh8F7cNe/+NEgwBc5nsBYuNjA4K3nwOCkC8HfchTBpvk/wbpuSMFHcIfB
2bvWv8LtIcDrFp7AkEnZwBzC58Bp1AvBsEwUwXipP8GP7kjBo9WHwVW5z79tIiPAG1yewGaH
1sAqNujAgpsMwcRBFMH/4T7BjwpKwQxIicHu9ce/EdMgwGFBnsApl9TAMCDowAVbDMEXSRTB
d0Q+we3hS8HKcIvBifDFv41kH8CNMp/AlczUwMIz6MCffA3BbRQUwQY3PsGxuEzBmjOMwa+m
xL9KOx/AaHqgwHYg1cA+2+nAsEIOwUwPFMGUIj7BObdNwYtOjME78sa/FQEgwIU6ocA8cdXA
2aHqwHSwD8H29RPBBjg/wdB8TsGEIYzBOJXOvy60H8DxQaHAZIzYwFi868DKURHB7BcUwXBM
QMFShU7BHhaLwV4I1r8SCiLAycqhwCWI2sAOEu3ADmQTwYfdE8HIC0HB5EBOwUlrisE4cdm/
2wElwAJgocDVRtrAygbtwPvYE8EDCBPBV3RBwcbCTsG0+4rBQ6Xbv3xUJsBBm6DAAvXYwFiX
6cBLvRTBDVATwRlzQcHPHk/BIISMwYFR3b+J/iTAxuafwD+t1sDsPOXADNgUwU6FE8HgcEHB
0PZOwSkBjsHmxuC/BREgwINboMAQv9bAW8XewAS4EsFBIhPBNrhBwTotT8FaDY/BzA7pv54L
HcAB2KHA1ADZwCVH2MAMixHBupYSwRIRQsGrYU/BKDWPwXnW7b+cQBzATuWiwCmm2cDmx9TA
/N4Rwdr8EsG/oUHBdvpPwXh/jsGZVe6/7R4bwGhHosBqq9jAgYzTwAUjEcH7zRPBNshAwXwp
UMHZ8YzBpoftv7gIG8ApuqHAtF/YwHzx1MBUWBHB3/MTwfTEP8HgElDBIHeKwU5i67+B7R3A
sKOgwMSQ1sDtD9jAGTUTwRxlFMEqsz3BNhNPwTpUiMGgkeS/QosfwGSKnsBYsdLAbs/cwDqa
FMHpvRXBKF08wVb2TcHq8obBcSrhv/z6HcAN3JzANhLSwHLA4MCWrhTBjHYWwWu+O8GrMUzB
LRaGwbNT5b9QpxzAP1mdwGNx1cDP/OTABFYWwb9SFsH4QTvB5VRKwTIjhsFCx+q/ZugZwICI
nsBp89nAfPHnwP6lF8GAZBbB9lM6wdfhSMHr4IbBtYztv4YtGcCLwp7AKG3cwJ7k6sA1qxjB
vwkXwQapOsEBuEjBLliHwcmg7L8z3xrAV5SewNiZ3sAOQezAs1EYwTK0FsEUTjrBDB9KwTcv
iMHIjem/nMkawCD+ncDDXODAdb/rwMl+F8HWMRbB11E5wW40S8EVwIjBFarkv3h6G8C9tZvA
jrzgwPO06sDiFhXBlO0VwaB5OMFYVEvBtrKHwcIG4L+PKx7AzJuZwKy84MAiiujAjS4SwZds
FcFwADjBDY9LwWb4hsE9Z96/NY4gwFPMmMBjlOPAyKnmwNyHD8ECORTBDyU4waKcSsEQsobB
gPfgv9q9IMBBNJnA9q3mwCiJ5MBSeQ7BDhITwYaCN8GpBEnBefmFwYrv47/XJCPA0i+ZwBw0
58BFvOLAM7kNwfNcE8E5MjjB7YpIwb5ghcHoLeG/B1wnwBwwmcCK3eTA8lvgwHP2DMHFixTB
EaI4wd4DSsH5vYbBDwLbvwVbJ8DkF5nA4+PhwETG3sA+WAzB630WwavVOMHL6UvB+KaHwXNE
2L8utCXA+ESZwBeQ38D09dzA8pMMwYdUGcG+EjnBX5dMwXJth8E3Hda/SPsjwPVmmsAzrN7A
WgbbwKEjDMGY9RzBIkk6wY8DTMF2bYfB9MvVv1XPIsBuy5zAMMvgwHZ+2cAoKAzB9bEewR7k
OsFookrB2q+HweSy2b9e0h/Aid+fwEB45cBWCNrAZ5EMwW87HsGARTvBbAxIwYbxhsE6yt+/
vNIewEgsosDpkenAFCfbwAGhDcGF/BzBmWU8wVaVRcGvXobBd9Div//eHsCCiaLAXDTrwPQ9
3MDr8gzBS+oZwS2WPMFkEUXBk+qHwZJZ5L+mMR7Am/ahwEOa68DCk93A/HYMwainFcHoXzvB
xKhFwTD2icF+M+a/Gs4cwN4ooMBHWurAEdXfwA85DMHfMhPBNNI6wY+uRsH3lYvBShTov/do
GcCIMZ7ANqTowMbq38AHKwzBnV8SwXtVOsGzk0fB1aOMwQHk778mvBbACWSewMGR6cAUdt7A
ZYoMwXRzEcFt7TnBSwJHwVSxjcFIo/a/5PUVwMTbn8DlDerAlMvcwIFADsGn9xHBjhY5wRwS
RsFkbY3BJ0r5v36TFMBhqKDATE/owCq72sDA3g7BFOsTwQNcOsEEPkbBigqMwVSJ+78gJxLA
o3KiwLaW5sDjttfAMXgPwfTLFMEz4TrBW0JFwa4gisFU2Py/Zs0RwI7DpMBkiOTAepzVwA8F
EMEYyBTBdKo6wbe6RMEPGYnBc4/4v2zfEcDzK6XAJyXfwOTl08DY0A/Bz0IVwTanOsFJCUbB
P4CIwX8f87/D3Q7AdXmkwIVZ2sD4XdPALssPwfo4FsFldTvBNvtGwTvCh8EzxPO/I1QOwNPz
pMCsNtnAqMTUwAY5EcHaJxbBuXI7wcG4RcENpYfB+r/zv8oREMDaEabApODYwDI+18Am7hLB
1bEVwVssO8H6hkXBiGmIwXSQ9L/Y9hTA0gGmwDLp18DAWdrA9oAUwej/FcFrbjvBP79EwYgi
iMFeBfS/gVAcwNuRpsB7CNfADibgwIigFsESXBbBhGI6wVBsQ8Gn64fBJJDyv7wrJsD4gqfA
EFLWwBDD5sDETBfB35EVwb54OMEZTULBTD6IwXvT8L+V1y3A+W6nwOQ31cAgYerAfjkWwZYo
FMGAWzbBNtdBwfbPh8HzJfC/fIQzwHg+psA9tdTA6+XrwGznE8GRfBPBBAw1wR9aQcGXqobB
ydXvv7ZkNcBUs6XAauPVwJ6j7cBfTxLB2uYSwVXGM8E0kEHBEWiGwQYC8b+2jTPAsoSlwB6t
2cBCRe3AnfEPwRWqEcEACjPBLDFCwaIJh8FuBfS/29cvwIcSpsB1Qt7ApZbqwKHEDsHxlRHB
ZckywTdNQsF5ZIfBW5j0v3SkLsBhb6fA9sfgwOKv6cBWaA7BnpQSwQ1hMsEZQEPBMXGIwTIl
87+bfy/AvJmowC+b4MDygOrAGF0PwXfoE8HcpTHBabhDwWFhisF12vK/PecwwJAsqsAu3ODA
y0PqwJorEMHYehTBojMxwVjRQsHw4IvB2azzv+MzMsBqfKvAFJPgwCZQ6cCzahHBD50VwTMQ
MsG+ckHBf66LwR8U9r/s+jPAGt2rwAo24MAvmejAdasSwZdtFsHCjTPBIo5AwRo6i8EbCfq/
3KI0wOUNq8BwFeDAd03mwHQMFMHaWBfB7fc1wavMPsHXN4rBslT+vybVM8CAMarALoHiwCOz
48DkUhXBayYYwWoqOcFwaz3BdQiIwTXf/79sajHAk6CowHZ85MBweeLAiFMWwQq6GMHeRDzB
hKY9wVKjhsFf9v6/eFcwwGUGp8DqCObAgGHjwP6YFsGzbxjBko49wbeUPcG+MobBcoD7v0r1
LsDtsaXAGJPnwKZP5cCtNxbBSV4XwTsYPsEUuz3BtEOGwe569r9ULizAZSelwElA6sD5GenA
s14VwSHjFMEYnj3BCjw+wTTshsHrXPO/XH8nwGg1pcDOPuzAyOPswEKIFME2wRHBHRA9wZS+
P8HLHojBeIbxvy7yI8CZ26XACELtwMBV78Ce3xPBeB4PwWDpO8HD70DB0xqJwfng8L8aWiHA
WqylwCCW7MC2LfDAWP4SwVtrDcFlFzvBTqFCweneicEJvvG/1ucewNZFpcA2K+vAbj3wwEna
EsF1QwzBeqY6wf2OQ8GLforBEwr0v+h1HsDBkqXAe9/pwNSu8MA2JhPBT2gMwQgQO8FKOkTB
NZ6KwYNk9L9gDiHAMYalwNZ+58Ahb/DAv/gSwWOdDcEeaDrBbHdDwSBAi8FuwfO/0hskwGla
pMAKP+XA0rjvwJxaEsH/IQ/BYaU5wYrWQcHFFIzBq3byv3n4JcD+fKTAQWPjwLyW7cBeuRLB
6poQwdy+OME0w0DBIEiNwRTB779M6CfAjP2kwPRy4cA8huvARm4SwW3TEcE58jfBTWtAwR+p
jsExMeu/P2AowGSYpMDCm93AGOzowPQIE8FAixPBDPo2wQbJP8EDw4/Bmvrmv/ilKMBVZ6PA
5EjawKBP5sDWFxTBcj4VwfxNNsH6xz/BieGPwTHX4L+kzynA44CiwLf+1MDRUuTAf24Vwaln
F8GF9jXBuUdBwfDmj8F46tq/+wcrwKe3oMAAR9DA9IXkwNliFsF1DhnB+Rs2wbOXQsHM4Y7B
hn/Xv6YdLMBpbZ/AGmLMwOjW5MCS/BfBugMbwYznNcEOZ0PBQsyMwXrL1b/cVC3AbLCewBOw
ycAz5+TA5u0YwTY5G8EO1DTBmnlFwVOVi8FO3dK/rD0twKBEn8BIz8bA5JHlwEQdGcEmnxrB
BDs0wbTpSMHKy4vBzm/Tv17YK8DsTqHA8CDIwCgi58BUhRnBLNgYwdSCNMG+XUrB1USLwS1t
1L+UmSvAzE2kwLhvysDyLOjAw+IYwbTyFsFylDXBFDZMwVxei8G9yNG/g2gswOJJpsD47srA
tBrpwEJFGMEp1xXBiu02waYdTsFMnozBEq3Ov3lpLMDRgKbA2ZfLwP/E6cAEBhjBoawWwUey
OMFKpk3BKGeMwaFj0L8/gSzAfTKmwKgrzcDsYenA3GMYwX/GF8EyHjrBUYhKwUWqisF9xdG/
vvUswN2CpMD8AMzAwjTnwFGWGMFNdxjBkNc5wcIISsHYf4rBM5nQv0TBK8DhsqLA7PXJwEIC
5cBjIRnBUzMZwe6EN8GcTErB6F+LwYnE0b+3YijA88uhwHcsysAIX+LAMHAYwbRAGcEsyjXB
1QZKwbAPjMFP+tK/0b4lwEuCo8D++crAij3fwHHdFsGirRfB//w0wfzzS8EuQY3BC7LQv9B9
JMDzmKXAapTLwD1g3cDM/hTBB8UVwePENMESHVDBMaaPwdKbzb9SDyLA49ynwMTKzsBKbtzA
NZMSwQzoFMEmHzXBGfZRwd27kMH8c86/2sMhwIo4qcAYutHAjlDcwAIMEcHAVBXBFsE2wR0k
UcELaJDBKUHQv85FI8BGQ6nAhBDTwE9A3MBzBxHBdVwWwaXLN8FrhlDBwVqPwffZ0r8cXSPA
kAaowM/i08COzdzAQ/ARwRZVGMFyujjB439PwXgYj8HbrNS/W7gjwHlfpsDmv9PAxFLdwFzh
EsHO4BrBG+Y4wTiFTcH2UY/BgtzUv5qYJcBz+KTAfdzRwINk3sCoDxTBh40dwfs/OcH6nU3B
BdWPwdXz07/T/yXA+/mkwCjw0MB22d7A8icVwfmJHsFDEDrBBkdPwT6pkMElfNK/2/ojwMFW
pcDKKNLAAJTgwEBqFcEv7h3BaqY6werBUMHh0ZHBcnHRv2raI8BIVKXA6MvSwPqS48CmaBXB
B0McwXwwOsHmp1HBKWOSwcAB0r/g3iLAhpukwGgW08ACb+bAQM4VwdmVGcE+AzrBcuBSwWQU
ksEdfdW/eR4gwFfxo8AefdTAnvfnwK5sFsHi/BXBGE05wdj2UsGgApLB5LvZv/OTHsCUZaPA
8GnVwO466cAVHhfB6xkTwR29OMGtQlLBoOSRwWn73L8M/h/AuV+jwG/K1MB1iurAQZUYwcWj
EcGQ6DjBIEFSwd+9kcGrs9y/PcwiwC8WpMAg/NHATHjpwCWrGcFWxhHBEp85wQZVU8FIh5LB
brTav5GDJsDv9KTA23fPwN6C6MAzxBnBTV0TwcVnOsFYO1TBHLeSwfoO2L+XbivA3Z6lwHii
zMD2WejAHFcZwQ3XFcH4pjvB30tUwQh9ksF8YNS/Qz4vwCJbpcBOhcnACGXnwLBIGMGlXRjB
1pw7wU8FVME0WZLBVkvOv88/McDaCqTAcrDFwK4r5cAy4xXBCEEawe6qOcFMyVPBdxOTwY1c
y7+puTDAn+CiwCxYxcDuhuTAu1kTwS9tGsGk3zfBZedRwepwksFkOcm/HPQtwFiVosD0tcbA
CxbkwMwxEcEpMRnBTgw2wUZWUMG3qZLBu6nEv/sILMD+AqLA4M7HwAQl5MCLkw/BJWgYwYzt
M8HaBlDBMZ6TwVZBv7+0LCrAYDaiwK1vyMAZ0uPACKcOwcKVF8EImTHB9iBQwXesk8FVccG/
cLsnwFrko8ASu8zA8g/lwLRID8HhGxfBtk8xwWqhTcF92JHBk3XEv0coJsDqAaXAEifPwJPP
5MBkbhHBNEEYwVjoMMHKOEzB+/6QwXmHxr+QxibAloymwHVl0MBOj+TAseYTwUB+GsFCGzDB
