[Resolved] restarting topic (former closed due to inactivity)

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

2 Pages

1 2 >

[Resolved] restarting topic (former closed due to inactivity), LDTate, this are the logs

Options

red nose View Member Profile	Oct 14 2008, 02:01 PM Post #1
Authentic Member Group: Authentic Member Posts: 30 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	hello LDTate, I'm back in Poland, and hoping you're still be able to help me. I did as you suggested, Computer seems to work without trublle, but i noticed that when i'am using real player , the PC stops after a copple of minutes, the screen stands still(frozen) and the mouse does not move on the screen. I have to restart and the pc works fine again. I also noticed that playing games( enemy terittory) is no longer possible, after some time ( minutes) the screen begins to vibrate, and then the computer stops. Some times I also got the message that my system was recoverd from a big failure. Here are the logs: Logfile of HijackThis v1.99.1 Scan saved at 18:14:11, on 14-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\Mozilla Firefox\firefox.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe Malwarebytes' Anti-Malware 1.28 Database version: 1268 Windows 5.1.2600 Service Pack 3 14-10-2008 18:10:26 mbam-log-2008-10-14 (18-10-26).txt Scan type: Quick Scan Objects scanned: 47119 Time elapsed: 5 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Greetings from Poland Ruud

LDTate View Member Profile	Oct 14 2008, 02:41 PM Post #2
Forum God Group: Root Admin Posts: 40,638 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	DO NOT use any TOOLS such as Combofix, Vundofix, or HijackThis fixes without supervision. Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data. Download ComboFix from Here or Here to your Desktop. In the event you already have Combofix, this is a new version that I need you to download. It must be saved directly to your desktop. Make sure you are disconnected from the net 1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. Remember to re enable the protection again afterwards before connecting to the net 2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix. IF you have not already done so Combofix will disconnect your machine from the Internet when it starts. If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections. 3. Now double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze. Give it atleast 20-30 minutes to finish if needed.