W1BLwT3ukMFCfsu/kKQmwIkCqMB1DNLATHLjwD64FsFg5hvB9p8wwWb9ScG+HJDBMPrRvxp8
JsCF9anAyafUwFIO5MDOPhjBKqMcwSCCM8FWekjBITuQwfHg079A+yfAGNKqwH5d1MANOOTA
dIsZweJVHMG0NDbB5/1JwWxfkcFV39O/D7YowPaHq8DYE9XAx3/lwF5rGcHFYBrBF344wbUk
S8H6AZLBTqzVv5SMJ8Bs4anAZlLVwGv+5sDAUBjBhZAXwVodO8FkYEvBHh2RwTEp1r+4zibA
i8enwB+o1MC+dujA1VUXwRUPFsEagTzBaf1LwWQDkMFE2da/6HokwHJCpcCe/tTAFQvowJ9x
F8Hs9BTBYpo8wbyeTcFheY7Bt3jYv2scIsAzWqLACAPVwJoa5sBAphbBZuUUwUIbPMGaBE/B
fc2NwcB/2L/IXSDAetOfwBgO1MBMauTAjxQWwSB3FsGmTzzBOEJRwesDjsFwvti/1tQfwNXa
n8A2V9TAJjriwNYJFsGLVhjBA9M8wRmLU8EkBI/B2JzZvxTSHsBhm6DApXTVwPTE4MBAYxXB
YoYYwe+LPcG69lTBFFCQwfJs2b8O/x7AQDihwL+w1cBaluHArhwUwcmyF8GIvD3BkNlUwQIm
ksFsJNm/mqQewH+YocBZKdbA123kwGDhE8GuoRbB2O89wfjCU8HfOZPBWBPbv8U9HcAUgqHA
HLvXwLNq58AjkBTBNKMUwVXpPMHmn1HB5sqTwfOI3b/2vR3AAMGgwNIo2MBgOerA5mAVwco2
EsFPXjvBTKBOweSjk8GIzN2/aoUewJ/Xn8BT6NfApyjtwMyuFsH23BDBCCs5wdXaS8E+xJPB
bujbv+agIMB3yJ7A++3VwNF17sB72xjB/GgRwWHtNsF0bUrBQOeTwQmN17+owCPAzUaewPJh
0sA7cO3AmOgZwVvQEsGFtDTB02pKwUdmlMGqe9O/weImwE6CnsCjfs7AiEnrwFKhGcHJLBTB
y8EywbmUScHkwJPBIdbPvyVMKMD6b57ALLXJwHrl6MA81xjBVjYWwZ72McHaaknBCwiTwZ/3
zL9NtynA+DOfwCltxMAPH+bAO18YwYBqF8GZvjDBEMVKwRgfk8FcA86/6MUpwNKZoMD8ycHA
LHDjwHwrFsHxWBfB/eowwS5DS8EGh5PBCqjRvxrlJ8DPPKLAiwvCwNIi4sCQghPByX0Wwb44
MsH+i0rBgoKTwY3i0r/W6SfARZeiwFqUwcDsCOLAMQwSwV5vFsH+IDTBHJhLwVeelMFZfM+/
1v4mwBStosBoPsHAl4bhwBZuEcF18hbBPtU1wbpYTcFADJbBAVXPvywnJMDsR6LAqI3EwAc/
4MC0wRDBa2sYwclVOMG8VEvBPRWVwe5vzr/BSyHApsegwKJwxsBWIN/AF+wRwbQNG8H5wjjB
BUtJwZusk8F238q/cEcgwK8OoMDnTMfAml/fwO1JFcGk2B3B+JM3wYTFSMEuvpPBYtHIv43J
HcBd6KDAHgjKwGyv38BUnhfBGIkfwcEoNsG2BUjBDk2UwWp/yr8MRxzAMM6iwE5Bz8BsYuHA
xlgZwXkyIMHL7zTB1RdHwUgdlMFvRsq/bAQewO9rpMCUHdLA/K7jwIIwGsFrbB/B870zwYb3
ScGLy5XBmsTIv3p4IMDBgabAPHrUwBjC5cAL3xnBeIkdwcxPM8H6B07Bqb6Wwb2xyr9AdSLA
cfanwPkU18AnHObA7OcXwfr9GsHWiDPBYgBQwf0TlcF1OM6/bmolwJkNqMBQtdbA7lHkwM6k
FsHCwBjB5zA0wQBIUcGNhJLBegzSvymiJ8AlAKjAevjUwOQ+4cDfbhXB0m0WwSj+NMEYilLB
W4+QwTpU1r89bifAfuCnwNCi08C/JN/AYeoUwc85FcEKPzXBswxSwaUTj8HtG9m/wEQowGSa
p8D6KNHAYhTdwLPjFME3UBTBlvk1wUz6UMGYp47BrUTbv6igKcBbEKjA5S3OwCwJ28B8mhXB
yZ8TwYb9NsG1uVDBlSiQwfRT279SxSnAeAOpwKqCzcBkVNrAVKYVwdGjE8G1LTjBRu5QwQac
kcH/Utm/OO0pwOolqcAUg8zAeOXawCHyFcE5ABTByrk4wcTuUMGy/ZLBACjYv0MtK8Dc+KjA
zpbKwPqY2sBEdhXBYdcTwWPNOcEPH1HBdbiTwZK12b8sCSrAnmyowNqFysCYC9rA2HsUwZir
E8Er8TnBD/hQwfJslMEgs9q/STgmwPN8p8C8mszA0ezawOliE8EKdBTB/vk6wbrvT8ErEpTB
IEfcvyxWJMDSC6fA6lHOwHVr3MB/4hLBl9EUwUEJO8GDHE/BC2aTwYve3b9fjCTAA8enwCVH
z8Bm/d7AuMQSwYboFMG1FzrBzwJOwc60ksEtZNu/+00lwCZkqMCiEc/A6uPiwOYvE8EgghXB
zmk4wRBVTcHX0ZLBvMnWvzXsJcCelKnA9B/QwG/Y58BUShTBcggXweKpOMEZpUzBqciQwR+z
0r+sdSjAxBurwB7Mz8BxIOzANDMWwVlTGMFtMzjBaFFMwcAajsFJf86/6EkqwGGnq8BZtc7A
OODvwDRLGMEeFRnBu1g3wbGATMEqsYzBfVjKv1IrKsCAeKrA6LPOwGGC8cDIQBnBmdEZwbG4
N8GQF07BWrCMwRciy7+OkifAFjSpwG7A0MAwZvDAVUkZwX7nGcGFDzrB8UlPwVGfi8EVKMy/
hlkmwMz8psB8VtDAbSjuwICjGMH6YhjBqEo5wYanUcFmLY3Bb2nJv2o9JcCNB6PAoYHNwCcW
7MBLVhfBinIWwe8DN8GTlVXBfOqQwTPqyL8EKCLANYSfwEJVzMD0h+nATo0VwY+wFMG4pjXB
2k1Xwc86k8H56cq/bHoewH//nMCyqMvAk0HowFtZFcHhKBPBAwk0weC9VsHiWJPBrBrLvw0c
HsAT3JvAIr7KwCj06MAu4RXBwrMRwawTMMGABlbB+OaTwUo2yr/AqB3AVGycwKc7y8C4EerA
haAWwb/PEcEqni7Bh2ZUwaXGk8FyZ86/bxIewFh/nsCsBM7AOX7qwGrYFsF6RBLB1PAvwVV4
UcHMHpLBSmDRv8giIcBGtaDAsiDPwCW26sBrchbBTooSwYq+McGNdVDBl9aQwQoU0b/ebSXA
SpyjwBb+zsC28unA7m4UwStzEsGKHTPBfzZRwRRAkcFZG9G/rYImwOrSpMDhbM/A6MjpwGSc
EsFxhhPBlrk2wSm0UcHNa5HBrq7SvyS5J8DU26TACMDPwNgu6cAlZRHBoG8UwYJMOcEqwlLB
NI+RwTvB0r+I/CbAB6ikwLj/0MDgwenAaXkRwavxFMFIEjrBLf5TwSq6kcGqvNK/XuUkwBcd
pMAnWtPAWkLqwF9eEsHuNBbBDUE6wenoU8F0o5LBunzSvwsIJMBstKLApKfUwAAH68BovRTB
8dIYwcGtOsE8Y1PBHV6TwQix0r9g0iTAPUSiwLMk1sDf2urASBUXwXeOGsEeCTrB2OBSwbjf
k8FMU9O/vnYkwN5Mo8BFDtjAgQzqwBfoGME9mRvBRL85wTSUUMHOHZTB2WzUv6DfJMCyzqPA
shDZwIhL6MAiaRnBeBEcwRDeOcEo8E3BCUGUwZXD1r+y7iTA4uujwFaB2cAX0uXAq1IZwXas
G8Gq3TnBL9NLwTrlk8H9wtq/nAojwNOXpMDEf9vABjrkwPRcGMFBRBnB2/w5wXZeSsF6e5PB
JgPev5LIH8AonKTAMCndwAIS4sCD5hbBCtoWwULrOsGkxknB+E6Twe054L/7KR3AnkyjwBSf
3cBKnODA03sVwcTcFMEoNzzB9kZKwd1jksH0qOC/OdscwIbDocD8pNzAlEvgwGZjFcG7MxTB
+Mg8wSXWS8Giz5HB/3Xcv0YiIMAslaDAE+7ZwCdI4cAeHRbBMaYUwXJ/PMGZAU7BCY6SwQY4
178j3iTA5RSfwBXT1sD0C+HAeLgWwWvAFsE7ejvBuwZPwbS/ksGZatO/nPMqwIkvncCyYNPA
pajhwKC6F8Hr1hjBsMI5wVpsTsGy9ZHB4J7Pv7oQMsCD1JvAfNLPwFZp4sDMMBjBf6Aawerq
N8Eis03BM1qSwZRoyr8xJTfAEFSbwCY2zcB0OuTAEHIXwbqEG8GILDbBx5JNwa2ik8GaDcq/
kBA4wDOhm8ASD83ADlHlwP12FcEtdxvB0501wedkTMGNFpTBkvLIv35nN8D275vAXfLNwMc0
6MANshPBF0YawaKbNsEEAE3BZXaUwfy1w79skjfAenmcwLpjzcCQ/enA/mISwW8gGsGAfDbB
hD5QwbWwlsFMZr+/BiY2wF4+ncB+iM3Ac8TrwN7hEcHUOBrBc5M0wZW6UcHSmZfB15TCv5zG
M8D785zAeLPPwCgG68C1/RLBa5gawQqRM8EwTFHBZ3iWwU/uxL8FHzTAqWybwFOU0MCsserA
ckAVwb5UG8FbjDLBYhNRwSsdlcFIbse/PGo1wMTUmcCPmtHABhXqwInQF8FrHh3B8fwwweIs
UMFGrJTBh//Ov2T4NMDNm5jA7FLUwFQo6sB6BhrBJP0dwQa0MMEQfUzBL/CSwfuh1r/w9TTA
HruXwLi918Cy9enAzEwbwellHsHgkzLBasRKwXMlksGCX9i/SPo1wMD9l8DAldjAQnjqwKm8
G8FZhh7BwJs0wWigSsFeO5LBNM/Yv0CtNMBoypnACB7awCHl6cDHyRrBq6odwVA9NsGt5UrB
21qSwe1j2r/UVjLAvA2bwCyb2MCGd+fAuqUZwUjSHMHYaDfBtQNKwRtakcHPNdq/RaMvwN92
nMBHpdfAJB3kwBaPGMHs6RvBpEg4wT4dSsEBJ5DBMGHav6SDK8Da753AChHXwDv44MCK0hfB
wbUawVVuOcGJrEnBJNyOwVvC2r8L8ifAwhSewAHE1sAS197AJEMXwWuYGcG6lTnBcOpJwfCP
jsF7xdq/gAwmwOvDncDuKNfAOdbdwL7DFsGptRjB2qE5wXxQSsEouI7BW/fav3C6JMBiWZ7A
xezZwDxA3sAGExbBJFQXwUOOOsH6/EvBhKyOwZoy279yXCTA3JOewJrn2sCoPN7AGUIVwVlH
FsGAmzvBOm1NwZPWjsFWuNq/q4klwKGqncAke9nAEtfdwAhWFMEfORbBMDA8wfSOTsEksY7B
66zbv6c5JcCOxpzACTnXwC403cD+kBPBR/0VwTqYPMHT/k7BabSNwct+3b/iDiTAKB2cwHxO
08B6xdrA3vETweFdFsFViDzBIrlOwcSyjMHcUd6/XlcjwMy/m8DkZ87AiAzYwN4vFcGdzhfB
RbM7weB6TMGvSozBjaXdv/rBIsBXbJvA+BnKwDqx18AL1BbBke8YwauxOsGY90rBKmWMwSQk
2r+3YSPAvWubwKCRxcDGBNnAMckYwahqGcHK5DjBZvVKwQP3jcFepdS/ZDAmwLZrnMBjJcLA
dOLZwPJEGsF+JBrB3DA3wR5rS8E7ho/B2TnQvwKqKMBNOJ3A2P/AwOBD3MBaGxvBS6MawQE3
NsEiRUvB+DOQwV40zr8IRSrAEA+ewBQlwcB2Q+DALW4bwc6SGcGQXjbB8oZMwVRdkMFrUcy/
VkMtwAGJn8B/2MDAFqHjwGOVG8GzXBjBfE42wRaoTcFd/ZDBAXnOvyXDLcBltKHAIJXDwEqF
5cDHgBrB1CEXwdR1N8GHekzBXDiQwTGv0r8EFS3AnROkwK5WxsBd6eXA9g8ZwVIqFsH3IznB
eBJLwZ+/j8GH59K/+voswBZApcDWVMXAs5jmwCziF8EaxBXBznQ7wQw3S8GxBZHBeVrOvzjf
LMCD2KXATsTDwOgu5sDWkhbBxdUWwR8APMEeAUvBUWGSwTA+zr9yuyjAtuekwJKOxMBYSOXA
vOcVwYriF8HSezzBt01JwaQPksFcKM2/XxYlwOlxo8CY9cPAGDHlwLCfFsHxqxjBg9U7wQNN
ScEn45LBz5TIv9oTIcAlD6LAxxvDwEiQ58CvNhjB4gIZweYwOsFW8ErBhZ6UwUORx7/2sRzA
iSuhwLc1xsAxNunAY8oZwbb6F8FQwjfBvtNLwRejlMHTRMq/KjcYwPL/oMAwf8rABsbqwBia
GsEuRBbBXEY2wTb0TMFe6JTBmnHKv5RUGMAVLaLAiKrMwEqO68A3ihrBH7UTwaEgNcFpMU/B
VmOWwdK6yb8J4RjAtCGjwB6vz8BfhOvAaMUYwUxKEcGDfTTBaxlRwfpSlsEczM2/FrEawDwG
o8DVitLABMXqwBJ7FsHOCw/Bt680wRrbUMEjHpXBRiDRv7h5HcCGIaPAta7TwFRp6cAnjRTB
cbkOwXjsNMG5mFDBzL6UwXnF078u0R/AkJSkwPzP1MBg1+jAE0UTwZLCDsFKvTXBTa9Pwag2