red nose View Member Profile	Oct 16 2008, 02:06 AM Post #3
Authentic Member Group: Authentic Member Posts: 30 Joined: 17-July 07 From: poland Member No.: 71,490 Operating System: windows XP sp2	hello LDTate, I think something went wrong with my post from yesterday, because i don't see it here. I will reply again. After running combofix ,my pc seems to work better, even real-player worked for a while, i had no time to test it for a longer period, but before it was a matter of minutes befor my PC holds. Here are the Logs: 1)Logfile of HijackThis v1.99.1 Scan saved at 21:54:16, on 15-10-2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Mixer.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Webroot\Washer\wwDisp.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\WINDOWS\twain_32\A4CIS\WATCH.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files\Outlook Express\msimn.exe I:\pre-program set-up\hyjackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS\WATCH.exe O4 - Global Startup: APC UPS Status.lnk = ? O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: znetm32 - C:\WINDOWS\SYSTEM32\znetm32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe 2) ComboFix 08-10-15.01 - ruud 2008-10-15 21:17:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.48.1043.18.412 [GMT 2:00] Uruchomiony z: C:\Documents and Settings\ruud\Bureaublad\ComboFix.exe * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! ( here a translation, because i do not know if this is important: recovery console is not installed on this system) . ((((((((((((((((((((((((((((((((((((((( Usuniêto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\ruud\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Pliki utworzone od 2008-09-15 do 2008-10-15 ))))))))))))))))))))))))))))))) . 2008-10-15 09:12 . 2008-09-15 17:28 1,846,528 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-15 08:58 . 2008-08-14 15:27 2,193,536 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,149,888 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,070,400 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 08:58 . 2008-08-14 15:27 2,028,544 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 19:21 . 2008-10-14 19:21 <DIR> d-------- C:\Program Files\DNA 2008-10-14 19:21 . 2008-10-15 02:10 <DIR> d-------- C:\Program Files\BitTorrent 2008-10-14 19:21 . 2008-10-15 21:15 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\DNA 2008-10-14 18:02 . 2008-10-14 18:04 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-14 18:02 . 2008-10-14 18:02 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Malwarebytes 2008-10-14 18:02 . 2008-10-14 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-14 18:02 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-14 18:02 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-13 21:34 . 2008-10-13 21:34 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\ESET 2008-10-13 21:33 . 2008-10-13 21:33 <DIR> d-------- C:\Program Files\ESET 2008-10-13 21:33 . 2008-10-13 21:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-10-02 17:02 . 2008-10-02 17:02 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-10-01 17:01 . 2008-10-01 17:01 <DIR> d-------- C:\Program Files\APC 2008-10-01 17:01 . 2004-08-10 15:35 4,142,592 --a------ C:\WINDOWS\system32\qtintf.dll 2008-10-01 16:54 . 2008-04-13 20:36 20,352 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 20,352 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 14,208 --a------ C:\WINDOWS\system32\drivers\battc.sys 2008-10-01 16:54 . 2008-04-13 20:36 14,208 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys 2008-10-01 16:54 . 2008-04-13 20:36 10,240 --a------ C:\WINDOWS\system32\drivers\compbatt.sys 2008-10-01 16:54 . 2008-04-13 20:36 10,240 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys 2008-09-28 23:16 . 2008-09-28 23:16 <DIR> d-------- C:\Program Files\Sun 2008-09-25 09:41 . 2008-09-25 09:41 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2008-09-25 09:38 . 2008-09-25 09:41 <DIR> d-------- C:\Program Files\Uniblue 2008-09-25 09:37 . 2008-09-25 09:39 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{1377D272-D99F-4A4B-9C83-A918F678475B} 2008-09-25 09:33 . 2008-09-25 09:33 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-09-25 09:25 . 2008-09-25 09:25 <DIR> dr-h----- C:\AHCache 2008-09-25 09:07 . 2008-09-25 09:07 <DIR> d-------- C:\Program Files\Uniblue DriverScanner 2009 2008-09-25 09:07 . 2008-09-25 09:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriverScanner 2008-09-25 09:04 . 2008-09-25 09:07 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2008-09-24 20:04 . 2008-09-24 21:47 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-09-22 12:24 . 2008-09-22 12:24 <DIR> d-------- C:\Program Files\PS-Wizard 2008-09-22 11:17 . 2004-08-03 23:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2008-09-22 11:17 . 2004-08-03 23:31 20,992 --a--c--- C:\WINDOWS\system32\dllcache\rtl8139.sys 2008-09-21 17:52 . 2008-09-25 09:45 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\Uniblue 2008-09-20 15:56 . 2008-09-20 15:56 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-20 15:56 . 2008-09-20 15:56 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-17 19:48 . 2008-10-01 23:21 <DIR> d-------- C:\Documents and Settings\ruud\Application Data\U3 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-15 19:14 --------- d-----w C:\Documents and Settings\ruud\Application Data\MailWasherPro 2008-10-15 19:04 --------- d-----w C:\Documents and Settings\ruud\Application Data\BitTorrent 2008-10-15 11:28 2,556,928 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp 2008-10-14 22:07 29,184 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp 2008-10-13 20:59 25,600 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp 2008-10-13 19:51 2,525,696 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp 2008-10-13 19:30 --------- d-----w C:\Program Files\Symantec 2008-10-13 19:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-13 19:28 --------- d-----w C:\Program Files\Norton SystemWorks 2008-10-13 19:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-13 11:26 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp 2008-10-13 11:24 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp 2008-10-13 11:19 18,432 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp 2008-10-13 07:53 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp 2008-10-13 07:32 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp 2008-10-13 07:32 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp 2008-10-01 15:12 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp 2008-10-01 15:11 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp 2008-10-01 15:01 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-30 21:45 24,576 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp 2008-09-30 21:04 2,507,776 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp 2008-09-29 20:43 2,510,848 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp 2008-09-29 20:25 28,672 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp 2008-09-28 21:16 --------- d-----w C:\Program Files\Java 2008-09-28 20:24 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp 2008-09-28 18:58 25,088 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp 2008-09-27 17:50 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp 2008-09-27 17:50 2,487,296 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp 2008-09-25 20:17 2,463,744 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp 2008-09-25 19:17 31,232 