lMEBMNa/MTkgwJdjpMBOxNXATAjpwFDSEsFtABDB2ow3wUUmT8FMe5PBnX7Xv2B3IcB7caTA
6DjVwJxW6cBo1BLBKDcSwbN1OcF8H0/Bjy+Uwd4a17/SgyHAR0qlwP4R1cAKN+nA+rkTwX2N
FMEO6jrB/ydPwawwlMGRW9a/hD0hwMMTpsDghNTAdEnpwLyPE8F5mxXBZlc9wa5bT8HCb5PB
uZvWvzA9IcCXfaTA/hbTwCbi6MC2CxPBc1oWwQi3PsHi707BNbOSwWWO17+18CHAxkOjwMx9
0MB6lufA+J0SwQ7RFsEkwz7B/u5NwaF5kcEufNm/NDMhwGqzosCGj8/ASuzlwOpeE8HYqhbB
fdo9wejRS8E4d4/BqA/cv8haIcDbRaLAZo3NwKQX5MDjFBTBmUYWwS5APcEEhUrBeFWOwWq4
3b8ariHA93SiwIr0y8DMSuPAdEgVwT0NFsEYszvBIatJwexxjsFUadu/8o0jwHXEo8BGrMjA
zA7jwAzsFsECThbBCFo6we9ASsE1i4/BiurVv5JwJsA/X6TAB+zEwBQ648BXwBfB3p4WwQSd
OMEvO0zBla2Rwfeh0b/JiSnAafSjwCCvwsBkiOPAMU0XwX3pFsH5HTjB0sdOwYwfk8FcuM2/
20UswFMjo8CoRcLAlNbkwJfPFsFp3xbBdg44wdqtUMHQnJPB78vJv9FVL8BRBKLANLvBwL6w
5cByExfBkSAXwYX5NsEX5FHBpjuUwZ7TyL/EYjDAzv6gwHPvxMDstuXAe+MWwWn4FsEYCTXB
wy5SwUOUk8GTg8u/ntMuwBO7osC1FcvA9nTkwHifFsGYrxXBARI1wbaMUcH+i5LB5hvLv3X4
LcBL6KTADnnOwNYg5cD3exfB8pAUwZFfNMGnPFHBneeSwd4ix7/M7izAhq+mwEICz8Bnx+XA
xF8XwWg9FMHiZzLBqHRRwa96lMFebMa/FHQpwIssqMB9ftDAEAnmwEqRFsGmwhPBv0YywdCK
T8FBy5PB8ZrGvwJdJsCH2KjAloTPwCCp5sBVxBbBT1gTwVB5M8GGwU3B/1KTwcyjxL/6JyXA
6MCowGL6zMBQRejA8PAXwRmFFMHBITTBWpVNwZE5k8E5gMO/IGwjwEtOqcAe/srAmonowEPJ
F8EWcBXBxiI0wVjUTMGiDZPBXfDFvz+2IMCRhKrAy23KwOSk58AK+RfBOREWwcIhNsG48kvB
ecGRwWY3x7/QyCDA1SmswGq0x8DmnebAdpUYwZvpFcF2TTfBsNNNwRkjksH1lMa/Qb4gwB6s
rcA5jMXAJojlwNXxF8G2nhXBc2E3wfoxUMHCnJLBc8XIv8E5IcD8Na7ACbnDwLxZ5MD27xbB
Zz0VwSbSN8E7U1DBzcCRwYaLzL9hOCLAvJCswIGnwsCHWOPAepkWwfkwFcEZrDjBUtdQwe+b
j8GcG9G/o9EjwAbZqsCCYMPAEEDiwEBZF8EbNBXBp7A4wSx8UcFq5I3B3rLVv7B1I8Bm0KfA
grnHwCvp4cDnnhfBPmMVwdHPOcGo6lHB9PWMweQM2b/IUiTAaKSkwGLeysAjMOLA22YYwa5U
FsFi0TvB0jVSwaLSjMFy8tm/GSMkwG78ocBs6M7AyanjwNO8GMEihRbBPxA+wfpxU8EUVY3B
TPjZv3pPIsA16KDAbojSwNQn5cC1DBnBQEYWwWsCQcGgq1PBcEGOwcJE2b+BqiDAlySfwBJs
1MAJe+fAO5sYwf1MFsEh50PB8q5TwQ2kj8EeG9m/9pcgwMWCnsDNPdLA6ZvpwHBAGMHLyBbB
v1ZFwbBrUsFiYpDBsQnav6a1H8AY6J/AUtzRwCww68CqvRfBd6cWwRqHRcE/d1DBomCQwSG8
3L8zUB7AwcWhwJkX0cDO/OnANtAXwfeWFsFgw0TBjHNNwWipkMFIR9+/hwUfwBfZo8DW8c/A
3O3owIdtF8GAlxbBJtNCwRm8SsHRLZHBIKDevxiEIcCP4KbAHsjNwKmP58DAFRfBmnEWwXkC
QMF2WUjBXvKRwaKa2b8cEiPAkyqpwOpqy8Afo+XA9agWwepUFsH+UD3BdH1HwZ+sksFTk9S/
l8AkwLEaqsB658nA/ZDjwDw+FsEYNBbBUBU7wfmsRsG+IZLBSu/Pv1wKJ8CY8arA0KnIwHhY
48BMExbBY4UWwc/WOMHPR0bBG8aQwRrGyr/IsCnAXWmrwC6ix8AfUOTADLcWwdnCFsHOnTbB
dMBGwQ5HkME6/ca/OP4pwJc6q8DK48jAbXnlwO17F8HgNhfBqu80wVVMR8FEe4/BqBvIv3/W
KsBOBqzAmavNwCya58D62hfBbSQXwcp/NME8ZkbBFBKOwTqSyL/O4izAFl6swFCdz8CK2+nA
DvEYwcslF8ExVjTBrBlHwfPajsEzrsS/b1suwKATq8AVt87AOwDrwCrpGMEPPhfBmp0zwcqA
ScHjOZHB/GLEv1BFK8AYKqjA9lfOwJyI6cApzhfBNQgXwamNM8E0yEvBQCySwYT2x7+6ASfA
VFylwGS2zMA3GObAVp0WwZj4FcGyXjTB8FpNwWlyksEsJsm/cbwgwCgOocBpS8nAovDhwAWn
FcEmdBXBus80wZiJUMEH3JLBWXXJv/yZF8DlbZzAkI3HwNiX3sB1bBTBHr4VwSRmNcF2r1LB
ZnuRwd+t0L+Y4A7A1EKZwBwlycDwhtzAK/sTwfdnFcGcOTjB+xJSwQrJjsEAE9W/Q6cKwG+j
mMC23srAdOfbwK/nE8FCBBbBqWk7wa+7UMF7hozByVjUv+plCcCbcZjARDrMwDnr3cAjUhPB
s9IXwQ4UPcEyBU/BTsyKweeM1r/mHgrAWjeZwLvVzMCaVd7AoEISwWNqGMFosj3BCjNMwZnv
icGHsdu/FAwMwB5Lm8AVy83AoTzcwJJ7EcFtexjB4T8+wWn0SMG9A4rBt87cvwYFDsAPmZ3A
0m7NwLBO2MCHhw/BwoAYwcKQPcErqkbBVdaKwUdb3L+bKhDARFefwLbpy8Aq0NXArFcNwdE6
F8FP6DvB+MpEwd9ajMGS+9+/F0wTwGgWocAbIMrAhiXRwNE4DMF9PRXBnTg7wdPRQ8FLqY3B
ZR7hv1uSGMAATaTAjhjKwMtL0MCm+QzBUH0Uwa6RO8H0xkLBAb6NwfYC4L/cJiDAtLanwD7E
ysDkbtLAnRUNwdMHFMGWODzBRDpBwSfdjMEkhN+/m1EqwLMjrMA/psrAHnrVwJoaDsGWHRTB
M/47wYUfQMEdm4vBP77gv3ELOcA/77LANQDLwKiE18Dgcg/BnZUUwbw8PMFi/j/BPHuJwWQY
3r+KtEfAtBm6wL5rzMDtOt3ATmURwcvBFcHyBDzBTkxAwRJqh8GtPtu/vjZWwHhKwcAbF87A
6AjhwHlZEsFB8hbBElM8wWbpQcGFkIXBT5vZv10lZsCdiMnAlE7NwOo948Cu+BPBZwoXwTma
O8GQNUTBnKmEwbnO179AenXAV17RwLV/zsC4HujAMP0Vwda6FsF47DzBOtFGwaRmg8ERK9W/
Azl8wJpD1MCy/dLA7rPwwHuTF8HbDBbBYqY9wTSJSMEkCYPBsSnVv/eQfsAmWNfAIBjZwDTf
9cB0mRjBkaoSwT8bPsEa/UrB//yBwdD91r+KooDAncPXwMu43sAYF/3A0voZwb1ODcG+2DvB
2QVMwWBDgcGY1dS/Ujd/wLGO1MAERObAykkDwX1nGsG4aArBWTU6wffeTcEX2YDBNiLTv1zo
ecDkyc/AjK7rwNFwBsHm9BrBZHUHwcYJOMG8mlDBCbWAwZKd0L/YnHjA7S3PwAKg7MD6DwbB
1nQcwc4tBcFe2TXB2yFUwV1UgcGAk8y/PON8wIe0zsD0M+rAqIIFwVM+HcHJ6wbBsps0wSvR
VsG/UoTBZ8nEvzOvfsDtm9HARV3lwClvA8FdvBvB4zALwfBjNsHoylnBxiqIwZu2wr/SsoDA
b23XwHvh38C3T/7An74awexxDsEpKzjBZudawQoCi8GPhMS/V8ODwJ703MC1rNnAqK73wKkI
GsEumhLBbzY5wcGvWcGJhY3BzWXIv8SjhcDGq97A/drWwEI+98BioxjBCzwXwQm/OcE0EFfB
SuSOwZM7z7+gHYXAJO3dwI9S18BGqvjA3hsYweG2GsHhPTrBhBRUwZShjcFQrty/peeFwGRy
2cB0YtnASHf6wMJPGcGOXx3BseM6wWVvT8HUWonBl8/ov9ybiMBNx9PAMBPdwOuA/8BJ6xnB
P+0fwfNFOsFzVkvBOjWFwQ8/7r90lonAvubPwHBp5sDRpQHBKlcZwUXPIcEgSTrBlu1JwVsa
gcGeWPS/2pyKwIW9zcBiD/DAQ30BwTctGMFUGCPBTDw7wbLqR8F2QnnBRrz6v6GHjMCo1M3A
rHL3wKJ3AMFMRRfB0mEkwWCAO8FwUkTB7Exxwcm8+r/TM4zAN2zQwBhE/8Dc7P/AEOIWwQMa
JsGkIzvBOJxBwZzlbcG+cfa/ILmHwC/m08Cf7QLBpfT+wE+nF8HfxyfBNk48wXtPQcE6Jm3B
GhD4v2hOhcDEMNbAHBADwbtZ/MAX2hnB7ocowUqwO8H+ZT7BEtNswVf39r/KtYTA4DvbwAje
AMGmtvrArwwewSWBKMH9PTrBqm48wVh0bcFruPC/WXaEwG0I38A2YvzAztf4wC7rIMGQ9CfB
XRY6wfEYPcEe8G/BSiPuv0BkhsDiXOHAP0j0wDy288B9UiLB3MMlwQ6+OcFpAD/BANlwwSRc
8L98gIvADovgwIJD6sCutOzAmwUkwVRIJMEg8DfBHG8/wXgkcMGOce6/T9OPwAui3sANoeLA
5BLnwLINJMEm4SPBCMs4wZbNQcF0dm7Byfzrv69XkcAyMNnABvrewFOX4cAaRiLBI/UkwY1S
PMHTJkXBJVttwc937L+OsZHAj87SwERW3sB/Qd7ANJcgwcfhJsFZID7BRllGwQ/JbMH9c+u/
5UmQwEOqzcD/uOLA7HjgwHj2HsEmmSnBTp4/wVa4RcHJf2zBeE/lvxYAjcDqNcvAXHnmwINg
5cBCKhzBMQ4rwYTAQsFWbUXBGCRuwdPF379C8YjA6ELKwHqd6sBEr+vAQrMZwdC6KsFkfELB
b9dDwXzHcMGBKNm/oNKFwHDlysDMm+3AdnPywIkBGMFIPSrB7vQ9wearQMFelHTBfiPQv+q2
g8A1cc7APmfvwEDB9cD4wRbBUHMnwTMLOsEATT/Bz1h3wajUx79+OILAjF/RwGvx7MCkhfTA
3WYXwaWLIcEbMjXBSAU/wV5NesH9b8O/kiKBwMQs1cDtAe3ACo7wwE5xGcGOYhzBOawuwTAu
PcFaD3vBe3fCv12Zf8A5udfANG3wwECH6cCDIB3Bn/sZwYutKcHyljvBBXx7wX6oxL82RHvA
OYTZwJwY88Da7+LAPyEhwdnBF8H6AyrBwmY5wXHleMH/Tsy/ggZ3wDCQ18CwWvbAexLhwBAx
JcG9DhfB7OEpwV0DN8F27XTBa9rWv2alcsAMmNPA9mz8wK6j48BzLSfBkD8bwecxLMG0yjTB
fMVwwSXD3r8nZnDAQvrPwIqOAMGGc+bAdE8owaVHIME+NTDBvUE1wZIkb8F+8OS/4vhxwBtq
z8BIJgHBdnTswD5JJ8HHqCLBds00wRlYNcGkym3B4/zsv4eWdsD3xM7Aqe0Bwdz88cC1CyXB
CqEkwQ33NsHeGDbBAn5uwTqE8r9AI3rADk3PwJKBA8Eo2/TAedUhwTOfJsEChznBWPU3wSL3
ccEW5vS/DOR9wPqG0MA1UgPBdGT2wBIXIMEkTCfBCJ07wWZkOcHq5HTB8jn5vyRtgcCr2c7A
WdYCwchJ+sBilR7BwJAmwUkGPcEvkDnBMiJ1wZIk/b8L2YPAYAzLwOoZAsERrv3ASKEewdF/
J8EFDD3BKp46wUqRdcFsIfy/GOWFwOnIyMDBogDBDwEAwaV0IMG9DynBOmc9wek7PMEsPnXB
5z35v8FEicDjpcjACVj5wLn1AME8XiPBehkqwakiPsH4oDzBzShxwZf7+L8Kq4zAdEnJwKYF
88AqRAHBlxolwa6IKcGL1z3B/h88wUyab8H7/fa/vGqOwMkAzsAedfDAAjL/wNTRJsG6bCrB
kWY8wVyDO8Hye3DBHJD0vzlsjsCbd9LAWBHwwJIA+8AYDyfBZLwqwaATPMH0iTrBxWtxwTdG
9L+/QY3AcdHTwCNg8MBwzvXAHg4lwfJcKcEw/DrB4sI6wdMzc8EKy/O/T8qIwEKP0cDA3fbA
/lPzwJEhIsFIAifBjAM6wUdgO8GrUXbBKbnuv+4IgsDNls7A9hP8wNg+8cBdSiDBTYAlwf/0
OcHjEz7BGRJ5wfor6790IXjA5JPLwNqw+8BOjvDAnqkdwZgXIsHikzvBcO9AwShHe8FwPuq/
MxprwAXPx8CQCfrAwBnvwO3yGsFyOR7BKaE8wYKgQsELbH7Bbb7qv1DTX8DrS8bAT3L7wNDj
8cCyvBnBEAgbwYEWP8EkqkHBnC+AwQBS67/a2lfAZvHGwDTE+sDfOvTAG8cYwXgbGsF9VUHB
1u5AwcP7gcGLNu2/7AFVwAGlysBsHPvAQMn1wCT3FsEA3BnBymZCwW5jP8FgMYPBvePnv3c/
U8DRqMvAdqr9wJ7a+MCJQhbBRC4bwQcZQsGInj3BkB2Dwfbx27/Wo1TAjEXMwFBv/8A6uv/A
itkVwaIsHcFPB0LBzbk/wYangsEO9M2/PMJWwL//y8BXef3ASZwCwfBVFcE1IB/BiipCwXAf
RcGfnYLBnFzBv10vWcCY0cvAHyT5wL2OBMHiuhXBFsUfwXo+QcE/aknBmjSDwXN+ub9er13A
BsvKwFjj8sA8gAXBPkwXwUdxHcG4mj/BF+lMwSmnhMGxI7u/zuZgwGGgysByIe/A3OQFwTE7
GMHCsRfBCTFAwfm6UcGFzobBFUHGv8CGY8CLn8zA2v/uwMytA8EVLRnBw0cRwUjnQMHBMlPB
RHuIwQsH1b8+SmTAEtfNwB6+8sCsQADBtKsawUhfC8Gy9z7BPItQwU8eicGEwuO/QPthwH0N
zcBNHvzAbYr4wC/EG8FXpgfBsxk9wY6JTsEOQojBSAXxv1QJW8AiocjA2hwFwa9H88ANdRvB
v60HwcfuPMGpfkzBYyGGwews+7/MCFPA2LHCwDyyC8FSMu/AEAAbwe+IDMEYQTvBytFHwbue
hMEaIADAR7pKwMzIu8DZIRDBzm3uwBllGsExDhTB7KQ5wQ7kQsHTNYTBtT7/v32vQ8AqJrfA
R/USwQB28cCD5BjBg3gawRqHOsG1nEHBspeEwZdD+78WWEPAD9K3wC8+EsHGL/fA9x4Xwe5i
H8GktzzBJPs+wbpxhcGNYfW/3tdJwAznvMBoMg/BLvv8wNaGFcFKIiLB7iE+wcexPMF+DYbB
rAntv5ozUsBtgMTA+CoMwaAuAsH6BRXBTzciwW5tP8H41DvBYleFwbcR5b9oylzAaKnOwHU0
CcHWBgXBR78UwbcyIcGP+D/BY+o8wbmmg8HDxeG/Ms5qwHnP18DDUQXBVBsGwQAtFcEycSDB
xNQ/wf1UPMGwK4LBbGTkv2cTd8B5lNvAgOECwUDYBcGi6RXBYHwfwRYhPsGjADzBG5J/wTRh
6b+w7n3A+n3awD4ZAsGPzgXBdEYWwaAyH8GqnjzBIpI7wSmwfMEOA++/z8iBwFP21cAHBQDB
SHsDwbsUFcGyTB/BLmY8wdU/PMFonXvB/2T3v3LahMC5zs3AYrH9wCk1AcGEYxTBjdwdwb1e
PMFWdTvBxA16wUWt+7+JtoTAWAnDwH5TAMFojv/ADZESwbQWHcGKYD3BFxQ7wS1kecFJvvq/
TLKBwOuQusACAwLBzAr/wMJWEcE1+BzBCTpAweg0PMHtznvBnlD2v14AfcBi2rTARtEBwZga
/cCf7xHBkJAcwYXJQsGExT3BHF98wYDW8r98w3fAFN60wBMeA8Fe1vvAUjkUwdcmHsFtxkPB
TVo8wTNMe8EH/+q/zP1uwDBot8BJoAPBel78wLtNFsGswSHBBN5DwaTPOcG4G33BKNPiv6Qk
acDtxbvASiACwW0J/sDTXRnBAVgjwRHGQcGacznB9BV9wRcB3r8K8GnA2GjAwJkdAcH0s//A
RmocwSWiIsHitD3BDi45wQsUesGdFdu/XoBvwMCVx8Dt9P/Auof/wJNbHsHoqh/BpK06wS+g
O8FuBXrBimzYvzxCdcDUKczAwNT7wGO0/8DHUyDBBIAXwVMAOcFEnULBxut8wThl2L9u9X3A
17HRwC3k9sAaVfzA/bQiwWCYDMGGaTfBvH1LwU8Nf8FwC92/MLCEwNuH2sDElPLAx3n0wFum
JMHU2wHBMFU3wYQWUsFjZoHB6pvhv1bliMCvR+TAl1rrwBKD6MC5VifBgEzywPBkOMH3A1fB
lTmEwc/65L86gYrALFLqwCO+5sDReuDA/5EqwdLo58CxADjBSK1Wwa0shcGeq+u/uuqLwBt/
7cAXAOTAHs3bwF7jK8HZyejAMOs2wY5cUMHEfITBXz3yv7m3i8D6r+zA11jkwNbZ28BuzSvB
0tnxwMw9NsHPoEfBuv2CwZmT9b/yg4jA3cHmwLiT5sDOveDA6OwqwbhUAMEWODbBl1g/wd91
gMHar/i/ITWEwN/A3cAMwuvA/O3qwNrkKMF/kQnBW6Y1wSydNcGjmXrBN9T/v947gcC5W9XA
YhbzwCDr88APzSTBihMTwW7VNcHR0CzBbtl2weFDAcBa9HvAZmrOwMBO+8CQ4vrAahsiwQ/S
GsEp3DXB+ognwfrWdMGs7gDAGG91wEwHycAaMADBEEIAwbTpIMF42B/B3981wVMHJsFzLHTB
wcQCwD4bdsBhKcTADscBwWrEAsHj0h/BUmMiwV8aNcEa+yPBBQRzwV4wBMBkiXzAXU7AwJSK
AsE86QTB5iQfwYDHIsGuEjTB0tAjwRMCcsG4AAPA/2uCwGU7vcBk7f7AcQgHwW1NIcGSviHB
JTMzwWjAJ8Hkvm7BD3UBwDkwiMA6QLzA/dfzwAzoB8FoLSPB014hwea7MsFEeCvBBU1rwZ6N
AcBQR5HAWAq9wNnS5cCUwQfB0FQkwUphIMGENjLBHXctweFFaMFMI/+/rvOYwLXRwcBMu9bA
YNgFwdBNJsE3LiDBOIgywbtxL8FDj2fBo8z4v446ncCVUcjApbzGwLh0AsEKTijB/OIfwaFo
M8HjNDHBM7BrwTik9L/j4Z7ABhjQwDm9vMBEffrAVxsowftUHsG0bDPBekEwwevgccHVFfC/
Y+CcwNOl1cBwIrrA6sLzwPJyJsHIbhvBj7EzwYwXL8FuF3nBpQDpv9A6lsBMgtnAb26+wAQD
7sBCmyPBmtcYwV5aNMGtlzDBthmAwYzo478HwIvAkUbZwIjVyMC0wurAWYQgwVDBFsHVhjTB
808ywX3Lg8EdyuK/FseAwBwT1sAJSdbANzLnwJrKHME8nRTBY8w0wVFBNMESe4XBz73gv8Sm
bcBS/M7AprXhwJ7i6cB/TxnB3EYUwdgJN8EIlDjBXeeGwcMe3r92xV7AmcTGwDZQ6MBSruzA
4n4XwV66E8H1QTnBc68+wXojiMFfDN2/eGZVwC1MwMCOZ+rA5lTuwPMjGMHjBxPBBv45wQs9
QcE4L4nBcGvbvzg0VsB5wb3AGnLowNbc8MCqJhnB7EcQwfUdOcFYQ0PB1WmJwT9k1b8CdV3A
7sW+wEHs5MCQlffAJSkaweMxDsGe6zfBQwdFwS2picFvCdG/30xlwBkHw8A+w+LAQHv7wM46
G8FmsAvBWho1wb/5Q8HKKonBYkPTv0EIbMBnWcnAKhXnwDDL+8CFUhvBSIQJwaUJMsGCDj/B
rsyHwR/w179hnW7AyBLMwE1R7sDoD//A3eEZwZ97CsFvZTLB5To7waV3hsE779y/HbdowEYK
y8BWDPXATNT/wF4yGMGQig7BCoA2wcxrOMF+HobBJfjmvzLfWsDPssbALN78wDBN+8DScRjB
3osSwVkpOsHSJzXBNyKFwVN88b/8/UvA2vq/wAO3AsF48/fAO/gZwQ8vFsHeIj3BvOEywRwZ
hMFIbfe/Ai09wMNeuMAzjQTByBr1wEo4HcHC1hvBR7VAwSxKNMG7O4TBzO/5v9I/MMDbT7TA
FM8EwajU78CKbCHBUXcewTvmQcGulDbBZGSDwQRY/L+kLSrASNCzwLXoBMFXGezAYRglwV1K
HsFR5j7Bwfo3wdkBgcGGk/u/cLcpwAH0tcAY0QPBYx7twDJzJsEv2RzBLHA9wf7LOcFV3H/B
uNf7v6a9KcD+S7jAs4QCwamH7MBTHybBU00awa7oPsGMbDvBJPaAwaZG+7+5ESvAvbW8wE53
AMHZjO3AYiQjwR+eFMG1ET/BrOE6wQshgcGEgvq/XWYvwIp0wsBDyP7ArPHwwFIbH8FwdA/B
SKY9wcR5OMFhwoHB/Hv3v4w7MsD28cXAKU/+wMpd9MAJzhrBA/8LwcP9PsE3dTjB3rODwYru
878YFjfA2RrIwH15/sAokfXAEDUWwadCCsH7QD7BnBI5weJ8hcHh4O2/9G49wGYGysCMk/vA
WGz0wGxFE8FnZwvBqkE6wRyjO8G/JoXBeYPpv0SMQ8C4GMvAiZX5wL4w88C0VxLBdicPwXNB
N8HuWD/BkwiFwRIy6L8mnUXAka/GwNi+9sBIo/DAwPERwUexE8E7bDfBQGZEwSt2hcFwZei/
7ApGwDFzwcByA/LA6jnswGotEsGAlBXBFpo2wX1RSMFI8oTBC+Xqv/bySMAS/r3AsZ3swLB6
58BoRhXBFcEVweK9NsFw/UrBMc2Cwfmy679La1DA4fm7wN3q5sCxdubAijsXwWJzFMEmDTnB
Ci5MwQzrgMHcWem/pC9YwBaqusDm5+HATSvkwGQbGcFnJBLB8nI7wakbTcG/FX7B1t/lv/rG
YsBtnbvAzY3fwNsM4cDqPhvBrWoPwf2tOsE/D0vBA454wYCM5L+ftW/Ayz6+wAJn38AmXN3A
sYYdwX9hEMFL3jrBA6hGwc8fdcGte+C/xnB0wBv9vcCiSeLArTDcwPp3HcHdzhPBkOg7wcM+
QsGCtHTB1srfv17ebMBKQrvANSPpwEcJ2cCWQB7BgHMYwbDyO8Gvlj3Bxbh0wbpO4r/qwWHA
Clq3wKkd88DAutfAaqUewUj7HMFw8TvBBDs5wdYcdMEHI+K/ks1WwDVBtMCGX/vAqMDZwDf7
HsF0AiDBnI49wUqpOcHFwnPBJjHev/1ASsAgdrHAEHcAwVwC3cBrxx/B530hwU3TPcHEmj3B
991ywVRH37/Awz7Ad3evwC99AsEagdzAXLwhwXz3IMH51DzB1k5CwWxcccHEcOC/qaM6wFJI
r8CIAQTBnpnbwH9oI8H9sh/BASM8wQdtRsGSVXHBcyrdv6oVPMCNZq/AWxQDwQjz28CxbyTB
lr4ewQSGO8FcGErBYQ10wZhd3r8QMzjAka6vwBSsAcEM/tXA2XUmwWsGIME66TrBGrJLwU2+
d8F1gea/5l0wwIurr8C3NQLBsk7PwBDEKcGC8SHBM7o5wXJ0SsF49nrBgHrsv7yLKcBbLLHA
jgAEwYL3y8Dt3SzB3IQkwYvmOMElrUfBSLd8waLI8L8mfyLAubeywGdJBsHI5crAV/QuwTzx
J8F0tTfBCedEwXEAfcGw+fm/trcYwAILs8AdzgnBOqfJwLHJMMEEOCrBrSI3wXqVQMEbK3rB
rXUAwEcRFsAeALbAQncNwTZHzsAKejDBgAgpwbzMN8HSiDvBr091weDbAMAg1h3AdMC5wHCA
DcEA29TAt9gtwarHJcEMsTrBbtM4wcXUccHrLP6/IE0twFz6vcBfoQrBELrZwN62KMGv/x/B
j1E9wdDuOMEsgXDBKVP6v0ZZQMAEfsPAf4cGwa9d4MC8vCLBgfwWwTWNQMFF1znBeIZvwehW
8r+cRFPA50zMwIzyAsGvTOXAOy0dwVMDDsGqgULB2VU9wZLab8GyPOm/l8hhwIVa0cAJDADB
RuvjwKXnGMHWSwrBoZRBwfYvQ8GpxXLBnebfvwZFZsBrAdLAjbT+wNE54sCK7RXBrD8KwW5o
PsFOq0bBUu92wZNa2b8MhWHA0STQwKivAMELCeLAbwMVwW3oDcFinTzBsC9HwbZvesEBK9S/
ighYwFM1y8AmRwLBFWLfwMx4FsFPjRXByEw6wTmVRsHoQH7BZc3Qv6/+T8CUkcPAj0MBwdZs
3cD93xjBua4dwQj2OMGy4EbB8tOAwYQHz78OfUzA1Uy9wIsm/MCUJeDAy9Aawci7IcHoiDnB
yOJEwTRFgcG0w82/eqhNwD10usBxT/fAtADmwAE+G8E3syHBqfA7wT8LRcE7+X/BlrLMv6b+
U8DapLrAIbPywJIL7cACuBnBA08fwb7hPcEQtkXBJjN8wb1Oy7+m1lnADiK9wCRg78A2bPTA
oRQXwepRG8FZtD7BchZGwTjdeMEY0Mu/EmBewMguwMCUZ/PA+fH7wEUHFMEHixfBOpc+wUjF
Q8EFu3XB1cfNv6/uX8A83sDACwH9wJymAcHwrRDBXr4UwfUUPsEiuULBaWV0wR7+0b/+Y1/A
XQXAwAbdAsGV0ALBolsNwZxTFMFwdDzBZAtAwR5WdcGhCdi/jH5cwM/nu8DoAAjBIGsDwSeK
C8GZeRTBHTg5wbDLO8FZM3fBTUZQYXJlbnRHVUlEAAEAAAAATUZMaWJhcnlWZXJzaW9uAAUA
AAAxNC4xAA==</Signature>
</IdRequest>
</IdRequestInfo>
</Details>
</Txn>
</AMIdServerRequest>