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp 2008-09-25 04:53 80,384 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp 2008-09-25 04:03 2,332,672 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp 2008-09-24 18:28 29,696 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp 2008-09-24 18:28 2,339,328 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp 2008-09-24 18:06 --------- d-----w C:\Program Files\HFXP2 2008-09-24 06:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-24 06:46 --------- d-----w C:\Program Files\Startup Faster 2008-09-23 07:47 2,326,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp 2008-09-23 07:46 31,744 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp 2008-09-21 20:13 89,088 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp 2008-09-21 20:13 2,294,272 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp 2008-09-21 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-21 16:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-21 15:41 2,254,848 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp 2008-09-21 15:40 231,424 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp 2008-09-20 14:10 441,344 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-09-20 14:10 2,270,720 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-09-18 19:00 --------- d-----w C:\Program Files\SMAC 2008-09-16 16:50 --------- d-----w C:\Program Files\TuneUp Utilities 2007 2008-09-16 16:24 244,224 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp 2008-09-16 16:23 2,219,008 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp 2008-09-15 18:50 2,214,912 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp 2008-09-15 18:49 223,232 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp 2008-09-15 15:28 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-14 18:17 29,696 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp 2008-09-14 18:17 2,215,936 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp 2008-09-14 17:47 138,280 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-14 17:47 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-14 17:35 --------- d-----w C:\Program Files\GameSpy Arcade 2008-09-14 16:19 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp 2008-09-14 16:18 15,872 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp 2008-09-14 16:11 41,472 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp 2008-09-14 16:11 2,211,328 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp 2008-09-14 14:57 2,212,864 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp 2008-09-14 14:55 182,784 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp 2008-09-14 02:57 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp 2008-09-14 02:57 2,211,840 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp 2008-08-19 22:19 --------- d-----w C:\Program Files\MSN Messenger 2008-08-15 16:42 --------- d-----w C:\Documents and Settings\ruud\Application Data\URSoft 2008-08-14 13:27 2,193,536 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:27 2,070,400 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-10 20:05 35,363 ----a-w C:\WINDOWS\system32\windrvNT.sys 2008-07-29 23:34 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2008-07-29 23:34 83,968 ----a-w C:\WINDOWS\system32\mscories.dll 2008-07-29 23:34 41,984 ----a-w C:\WINDOWS\system32\netfxperf.dll 2008-07-29 23:34 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2008-07-29 23:34 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2008-07-29 19:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll 2008-07-29 19:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll 2008-07-29 18:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2008-07-29 17:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2008-07-29 17:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2008-07-29 17:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2008-07-29 17:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-05-05 09:26 31,704 ----a-w C:\Documents and Settings\ruud\Application Data\GDIPFONTCACHEV1.DAT . CODE <pre> ----a-w 25,088 2006-01-31 19:49:03 C:\Program Files\SlySoft\CloneCD\Crack clone cd 5.2.6.1 .exe </pre> ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . Uwaga puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] "Window Washer"="C:\Program Files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-14 289088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-09 155648] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-14 185896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl] "C-Media Mixer"="Mixer.exe" [2002-07-12 C:\WINDOWS\mixer.exe] "nwiz"="nwiz.exe" [2007-10-04 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\ruud\Menu Start\Programma's\Opstarten\ Watch.lnk - C:\WINDOWS\twain_32\A4CIS\WATCH.exe [2008-01-09 176640] C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\ APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-10-01 221247] ZoneAlarm Pro.lnk - C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe [2008-01-09 636200] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\znetm32] 2004-06-25 21:13 10752 C:\WINDOWS\system32\znetm32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnet3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx30SP1setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx35[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3setup[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx3_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dotnetfx[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx20SP2_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx30SP1_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_ia64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx35_x86[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64.exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[1].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NetFx64[2].exe] "Debugger"=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\DotNetFxInstallBlock.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe "CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay "BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"= "C:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\LimeWire Plus\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "4382:TCP"= 4382:TCP:messenger R0 HFXP2;HFXP2;C:\WINDOWS\system32\DRIVERS\HFXP2.SYS [2006-08-01 13824] R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 3744] R2 MA1908Driver;MA1908Driver;C:\WINDOWS\system32\drivers\ma1908.sys [1998-07-09 22528] R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 3904] R2 UxTuneUp;TuneUp Thema-uitbreiding;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - PROCEXP90 . Zawartoœæ folderu 'Zaplanowane zadania' 2008-10-15 C:\WINDOWS\Tasks\Easy Onderhoud.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 10:05] . . ------- Skan uzupe³niaj¹cy ------- . FireFox -: Profile - C:\Documents and Settings\ruud\Application Data\Mozilla\Firefox\Profiles\4xadhkpv.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.startpagina.nl/ FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-15 21:20:17 Windows 5.1.2600 Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... C:\sccfg.sys 448 bytes skanowanie pomyœlnie ukoñczone ukryte pliki: 1 ************************************************************************ . Czas ukoñczenia: 2008-10-15 21:22:08 ComboFix-quarantined-files.txt 2008-10-15 19:22:04 Greetings Ruud Przed: 13.181.575.168 bytes beschikbaar Po: 13,167,919,104 bytes beschikbaar 396 --- E O F --- 2008-10-15 07:36:02