Here is the WinPFinf text
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 2/20/2004 3:32:06 PM 159764 C:\WINDOWS\9876.exe
UPX! 12/24/2003 6:44:42 AM 18432 C:\WINDOWS\ss3unstl.exe
FSG! 1/12/2005 11:31:08 PM 6297 C:\WINDOWS\winini32.exe

Checking %System% folder...
FSG! 11/6/2005 8:55:14 PM 12592 C:\WINDOWS\SYSTEM32\302.exe
aspack 12/24/2003 6:51:26 AM 4333494 C:\WINDOWS\SYSTEM32\Chingy.scr
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
UPX! 1/12/2005 11:34:28 PM 7680 C:\WINDOWS\SYSTEM32\dnsauth.dll
UPX! 1/12/2005 11:35:52 PM 25088 C:\WINDOWS\SYSTEM32\dx9vbc.dll
UPX! 8/29/2002 6:00:00 AM 12288 C:\WINDOWS\SYSTEM32\fhbgqkzn.exe
UPX! 8/29/2002 6:00:00 AM 11727 C:\WINDOWS\SYSTEM32\hhaobeia.exe
UPX! 5/31/2005 8:49:26 PM 42496 C:\WINDOWS\SYSTEM32\iecust.exe
UPX! 8/29/2002 6:00:00 AM 6144 C:\WINDOWS\SYSTEM32\jbpqipcu.exe
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 5/7/2005 1:24:34 AM 11776 C:\WINDOWS\SYSTEM32\msef.dll
UPX! 11/22/2005 7:45:58 PM 11776 C:\WINDOWS\SYSTEM32\msjk.dll
UPX! 1/12/2005 11:31:36 PM 11776 C:\WINDOWS\SYSTEM32\msvw.dll
UPX! 11/6/2005 8:55:14 PM 10240 C:\WINDOWS\SYSTEM32\nlsfuncs.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
FSG! 1/12/2005 11:31:30 PM 3669 C:\WINDOWS\SYSTEM32\openconf.exe
FSG! 2/23/2005 8:41:40 AM 4301 C:\WINDOWS\SYSTEM32\opensdl.exe
FSG! 3/14/2005 9:57:36 PM 2225 C:\WINDOWS\SYSTEM32\opensdl2.exe
UPX! 1/12/2005 11:34:30 PM 15360 C:\WINDOWS\SYSTEM32\qappsrvc32.exe
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/14/2005 5:28:48 PM 16896 C:\WINDOWS\SYSTEM32\setvers.exe
FSG! 11/21/2005 4:38:28 PM 9713 C:\WINDOWS\SYSTEM32\spnping.exe
FSG! 11/6/2005 8:55:16 PM 12169 C:\WINDOWS\SYSTEM32\taskopen.exe
UPX! 11/6/2005 8:55:14 PM 48128 C:\WINDOWS\SYSTEM32\unlodctl.exe
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
FSG! 1/12/2005 11:31:08 PM 6297 C:\WINDOWS\SYSTEM32\winini32.exe
FSG! 1/18/2005 7:46:52 PM 3201 C:\WINDOWS\SYSTEM32\winuptd.exe
UPX! 8/29/2002 6:00:00 AM 12288 C:\WINDOWS\SYSTEM32\yexakmel.exe

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/23/2005 1:53:00 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 8:17:40 PM S 21737 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 10:53:30 AM S 17402 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
11/23/2005 1:52:50 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
11/23/2005 1:53:20 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
11/23/2005 1:53:02 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
11/23/2005 1:53:22 AM H 69632 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
11/23/2005 1:53:12 AM H 991232 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
11/13/2005 7:32:10 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
11/21/2005 9:17:22 PM HS 13824 C:\WINDOWS\SYSTEM32\DRIVERS\ulxhmtou.sys
10/2/2005 8:34:36 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\79e432e6-a4fc-4baa-bfab-196fa22b6671
10/2/2005 8:34:36 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
11/23/2005 1:52:02 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 5/8/2003 8:25:18 PM 815104 C:\WINDOWS\SYSTEM32\B57exp.cpl
Broadcom Corporation 6/3/2003 11:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 1/23/2005 9:33:44 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 12/4/2003 11:47:50 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Squid Software OÜ 8/25/2004 8:13:12 PM 77312 C:\WINDOWS\SYSTEM32\P2P Networking v126.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 7/27/2003 11:05:54 AM 295936 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 10:53:24 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Barrett\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Barrett\Application Data\DESKTOP.INI
1/4/2004 6:59:02 PM 12358 C:\Documents and Settings\Barrett\Application Data\PFP110JCM.{PB
1/4/2004 6:59:02 PM 61678 C:\Documents and Settings\Barrett\Application Data\PFP110JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EFE1D69-4E4E-E6AA-EB23-E1C704B32776}
= C:\WINDOWS\system32\ikdqjywx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B1D9115-CBF4-A875-2FE3-2583F45FF5B0}
= C:\WINDOWS\System32\zhgfbcck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDE69C4E-C9C4-F50D-4E9A-E4A5BF6E6D0A}
= C:\WINDOWS\System32\aqeazhmb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D11DAF0E-767D-4596-9B6E-DE3E60081E53}
= C:\WINDOWS\system32\msjk.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3D1EC4D-EB1A-C559-7CE4-AC9ADA3A5085}
= C:\WINDOWS\system32\lemlmifg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
{5345A7A9-805A-4923-B505-86B2FEBA3FE0} = iMeshBar : C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
cUVGRgEx C:\PROGRA~1\uxrvpxux\GogDHAAN.exe
ControlPanel C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
qappsrvc32.exe qappsrvc32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
System Support syscfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
ICQ Lite C:\Program Files\ICQLite\ICQLite.exe -trayboot