LDTate View Member Profile	Oct 16 2008, 06:02 AM Post #4
Forum God Group: Root Admin Posts: 40,638 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	CODE 25,088 2006-01-31 19:49:03 C:\Program Files\SlySoft\CloneCD\[b]Crack[/b] clone cd 5.2.6.1 .exe 1.Click Start > Settings > Control Panel. 2.Next, open Add/Remove Programs and remove if listed: SlySoft Reboot and "copy/paste" a new HijackThis log file into this thread. Also please describe how your computer behaves at the moment.

red nose

Oct 17 2008, 03:04 PM

Post #5

Authentic Member

Group: Authentic Member
Posts: 30
Joined: 17-July 07
From: poland
Member No.: 71,490
Operating System: windows XP sp2

Hello LDTate,
In my programlist i can't find the program sly soft, however this is the company that made clone-cd i think.
The program clone cd is listed in the list, but i hesitate to remove it, because (sure it is cracked), but i use this for years now ,and it never gave me problems.
My PC runs much better, also does real-player, i only get the next error pop-up from time to time,when i'm opening a map where i store downloaded movies, i do not know what to do with it so i have to click it away(several times before it is gone)

OS: Windows XP Professional, SP3
CPU: GenuineIntel, Intel Pentium 4, MMX @ 1620 MHz