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Spooler 2
MSIServer 3
Alerter 3


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup C:\WINDOWS\pss\GStartup.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\GMT\GMT.exe /startup
item GStartup
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup C:\WINDOWS\pss\GStartup.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\GMT\GMT.exe /startup
item GStartup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.hta
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta
backup C:\WINDOWS\pss\Microsoft Office.htaCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta
backup C:\WINDOWS\pss\Microsoft Office.htaCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.hta
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Barrett^Start Menu^Programs^Startup^Download Plus.lnk
path C:\Documents and Settings\Barrett\Start Menu\Programs\Startup\Download Plus.lnk
backup C:\WINDOWS\pss\Download Plus.lnkStartup
location Startup
command C:\DOCUME~1\Barrett\APPLIC~1\DOWNLO~1.EXE
item Download Plus
path C:\Documents and Settings\Barrett\Start Menu\Programs\Startup\Download Plus.lnk
backup C:\WINDOWS\pss\Download Plus.lnkStartup
location Startup
command C:\DOCUME~1\Barrett\APPLIC~1\DOWNLO~1.EXE
item Download Plus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command c:\WINDOWS\System32\
inimapping 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\2wSysTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 2PortalMon
hkey HKLM
command C:\Program Files\2Wire\Gateway\2PortalMon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 2PortalMon
hkey HKLM
command C:\Program Files\2Wire\Gateway\2PortalMon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVGQkEx
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\agVGRs1w
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aIFGSo1x
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aIpGToox
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\akpHQoox
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AKXF
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AKXF
hkey HKLM
command C:\WINDOWS\AKXF.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AKXF
hkey HKLM
command C:\WINDOWS\AKXF.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AltnetPointsManager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item points manager
hkey HKLM
command c:\program files\altnet\points manager\points manager.exe -s
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item points manager
hkey HKLM
command c:\program files\altnet\points manager\points manager.exe -s
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aMVJZo1x
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\aYVHZcov
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BCMSMMSG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BCMSMMSG
hkey HKLM
command BCMSMMSG.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BCMSMMSG
hkey HKLM
command BCMSMMSG.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFHWcEw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GogDHAAN
hkey HKLM
command C:\PROGRA~1\uxrvpxux\GogDHAAN.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GogDHAAN
hkey HKLM
command C:\PROGRA~1\uxrvpxux\GogDHAAN.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkFJQ9ow
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bkpHQgow
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RAgCBgBM
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RAgCBgBM.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bM0GS91v
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RYgDFwBN
hkey HKLM
command C:\PROGRA~1\uxrvpxux\RYgDFwBN.exe
inimapping 0
key SOFTWARE\Microsoft�
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Download Suspicious File Packer from here.