Application data:
VmVyc2lvbjogV2xGQlhVSlFWRlphUkU1RFJrTlZKQ2xTT3lRN1ZpQXN
BQWRWUHlFOEl6QnpaSHQrZHpNa0lqc2tJelpGY25SOWVHcC9SemM3Uj
NKNGIzRkRNUT09DQpJbWFnZUJhc2U6IDBBQjUwMDAwDQpFaXA6IDQ2M
UNFQjANCkVheDogOTk1MDAwMA0KRWN4OiBDOTg0QzcwDQpFZHg6IDAN
CkVieDogMA0KRXNpOiBDOTg0QkI4DQpFZGk6IDUyQTAwMDANCkVicDo
gNDUwRTY0Qw0KRXNwOiA0NTBFNTIwDQotMQ0KQ29kZSA9IFsyMDRdDQ
otIDANCi0gMjA0DQotIDIyNw0KLSAwDQotIFtdDQo+IEM6XFdJTkRPV
1NcZXhwbG9yZXIuZXhlDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnRk
bGwuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJca2VybmVsMzIuZGx
sDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQURWQVBJMzIuZGxsDQo+IE
M6XFdJTkRPV1Ncc3lzdGVtMzJcUlBDUlQ0LmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXFNlY3VyMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcQlJPV1NFVUkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJ
cR0RJMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcVVNFUjMyLm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zdmNydC5kbGwNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxvbGUzMi5kbGwNCj4gQzpcV0lORE9X
U1xzeXN0ZW0zMlxTSExXQVBJLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXE9MRUFVVDMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXF
NIRE9DVlcuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFQzM
i5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FTTjEuZGxsDQo+
IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQ1JZUFRVSS5kbGwNCj4gQzpcV0l
ORE9XU1xzeXN0ZW0zMlxORVRBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxWRVJTSU9OLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXFdJTklORVQuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0lO
VFJVU1QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcSU1BR0VITFA
uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV0xEQVAzMi5kbGwNCj
4gQzpcV0lORE9XU1xzeXN0ZW0zMlxTSEVMTDMyLmRsbA0KPiBDOlxXS
U5ET1dTXHN5c3RlbTMyXFV4VGhlbWUuZGxsDQo+IEM6XFdJTkRPV1Nc
c3lzdGVtMzJcU2hpbUVuZy5kbGwNCj4gQzpcV0lORE9XU1xBcHBQYXR
jaFxBY0dlbnJhbC5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXSU
5NTS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxNU0FDTTMyLmRsb
A0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFVTRVJFTlYuZGxsDQo+IEM6
XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb3NvZnQuV2luZG93cy5Db21
tb24tQ29udHJvbHNfNjU5NWI2NDE0NGNjZjFkZl82LjAuMjYwMC41NT
EyX3gtd3dfMzVkNGNlODNcY29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV
1Ncc3lzdGVtMzJcY29tY3RsMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcbnZpZXcuZGxsDQoNCjYuMTQuMTAuMTExMjINCjYuMTQuMTA
uMTExMjINCg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFBTQVBJLkRMTA
0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5UTUFSVEEuRExMDQo+IEM6X
FdJTkRPV1Ncc3lzdGVtMzJcU0FNTElCLmRsbA0KPiBDOlxXSU5ET1dT
XHN5c3RlbTMyXE5WV1JTTkwuRExMDQoNCk5WSURJQSBDb3Jwb3JhdGl
vbg0KTlZJRElBIG5WaWV3IERlc2t0b3AgYW5kIFdpbmRvdyBNYW5hZ2
VyDQo2LjE0LjEwLjExMTIyDQpOVldSU05MDQpDb3B5cmlnaHQgKGMpM
jAwMS0yMDA0IE5WSURJQSBDb3Jwb3JhdGlvbg0KTlZXUlNOTC5kbGwN
CjYuMTQuMTAuMTExMjINCk5WSURJQSBuVmlldyBEZXNrdG9wIGFuZCB
XaW5kb3cgTWFuYWdlcg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTV
NDVEYuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcYXBwSGVscC5kb
GwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxDTEJDQVRRLkRMTA0KPiBD
OlxXSU5ET1dTXHN5c3RlbTMyXENPTVJlcy5kbGwNCj4gQzpcV0lORE9
XU1xTeXN0ZW0zMlxjc2N1aS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW
0zMlxDU0NETEwuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcdGhlb
WV1aS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU0lNRzMyLmRs
bA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXHhwc3AycmVzLmRsbA0KPiB
DOlxXSU5ET1dTXFN5c3RlbTMyXG1zdXRiLmRsbA0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXExJTktJTkZPLmRsbA0KPiBDOlxXSU5ET1dTXHN5c
3RlbTMyXG50c2hydWkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJc
QVRMLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXE5FVFNIRUxMLmR
sbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGNyZWR1aS5kbGwNCj4gQz
pcV0lORE9XU1xzeXN0ZW0zMlxkb3QzYXBpLmRsbA0KPiBDOlxXSU5ET
1dTXHN5c3RlbTMyXHJ0dXRpbHMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lz
dGVtMzJcZG90M2RsZy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx
PbmVYLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdUU0FQSTMyLm
RsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdJTlNUQS5kbGwNCj4gQ
zpcV0lORE9XU1xzeXN0ZW0zMlxlYXBwY2ZnLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXE1TVkNQNjAuZGxsDQo+IEM6XFdJTkRPV1Ncc3l
zdGVtMzJcZWFwcHByeHkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
JcaXBobHBhcGkuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcV1MyX
zMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdTMkhFTFAuZGxs
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcU0VUVVBBUEkuZGxsDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJcbXNpLmRsbA0KPiBDOlxXSU5ET1dTXF
N5c3RlbTMyXHdlYmNoZWNrLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rlb
TMyXFdTT0NLMzIuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc3Rv
YmplY3QuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQmF0TWV0ZXI
uZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUE9XUlBST0YuZGxsDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbnZ3ZGRpLmRsbA0KDQpOVklES
UEgQ29ycG9yYXRpb24NCk5WSURJQSBuVmlldyBEaXNwbGF5IERyaXZl
ciBJbnRlcmZhY2UgTGliLCBWZXJzaW9uIDE2My43NQ0KNi4xNC4xMS4
2Mzc1DQpudndkZGkNCihDKSBOVklESUEgQ29ycG9yYXRpb24uIEFsbC
ByaWdodHMgcmVzZXJ2ZWQuDQpudndkZGkuZGxsDQo2LjE0LjExLjYzN
zUNCk5WSURJQSBuVmlldyBEaXNwbGF5IERyaXZlciBJbnRlcmZhY2Ug
TGliLCBWZXJzaW9uIDE2My43NQ0KDQo+IEM6XFdJTkRPV1Ncc3lzdGV
tMzJcYnJvd3NlbGMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcd2
RtYXVkLmRydg0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zYWNtMzIuZ
HJ2DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcbWlkaW1hcC5kbGwNCj4g
QzpcV0lORE9XU1xzeXN0ZW0zMlx1cmxtb24uZGxsDQo+IEM6XFdJTkR
PV1Ncc3lzdGVtMzJcU1hTLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbT
MyXE1QUi5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxkcnByb3YuZ
GxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcbnRsYW5tYW4uZGxsDQo+
IEM6XFdJTkRPV1NcU3lzdGVtMzJcTkVUVUkwLmRsbA0KPiBDOlxXSU5
ET1dTXFN5c3RlbTMyXE5FVFVJMS5kbGwNCj4gQzpcV0lORE9XU1xTeX
N0ZW0zMlxORVRSQVAuZGxsDQo+IEM6XFdJTkRPV1NcU3lzdGVtMzJcZ
GF2Y2xudC5kbGwNCj4gQzpcV0lORE9XU1xXaW5TeFNceDg2X01pY3Jv
c29mdC5XaW5kb3dzLkdkaVBsdXNfNjU5NWI2NDE0NGNjZjFkZl8xLjA
uMjYwMC41NTgxX3gtd3dfZGZiYzRmYzRcZ2RpcGx1cy5kbGwNCj4gQz
pcV0lORE9XU1xzeXN0ZW0zMlxEVVNFUi5kbGwNCj4gQzpcV0lORE9XU
1xzeXN0ZW0zMlxNU0dJTkEuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVt
MzJcT0RCQzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXGNvbWR
sZzMyLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXG9kYmNpbnQuZG
xsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTUxBTkcuZGxsDQo+IEM6X
FByb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNU1ZD
UjcxLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc1x
BaGVhZFxsaWJcTVNWQ1A3MS5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1
xDb21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXFBERlNoZ
WxsLk5MRA0KDQpBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREYgU2hlbGwg
RXh0ZW5zaW9uDQo4LjAuMC4wDQpQREZTaGVsbA0KQ29weXJpZ2h0IDI
wMDAtMjAwNiBBZG9iZSBTeXN0ZW1zLCBJbmMuDQpQREZTaGVsbC5kbG
wNCjguMC4wLjANCkFkb2JlIFBERiBTaGVsbCBFeHRlbnNpb24NCg0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXG1zY21zLmRsbA0KPiBDOlxXSU5E
T1dTXHN5c3RlbTMyXFdJTlNQT09MLkRSVg0KPiBDOlxXSU5ET1dTXHN
5c3RlbTMyXGR4bWFzZi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMl
xEUk1DbGllbi5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkZHJhd
y5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxEQ0lNQU4zMi5kbGwN
Cj4gQzpcUHJvZ3JhbSBGaWxlc1xDb21tb24gRmlsZXNcQWhlYWRcbGl
iXEFkdnJDbnRyMi5kbGwNCg0KTmVybyBBRw0KQWR2ckNudHIgTW9kdW
xlDQoyLDAsNCwgMzAzMQ0KQWR2ckNudHINCkNvcHlyaWdodCAoYykgM
jAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpBZHZyQ250ci5E
TEwNCjIsMCw0LCAzMDMxDQpBZHZyQ250ciBNb2R1bGUNCg0KPiBDOlx
XSU5ET1dTXHN5c3RlbTMyXHJzYWVuaC5kbGwNCj4gQzpcV0lORE9XU1
xzeXN0ZW0zMlxzaGRvY2xjLmRsbA0KPiBDOlxXSU5ET1dTXFN5c3Rlb
TMyXGFjdHhwcnh5LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXExR
Q1VJMi5kbGwNCg0KTG9naXRlY2ggSW5jLg0KUXVpY2tDYW0gVXNlciB
JbnRlcmZhY2UgTGFuZ3VhZ2UNCjguNC43LjEwMzQNCkxRQ1VJLkRMTA
0KKGMpIDE5OTYtMjAwNSBMb2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZ
XJ2ZWQuDQpMUUNVSS5ETEwNCjguNC43LjEwMzQNCkxvZ2l0ZWNoIFF1
aWNrQ2FtDQoNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxzdGkuZGxsDQo
+IEM6XFdJTkRPV1NcU3lzdGVtMzJcQ0ZHTUdSMzIuZGxsDQo+IEM6XF
Byb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxOTURhd
GFTZXJ2aWNlcy5kbGwNCg0KTmVybyBBRw0KTmVybyBIb21lDQoxLCAw
LCAxLCA5DQpOTURhdGFTZXJ2aWNlcw0KQ29weXJpZ2h0IChjKSAxOTk
1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTk1EYXRhU2
VydmljZXMuZGxsDQoxLCAwLCAxLCA5DQpOZXJvIEhvbWUNCjEsIDAsI
DEsIDkNCg0KPiBDOlxQcm9ncmFtIEZpbGVzXENvbW1vbiBGaWxlc1xB
aGVhZFxsaWJcTk1Db0ZvdW5kYXRpb24uZGxsDQoNCk5lcm8gQUcNCk5
lcm8gSG9tZQ0KMSwgMCwgMSwgOQ0KTk1Db0ZvdW5kYXRpb24NCkNvcH
lyaWdodCAoYykgMTk5NS0yMDA1IE5lcm8gQUcgYW5kIGl0cyBsaWNlb
nNvcnMNCk5NQ29Gb3VuZGF0aW9uLmRsbA0KMSwgMCwgMSwgOQ0KTmVy
byBIb21lDQoxLCAwLCAxLCA5DQoNCj4gQzpcUHJvZ3JhbSBGaWxlc1x
Db21tb24gRmlsZXNcQWhlYWRcbGliXE5NVkRTLmRsbA0KDQpOZXJvIE
FHDQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCk5NVkRTDQpDb3B5cmlna
HQgKGMpIDE5OTUtMjAwNSBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3Jz
DQpOTVZEUy5kbGwNCjEsIDAsIDEsIDkNCk5lcm8gSG9tZQ0KMSwgMCw
gMSwgOQ0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXE
FoZWFkXGxpYlxOTUluZGV4U3RvcmVTdnJQUy5kbGwNCg0KTmVybyBBR
w0KTmVybyBIb21lDQoxLCAwLCAxLCA5DQpOTUluZGV4U3RvcmVTdnJQ
Uw0KQ29weXJpZ2h0IChjKSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXR
zIGxpY2Vuc29ycw0KTk1JbmRleFN0b3JlU3ZyUFMuZGxsDQoxLCAwLC
AxLCA5DQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCg0KPiBDOlxQcm9nc
mFtIEZpbGVzXExvZ2l0ZWNoXFZpZGVvXEFsYnVEQnBzLmRsbA0KDQpM
b2dpdGVjaCBJbmMuDQpBbGJ1bSBEYXRhYmFzZSBQcm94eS9TdHViIER
MTA0KOC40LjcuMTAzNA0KQWxidW1EQnBzLmRsbA0KKGMpIDE5OTYtMj
AwNSBMb2dpdGVjaC4gIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBbGJ1b
URCcHMuZGxsDQo4LjQuNy4xMDM0DQpMb2dpdGVjaCBRdWlja0NhbQ0K
DQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcUkFTQVBJMzIuRExMDQo+IEM
6XFdJTkRPV1Ncc3lzdGVtMzJccmFzbWFuLmRsbA0KPiBDOlxXSU5ET1
dTXHN5c3RlbTMyXFRBUEkzMi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0Z
W0zMlxtc3YxXzAuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcc2Vu
c2FwaS5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xNaWNyb3NvZnQgT2Z
maWNlXE9mZmljZTEwXG1zb2hldi5kbGwNCj4gQzpcV0lORE9XU1xzeX
N0ZW0zMlx4cHNwMXJlcy5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxlc1xDb
21tb24gRmlsZXNcQWRvYmVcQWNyb2JhdFxBY3RpdmVYXEFjcm9JRUhl
bHBlci5kbGwNCg0KQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQNCkF
kb2JlIFBERiBIZWxwZXIgZm9yIEludGVybmV0IEV4cGxvcmVyDQo4Lj
AuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZXINCkNvcHlyaWdodCAxO
Tg0LTIwMDYgQWRvYmUgU3lzdGVtcyBJbmNvcnBvcmF0ZWQgYW5kIGl0
cyBsaWNlbnNvcnMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuDQpBY3JvSUV
IZWxwZXIuRExMDQo4LjAuMC4yMDA2MTAyMjAwDQpBY3JvSUVIZWxwZX
IgTGlicmFyeQ0KDQo+IEM6XFdJTkRPV1NcV2luU3hTXHg4Nl9NaWNyb
3NvZnQuVkM4MC5DUlRfMWZjOGIzYjlhMWUxOGUzYl84LjAuNTA3Mjcu
MzA1M194LXd3X2I4MGZhOGNhXE1TVkNSODAuZGxsDQo+IEM6XFByb2d
yYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNZWRpYUxpYn
JhcnlOU0UuZGxsDQoNCk5lcm8gQUcNCk5lcm8gRmlsZSBEaWFsb2cNC
jEsIDAsIDEsIDgNCk1lZGlhTGlicmFyeU5TRQ0KQ29weXJpZ2h0IChj
KSAxOTk1LTIwMDUgTmVybyBBRyBhbmQgaXRzIGxpY2Vuc29ycw0KTWV
kaWFMaWJyYXJ5TlNFLmRsbA0KMSwgMCwgMSwgOA0KTmVybyBGaWxlIE
RpYWxvZw0KMSwgMCwgMSwgOA0KDQo+IEM6XFByb2dyYW0gRmlsZXNcQ
29tbW9uIEZpbGVzXEFoZWFkXGxpYlxNRkM3MVUuRExMDQo+IEM6XFBy
b2dyYW0gRmlsZXNcQ29tbW9uIEZpbGVzXEFoZWFkXGxpYlxOTVBsdWd
pbkJhc2UuZGxsDQoNCk5lcm8gQUcNCk5lcm8gSG9tZQ0KMSwgMCwgMS
wgOQ0KTk1QbHVnaW5CYXNlDQpDb3B5cmlnaHQgKGMpIDE5OTUtMjAwN
SBOZXJvIEFHIGFuZCBpdHMgbGljZW5zb3JzDQpOTVBsdWdpbkJhc2Uu
ZGxsDQoxLCAwLCAxLCA5DQpOZXJvIEhvbWUNCjEsIDAsIDEsIDkNCg0
KPiBDOlxQcm9ncmFtIEZpbGVzXExvZ2l0ZWNoXFZpZGVvXE5hbWVzcG
MyLmRsbA0KDQpMb2dpdGVjaCBJbmMuDQpMb2dpdGVjaCBOYW1lc3BhY
2UyDQo4LjQuNy4xMDM0DQpOYW1lc3BjMi5kbGwNCihjKSAxOTk2LTIw
MDUgTG9naXRlY2guICBBbGwgcmlnaHRzIHJlc2VydmVkLg0KTmFtZXN
wYzIuZGxsDQo4LjQuNy4xMDM0DQpMb2dpdGVjaCBRdWlja0NhbQ0KDQ
o+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcTUZDNzEuRExMDQo+IEM6XFBST
0dSQX4xXE1JQ1JPU340XFdjZXN2aWV3LmRsbA0KPiBDOlxQUk9HUkF+
MVxNSUNST1N+NFxwZWdjb252LmRsbA0KPiBDOlxXSU5ET1dTXHN5c3R
lbTMyXENFVVRJTC5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxSQV
BJLmRsbA0KPiBDOlxQcm9ncmFtIEZpbGVzXE1TTiBNZXNzZW5nZXJcZ
nNzaGV4dC44LjEuMDE3OC4wMC5kbGwNCj4gQzpcUHJvZ3JhbSBGaWxl
c1xOZXJvXE5lcm8gN1xOZXJvIEJhY2tJdFVwXE5CU2hlbGwuZGxsDQp
DcmVhdGUgYmFja3VwcyBvZiBzZWxlY3RlZCBmaWxlcy9mb2xkZXJzL3
BhcnRpdGlvbnMvY29tcGxldGUgaGFyZCBkaXNrIHRvIGhhcmQgZGlza
ywgbmV0d29yayBkcml2ZSwgQ0QvRFZEIG9yIEZUUC4NCk5lcm8gQUcN
Ck5lcm8gQmFja0l0VXAgQXBwbGljYXRpb24NCjIsIDAsIDAsIDYNCk5
lcm8gQmFja0l0VXANCkNvcHlyaWdodCAoYykgMTk5NS0yMDA1IE5lcm
8gQUcgYW5kIGl0cyBsaWNlbnNvcnMNCk5CU2hlbGwuZGxsDQoyLCAwL
CAwLCA2DQpOZXJvIEJhY2tJdFVwDQoyLCAwLCAwLCA2DQoNCj4gQzpc
UHJvZ3JhbSBGaWxlc1xXaW5SQVJccmFyZXh0LmRsbA0KPiBDOlxQcm9
ncmFtIEZpbGVzXFVubG9ja2VyXFVubG9ja2VyQ09NLmRsbA0KPiBDOl
xQcm9ncmFtIEZpbGVzXE1hbHdhcmVieXRlcycgQW50aS1NYWx3YXJlX
G1iYW1leHQuZGxsDQpNYWx3YXJlYnl0ZXMnIEFudGktTWFsd2FyZQ0K
TWFsd2FyZWJ5dGVzIENvcnBvcmF0aW9uDQpNYWx3YXJlYnl0ZXMnIEF
udGktTWFsd2FyZQ0KMSwgMSwgMCwgMA0KbWJhbWV4dC5kbGwNCqkgTW
Fsd2FyZWJ5dGVzIENvcnBvcmF0aW9uLiBBbGwgcmlnaHRzIHJlc2Vyd
mVkLg0KbWJhbWV4dC5kbGwNCjEsIDEsIDAsIDANCk1hbHdhcmVieXRl
cycgQW50aS1NYWx3YXJlDQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlx
BdWRpb2Rldi5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxXTVZDb3
JlLkRMTA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXFdNQVNGLkRMTA0KP
iBDOlxXSU5ET1dTXHN5c3RlbTMyXGRpc2tjb3B5LmRsbA0KPiBDOlxQ
cm9ncmFtIEZpbGVzXEVTRVRcRVNFVCBTbWFydCBTZWN1cml0eVxzaGV
sbEV4dC5kbGwNCg0KRVNFVA0KU2hlbGwgRXh0ZW5zaW9uDQozLjAuNj
Y5IA0Kc2hlbGxFeHQuZGxsDQpDb3B5cmlnaHQgKGMpIEVzZXQgMTk5M
i0yMDA4LiBBbGwgcmlnaHRzIHJlc2VydmVkLg0KTk9ELCBOT0QzMiwg
QU1PTiwgRVNFVCBhcmUgcmVnaXN0ZXJlZCB0cmFkZW1hcmtzIG9mIEV
TRVQuDQpzaGVsbEV4dC5kbGwNCjMuMC42NjkgDQpFU0VUIFNtYXJ0IF
NlY3VyaXR5DQoNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxyc2h4MzIuZ
GxsDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMzJcQVVUSFouZGxsDQo+IEM6
XFdJTkRPV1Ncc3lzdGVtMzJcdHdleHQuZGxsDQo+IEM6XFdJTkRPV1N
cc3lzdGVtMzJcQUNUSVZFRFMuZGxsDQo+IEM6XFdJTkRPV1Ncc3lzdG
VtMzJcYWRzbGRwYy5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkc
2txdW91aS5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxkc2txdW90
YS5kbGwNCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxkZnNzaGxleC5kbGw
NCj4gQzpcV0lORE9XU1xTeXN0ZW0zMlxNU1ZGVzMyLmRsbA0KPiBDOl
xXSU5ET1dTXFN5c3RlbTMyXHFlZGl0LmRsbA0KPiBDOlxXSU5ET1dTX
HN5c3RlbTMyXHF1YXJ0ei5kbGwNCj4gQzpcV0lORE9XU1xzeXN0ZW0z
MlxkZXZlbnVtLmRsbA0KPiBDOlxXSU5ET1dTXHN5c3RlbTMyXERWb2J
TdWIuYXgNClZpc2l0IGh0dHA6Ly92b2JzdWIuZWRlbnNyaXNpbmcuY2
9tIGZvciB1cGRhdGVzLg0KR2FiZXN0DQpEaXJlY3RWb2JTdWINCjIsI
DAsIDIzLCAwDQpEaXJlY3RWb2JTdWINCkNvcHlyaWdodCAoQykgMjAw
MS0yMDAyIEdhYmVzdA0KRGlyZWN0Vm9iU3ViLkRMTA0KMiwgMCwgMjM
sIDANCkRpcmVjdFZvYlN1Yg0KDQo+IEM6XFdJTkRPV1Ncc3lzdGVtMz
Jcdm9ic3ViLmRsbA0KVmlzaXQgaHR0cDovL3ZvYnN1Yi5lZGVuc3Jpc
2luZy5jb20gZm9yIHVwZGF0ZXMNCkdhYmVzdA0Kdm9ic3ViDQoyLCAw
LCAyMywgMA0Kdm9ic3ViDQpDb3B5cmlnaHQgKEMpIDIwMDAtMjAwMiB
HYWJlc3QNCnZvYnN1Yi5ETEwNCjIsIDAsIDIzLCAwDQp2b2JzdWIgRH
luYW1pYyBMaW5rIExpYnJhcnkNCg0KPiBDOlxXSU5ET1dTXHN5c3Rlb
TMyXE1GQzQydS5ETEwNCj4gQzpcV0lORE9XU1xzeXN0ZW0zMlxPTEVQ
Uk8zMi5ETEwNCj4gQzpcV0lORE9XU1xzeX