Unzip it to your desktop. Open it and copy and paste in this list of files below
When it has created the archive on your desktop please upload that to the forum here.

C:\WINDOWS\SYSTEM32\dx9vbc.dll
C:\WINDOWS\SYSTEM32\fhbgqkzn.exe
C:\WINDOWS\SYSTEM32\hhaobeia.exe
C:\WINDOWS\SYSTEM32\jbpqipcu.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ulxhmtou.sys
C:\WINDOWS\SYSTEM32\opensdl.exe
C:\WINDOWS\SYSTEM32\opensdl2.exe
C:\WINDOWS\SYSTEM32\msvw.dll
C:\WINDOWS\9876.exe
C:\WINDOWS\ss3unstl.exe
C:\WINDOWS\SYSTEM32\302.exe
C:\WINDOWS\SYSTEM32\Chingy.scr


Here are the directions for uploading the file:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.

Be sure you post the link to this thread in that topic.
  • 0

#9
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* I am attaching a fix.zip file to this post. Download fix.zip and save it to your desktop. On the desktop, right click the fix.zip file and choose "Extract All" to extract the fix.reg file and the delete.bat file it contains. You should now have a fix folder on your desktop containing those two files. Do not do anything with them yet. You will run them later in safe mode.


* Click here to download Fixwareout.exe and save it to your desktop.
  • Doubleclick on the Fixwareout.exe file to run it.
  • Click Next, then Install, then make sure "Run fixit" is checked and click Finish.
  • The fix will begin. Follow the prompts.
  • You will be asked to reboot your computer, please do so.
  • Your system may take longer than usual to load, this is normal.
  • When your system reboots, follow the prompts that follow.
  • HijackThis should open automatically.
  • Click the Scan button, and put a check by the following entries:
  • O17 - HKLM\System\CCS\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
  • O17 - HKLM\System\CCS\Services\Tcpip\..\{BBBBE4C0-0FE8-4D5A-9571-267179EEEAEB}: NameServer = 69.50.176.156,195.225.176.31
  • O17 - HKLM\System\CS1\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
  • O17 - HKLM\System\CS2\Services\Tcpip\..\{200D5441-1F37-43C0-B5E5-D31441366F8F}: NameServer = 69.50.176.156,195.225.176.31
* Restart your computer into safe mode now. Perform the following steps in safe mode:


* First open the fix folder on your desktop then doubleclick on the delete.bat file to run it. A command window should run briefly then close. After it closes, doubleclick on the fix.reg file to add it's contents to the registry. Answer yes to confirm the merge.


* Delete these folders:

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
C:\PROGRAM FILES\Lycos
C:\Program Files\uxrvpxux
C:\Program Files\Altnet
C:\Program Files\Common Files\GMT


* Run Cleanup:
  • Click on the "Cleanup" button and let it run.
  • Once its done, close the program.
* Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
  • Double-click the Network Connections icon
  • Right-click the Local Area Connection icon and select Properties.
  • Hilight Internet Protocol (TCP/IP) and click the Properties button.
  • Be sure Obtain DNS server address automatically is selected.
  • OK your way out.
* Go to Start > Run and type in cmd

Click OK.

Type in the follwing command:

ipconfig /flushdns

Hit Enter.


* Restart back into Windows normally now.


* Run Kaspersky online virus scan here.

When the scan is finished, Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan

Attached Files

  • Attached File  fix.zip   1.2KB   98 downloads

Edited by flrman1, 24 November 2005 - 10:34 AM.

  • 0

#10
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Also go to Control Panel > Java. On the General tab under "Temporary Internet Files" click the "Delete Files" button to clear the Java cache.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP