windows 7 recovery attack

T

trophywifex3

New member
I've been the victim of a windows 7 recovery attack. I've ran a few spyware and malware programs and it hasn't gotten rid of it.

.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by 1 at 19:51:32 on 2011-06-11
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.491 [GMT -5:00]
.
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.8.0.5\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.8.0.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [LvKhfngL2zcAppData\Local\Temp\3038774161.exe] c:\users\1\appdata\local\temp\3038774161.exe
uRun: [LvKhfngruf] c:\users\1\appdata\local\temp\wininst.exe
uRun: [LvKhfngM20cAppData\Local\Temp\1639674059.exe] c:\users\1\appdata\local\temp\1639674059.exe
uRun: [LvKhfngL00cAppData\Local\Temp\1238080955.exe] c:\users\1\appdata\local\temp\1238080955.exe
uRun: [LvKhfngN11cAppData\Local\Temp\1948725628.exe] c:\users\1\appdata\local\temp\1948725628.exe
uRun: [LvKhfngL1zcAppData\Local\Temp\1076372940.exe] c:\users\1\appdata\local\temp\1076372940.exe
uRun: [LvKhfngL10cAppData\Local\Temp\1089320963.exe] c:\users\1\appdata\local\temp\1089320963.exe
uRun: [LvKhfngMx1cAppData\Local\Temp\1642004486.exe] c:\users\1\appdata\local\temp\1642004486.exe
uRun: [LvKhfngM02cAppData\Local\Temp\2347073984.exe] c:\users\1\appdata\local\temp\2347073984.exe
uRun: [LvKhfngMz1cAppData\Local\Temp\2533446593.exe] c:\users\1\appdata\local\temp\2533446593.exe
uRun: [LvKhfngM1zcAppData\Local\Temp\3150795370.exe] c:\users\1\appdata\local\temp\3150795370.exe
uRun: [LvKhfngN01cAppData\Local\Temp\3822863179.exe] c:\users\1\appdata\local\temp\3822863179.exe
uRun: [LvKhfngM1ycAppData\Local\Temp\2590940263.exe] c:\users\1\appdata\local\temp\2590940263.exe
uRun: [LvKhfngM21cAppData\Local\Temp\2397819452.exe] c:\users\1\appdata\local\temp\2397819452.exe
uRun: [LvKhfngN0P\AppData\Local\Temp\4616901.exe] c:\users\1\appdata\local\temp\4616901.exe
uRun: [LvKhfngNz2cAppData\Local\Temp\1731908594.exe] c:\users\1\appdata\local\temp\1731908594.exe
uRun: [LvKhfngN00cAppData\Local\Temp\1737368604.exe] c:\users\1\appdata\local\temp\1737368604.exe
uRun: [LvKhfngM3xcAppData\Local\Temp\2497490070.exe] c:\users\1\appdata\local\temp\2497490070.exe
uRun: [LvKhfngM20cAppData\Local\Temp\1683684903.exe] c:\users\1\appdata\local\temp\1683684903.exe
uRun: [LvKhfngM33cAppData\Local\Temp\4039897966.exe] c:\users\1\appdata\local\temp\4039897966.exe
uRun: [LvKhfngM0ycAppData\Local\Temp\3316731109.exe] c:\users\1\appdata\local\temp\3316731109.exe
uRun: [LvKhfngL02cAppData\Local\Temp\1146275497.exe] c:\users\1\appdata\local\temp\1146275497.exe
uRun: [LvKhfngL10cAppData\Local\Temp\1138903482.exe] c:\users\1\appdata\local\temp\1138903482.exe
uRun: [LvKhfngM20cAppData\Local\Temp\4148679361.exe] c:\users\1\appdata\local\temp\4148679361.exe
uRun: [LvKhfngN21cAppData\Local\Temp\1855773980.exe] c:\users\1\appdata\local\temp\1855773980.exe
uRun: [LvKhfngMy0cAppData\Local\Temp\2316319235.exe] c:\users\1\appdata\local\temp\2316319235.exe
uRun: [LvKhfnglb1\AppData\Local\Temp\debug.exe] c:\users\1\appdata\local\temp\debug.exe
uRun: [LvKhfngL31cAppData\Local\Temp\3058797419.exe] c:\users\1\appdata\local\temp\3058797419.exe
uRun: [LvKhfngMz0cAppData\Local\Temp\3319404175.exe] c:\users\1\appdata\local\temp\3319404175.exe
uRun: [LvKhfngN03cAppData\Local\Temp\2704679865.exe] c:\users\1\appdata\local\temp\2704679865.exe
uRun: [LvKhfngN11cAppData\Local\Temp\2923690785.exe] c:\users\1\appdata\local\temp\2923690785.exe
uRun: [LvKhfngN12cAppData\Local\Temp\2743886876.exe] c:\users\1\appdata\local\temp\2743886876.exe
uRun: [LvKhfngO22cAppData\Local\Temp\3938978925.exe] c:\users\1\appdata\local\temp\3938978925.exe
uRun: [LvKhfngLzycAppData\Local\Temp\1151633024.exe] c:\users\1\appdata\local\temp\1151633024.exe
uRun: [LvKhfngM11cAppData\Local\Temp\3259609247.exe] c:\users\1\appdata\local\temp\3259609247.exe
uRun: [LvKhfngM01cAppData\Local\Temp\1331579470.exe] c:\users\1\appdata\local\temp\1331579470.exe
uRun: [LvKhfngoe1\AppData\Local\Temp\avp.exe] c:\users\1\appdata\local\temp\avp.exe
uRun: [LvKhfngre1\AppData\Local\Temp\win.exe] c:\users\1\appdata\local\temp\win.exe
uRun: [LvKhfngsfP] c:\users\1\appdata\local\temp\nvsvc32.exe
uRun: [LvKhfngN0P0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3] c:\users\1\appdata\local\temp\4616901.exe
uRun: [LvKhfnguuc] c:\users\1\appdata\local\temp\system.exe
uRun: [LvKhfngoA] c:\users\1\appdata\local\temp\avp32.exe
uRun: [LvKhfngl/] c:\users\1\appdata\local\temp\gdi32.exe
uRun: [LvKhfngpb] c:\users\1\appdata\local\temp\login.exe
uRun: [LvKhfngmve] c:\users\1\appdata\local\temp\hexdump.exe
uRun: [LvKhfngob] c:\users\1\appdata\local\temp\drweb.exe
uRun: [LvKhfngupf] c:\users\1\appdata\local\temp\sysedit.exe
uRun: [LvKhfngnb] c:\users\1\appdata\local\temp\cmd.exe
uRun: [LvKhfngre] c:\users\1\appdata\local\temp\smss.exe
uRun: [LvKhfngrvg] c:\users\1\appdata\local\temp\spoolsv.exe
uRun: [LvKhfngrA] c:\users\1\appdata\local\temp\win32.exe
uRun: [LvKhfngmtd] c:\users\1\appdata\local\temp\iexplarer.exe
uRun: [LvKhfngtrf] c:\users\1\appdata\local\temp\svchost.exe
uRun: [LvKhfngoh] c:\users\1\appdata\local\temp\csrss.exe
uRun: [LvKhfngosf] c:\users\1\appdata\local\temp\taskmgr.exe
uRun: [LvKhfngpta] c:\users\1\appdata\local\temp\services.exe
uRun: [LvKhfngqd] c:\users\1\appdata\local\temp\lsass.exe
uRun: [LvKhfngne] c:\users\1\appdata\local\temp\mdm.exe
uRun: [LvKhfngoe] c:\users\1\appdata\local\temp\avp.exe
uRun: [LvKhfngrsc] c:\users\1\appdata\local\temp\winlogon.exe
uRun: [LvKhfngta] c:\users\1\appdata\local\temp\user.exe
uRun: [LvKhfnglb] c:\users\1\appdata\local\temp\debug.exe
uRun: [LvKhfngrrc] c:\users\1\appdata\local\temp\winamp.exe
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA} : DhcpNameServer = 68.87.68.166 68.87.74.166
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA}\65562796A7F6E602D496649623230303023464639302355636572756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{745DF5CC-55B3-45B7-8752-CBCDCD3353FA}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D23942A1-F9C1-42D7-9737-C3D0AB5C90A6} : DhcpNameServer = 100.100.0.101
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\mif5ba~1\office12\GRA32A~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1108000.005\symds.sys [2010-9-24 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1108000.005\symefa.sys [2010-9-24 173104]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-24 277536]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100810.004\BHDrvx86.sys [2010-8-9 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1108000.005\cchpx86.sys [2010-9-24 501888]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100906.001\IDSvix86.sys [2010-9-6 344112]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1108000.005\ironx86.sys [2010-9-24 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1108000.005\symtdiv.sys [2010-9-24 339504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.8.0.5\ccsvchst.exe [2010-9-24 126392]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-12-2 483688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-8-13 102448]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 135664]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-5-24 24064]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-5-24 189984]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-12-2 209768]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-5-24 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
.
=============== Created Last 30 ================
.
2011-06-10 22:37:41 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{80ad4c53-d58b-4fb2-ae4f-1f434f82da2a}\mpengine.dll
2011-06-05 03:03:17 -------- d-----w- c:\program files\Coupons
2011-05-24 22:45:31 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-24 01:19:26 -------- d-----w- c:\users\1\appdata\roaming\UAs
2011-05-24 00:18:23 112 ----a-w- c:\users\1\appdata\roaming\srvblck2.tmp
2011-05-24 00:18:16 -------- d-----w- c:\users\1\appdata\roaming\xmldm
2011-05-24 00:18:12 -------- d-----w- c:\users\1\appdata\roaming\kock
.
==================== Find3M ====================
.
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 19:54:03.83 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 8/9/2010 11:53:27 AM
System Uptime: 6/11/2011 7:42:18 PM (0 hours ago)
.
Motherboard: TOSHIBA | | PAV10 DDR2
Processor: Intel(R) Atom(TM) CPU N455 @ 1.66GHz | U2E1 | 1662/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 193.691 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Symantec Vista Network Dispatch Driver
Device ID: ROOT\LEGACY_SYMTDIV\0000
Manufacturer:
Name: Symantec Vista Network Dispatch Driver
PNP Device ID: ROOT\LEGACY_SYMTDIV\0000
Service: SYMTDIv
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP98: 4/14/2011 7:37:09 PM - Windows Update
RP99: 4/15/2011 9:06:21 PM - Windows Update
RP100: 4/19/2011 9:09:45 PM - Windows Update
RP101: 4/22/2011 8:09:16 PM - Windows Update
RP102: 4/26/2011 5:35:43 PM - Windows Update
RP103: 4/29/2011 10:37:49 PM - Windows Update
RP104: 5/4/2011 6:22:58 PM - Windows Update
RP105: 5/5/2011 9:22:41 PM - Windows Update
RP106: 5/6/2011 10:35:15 PM - Windows Update
RP107: 5/10/2011 8:57:26 PM - Windows Update
RP108: 5/13/2011 3:44:23 PM - Windows Update
RP109: 5/17/2011 8:53:27 PM - Windows Update
RP110: 5/22/2011 8:31:02 PM - Windows Update
RP111: 5/22/2011 8:33:41 PM - Windows Update
RP112: 5/24/2011 3:10:58 PM - Windows Update
RP113: 5/24/2011 10:35:36 PM - Windows Update
RP114: 5/27/2011 10:56:17 PM - Windows Update
RP115: 5/31/2011 9:24:42 PM - Windows Update
RP116: 6/3/2011 10:23:00 PM - Windows Update
RP117: 6/6/2011 8:51:45 PM - Restore Operation
RP118: 6/6/2011 9:23:04 PM - Windows Update
RP119: 6/7/2011 10:44:40 PM - Windows Update
RP120: 6/10/2011 7:48:49 AM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3
Atheros Driver Installation Program
Best Buy Software Installer
Compatibility Pack for the 2007 Office system
ERUNT 1.1j
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Office (KB975927)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java(TM) 6 Update 14
Junk Mail filter update
Malwarebytes' Anti-Malware
MDL Chime/Chime Pro for Internet Explorer
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSVCRT
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Respondus LockDown Browser
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Skype Toolbars
Skype™ 4.2
SUPERAntiSpyware
Synaptics Pointing Device Driver
TOSHIBA Application and Driver Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft Office Word 2007 (KB974631)
Utility Common Driver
Virtual Families
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/7/2011 10:29:25 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/6/2011 9:20:48 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/6/2011 9:18:59 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/6/2011 8:40:24 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
6/6/2011 8:40:24 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
6/5/2011 9:18:08 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{745DF5CC-55B3-45B7-8752-CBCDCD3353FA} because another computer on the network has the same name. The server could not start.
6/5/2011 9:18:08 PM, Error: NetBT [4321] - The name "1-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
6/5/2011 9:17:53 PM, Error: NetBT [4321] - The name "1-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.101 did not allow the name to be claimed by this computer.
6/11/2011 7:48:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/11/2011 7:48:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/11/2011 7:43:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/11/2011 7:43:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/11/2011 7:42:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/11/2011 7:42:55 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:42:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/11/2011 7:42:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 ccHP cdrom discache eeCtrl IDSVix86 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
6/11/2011 7:42:44 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
6/11/2011 7:41:51 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.
6/11/2011 7:41:41 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
6/11/2011 7:41:40 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/11/2011 7:41:40 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
6/11/2011 7:41:40 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
6/11/2011 7:41:40 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
6/11/2011 7:41:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/10/2011 9:54:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/10/2011 8:28:26 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
6/10/2011 7:50:30 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
6/10/2011 5:24:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/10/2011 10:01:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
.
==== End Of File ===========================
 
Hi trophywifex3,

You have a backdoor on your machine. You really shouldnt be using it until its clean. It also should have no networking capability, if your not sure how to stop connectivity then I would just power it off. Post back if you still need help.
 
Ok. We will get a download to use. Its called combofix. There is a guide to read first. Read through the guide then apply the directions on your own machine.

Guide
 
Yes, its fine. I would chose safe mode with networking so combofix can install the recovery console and update if needed.
 
combo fix log

ComboFix 11-06-22.02 - 1 06/22/2011 19:41:59.1.2 - x86 NETWORK
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.671 [GMT -5:00]
Running from: c:\users\1\Desktop\ComboFix.exe
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\1\AppData\Local\{ECCBCE07-1402-4DEB-9B8E-FB38A930A1BB}
c:\users\1\AppData\Local\{ECCBCE07-1402-4DEB-9B8E-FB38A930A1BB}\chrome.manifest
c:\users\1\AppData\Local\{ECCBCE07-1402-4DEB-9B8E-FB38A930A1BB}\chrome\content\_cfg.js
c:\users\1\AppData\Local\{ECCBCE07-1402-4DEB-9B8E-FB38A930A1BB}\chrome\content\overlay.xul
c:\users\1\AppData\Local\{ECCBCE07-1402-4DEB-9B8E-FB38A930A1BB}\install.rdf
c:\users\1\AppData\Roaming\install
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 00:59 . 2011-06-23 01:00 -------- d-----w- c:\users\1\AppData\Local\temp
2011-06-23 00:59 . 2011-06-23 00:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-22 04:30 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EC8E69-64C7-4CA8-9BC1-CB3CCD42747F}\mpengine.dll
2011-06-22 03:55 . 2011-06-23 00:38 -------- d-----w- C:\32788R22FWJFW
2011-06-12 00:49 . 2011-06-12 00:49 -------- d-----w- c:\program files\ERUNT
2011-06-05 03:03 . 2011-06-10 13:07 -------- d-----w- c:\program files\Coupons
2011-05-24 22:45 . 2011-05-25 03:37 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-24 01:19 . 2011-05-24 01:54 -------- d-----w- c:\users\1\AppData\Roaming\UAs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2010-08-09 17:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 00:18 . 2011-05-24 00:18 112 ----a-w- c:\users\1\AppData\Roaming\srvblck2.tmp
2011-04-26 22:33 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-26 22:32 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 06:13 . 2011-05-11 02:22 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 02:22 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-20 11:08 . 2010-09-22 02:55 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-26 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 550760]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 195944]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 21864]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-LvKhfngL2zcAppData\Local\Temp\3038774161.exe - c:\users\1\AppData\Local\Temp\3038774161.exe
HKCU-Run-LvKhfngM20cAppData\Local\Temp\1639674059.exe - c:\users\1\AppData\Local\Temp\1639674059.exe
HKCU-Run-LvKhfngL00cAppData\Local\Temp\1238080955.exe - c:\users\1\AppData\Local\Temp\1238080955.exe
HKCU-Run-LvKhfngN11cAppData\Local\Temp\1948725628.exe - c:\users\1\AppData\Local\Temp\1948725628.exe
HKCU-Run-LvKhfngL1zcAppData\Local\Temp\1076372940.exe - c:\users\1\AppData\Local\Temp\1076372940.exe
HKCU-Run-LvKhfngL10cAppData\Local\Temp\1089320963.exe - c:\users\1\AppData\Local\Temp\1089320963.exe
HKCU-Run-LvKhfngMx1cAppData\Local\Temp\1642004486.exe - c:\users\1\AppData\Local\Temp\1642004486.exe
HKCU-Run-LvKhfngM02cAppData\Local\Temp\2347073984.exe - c:\users\1\AppData\Local\Temp\2347073984.exe
HKCU-Run-LvKhfngMz1cAppData\Local\Temp\2533446593.exe - c:\users\1\AppData\Local\Temp\2533446593.exe
HKCU-Run-LvKhfngM1zcAppData\Local\Temp\3150795370.exe - c:\users\1\AppData\Local\Temp\3150795370.exe
HKCU-Run-LvKhfngN01cAppData\Local\Temp\3822863179.exe - c:\users\1\AppData\Local\Temp\3822863179.exe
HKCU-Run-LvKhfngM1ycAppData\Local\Temp\2590940263.exe - c:\users\1\AppData\Local\Temp\2590940263.exe
HKCU-Run-LvKhfngM21cAppData\Local\Temp\2397819452.exe - c:\users\1\AppData\Local\Temp\2397819452.exe
HKCU-Run-LvKhfngN0P\AppData\Local\Temp\4616901.exe - c:\users\1\AppData\Local\Temp\4616901.exe
HKCU-Run-LvKhfngNz2cAppData\Local\Temp\1731908594.exe - c:\users\1\AppData\Local\Temp\1731908594.exe
HKCU-Run-LvKhfngN00cAppData\Local\Temp\1737368604.exe - c:\users\1\AppData\Local\Temp\1737368604.exe
HKCU-Run-LvKhfngM3xcAppData\Local\Temp\2497490070.exe - c:\users\1\AppData\Local\Temp\2497490070.exe
HKCU-Run-LvKhfngM20cAppData\Local\Temp\1683684903.exe - c:\users\1\AppData\Local\Temp\1683684903.exe
HKCU-Run-LvKhfngM33cAppData\Local\Temp\4039897966.exe - c:\users\1\AppData\Local\Temp\4039897966.exe
HKCU-Run-LvKhfngM0ycAppData\Local\Temp\3316731109.exe - c:\users\1\AppData\Local\Temp\3316731109.exe
HKCU-Run-LvKhfngL02cAppData\Local\Temp\1146275497.exe - c:\users\1\AppData\Local\Temp\1146275497.exe
HKCU-Run-LvKhfngL10cAppData\Local\Temp\1138903482.exe - c:\users\1\AppData\Local\Temp\1138903482.exe
HKCU-Run-KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw - c:\users\1\AppData\Local\Temp\2533446593.exe
HKCU-Run-VUIYMYAvWqM2ephjUZk3qhABAQA7 - c:\users\1\AppData\Local\Temp\wininst.exe
HKCU-Run-LvKhfngM20cAppData\Local\Temp\4148679361.exe - c:\users\1\AppData\Local\Temp\4148679361.exe
HKCU-Run-LvKhfngN21cAppData\Local\Temp\1855773980.exe - c:\users\1\AppData\Local\Temp\1855773980.exe
HKCU-Run-LvKhfngMy0cAppData\Local\Temp\2316319235.exe - c:\users\1\AppData\Local\Temp\2316319235.exe
HKCU-Run-LvKhfnglb1\AppData\Local\Temp\debug.exe - c:\users\1\AppData\Local\Temp\debug.exe
HKCU-Run-LvKhfngL31cAppData\Local\Temp\3058797419.exe - c:\users\1\AppData\Local\Temp\3058797419.exe
HKCU-Run-LvKhfngMz0cAppData\Local\Temp\3319404175.exe - c:\users\1\AppData\Local\Temp\3319404175.exe
HKCU-Run-LvKhfngN03cAppData\Local\Temp\2704679865.exe - c:\users\1\AppData\Local\Temp\2704679865.exe
HKCU-Run-LvKhfngN11cAppData\Local\Temp\2923690785.exe - c:\users\1\AppData\Local\Temp\2923690785.exe
HKCU-Run-LvKhfngN12cAppData\Local\Temp\2743886876.exe - c:\users\1\AppData\Local\Temp\2743886876.exe
HKCU-Run-LvKhfngO22cAppData\Local\Temp\3938978925.exe - c:\users\1\AppData\Local\Temp\3938978925.exe
HKCU-Run-LvKhfngLzycAppData\Local\Temp\1151633024.exe - c:\users\1\AppData\Local\Temp\1151633024.exe
HKCU-Run-LvKhfngM11cAppData\Local\Temp\3259609247.exe - c:\users\1\AppData\Local\Temp\3259609247.exe
HKCU-Run-LvKhfngM01cAppData\Local\Temp\1331579470.exe - c:\users\1\AppData\Local\Temp\1331579470.exe
HKCU-Run-LvKhfngoe1\AppData\Local\Temp\avp.exe - c:\users\1\AppData\Local\Temp\avp.exe
HKCU-Run-Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7== - c:\users\1\AppData\Local\Temp\2590940263.exe
HKCU-Run-kRdPgad5WhKA2nV3kWpG2BABAQA7 - c:\users\1\AppData\Local\Temp\user.exe
HKCU-Run-LvKhfngre1\AppData\Local\Temp\win.exe - c:\users\1\AppData\Local\Temp\win.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LvKhfngMz1cft.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECFmikixoTJiyjJqVFavosePIAsqC0lxZMJJJPeZTFkQWkaM
MDdqxHiR5b6OAldKzPmwnk6bBSdlmmgQ2j5imZAORYoRIhqhaMQ8nToJTVSg0HAWJHpR5kaaM3+u
zKrTpEkxaI0aRPlTJcGhBDNWnStQbcSMSzNdTKq0b9KpmeZaFTyYqlSqB+GiBRq36VuHfpG+/CoT
rNTFA01qJeq26KTPaAI/zeRzoU5oSvPyFS1VcFWqVW12XIpyHxqRLFcm1Q1SddK/aKMSU8nRa9fj
XfcJFkPX9iQxeq0+zRg16nPY1pmv5swwqUDuvffB/yUoxuNKrQt3z+7s8XlVqQaZDs3UurWbuVUD
Iye+f/J500vZ9VBtyhGEXkOofTaRZgJdBZIyBEK2IHgIQSgddMwV5pp0rtEXmFBC4bTbUHjJJxlC
xIBlHFg0UTSebQQJONCBKqWWmUHlfaRTJrd1Vg80y201HGtzZVjde88xpCBoPEpE40CqpZjJJ5FN
VA+FOVGnoopdOSZQhA69yBOO3+0mkkYKoceZWuhxCNhwdXVUHXMJPSWUVIFheVODGb7WI5TsPfTb
b0j5pMxQYE4SlpffDUQTixdJ1qVZDc02H5xePZnQSmBCpgxzYhj12XehMfnUWnP6Wd5UBHW6p5dq
mf8kVJlKxcVdcZPmeJClBk0Ep0IuHffocENemhF/Hx0WVIQykgefXsRMBViGGG7YnHM3NDJncLq6
kZCVvaqmEDGoXVSuXX8ixJ1aPYoVJrkjDccRagZpqtB5r4HqYFwDmXrngsRcFxValw28Lbe6KilQ
Rz/pteeH3sUl7EtQ3gphS2+B2+pjxI2rV0aGrrQvYzjSR/DJBM9p3Q2XRewinn3+ySmWRqV2a0wc
pSfer5MIqKZBI4HZItBeJZQwbgXZ6yzLKUvFsm0Tvcbjn78KVHXVJNFHVWjQBUbrfJMySpxPze5T
nojR6lXajGJuzNOxWU62aUFHP9TWQ7qCR8wNN8T/wHK63LkM1EgTgY0RiMkpY9RIx969D7uAk7Zn
ljsjXWDcG7V90E83pJv0QWVTlDCBmfQdg98d5RuaSMMZhZNdod8LYZfiOezWSE9lWOHCAuWIaFZ2
uaz45hkFW2KKPdHN75iP15tSukAuGIMYpjN/VHBP1Yz1UcVhNKiCK4tB8cWHImXgUj8VeaEyPeY5
HMMwsncoVzLN1khVVWflkE71eC4eWqPiXaAEOMBNDWUFN+Cfok7ntxisJGXcEZj5BMLAGBjAghW0
4ApiAIAbAMCBGcuLlLYyK4UM6ja4iw0afgQ/jXSEGAxjGBo4CIAP1vAGcKJXQvRHEDTcYEb9smDf
//Rkm9MRMTFiYCDL2NJDv3EBdQcRH7e2Qh8MVvCDHOyb6Rjolg/dZCSLu5KJ5EMa4E0CKUysR2kY
Z7bi8Md3l/oODQFggBpycAUy21WMBvJDhMyQgXULYgz8p5BJNLBvF2zL6UzXFsbBq2NsVMYNkBSa
+UBLKAwUyngywSZgcYVQJJJPZkA2vLccDjH/s+ENfMIUNHTQUQQ0EHmASLcK4rBsf2RiQwx5gycm
8Wk3cmLffrUSwjGMQmhBilVm9B5o/BEA0AnK8g4ilAl+5yJiuA+5BmUiEdZlczSUF5SGkzeMBQoz
exwI9aZ3QV0J6I9H7FUD5znIViWRgQs6FGzEA/+oWB6FGCn7G0BvgEDrTM5/ukFUo+YFUA5aUXxQ
0mSxqsSU3tWwoouzGmdMEjpoHO1u98wEA0dyoHu66luLXCQXhtk4LfYtkF9CVJ5mqkkeQSswrXRo
y6wiFYCacj5flElOEFlBA2wQOtHiGPH2QscYcNNhJvEOeHKWE20lRCumA1Lf/qSVdcZzK/f8JSDJ
E4MnOpWQA9GhRhNSrD86VZ2X6RrYivY4nJCLGAxcAbeIKpXi7KY4ZHHj4w7FQaH9pnz8/NXrzAaf
hphuOAxcrEAIikOJZBAtDeQM3xo4nJM2aivq8pUSf9Q4FpKyHgSrSiN4Qq4r0eeC9czMPWGLhu3/
EY2CNbxbxPQ3Hp00diFqGSmELug/Rn6TIQP1Gw61eLqzpLR9irqRiPjDERKVCA0joV71rBayyyWE
abmr7R9XICPCxWCDACjcrMqrGzHUsHkHsWaNfGuRL+5jpBQ8nUFOZwAGMUQZKZVigHtnut/yc1dY
+g167gmAmjLPcxlVzcBMdsFJpgt3SlyW5OD2pX14kLw7PMqCfiTiZfKLrgSBbV1Myp4GOg4h0Jje
SKMi48pi1m/l4dS33lKbwDEQrZ217/zk+xgsoqw6q+UbAGwrnov1y6IA+EnZzMcRq6iRcWtjCBeH
ql+CMJDJCKnHIR0ovpT+cBIGWOfRoteWqLVN/1Gh+TFjN2eUpYyLn0lMM924lsQOjoxyyhFNTjKx
gigvzHV0VubaBPffLXNEzV1iYOwQYkuf8vJ0VZFxbCf3WYLId6Y1umcC1blQ8RDIMU+C0GtjQORT
XS8G72EahyOqmDp2Cldoso0YJhjVr+bExRoRqZ65HIOIxLiXwzSbRwNsOmBSM6ZEcZ9BZvhBk9SK
pE/+Zq5BW0RWR3BBMP7UyaLCmTzd0FAF7F1Uet2xA19VPJKenN9WMDwAd1lpBVnpIidym72dbp1O
LPY0A10mlNiWGFisJKNCle3bqlNeIT1wHkWiqYFBh4U09GzvzJbu0hSqMccRKTRFgkCBS3LkEf9h
Lqs93DuAj/m43ykhmAI3lAZO/IGA4iGnabI6q7XzSxFy19hcwh7uUG8FF1RoXDDbIzAr7lFwC6NI
nb3i0xFrkaLT9ER0pURNCzzmFHL1zpTu3uZuBkerutFBVsidH8dGYgwly1oIvt8avidP2FXUBdW+
R5hUTCvW/nd8BC9S6lGk2bCOH7x7eUgxpI6IqYETZ34JYiGVbCEyO9YML9gzxs2r3X7UXGZq2OAU
PoWG0+s0p2NkbbUunpBaRIrgI0I9ffdIV2Kt4FBQhpY4qt68RvwWeFxlFDohLc8I3PWPMtEIoVes
O6T/YBLdC4BC8xtDCVuPAIdnTZG7SqSDzIT/UdGqEIADU1f2fukgozpkxh5MfNll8MQJyB2eEhCM
8lobSqqCQKRjkI6e9RlgoikAZlQ1VEd0hFC2UR3YdSYLQzhb1zeuYm81BlOFNGAsByVLdFNEBjrN
QxTN1jRowTQv9VLUgxFk8yPbozhoUhuSlFeZhDT7x3fW8x1S8WMao1Q8kSGKgxKAF3N+c1KGNE8a
50d9s1K3N059UV8/cSWGBFt8s0FWNIX6lRVxBX/1I2450j5K4UN8oyhtMSveIkuPAxq58xlbSH5W
wzv8MxA8NRg5Yzp68oL4RBF41UDl4SEdaBoLsUUZxF8ZhEUqQnRi52nXhzAW9xwpIytEURsa/5I7
BZE9G7c503Qek7ZMYUWDZjNPX9UwONY1k2gRLxYUSsQyTDNuh5EfTEFGoGRJZBQZ85MXnzIJf4Mw
TVMd6lRCGTg5ZTEm5AJ6aaISu/d2dSeB+6MUunhYUWJJy2gzl+KKrugXnyARnNEXPJMZAhI0DfIh
DehdRmMd2HWK3DIwxAMnODGKu0NlQENi93IiC2GBduMTrKQTtQURarFrNiJf7QIh1mIgYyiMmthD
0RSKUcR7UUF0DiFZaRUvvkYym2Icd4M1G7UQosQx2KE73xJdXYQsa0cXxZcesVgl0PiMg0JERKeO
tEQRmpKNEGk3veJZ8wEVbtgyr7GNSUElT//1VFJiPmKUk2gEVPXgF9BYK+kEZipJOfmTGzMRlLPm
EVgiks+4k7JojdaVHrdSQGBEHHhCIAz3EDr3EVrxJAhpHv6xbYwBZn+BH9fSEI7XHZtTRp83Oczh
ZOiYTqxEMo4DN/gWMjXhkDWYlcoxGNpROB5oGkVoamGGbf4EI2xUKULml8DCjpDpPO8oHKJRTdwm
FKOoExjhOQcieoPlbg90G6EBP9wDLMclTgWEbyAhmZM5TUfSJ7shX2qBaOWWkpR4UkFTGz/YYUNC
Hj2iS2XBYTRimgP3mm+DnGajNRFCKDV4Eg1Hhj0kZf0EnR/ohg1XTJzGYY3pbsopnatHMizXFB9L
qIMCRCOcQYxp9U0uiCC9sob/s4XtCWPnyJ3pZk7fqZx5URQBmU7V+SWIJkCBhB6AeSB5hE5sMWnT
5BiSB5r5+Zqo4aBsCGPgSRRqQSA4NzfgqY1plTAXtpicpiZiMygExJrJ86AVUTVN6BCFaIFq0U31
5yz9gqHPuUMEKjY78wkmShIK+qCAmRKN6JOyGGbu5iC4E5A9OiYsiaJM6qPlQ6If0SOodZx6ZBpt
KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw"="c:\\Users\\1\\AppData\\Local\\Temp\\2533446593.exe"
"LvKhfngrufr.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLIhGzKRMYjIp25gwE8mTDEeiRKhM5UqC
k9BMEoMGzcCYNhPWy8STGM+fQIP+NGjypVGFLve1TEqRGFOBTyPSxClGILSCHtH05Plxa8+MPI++
VFlv4EiXLQnWW5rWoUhiA8tC1amUoLKYM0FGhVlzkti4Aov+pXh2r0FlcgU63cuWZVurkNVG7guy
I8GrBKvO3Scm5MGyiVeaDD2YsFKfynyiqYfZbCa/Zg1/Xkp3X2WQM2G3hnlQM+7NBnfbHb6P9MLX
pU9CS+w0EzGfTuvug4Y2qfPhykQelBmyO+yHgjnS/0wu+fRh8hbLXs3esuZAp2udPo890DlcpSPx
ytTPMLxclTIZJJNNmmUkG2AEhYdeQ2gRZ1tZk4wkV01VUYdfYKk9hxoxaLCXV0RXITcQZvX0lRl3
mZ1XHHATGVfffWNBx5NlF0H4mku7ISZQgJtNglMmWj1mVm1D2sZSYDQlmVCBRfLlokLCWbXTdAhB
8x1S2ckoI0I0WXYgR1wVlBqLZ4W0n4XvSSfkPs1pKdJVocFlXFk8NcJjR50ZxKSAH7W4WWKjFQQn
jwc5ZyiME8W053Af+XieSnnFhFtO/ylmFly0RUclVIiyuaGhYg6EIpd57kNgcZj5SGiUFIlY0IQL
4v95XaOuClSWmYjVlNOKTdalTEdpKQgVYqS9RRRs7Mk3FUOYiXHDTKbaFpOKEiUFzXUjJkajUYYB
KYYbnu2jn6Q2QdOpoEiJ2+FCaT3WUlHm3iBeTSaxJ5Jz2SV0VZKLRpRYa0t1GtqVR7G2lrqv+aiq
ogY9yZ5DZUmojGYOF4ZfatjuuC3BBrWJL4fIBahkeogRs1xYl4m660LqWaTffquxetBjPomxQgwI
vjpitMN2hNlTaxbW0ZV9PvSRTKm1RIwYSnPWWb8ssqn0bsLyVlDVkTnE3YDLLrTcbp2tC1UMNwAQ
gwESnucf0PkVuZOcKlW22nRtrWzrQddqRW1O9yr/7dy6rL1HW5OCPWW3QBw3bGtHXOvqF1fhfWnr
1xd3BlIMmMfAZJQKGmby5mKQLYa5A0qdmI5rcuQor6SiG9jbGMtWdG+Js4lQaJTlxB3G557uUNKb
oYE5ADfE8FTLliIus0tPC7RC2WIAIMZiRRa92OCmrs6ms8NjTpNLQEonOG1J4puxkXcDlhOcm2EN
MMbdhS462aby615CSd0VugGdyn/D8x5RSVSKYpL7RCUpHTHAzQyQuRjwRCU+6RjvWhI425wtcwwE
AANX4JIOCRB7BgFXqa4CI6bcDyFYq1QmiucjkcSNbLUb2tMOtxOzbTA8mbgg5kZipfGgsHYH4ZBM
/zBXtguazXuTcAOoNiUT53yCGMjKYQzMdkTiXbBwjQBhQzryk+w8jSZ6OZSh7PMVheykQpK5gbOA
KKCweSRezyMbzgbyv8zl5DkmGRlzEiQZlVRlXcRgYAOJaEPvnUVcXQHZR7JEjP8J0nudmWIMIhQw
NEAROjISo5vu48YbFC90WCPIucQXmKqhgQshCaXXlII5Be4QcRhcVHM4Q6Fh6QsnEXTK/m7WkeId
cXjPagleuoIXIKlGkmTTyiSWMxKarOVoTVSmVpRJrqO9ZkYtjCT3wqawAT0rLKEc0Ez2My6yPWtc
4kwnOl/jk+K1UnMxeafm0gmkYmYTWCGx012GBv8zRwFJh/IaSOiKCEPXKGQSj8TYGCloIftohlIK
QRlBeinHT2KFezc4X9RIKdDQsUaV6WKTFb1npSm6EyfjXNRQTMWh7N1vgDFYIA5nsj/EgeRCCBGe
JEeJFtb8SkvZ8cqWDkJEMXBBjfIq1cTmhz4HKaSRDkQciA42EGSeDaENjEqSKPQR6EiLa6zrqKlW
kEG5NCJ8NwmXXarjlEkU8gZNtBVZ9HSxkrBJjP8cqOZeWZ9PxsAmIE0IUuUCxAmaK6wCkd8gdQi1
eekHRiXa1q+mQ4zMedJkEjWVYEq11goKJHNkJWsrAzicsnhwKWsJWGZh0pkbcMGcmkOUXqdnO6f/
IlYxmssEZgIbm7fEzlka1GHmmqlGqCVsZROryT63WqBMCBIAN5vkjmbHF7awRlOJLSTmQpvBYJrE
hRObKFR8apwAVfRZAxVMIyMpr1AiT0zFC6hUU4KUxRrgiAYIidI86awdeQSFthmTuLY6EwzKcYqd
YdtSPCKftFxvqfj9pSALFBom+WZIS4FNDkOXYDVKdyRo+F/xvtsQ4UxCjbAxrb7M8qTPvjOOZ3ve
CgRTIh+ZiWn3EmWCwovIZR4xuvhFcL2UQpqr0KhdAjzxL5dsgEUG72qB4gt+nIXUTNSjonRsLW15
KybNyTcwt1OMzCa6WMv+sktITq3T8vWu5/yq/yu72t/Z3HlBGc8RO7jTzHzachaeiOG+lvVLBG3V
XHFli2dje61rP8s9qChac5aSDWlOfAO4FIiNkmPTI5+7XYDCiGBsCRh1Qh2fTPzSeBNzpyDFJiXA
LEdFqVNGFf+oFa/yTVTihQl/4aqUbeaHv1FtKoZ1dhcWTqfQOlLTU1qDmfXIE2c6pfPwmMZGxE1i
aZtTyiS650LbFRgA1sXYiuNGH7O8k0lJvPbEFGSTabHOtWTjgh+5Z2U630AuqoxSa4GnlLfoTYBm
zFnoopvfRkAjdNptZYRSZlpH6W0fxQ3JR4rHQAPgjoD1ePDFQj1BTMnJlmxCZr+mKeCbzGyv/f9F
Etmc42UfCltnVwvdlapC2FA3GD5jRhzFMberpQLz3IiT+K7uWB8XRi9zIwdO6kK1lByq8YE1A/QU
G2SeceJxWhSjkrPo/Z5418TDMYBRp1TJPbAZaYUjGSVlY9cmWqLh1HceG9lOLWJ2F0iRZI6xGtN2
kyi9Gksht+HN4E62pFEw1KaSiRvmg+jEfvLeI2r5XvceGM6xLlUotkuHPFI8jpanIDjZr4F39Bqt
DDS6mmNeYusTJIOgPrd+2XpdONZi4EBjyZkLrtl2ZqSz1OxCbPlOZd25p3gjNXS7wtqQCeJlrjxN
dPs5ZHA4si1R6VB6SmOLEPc0nr9Otz4FCeT/O8uW30M2b2bLJs0uyT/teqUNWawFveJrpjlQYsXL
RAw7+AHMK6d3pitp4RlJ4Vma91+ldE3xZFnodjQXQwyfEBNNc00dYxd/FlMIpkNWpnXn51RUJSYY
QytqEx2V0niZ4S3xBXmZ4VeyZyuhpCC1p19H4l+WBDmJI1w4w4BXAmLf0RMBkyHi9ior1D0NBAC7
0ixaphh0ki+/kxR+sXSrxyUexllxM1DcszKqFB6s4kdRoTDaxmX1ID8MRChXUmM3UW2nkSy+RQxu
gEy/JBt/FWKAoiVPBX4GFBU9ZxCwoSvhNz+px0cHxRAH01yNUhM/E1LvkXl+6F9WQV3HMX1J/xOE
N8BAjWUXX3hwPmQS1CFGOxNU2DUsTCEGLbYy1QcSrqVGV4NYocFlBcI4HtGKU4EYaoQneDJDLpdr
tJQZe3IgamcXM4E28rEhnyBg+dNMTyMsZVRATiUkd0hX1GJLcpFx0zcRXNUqD8dRI1EvdnM4DRE5
ZiQbymAuJacnwlN9YNZn+KN6tmWGHTNmmZZ4mpFz5fERkzh76oKL0aiLh6U16PcZnmcSIdYZG6Jj
5/iET6KNERVm6UMcrAhmrpNTbkCAB3VTcaEVtZKQvJeICfkk7pY8oTIinbI6n/BFp4gUB9eRKeJ5
hfIQLjFOeLhiiVVPMJcQMiEcTAI5q3UYEP/kELsxLe34FGHBPBFnHkgBNYmRgwdpNORoNbeVG+zS
G4tSi/QlVxgJEdlhlClTEvYhWJZjkeLVGnKxGwapkz6xFU20GG6GQ4fBhVmDP1BBLwgyj4rjQoVz
GV+JKsUxV8CxkW4DYPdRkZuiGEkSUBV2kUSyURKxkxnSE2MpH08kUbWHKrDxHVHymJ8XGF2BLzrJ
jygpPlPyK6UTlpySWEniRybZK4ORKm7AiBKRE3dRJZR5lSXhE12lmq+yG1bSH5gJE9eUTkRxUXpI
GqTBFO34EKlCKBqRGl5pmng5EThSH8REYw1pnKcYFa0xO+lETYfzNGpUl58Bj35Sj1TZlPWI8B0u
8ZrNGBVTchyXGWXy15KZxkZXsU5FI5JiMZzeyJYx+BK7iJWGQjDu9kDJxnfmqTXkQopMkj9cuSDM
uZYMahFcxp9fESDJlh4WwR2lN0wKmqENYRzDiZCUxRXqqKHj0qEaSh4msxHxUXmEWaINSqIsihKe
VUIYMYAvWqM2ephjUZk3qhABAQA7"="c:\\Users\\1\\AppData\\Local\\Temp\\wininst.exe"
"LvKhfngM1ycnd.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGPdlmpSpo0ePHD1mHDlSDMmLyjDW6zgp5EaW
IGNudBlyksN6AlNG1HlyIk+BaBxmIgbN4k+FR5W9XFqTJRpiBU0ytFlxKbGOFH9y7AlR6sCjBq92
/KkTLMGgBs2ORGsQ5z6caIumbfqS49aeLXNybQiNqsR6Yt06pApWDOGvFdkq9EjMLsyNe/eBRQP5
oNqROHX6fSh4oMfOCtGAHtg36GjLCW02ddyR8tuDUNGIkX0zIty8qCOTJugVcVWRC9meRjNJbsKV
dZe+XJgpqpjnymY/JO76ITSsBY3rLiiYrfaRyxMq/9ZLcBKaRjBZNzfoVe3zTM/j7yuq1CL1luYP
Ut488PT2+QP1JtBs0h0EzWiX7eOSQUzJhN0+xDk0XnTxyWYSfwMRtZ5A/hWkTD3QQJWSMnKZZyJu
DKmVYG4LKWMTgZMUeJxAcn1nEEdiOWYXUJI1lB93vFloIULjCUSMMkc2hgaSyiiV5IdNHtgkQ+Ht
Y1hL8KFFoodIIbTiQLI1Ql2RnHGY01WsJdQRVG8pttJhBZn3nIU3EGgZWc2NKNl1PV6XST0Rengk
k4Q2mUmTTNrV5KCIEjRTlsUBCaZd9xH3EnGUxiikYa3VxdFT5m1IkFJ3PZTgoSwxOMlV8RE4248D
0v9Xz5Q67adjqFiaiF5IEFr66aVLUbYrrpdSatWiiEK5KLCYSiibeWRmpJyoBJ3WWVCOifGStjp6
RFld9xk7E6a1hsVcc2hEe9COBYk6lEQt+arYswR6Z+pBHR4kU1qjSqanni4dSVBRQ1U2qXCWwdnj
wAi9a1h/qlLrKINXQTxdjJpupC6L/FY0a07J/QkNlM9ZeSGsbK1po0YdPQwUhgPxd2iZBQdaHsxa
kQcmcPjKlq7PqbHLMkdzluoWiC2OOmuTs35MUAwxGEDgtGbhl8l4Yr12llgb/micTTxB5ZZc+UZH
4lXpKlgqQjhJDGFv777ts4C+pSUWca26KsYNxCD//eWMzu29gtRqBrxuXTEXLJDMvNp8WH0WS8rb
3qtqZKKB2WnkXJCaisGmZ7QdNQmSqK5J4aZ7P3eDbMblqy8AABjweVQGrGCWWR9t6FVyi99A7YYF
azrw2F76FuINdcZwA1VO0aj1jbxlCXRYXZfsb8Fcz07hbIfqdF18bitUZ4BR3wCWMlAL6DRDT8G0
sEnwiQE1ZRVrxKYy7WusOdIp9rc3FzeIgbbKczWTCMYtKZkbcWyEpCINJTrIE9gDw7cPYqxONAuL
mXwW9re9SSaAK6AbGmAnqtZlrkMh4ZqCAngDX+xHcRtCy6dw5jwisTB5Dbua3F4VFGLQRj+pmyCT
/wbEvYrBbFRzyqDlMrG6JErkOfUwAABioCXJrCCAMzmQEp/nPLOwBX6ZgJrvCHgVtGVocc+S2Gla
kj75jQ8x8aEUezBYLSPFSHXtatlzjOilEeHvPenJiZ3+EiAxGCAGAPDLJGrXHIHxqi2Rq2ECBxSU
MMbAJo35SAUDCMACWc9F3NoNh/QXP+WlTk5yEsNP9AeUqWmEdFPyWZ1WNRY21QktYwFThZ5DtNn4
B48YycQUDaATFtbwNRrjSIJGczkrBXB2RmLh/LimRwCFaiNsqo5klCfAAFqPRnurE1HK8xQk1UmV
65plneSiuzmZhHTwScljJDPIOsZvM38jEtRsR/+MwU3CLTZZ2dVYuZBBCjAG2qnH3rjJvDJ+BHxq
eyExeJi8OjUCi1+THwCNxKQj5WpvsxMLSGVTp6FAx5kiS4l60rLBJB2KGG54T0ZwcgMAsHCKKZGV
j+ATPqkEBX0C/AoauBnUdn3Ifh55D6WKmImLdtOCe8PJx5SHPGX26SyTuOWasuSqt4nhOyWtCcWQ
iAbzJWVO+XTIPg8pIApuUSPcQgtbLKU8XB50lgmBJsvAl6vm1OmWzozBA/HXRl1K5aueKyA6K6iT
vY2IlwK52h1Nwz8zcTRJ56TeSU8C1ENC061T4dSArKQ8VnGTb/w5ysyEppF0OeV/N+BCR7qZIeT/
yU9vuMwaXN8DuX3UiUlBpMpEzScoQx2JnYqNrGTgU9KMfEd+U8Sa60KTOI5ArZvXbU6kFrO2o8wJ
qt6kUEmH8tfnQAN+SNrKhhJ4y7vcMT8Q7N58fltBVI0IJzaKT1+4Ohu9VqQsvoXaFPnzCS5x6SgT
UuVpBfgnBfXLstoU2CufdKTUCVCVSgkgeph70KFIGHofumNcD/VGIkpFKbxVyPqiYyF3+u4y0wWS
W4QptagBwF1c1JlBfhiVMCZPgJZKmZNyV0ZYiiinI7IgAKmIJpnu46CAzIRcVDsi5mJYQarjiTLO
6aLh1i9pVirrbJ61opXx5clQU4qAwxYRuq3p/zlQi5E312SXrRSFGE/KKchEFBXkBTU+AeylbUsk
suT4JU9O3u1YcCJnsFnvwwlJyZziVl81UoQ+GllBUcUwxRjwRMoZ8vBWy6hKh355qAH8oPK890ok
6bZLYYstfTsi675YuMEE3Oqh3utb6HjUZ1iaj0yZSxA869g5N2jYdgFknchxWrCku8HgtPVAh1K3
eFCNgUCc6jk84w5XDbufhbVly9u6kcF1q6CGkPMRTSV7t2j04ZAsGNBRQfPTG0RIYKzj0CGH0aas
EfCh2UelaTaJm2m11czOmFU3juqgZU2ePGd1v3HiOUSubk78qJ26H2LKsVumG32+bCSvsjrcaf/N
MaeJW+yoXbFBa+ORZV460dJqThlcUF6kuQvfMLrRXcqLUTfj471VubrKN1Nskyad1I3sUmEFqd96
nJhjBoFWlE/TtL6Ut4JGTmk+NanzS4jxCWMTJIDa/iIWM0iWjiUuOqYsSJ2WLPFWek4nrSmoOF+1
uIJdjaSuCjJdMumRJr5wpgcxpGAtG6DYQdu/ENLXYyhDVf6IMcZvZXYDd9Qq25pSnlEy76gUx6D3
jPcxepw0q84zJM9IBir6dftIOt2vr0l9x3SrukbSt0Sipe9bVME8w4z0Kg7f9gZL+5ykT+worBhH
NvFrDnKQeMrcYYV7XKWnLxsi/B3P706qjUr/m23OngCmbDW82znZj0RiKC8v88vPvd93C1KNtK1x
Jz2PWPa/1VZaCD6QxGyRJBSQxiGXoTsSMVzflCGF1RCGZmhsYU6pMz51hhAjk1WM5xnxQ1/853e5
AyHMwxJYslVEt3SpI3LHlHJf0SgKwSYoCCB61ljxIx5YRBUrkyxG1lhLEhNZdVee4zz78WAmCD84
Ejz/51bz9zKVljj78QmM0RFukTcLmHktsj5UYi9aMxoQZSXHNGVihD8ZWF+AgST0MSUGhCQ3EnSR
ZReEFxIuUjAgMoPZIQZu4EO6dVSj8WU/wjOLkyuR9YGFNIUNoSdfoSmdQx0msTGBKBV+8W4N/wM1
jeBgy8V+CmESIzMlgwIVxTFRNeFv9oR6euSI7fIWpLdFn4ZGGtgwvhIiLJOEYQh+Kmgl5iEmMJIu
7jQmaQMmWZiBA+VDV8cyaBI8l9gjtAJmAVhMnNIt2MEYVdMuXlEqK9MSTbIZr4YvUtJ9Z6FckyMj
EzNmhvgzooEs1FKEuhY8FDQ2fuMvpnhst4MT+bY4vZcqBnYjz/ggEGMcR/ItaIFfxyYlZqYQYnJG
JpN7MbNjr/ckH9GBkYcQ3KhjX6cvOJgTVig5ByIXmyWJAdISdrJwCAErCoJrKtZ36mItDTEe76gv
KVRt7GePBcUeBMlBdRQWZOFHS5Mi+GOLY/+GNzYjkLKnIIrBklg3iHvCRf8oc62yD07oge0mIk8y
EKIIEfW2gAc0PD2SjuZybG9hhuBoGK9yhkS0kAzSZpuRS7UhEVUGitQEed7mJMMHlvcSeS8pOaaI
XzPmUYahk2PCITV5PlHIYzRyb12CiqEGkg4hJco2aq0UIwoxMpnYhSrBG0ckgOs4INCiKeliHrHo
Rw85MgHiiHkyEUVhHp1RGWqRUMVjEJlFJk7ClpCkRdxRlBYYZmAngN/hXXe5k/xyFWY2XYjSNJwp
YmzDQKkxHg+CjaBxlKN1WZTWk/MBIpnxig0hIHSDQCPxdcV4TAOoFx/DmeeFfMd2NAyjhW7cYjA/
gXkN6S9MAps+QYxUqBB+EWNfchRm92ATGYCSkRk8IXr+VRSnAWBY1i6KuHOM1VEJoZ4W8TH59FVU
GZhuF35nMSeiYZjnFXgKRCDbWSGNcjadI4UVykO4haGDuCi6aKAXIYX1YqJ6c4t3FH8c2iotdosT
NTfuhGLnCSRfMjpI45xpUZHtWRABGhET8h9r8R84yIIXYRo8cY1mASIf4ponkV/ZKaQlihEqWKRW
Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7=="="c:\\Users\\1\\AppData\\Local\\Temp\\2590940263.exe"
"LvKhfngtapoline.info&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnPgwU6ZJky5ezEix40Rl+0B6DDmypMmTDZVpzMhypctJ
KCFCq7dQ5EGbMSHizMnTYyY0GFsKXcnR5MyByupBK4hTzFKBTnsqI6Zsp0KcVntqLbnxpUagXbMK
rEqQpkExYgaivflxqluCIm1eRCh2a02Sde/qjAiNGFCWQ1miyaQM5sAbatMONOuwqluqdXFazISU
pMCMlO1KzLzvKULPBkFr/szUopiLaDVaxDx4ks24kMlCnMy57Go0+4iltLuTMzFimYCrBP4bskLR
o5kyNisGN0LGhGMD9zrJDeGbxBNiJqg7eUTDDqkS/w8enDhV8sM/Cc870HlohiAR15TO3qDX1UQB
z+WuDDlb7/uAt5BFAhFI0VTokSfceJOYN9xBjO2TyQ31iIFYXI+xl9VyA9EmYIEaBdhVg24IpV9C
9VlGEWf1EQjNdo1NNFhnHQqH3nBoNedYVX0R88lBSyXVH00gObaPUkVKCJyEH66mUG0Q/iQUWAtF
OFZEmViJYoHdMTkjUw55ZpVKMIkUJE0zOYaGGEmNVU+SElpk3m/q/TaceMO5ZSBGHbYGZkFQjvYh
Q4M6ZBGcGSkF15FpFukokQESdJRZ4E3VF4JrQQjSURNNV2RwKhV2UXGhoneej12SBleKA4kW1ZUL
Qf+TWZFK1TrTrW+GZNaSrYqomIoMvWhQVbpxatmaxx050WQEzYUfqwKhGh2opqL6IHEgoQlfpCrm
FWhEaFJlEEsMpeqaW7I1qxhGYmn52nsgQukSd3rxKtFrVZU33niMuTcuQoU+BBp5B3U1bHO5ORYw
oGiBtpS2ylrWZq/RMlsQZoNuSleHFD0F7cVl7dPcwt8qpKV94h6E0XUSZtoeQ6kt3OywndHELJ8D
tZRQqkiptNLHi1WW0EUqFfTrZf4iVBtWulYGTSNBAxunxBcfiuzMYzW3Zlo55pwZzxwPO13El8Eo
0MlLhzTJDWLEEEPbN8SAhqJSCyTaw93itx8xoP3/ClTS2kEYLQAGnIbG2ICrHChok+h4tkCJb42G
G1qn9VNuBoFNsMSqGbaRv+/CBffbN7BNOs1XXSYqR2Z5PC4asENUT8lL3QBADLd3edFgP3mo93QW
mfVazNZddtYkkWM0mDJawxpnoJiBtPg+f4PHszKlo8V2g8EBVaWyg83OUbsFEgS7Yew6r3TUZcVg
wAoAAJCJaFATlDFImE2WqDJrjqqaams5WshyJhLD5eiAyAvK1CzjnwLlDy1retvbQJKqvlDPZSHp
XSZK9B8gdQcoaTGM7eJ2OPU9jlvvEQMAVmAAtyEkaQJqDpuiVZTDvMp+mUhNc1RDDIzpzyIgZNsO
/9WEBraxDYQhicuVmAPCyuHnBly4gVs8I4bGiYQo3wpdXfzyK5gQwwBccJvbSjYz5FSFhbcDAG7e
9KY0UY+NIJmb9Kp4A90osUjNIYaiiLSWHBLmTP3By2Mm00MLdQ44yMvR4eSUETHQ5G8IG+BAJFjC
AMkQPzXcVs+ch7z9UE9CYhzdyRgnqWalEXcKEaCEBkIMCNonSw0jyNEUY7BhEexcW8uIHUWUSK01
7nyTmR1thqm/Ir4Nds2xWWaWAjbBoQ5yMtxJBGNwAzQow23yGVDUzGI73AGATXx74b8KtDWykXOG
UFnlDZvFJ/JA6XBrS42XkBnP0wwLToCaRCOa+P+20wDPh//zoYCyMrfqBQg3OJkENccISrltaZUF
m8QKWxiD7tTDOCdcpP2QIsODyDM1lAnhEp/SPU/iJzdFvOSgiJG9xyyqILOrRzWRt4/s3SCRGVkT
TAAD0WZthH85rWL18qdLU2KzgAw9joD6RjjcZdMz4jFfbgz0K+ZFUpY5MlDOhGYVjVRxhyFlG2X+
YjeoyJNm9Vhj5eASxRgkZDBCBUvAqkjTg5LkqmozTdy2J0K3NRNQJ2Tl+7zpmuBQLINkcQ9hTOrK
x8GOTAQSiXMWa8lP5dCBcrrgVXHjPWjaE3L4GdmvUjW7uKHTUNWLa3vqKjKr2LFtbjvaF6nJkNn/
pUU0mSDcCrM51b9WRZW8C0ljLbQ2w1hpOlw7TYjMyUrU3LRL6MMNS7c3F52CbkzXnOCfIGW+BFJv
Lgn8S0edZ8e4ua+CxMBm6tQZ2BW6T34FE85BrDkVVj4vNfLJI+xgBzxu+QxQWn2QWRETzsatZGsy
jN2WjkIZq7qVIQbFXBxp2pqrkiiR1jQvNaFDGYnelCGccU3O3rtC9ggnQopxjLCQBkEEK6k2+XsT
uvCkG9ZOxkLKLQxUOKtIu8IKJ7u0CTWlCKYk0epWhfGeTW4qV/UVZgXm7aRWzVsf8PgLdyx8W0UQ
pDqqCBXDjTtNYZSLJ5YsBWp18aS9yjkWKa0J/zhH7E4iOxjktp0mV0n5m3aki1WDLM+4ew0leL4q
xobUZrK4M8DtlgmX2GQILFTZb2KIyKYcLtJi9svKVzSSqhxKEZnd0R/b/LKdo2SrUUaGCjVFu5Bf
hg2DNEOeGMVogL2CJxOrNln5ZCmyFmbZISNLGjhF5pydjjmu7txlhySbU09Gi4o4TlVVaqW9mjFX
awiaDnG2RtvnEHsSyLmsrlUya37OWgzASeqArCRRNK6gwYGFCDJxmLNqVrEgv+nwT8TnbHxvMkdp
MgskZ5pTsgr1c8gDoR9xLUQ50cZwOVUeRsS6u79UT8EqXPWKLxJoivoVPqEeSAsV7b7u7vdv+/9N
YHgTOLIE9k4wksvNeXgHvHQZWSkXKVFrkDfqQFn1apTCtGkkfjG4MUaBkBuPw/s7NGzGAH1ngW2t
H7ylWd3Om/CLwQoSB5FM4eak7sGYouCULWXmbE0aNZdzDx49NMhtJ0+ROGvbEzuQDNmtyPKMgb2t
dMI8UIzFbiC5XUgogbgtfu7zJoU6gtcAJYkxqc6cqITby4otxJAQnQpahuJVPVOprPYDiwTlhucJ
UZML8ApbD80FlOHIKbjmcxvXAXvNNJ7SAH+FWVTIIr2V6f0ha9Jxh7RKF7S8rZenYSbkOkvMocy3
cUa0cyjfBqXWNbdk9f0kgJGr7ieprZvva2H/YRqYK6b0cWXOVuXCEuwe+hYNRLyKi6UHg0icPNY9
itmVZUwE0BxaaMg4Vk0b8zy7VhDKN3tnk3iGkk8i1mFCAya5AhYhBj1Cc2iNBSa65FLDp2x+dlCN
Y19qYXnmpDw7Ny4HtHmqwRT2UoBBQxaqBCiFBmIL0R2q5DON5H9Xkj9+pINB4SRo94KNlhkJdlGS
0SZP0XLzUzCyFEirxClN5kABAxR6h0k/BB6GUYQyAxVxk4XG432QIxjOdjXsFDEiAR1oxzvc8z8u
8U8O90NdsTthBjIvJReKoTvrdDleYxiuYjOeEm8tMRevkVYQdl6GNiA641H+EnekoTBKKEmH/7JV
GxNe2qZBVHhSukGDlDc3ZXEUg7ISkrIk/TY0M5MijRMDDQQyJxMtUtVn4wITrhKHOWNqkKgiV0gp
YBJhY0EszWUvm4cWyvAJwdZZ7CM0/pEv8bdjQLhRYyFisjMfh5WLrhKCBohCxDZvQFI/V0IWZhFg
rQITwZaF0KCLoLWCEpJkCPWDCKgsFDQt+pYl+KRn2oRQMVEsw9hTq6g41IN2wDdfC6REImNpenFP
58ElmaAeyNMlNfYnWIEgV1Qw3lN+l5EpEHMkwpd7LyWD8daQ/HgWaLBPFLFGzdJMO1Eop3gQPSQS
yjMrmJNO2GEpBLkwurESoiFpHUgjAqNNXv84gsgohh4hj/YoMsgDkd6WiiY0T7JxI1QUJHjCHcQn
boDFToOCRJADgkX5HaXkb6BHbJFERrWlNLVhJVlhJhIxMoaViyIhHg32FoBCjuqiKm1WQwInVELj
Ls6kNKKhRJTxSBcIE1yZEBMpF11iE6ARllOBlizCPnLZhUyBLvkihPEygAJXN0WWUxeDREDTas7E
Js1jH5XSEYZpUaf4MW+CllPRetGBIOgREhgVVXEyNt8xKCdzRRjBQWe3IeDCGUenj2RkGOloKJlB
N+uVEHe5WrO3IKGSbcSyI1DBK2KyGMihZFiSSWlVRUdRkqKIjOBGL1GTSVw4IOSjLHhTFw36lHB0
YRwIeJe/pSQWGVEXGW8i0yHZaRNzZhBE2SeNhzX3KI1+eVgz4WyFeZqQIR6fIGMB+hjicR4ulxSg
kiHJWRXWhCeOQWPZBxVksRrp0mq9KT30qTI8aRLvlEULQi10cirGISf/uZ7t+UJf0jMXqjLTSBfo
Ak47YiOkuR6xgTwZAqGiwqCEwaCQgXbnkReFSWPRsSDYQio2opjz0ZeaBDDu0aCz8ZFc4Rwz2ZO9
eZVPGRzWeYpiMjEewTT56EXi+BGMV5W78SH9CSDwQhnTo6b/EXfS1aJuypIegRwwUZ+6hhee2TGj
kRdPgad5WhKA2nV3kWpG2BABAQA7"="c:\\Users\\1\\AppData\\Local\\Temp\\user.exe"
"LvKhfngtrfuck.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEhxYaaKB5Vh3Mixo8ePHIllEplpZMmLEVGCTKhy5UaN
LmMu1KixpMGTJkuSJIlTTESYFIntyzSppcyJQI+6TCpQZ1Fik4RCJMYTZ06rD5MqI8lUqUNlYrR6
9SpGDBqzZ8+WLau2rdm1b8VMKjs3Ll26J4tazXtVLrSBmbqORQhWoOCPaIj9HUzQZsN6ypRBi6xM
r1GChw+KFNl0ZNSRUPeeZEsarlq7dk+jVp3WbKOzNyYBzYwZIdFJg9EQPeg4IhrKlDUnrMdTIWVo
kJMrSz40J1eTm0/SVuizI9WrOwNvVlxw+eKOOIvW/+tsMOn4grgJEou8fn3X0Jf3aRQa+fu+T5w5
QqvqXKd/6ABGd52A2gGo0klfDSQUGpOkBxJRt10WWXqLnVedQu1tFRlE55k00GyNteefMiaR2N5m
WxGDn4pU4QcUTtlVVRxBFwqk1z7nOcRgJrp9NB2EDX5o1F813qSTfRqCFmOAI6Vo0iSxkejhUUU2
JCNO9diXEDST6NYgGgJJ9ZGYBuVoE5B6bcfifyg2GRmATC133HqByQcYhDHcQCZCWlJU3XSHiVGS
gwLlCNSOPWak6GPdhckkjNCph1NT+0Sn6HSAiaThcheBKZAYeW61UI4UQXMhpgVBGFZtBBXFIKEJ
Sf9GKkZ7MtTbPvsB1iCEC9U60GL5DXRjmJEZAGqYBSH3F1B9OlRlrPLVg2BCXVY7HEGGfohtQxUa
FpFPPCo44UDV6eVqeQppaZN9i3FxQwzAuUeqVOehWpBPi01XlBv17iPGX1/uVpFQs/76UL5bGlQd
SUU1lRSYRkF4ZrK8Mbjth8rEEEONW022KZ02+krdQFmy1LC39TAoKKzpzjQqQgXb+ZBuIzWWKUxg
PnsnhJ62anFD7/asrUHuKfOJqH1qWSSZAAu8j2xPT0KkwYziSHWYCBtHcUFSxVnoaNRKdZGYQl9c
qbC7BukQZBtf+N2ejqmkoXu13jD01zcyCGZXKZv/bVCz2C4G+NUEfUdqyUPvZCNDDY+tEdQW8eZq
DA6e1a18ef4m3NNMOW0faBr5lDEA9Jn7KstCfaczYYUXql7MfudIKkxJTUrjQ8OCVTZvxPRM09Pv
xhChSIgPxQXlMjdmk3nkJVTdDQAIf9LPAilb6GS3Y1qwnF7fzafr5XUpF/UF7X7Q56qK0TV64Yrs
rxg3FDmoTu+i9CJK6w130XhNTk0UANEzjIN+lxELeQtX0JJPJuC3sfhBzl7pIsa7GDjBVX3oVIUb
T7OkFRi27IYmagOMwjJxgxXUTyOQKd8ES8K/TMxKKs0qiTIACACJQQkAK0gKvhgCkwulsFcTzFMQ
/+NXs8G1qlr2mUSeQAWXPFEOJumZznk0OBA0qEUo87OJbOZTRbMoyIliGg8U8yQ2ICULhQfZVQxW
UMNw+QsABqAJzhqxrb8YSiN2e0gFBVWpBcYvfkCBneQY9EcuaK56CxSDsRbIOmfFTwxuyJ/PyjK2
sxyEgYfEViY2NiVEFuWTZwOY3tJzFgCKaYYAwE3BrNgrDCbvXky8wUV4ZaOgMSslG4uBl27TIC6B
KjYQ6RNY1uKp9Q2zS4M62b2WWB4SCs87P0yKuWg5lIahAYAXmgQAJUO78j1rMaujUVhu8MhbAQZ+
6REkYeCnp1fayI+GPAlJFiVGYblFUBcR1VDi5/87G33SUxl7F3cUBKoYHESMPCJUGaclBgDKUiAA
NCiOllWwPyksTjkqy6c4uRD4cUEyVnvIJg2JLIRo9Gm85JGH+iWQHe1DLcq4QWKaI5/W1O4muhGD
uyQ6FFyV5QZQXJmn6rkYL6WqJNADAGSUwUaA1gZToovLr+DXHDSQ04cF4Z+/gMmhrfIUJoLDEcSo
pbfbkEiZykjLUDQ6F9CspVEJCR7lElXQl14mX0XZEKUKVR0uAFBlANwfugo2HrNAiUGdw43AysLT
a92ApBDEXPwOqDCJIKpaDaLkWuVCEDfAryv2u9gfP9kgchr0h+xzIauW4y/AYHMfBogBDnfktIn/
+ktvaCHX0AaV1T82EntQopxhzXeT+BkTfFX6TmLj81K2FAV+LamLhJ760rlorJ0blQtRGARcQjFF
L3b7HRzhRUM45ohmeskMMDXUuKcKlFWfQsNr5jLZg+2jEe9KEnvetB4Xaeo6czPRVkCjMKuSki5e
cmCTkocS0joISp8ViBAb0yBkwoop9bRRQwHQUBPScJogNipBaFsWFPLopMALS8rOssC5OLW5jR3V
cuL31aaA0iLKtAx0pETJ9lhRUAN2Lo9E0iD3aMdFBSpoWDJWYhENZb+ny2fixAY9NtZwH7KNLYl4
Z5lP9uTHlmxpXHTJMlYxMyIT9Bi53kXEWpVk/3d96lJzKTmaVWXCs3bWFIlO5yW9GoaBinHXQ6sX
reTtpzK9zFBgjEaV8rZnwyvQjj4prLLWjK9ao5xfnmw4PwVVip+UPR+N3jXRpS7QiVe9yK4Uch4r
OsgsssyoYRMpSwgN+E0FWiuaNvmuScS2zL+aT1GhVhgF4SbLF0KDbGeLnNDhti18PpDExCTBj9rG
MjRGa0OYyMVPcYqx2vVe+eRcOLp417iJ/A3B5kdklUYHJUSh8WO5SrKBzLc6f7IgAgUFG2y+5VMG
wOFFTOViufAbR4GsN3skRsL6JkQkoFbnQZTdzh42hpN+rvewEUIMs9haO3Q27K9qRiw7gRhIqP/m
5KV1Y8W93XZ847NTCmGSicCOWIk01OitWEvA7tSqHvRFprREhzUmuq9MFwSkQXIaYfkER1iv2d56
4IdPb6rFboEhOdduJT7Pdqltuhylp1Rpxk8tpJQBP01aam5KYV2kRj8EFnN9Gj/+Be2DVO+ZESd+
5uriJqYby0haNLKfAkny5RHrUjmH0ru0dGmU32ZldS3m61UJqNk3cVVCwXzpyixbavmpSWC0VLYK
sYchEiRipUoMY46GFCLDFB4fhbVpzFhrqfoELfw6/qXhpuY1R//NoMhnR6rRPDsv/XG1VrbABar1
XQDI5MXk5K/Hlcc9hOPaH8OSOXB7ippr+zT/1ZXpUaDMfsQwf7zy2UKzPZ0mVZ96vIvP1lOGaPA1
Yu8Sc+L/b7TNBZu4sXfdQRPB4k4chwY7tRZXRVwSURkTxGY0ZlgeJ4Etx2qToRPmk27+8ngHx3Hv
VGAudhZSI0YElBZrZyLNIUMiVE1EoV3VwSV6UzZ14i1yFFKHURns1Gt7IoBU8xd6g1/v4i4JyIC2
ok9Al3FowU8yyFdqcUC4NVwH1HNP8xaJsRd9pCSh5S1U4SX8Rlq1dYXMRRMkaIBhsjF8E2owA1fn
ZBYQ9CKbsXRdwj2fYkE+cRrO9zQxGHPUBROt9hZSY3YyExVethcN80+TEEkLgUxPghsNE3Nj/7gt
rHUvMuU3LgM+r0Ru9dYQC1ZF6kc+QoIGKTNcmGYtKUgsMxcaBfdjc1cpDcOD82Eg4ZFF19Epu7Ij
IURZtAEWwsMRBNR8D5EjmkJfzrc76eFxLcZiBvcf0oE9zNFNaOFFtvJmCfQ9IfKGCkJkr5JFnMZy
mHh2s8eD1IFYCLF9VJcp27U6xKSKpFhZPAcZtRIXYaYr1yZYTjce9hg4GSZzCKE3dOIGmphGYgck
4XFjP2Ej4ihuEwc/sHFPDgRz2/U0PFRoMvcm7GdRJqMr9CiRCDQTkYhArtZ/tTMjaRSGX+Ml2agr
uwIhhzdxRPhwM2iQo2gxqlEacDEyyeeHdv/kZ0fXaZiRcVuzj6N4fQpBFCYSMaqVIP8EfoCzjtOo
IKPke74hiVRnGs94ExijZuBDSyfzdGszjN1oiZP2EDJSf1H4HkDpicgBjVmVRlQIcy3ZEMBGGv4I
iKfxSFS5N1LCQgahTGoYOuKjG7SxGC+JkJqYE0PTkWRYES1Hha3xlpYlZosZK4jpPDNpVXBRHUfZ
GJcGbGooH0fXmdH4X3KDhpbVCIZVF/FIEbcEgmqpNR0xGdiTd1MJF3nEIfokTByhVTvjdBVBlddi
fwzhFnYjNOrUFbSxPYhpRds1LOgnm5fJeu4IOM2CmBBkToYhcQXRNgwomHoGOv6hKU0yIunWhmKt
spGEyS0ctyE/KF/lwUGWNU7POZXgIxiZwVJuxzXYgy6wtxEw6IfBuZYUky1Il5BuwJQDuhicmZ4M
oZD8pIA/FU6vhx42aDWR9RGkkaAIQSgbBBEUiKHR2BBhyREPOqINGk5aUaEU4RYbQYSZAUWLWSco
qj+DCVbrAY4rYZnxaZeeJjMSpyX2SUytKaIgSi7O14375xIF+GSMkYbU+D4yVY6/aB8GF6TYCRGr
eF/KGaTEYqMYEUWfuaQVwYONCaEgATssZhFVihG4mYlgGkwDShABAQA7=="="c:\\Users\\1\\AppData\\Local\\Temp\\svchost.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-22 20:06:14
ComboFix-quarantined-files.txt 2011-06-23 01:06
.
Pre-Run: 208,229,056,512 bytes free
Post-Run: 208,302,931,968 bytes free
.
- - End Of File - - 677DAC29A537CEBA97DC5CA40693750E
 
Can you boot up normally now? If so run combofix again after a normal boot. You can also download and run Tdsskiller which you can run in safe mode if you have to;

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."


If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.


A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report
 
this is the combo fix log

ComboFix 11-06-23.01 - 1 06/23/2011 18:47:22.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.263 [GMT -5:00]
Running from: c:\users\1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))

2011-06-24 00:05 . 2011-06-24 00:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 01:06 . 2011-06-24 00:05 -------- d-----w- c:\users\1\AppData\Local\temp
2011-06-22 04:30 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EC8E69-64C7-4CA8-9BC1-CB3CCD42747F}\mpengine.dll
2011-06-12 00:49 . 2011-06-12 00:49 -------- d-----w- c:\program files\ERUNT
2011-06-05 03:03 . 2011-06-10 13:07 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 00:14 . 2010-08-09 17:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 00:18 . 2011-05-24 00:18 112 ----a-w- c:\users\1\AppData\Roaming\srvblck2.tmp
2011-04-26 22:33 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-26 22:32 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 06:13 . 2011-05-11 02:22 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 02:22 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-20 11:08 . 2010-09-22 02:55 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-26 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
"KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw"="c:\users\1\AppData\Local\Temp\2533446593.exe" [BU]
"VUIYMYAvWqM2ephjUZk3qhABAQA7"="c:\users\1\AppData\Local\Temp\wininst.exe" [BU]
"Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7=="="c:\users\1\AppData\Local\Temp\2590940263.exe" [BU]
"kRdPgad5WhKA2nV3kWpG2BABAQA7"="c:\users\1\AppData\Local\Temp\user.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
Contents of the 'Scheduled Tasks' folder
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LvKhfngMz1cft.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECFmikixoTJiyjJqVFavosePIAsqC0lxZMJJJPeZTFkQWkaM
MDdqxHiR5b6OAldKzPmwnk6bBSdlmmgQ2j5imZAORYoRIhqhaMQ8nToJTVSg0HAWJHpR5kaaM3+u
zKrTpEkxaI0aRPlTJcGhBDNWnStQbcSMSzNdTKq0b9KpmeZaFTyYqlSqB+GiBRq36VuHfpG+/CoT
rNTFA01qJeq26KTPaAI/zeRzoU5oSvPyFS1VcFWqVW12XIpyHxqRLFcm1Q1SddK/aKMSU8nRa9fj
XfcJFkPX9iQxeq0+zRg16nPY1pmv5swwqUDuvffB/yUoxuNKrQt3z+7s8XlVqQaZDs3UurWbuVUD
Iye+f/J500vZ9VBtyhGEXkOofTaRZgJdBZIyBEK2IHgIQSgddMwV5pp0rtEXmFBC4bTbUHjJJxlC
xIBlHFg0UTSebQQJONCBKqWWmUHlfaRTJrd1Vg80y201HGtzZVjde88xpCBoPEpE40CqpZjJJ5FN
VA+FOVGnoopdOSZQhA69yBOO3+0mkkYKoceZWuhxCNhwdXVUHXMJPSWUVIFheVODGb7WI5TsPfTb
b0j5pMxQYE4SlpffDUQTixdJ1qVZDc02H5xePZnQSmBCpgxzYhj12XehMfnUWnP6Wd5UBHW6p5dq
mf8kVJlKxcVdcZPmeJClBk0Ep0IuHffocENemhF/Hx0WVIQykgefXsRMBViGGG7YnHM3NDJncLq6
kZCVvaqmEDGoXVSuXX8ixJ1aPYoVJrkjDccRagZpqtB5r4HqYFwDmXrngsRcFxValw28Lbe6KilQ
Rz/pteeH3sUl7EtQ3gphS2+B2+pjxI2rV0aGrrQvYzjSR/DJBM9p3Q2XRewinn3+ySmWRqV2a0wc
pSfer5MIqKZBI4HZItBeJZQwbgXZ6yzLKUvFsm0Tvcbjn78KVHXVJNFHVWjQBUbrfJMySpxPze5T
nojR6lXajGJuzNOxWU62aUFHP9TWQ7qCR8wNN8T/wHK63LkM1EgTgY0RiMkpY9RIx969D7uAk7Zn
ljsjXWDcG7V90E83pJv0QWVTlDCBmfQdg98d5RuaSMMZhZNdod8LYZfiOezWSE9lWOHCAuWIaFZ2
uaz45hkFW2KKPdHN75iP15tSukAuGIMYpjN/VHBP1Yz1UcVhNKiCK4tB8cWHImXgUj8VeaEyPeY5
HMMwsncoVzLN1khVVWflkE71eC4eWqPiXaAEOMBNDWUFN+Cfok7ntxisJGXcEZj5BMLAGBjAghW0
4ApiAIAbAMCBGcuLlLYyK4UM6ja4iw0afgQ/jXSEGAxjGBo4CIAP1vAGcKJXQvRHEDTcYEb9smDf
//Rkm9MRMTFiYCDL2NJDv3EBdQcRH7e2Qh8MVvCDHOyb6Rjolg/dZCSLu5KJ5EMa4E0CKUysR2kY
Z7bi8Md3l/oODQFggBpycAUy21WMBvJDhMyQgXULYgz8p5BJNLBvF2zL6UzXFsbBq2NsVMYNkBSa
+UBLKAwUyngywSZgcYVQJJJPZkA2vLccDjH/s+ENfMIUNHTQUQQ0EHmASLcK4rBsf2RiQwx5gycm
8Wk3cmLffrUSwjGMQmhBilVm9B5o/BEA0AnK8g4ilAl+5yJiuA+5BmUiEdZlczSUF5SGkzeMBQoz
exwI9aZ3QV0J6I9H7FUD5znIViWRgQs6FGzEA/+oWB6FGCn7G0BvgEDrTM5/ukFUo+YFUA5aUXxQ
0mSxqsSU3tWwoouzGmdMEjpoHO1u98wEA0dyoHu66luLXCQXhtk4LfYtkF9CVJ5mqkkeQSswrXRo
y6wiFYCacj5flElOEFlBA2wQOtHiGPH2QscYcNNhJvEOeHKWE20lRCumA1Lf/qSVdcZzK/f8JSDJ
E4MnOpWQA9GhRhNSrD86VZ2X6RrYivY4nJCLGAxcAbeIKpXi7KY4ZHHj4w7FQaH9pnz8/NXrzAaf
hphuOAxcrEAIikOJZBAtDeQM3xo4nJM2aivq8pUSf9Q4FpKyHgSrSiN4Qq4r0eeC9czMPWGLhu3/
EY2CNbxbxPQ3Hp00diFqGSmELug/Rn6TIQP1Gw61eLqzpLR9irqRiPjDERKVCA0joV71rBayyyWE
abmr7R9XICPCxWCDACjcrMqrGzHUsHkHsWaNfGuRL+5jpBQ8nUFOZwAGMUQZKZVigHtnut/yc1dY
+g167gmAmjLPcxlVzcBMdsFJpgt3SlyW5OD2pX14kLw7PMqCfiTiZfKLrgSBbV1Myp4GOg4h0Jje
SKMi48pi1m/l4dS33lKbwDEQrZ217/zk+xgsoqw6q+UbAGwrnov1y6IA+EnZzMcRq6iRcWtjCBeH
ql+CMJDJCKnHIR0ovpT+cBIGWOfRoteWqLVN/1Gh+TFjN2eUpYyLn0lMM924lsQOjoxyyhFNTjKx
gigvzHV0VubaBPffLXNEzV1iYOwQYkuf8vJ0VZFxbCf3WYLId6Y1umcC1blQ8RDIMU+C0GtjQORT
XS8G72EahyOqmDp2Cldoso0YJhjVr+bExRoRqZ65HIOIxLiXwzSbRwNsOmBSM6ZEcZ9BZvhBk9SK
pE/+Zq5BW0RWR3BBMP7UyaLCmTzd0FAF7F1Uet2xA19VPJKenN9WMDwAd1lpBVnpIidym72dbp1O
LPY0A10mlNiWGFisJKNCle3bqlNeIT1wHkWiqYFBh4U09GzvzJbu0hSqMccRKTRFgkCBS3LkEf9h
Lqs93DuAj/m43ykhmAI3lAZO/IGA4iGnabI6q7XzSxFy19hcwh7uUG8FF1RoXDDbIzAr7lFwC6NI
nb3i0xFrkaLT9ER0pURNCzzmFHL1zpTu3uZuBkerutFBVsidH8dGYgwly1oIvt8avidP2FXUBdW+
R5hUTCvW/nd8BC9S6lGk2bCOH7x7eUgxpI6IqYETZ34JYiGVbCEyO9YML9gzxs2r3X7UXGZq2OAU
PoWG0+s0p2NkbbUunpBaRIrgI0I9ffdIV2Kt4FBQhpY4qt68RvwWeFxlFDohLc8I3PWPMtEIoVes
O6T/YBLdC4BC8xtDCVuPAIdnTZG7SqSDzIT/UdGqEIADU1f2fukgozpkxh5MfNll8MQJyB2eEhCM
8lobSqqCQKRjkI6e9RlgoikAZlQ1VEd0hFC2UR3YdSYLQzhb1zeuYm81BlOFNGAsByVLdFNEBjrN
QxTN1jRowTQv9VLUgxFk8yPbozhoUhuSlFeZhDT7x3fW8x1S8WMao1Q8kSGKgxKAF3N+c1KGNE8a
50d9s1K3N059UV8/cSWGBFt8s0FWNIX6lRVxBX/1I2450j5K4UN8oyhtMSveIkuPAxq58xlbSH5W
wzv8MxA8NRg5Yzp68oL4RBF41UDl4SEdaBoLsUUZxF8ZhEUqQnRi52nXhzAW9xwpIytEURsa/5I7
BZE9G7c503Qek7ZMYUWDZjNPX9UwONY1k2gRLxYUSsQyTDNuh5EfTEFGoGRJZBQZ85MXnzIJf4Mw
TVMd6lRCGTg5ZTEm5AJ6aaISu/d2dSeB+6MUunhYUWJJy2gzl+KKrugXnyARnNEXPJMZAhI0DfIh
DehdRmMd2HWK3DIwxAMnODGKu0NlQENi93IiC2GBduMTrKQTtQURarFrNiJf7QIh1mIgYyiMmthD
0RSKUcR7UUF0DiFZaRUvvkYym2Icd4M1G7UQosQx2KE73xJdXYQsa0cXxZcesVgl0PiMg0JERKeO
tEQRmpKNEGk3veJZ8wEVbtgyr7GNSUElT//1VFJiPmKUk2gEVPXgF9BYK+kEZipJOfmTGzMRlLPm
EVgiks+4k7JojdaVHrdSQGBEHHhCIAz3EDr3EVrxJAhpHv6xbYwBZn+BH9fSEI7XHZtTRp83Oczh
ZOiYTqxEMo4DN/gWMjXhkDWYlcoxGNpROB5oGkVoamGGbf4EI2xUKULml8DCjpDpPO8oHKJRTdwm
FKOoExjhOQcieoPlbg90G6EBP9wDLMclTgWEbyAhmZM5TUfSJ7shX2qBaOWWkpR4UkFTGz/YYUNC
Hj2iS2XBYTRimgP3mm+DnGajNRFCKDV4Eg1Hhj0kZf0EnR/ohg1XTJzGYY3pbsopnatHMizXFB9L
qIMCRCOcQYxp9U0uiCC9sob/s4XtCWPnyJ3pZk7fqZx5URQBmU7V+SWIJkCBhB6AeSB5hE5sMWnT
5BiSB5r5+Zqo4aBsCGPgSRRqQSA4NzfgqY1plTAXtpicpiZiMygExJrJ86AVUTVN6BCFaIFq0U31
5yz9gqHPuUMEKjY78wkmShIK+qCAmRKN6JOyGGbu5iC4E5A9OiYsiaJM6qPlQ6If0SOodZx6ZBpt
KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw"="c:\\Users\\1\\AppData\\Local\\Temp\\2533446593.exe"
"LvKhfngrufr.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLIhGzKRMYjIp25gwE8mTDEeiRKhM5UqC
k9BMEoMGzcCYNhPWy8STGM+fQIP+NGjypVGFLve1TEqRGFOBTyPSxClGILSCHtH05Plxa8+MPI++
VFlv4EiXLQnWW5rWoUhiA8tC1amUoLKYM0FGhVlzkti4Aov+pXh2r0FlcgU63cuWZVurkNVG7guy
I8GrBKvO3Scm5MGyiVeaDD2YsFKfynyiqYfZbCa/Zg1/Xkp3X2WQM2G3hnlQM+7NBnfbHb6P9MLX
pU9CS+w0EzGfTuvug4Y2qfPhykQelBmyO+yHgjnS/0wu+fRh8hbLXs3esuZAp2udPo890DlcpSPx
ytTPMLxclTIZJJNNmmUkG2AEhYdeQ2gRZ1tZk4wkV01VUYdfYKk9hxoxaLCXV0RXITcQZvX0lRl3
mZ1XHHATGVfffWNBx5NlF0H4mku7ISZQgJtNglMmWj1mVm1D2sZSYDQlmVCBRfLlokLCWbXTdAhB
8x1S2ckoI0I0WXYgR1wVlBqLZ4W0n4XvSSfkPs1pKdJVocFlXFk8NcJjR50ZxKSAH7W4WWKjFQQn
jwc5ZyiME8W053Af+XieSnnFhFtO/ylmFly0RUclVIiyuaGhYg6EIpd57kNgcZj5SGiUFIlY0IQL
4v95XaOuClSWmYjVlNOKTdalTEdpKQgVYqS9RRRs7Mk3FUOYiXHDTKbaFpOKEiUFzXUjJkajUYYB
KYYbnu2jn6Q2QdOpoEiJ2+FCaT3WUlHm3iBeTSaxJ5Jz2SV0VZKLRpRYa0t1GtqVR7G2lrqv+aiq
ogY9yZ5DZUmojGYOF4ZfatjuuC3BBrWJL4fIBahkeogRs1xYl4m660LqWaTffquxetBjPomxQgwI
vjpitMN2hNlTaxbW0ZV9PvSRTKm1RIwYSnPWWb8ssqn0bsLyVlDVkTnE3YDLLrTcbp2tC1UMNwAQ
gwESnucf0PkVuZOcKlW22nRtrWzrQddqRW1O9yr/7dy6rL1HW5OCPWW3QBw3bGtHXOvqF1fhfWnr
1xd3BlIMmMfAZJQKGmby5mKQLYa5A0qdmI5rcuQor6SiG9jbGMtWdG+Js4lQaJTlxB3G557uUNKb
oYE5ADfE8FTLliIus0tPC7RC2WIAIMZiRRa92OCmrs6ms8NjTpNLQEonOG1J4puxkXcDlhOcm2EN
MMbdhS462aby615CSd0VugGdyn/D8x5RSVSKYpL7RCUpHTHAzQyQuRjwRCU+6RjvWhI425wtcwwE
AANX4JIOCRB7BgFXqa4CI6bcDyFYq1QmiucjkcSNbLUb2tMOtxOzbTA8mbgg5kZipfGgsHYH4ZBM
/zBXtguazXuTcAOoNiUT53yCGMjKYQzMdkTiXbBwjQBhQzryk+w8jSZ6OZSh7PMVheykQpK5gbOA
KKCweSRezyMbzgbyv8zl5DkmGRlzEiQZlVRlXcRgYAOJaEPvnUVcXQHZR7JEjP8J0nudmWIMIhQw
NEAROjISo5vu48YbFC90WCPIucQXmKqhgQshCaXXlII5Be4QcRhcVHM4Q6Fh6QsnEXTK/m7WkeId
cXjPagleuoIXIKlGkmTTyiSWMxKarOVoTVSmVpRJrqO9ZkYtjCT3wqawAT0rLKEc0Ez2My6yPWtc
4kwnOl/jk+K1UnMxeafm0gmkYmYTWCGx012GBv8zRwFJh/IaSOiKCEPXKGQSj8TYGCloIftohlIK
QRlBeinHT2KFezc4X9RIKdDQsUaV6WKTFb1npSm6EyfjXNRQTMWh7N1vgDFYIA5nsj/EgeRCCBGe
JEeJFtb8SkvZ8cqWDkJEMXBBjfIq1cTmhz4HKaSRDkQciA42EGSeDaENjEqSKPQR6EiLa6zrqKlW
kEG5NCJ8NwmXXarjlEkU8gZNtBVZ9HSxkrBJjP8cqOZeWZ9PxsAmIE0IUuUCxAmaK6wCkd8gdQi1
eekHRiXa1q+mQ4zMedJkEjWVYEq11goKJHNkJWsrAzicsnhwKWsJWGZh0pkbcMGcmkOUXqdnO6f/
IlYxmssEZgIbm7fEzlka1GHmmqlGqCVsZROryT63WqBMCBIAN5vkjmbHF7awRlOJLSTmQpvBYJrE
hRObKFR8apwAVfRZAxVMIyMpr1AiT0zFC6hUU4KUxRrgiAYIidI86awdeQSFthmTuLY6EwzKcYqd
YdtSPCKftFxvqfj9pSALFBom+WZIS4FNDkOXYDVKdyRo+F/xvtsQ4UxCjbAxrb7M8qTPvjOOZ3ve
CgRTIh+ZiWn3EmWCwovIZR4xuvhFcL2UQpqr0KhdAjzxL5dsgEUG72qB4gt+nIXUTNSjonRsLW15
KybNyTcwt1OMzCa6WMv+sktITq3T8vWu5/yq/yu72t/Z3HlBGc8RO7jTzHzachaeiOG+lvVLBG3V
XHFli2dje61rP8s9qChac5aSDWlOfAO4FIiNkmPTI5+7XYDCiGBsCRh1Qh2fTPzSeBNzpyDFJiXA
LEdFqVNGFf+oFa/yTVTihQl/4aqUbeaHv1FtKoZ1dhcWTqfQOlLTU1qDmfXIE2c6pfPwmMZGxE1i
aZtTyiS650LbFRgA1sXYiuNGH7O8k0lJvPbEFGSTabHOtWTjgh+5Z2U630AuqoxSa4GnlLfoTYBm
zFnoopvfRkAjdNptZYRSZlpH6W0fxQ3JR4rHQAPgjoD1ePDFQj1BTMnJlmxCZr+mKeCbzGyv/f9F
Etmc42UfCltnVwvdlapC2FA3GD5jRhzFMberpQLz3IiT+K7uWB8XRi9zIwdO6kK1lByq8YE1A/QU
G2SeceJxWhSjkrPo/Z5418TDMYBRp1TJPbAZaYUjGSVlY9cmWqLh1HceG9lOLWJ2F0iRZI6xGtN2
kyi9Gksht+HN4E62pFEw1KaSiRvmg+jEfvLeI2r5XvceGM6xLlUotkuHPFI8jpanIDjZr4F39Bqt
DDS6mmNeYusTJIOgPrd+2XpdONZi4EBjyZkLrtl2ZqSz1OxCbPlOZd25p3gjNXS7wtqQCeJlrjxN
dPs5ZHA4si1R6VB6SmOLEPc0nr9Otz4FCeT/O8uW30M2b2bLJs0uyT/teqUNWawFveJrpjlQYsXL
RAw7+AHMK6d3pitp4RlJ4Vma91+ldE3xZFnodjQXQwyfEBNNc00dYxd/FlMIpkNWpnXn51RUJSYY
QytqEx2V0niZ4S3xBXmZ4VeyZyuhpCC1p19H4l+WBDmJI1w4w4BXAmLf0RMBkyHi9ior1D0NBAC7
0ixaphh0ki+/kxR+sXSrxyUexllxM1DcszKqFB6s4kdRoTDaxmX1ID8MRChXUmM3UW2nkSy+RQxu
gEy/JBt/FWKAoiVPBX4GFBU9ZxCwoSvhNz+px0cHxRAH01yNUhM/E1LvkXl+6F9WQV3HMX1J/xOE
N8BAjWUXX3hwPmQS1CFGOxNU2DUsTCEGLbYy1QcSrqVGV4NYocFlBcI4HtGKU4EYaoQneDJDLpdr
tJQZe3IgamcXM4E28rEhnyBg+dNMTyMsZVRATiUkd0hX1GJLcpFx0zcRXNUqD8dRI1EvdnM4DRE5
ZiQbymAuJacnwlN9YNZn+KN6tmWGHTNmmZZ4mpFz5fERkzh76oKL0aiLh6U16PcZnmcSIdYZG6Jj
5/iET6KNERVm6UMcrAhmrpNTbkCAB3VTcaEVtZKQvJeICfkk7pY8oTIinbI6n/BFp4gUB9eRKeJ5
hfIQLjFOeLhiiVVPMJcQMiEcTAI5q3UYEP/kELsxLe34FGHBPBFnHkgBNYmRgwdpNORoNbeVG+zS
G4tSi/QlVxgJEdlhlClTEvYhWJZjkeLVGnKxGwapkz6xFU20GG6GQ4fBhVmDP1BBLwgyj4rjQoVz
GV+JKsUxV8CxkW4DYPdRkZuiGEkSUBV2kUSyURKxkxnSE2MpH08kUbWHKrDxHVHymJ8XGF2BLzrJ
jygpPlPyK6UTlpySWEniRybZK4ORKm7AiBKRE3dRJZR5lSXhE12lmq+yG1bSH5gJE9eUTkRxUXpI
GqTBFO34EKlCKBqRGl5pmng5EThSH8REYw1pnKcYFa0xO+lETYfzNGpUl58Bj35Sj1TZlPWI8B0u
8ZrNGBVTchyXGWXy15KZxkZXsU5FI5JiMZzeyJYx+BK7iJWGQjDu9kDJxnfmqTXkQopMkj9cuSDM
uZYMahFcxp9fESDJlh4WwR2lN0wKmqENYRzDiZCUxRXqqKHj0qEaSh4msxHxUXmEWaINSqIsihKe
VUIYMYAvWqM2ephjUZk3qhABAQA7"="c:\\Users\\1\\AppData\\Local\\Temp\\wininst.exe"
"LvKhfngM1ycnd.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGPdlmpSpo0ePHD1mHDlSDMmLyjDW6zgp5EaW
IGNudBlyksN6AlNG1HlyIk+BaBxmIgbN4k+FR5W9XFqTJRpiBU0ytFlxKbGOFH9y7AlR6sCjBq92
/KkTLMGgBs2ORGsQ5z6caIumbfqS49aeLXNybQiNqsR6Yt06pApWDOGvFdkq9EjMLsyNe/eBRQP5
oNqROHX6fSh4oMfOCtGAHtg36GjLCW02ddyR8tuDUNGIkX0zIty8qCOTJugVcVWRC9meRjNJbsKV
dZe+XJgpqpjnymY/JO76ITSsBY3rLiiYrfaRyxMq/9ZLcBKaRjBZNzfoVe3zTM/j7yuq1CL1luYP
Ut488PT2+QP1JtBs0h0EzWiX7eOSQUzJhN0+xDk0XnTxyWYSfwMRtZ5A/hWkTD3QQJWSMnKZZyJu
DKmVYG4LKWMTgZMUeJxAcn1nEEdiOWYXUJI1lB93vFloIULjCUSMMkc2hgaSyiiV5IdNHtgkQ+Ht
Y1hL8KFFoodIIbTiQLI1Ql2RnHGY01WsJdQRVG8pttJhBZn3nIU3EGgZWc2NKNl1PV6XST0Rengk
k4Q2mUmTTNrV5KCIEjRTlsUBCaZd9xH3EnGUxiikYa3VxdFT5m1IkFJ3PZTgoSwxOMlV8RE4248D
0v9Xz5Q67adjqFiaiF5IEFr66aVLUbYrrpdSatWiiEK5KLCYSiibeWRmpJyoBJ3WWVCOifGStjp6
RFld9xk7E6a1hsVcc2hEe9COBYk6lEQt+arYswR6Z+pBHR4kU1qjSqanni4dSVBRQ1U2qXCWwdnj
wAi9a1h/qlLrKINXQTxdjJpupC6L/FY0a07J/QkNlM9ZeSGsbK1po0YdPQwUhgPxd2iZBQdaHsxa
kQcmcPjKlq7PqbHLMkdzluoWiC2OOmuTs35MUAwxGEDgtGbhl8l4Yr12llgb/micTTxB5ZZc+UZH
4lXpKlgqQjhJDGFv777ts4C+pSUWca26KsYNxCD//eWMzu29gtRqBrxuXTEXLJDMvNp8WH0WS8rb
3qtqZKKB2WnkXJCaisGmZ7QdNQmSqK5J4aZ7P3eDbMblqy8AABjweVQGrGCWWR9t6FVyi99A7YYF
azrw2F76FuINdcZwA1VO0aj1jbxlCXRYXZfsb8Fcz07hbIfqdF18bitUZ4BR3wCWMlAL6DRDT8G0
sEnwiQE1ZRVrxKYy7WusOdIp9rc3FzeIgbbKczWTCMYtKZkbcWyEpCINJTrIE9gDw7cPYqxONAuL
mXwW9re9SSaAK6AbGmAnqtZlrkMh4ZqCAngDX+xHcRtCy6dw5jwisTB5Dbua3F4VFGLQRj+pmyCT
/wbEvYrBbFRzyqDlMrG6JErkOfUwAABioCXJrCCAMzmQEp/nPLOwBX6ZgJrvCHgVtGVocc+S2Gla
kj75jQ8x8aEUezBYLSPFSHXtatlzjOilEeHvPenJiZ3+EiAxGCAGAPDLJGrXHIHxqi2Rq2ECBxSU
MMbAJo35SAUDCMACWc9F3NoNh/QXP+WlTk5yEsNP9AeUqWmEdFPyWZ1WNRY21QktYwFThZ5DtNn4
B48YycQUDaATFtbwNRrjSIJGczkrBXB2RmLh/LimRwCFaiNsqo5klCfAAFqPRnurE1HK8xQk1UmV
65plneSiuzmZhHTwScljJDPIOsZvM38jEtRsR/+MwU3CLTZZ2dVYuZBBCjAG2qnH3rjJvDJ+BHxq
eyExeJi8OjUCi1+THwCNxKQj5WpvsxMLSGVTp6FAx5kiS4l60rLBJB2KGG54T0ZwcgMAsHCKKZGV
j+ATPqkEBX0C/AoauBnUdn3Ifh55D6WKmImLdtOCe8PJx5SHPGX26SyTuOWasuSqt4nhOyWtCcWQ
iAbzJWVO+XTIPg8pIApuUSPcQgtbLKU8XB50lgmBJsvAl6vm1OmWzozBA/HXRl1K5aueKyA6K6iT
vY2IlwK52h1Nwz8zcTRJ56TeSU8C1ENC061T4dSArKQ8VnGTb/w5ysyEppF0OeV/N+BCR7qZIeT/
yU9vuMwaXN8DuX3UiUlBpMpEzScoQx2JnYqNrGTgU9KMfEd+U8Sa60KTOI5ArZvXbU6kFrO2o8wJ
qt6kUEmH8tfnQAN+SNrKhhJ4y7vcMT8Q7N58fltBVI0IJzaKT1+4Ohu9VqQsvoXaFPnzCS5x6SgT
UuVpBfgnBfXLstoU2CufdKTUCVCVSgkgeph70KFIGHofumNcD/VGIkpFKbxVyPqiYyF3+u4y0wWS
W4QptagBwF1c1JlBfhiVMCZPgJZKmZNyV0ZYiiinI7IgAKmIJpnu46CAzIRcVDsi5mJYQarjiTLO
6aLh1i9pVirrbJ61opXx5clQU4qAwxYRuq3p/zlQi5E312SXrRSFGE/KKchEFBXkBTU+AeylbUsk
suT4JU9O3u1YcCJnsFnvwwlJyZziVl81UoQ+GllBUcUwxRjwRMoZ8vBWy6hKh355qAH8oPK890ok
6bZLYYstfTsi675YuMEE3Oqh3utb6HjUZ1iaj0yZSxA869g5N2jYdgFknchxWrCku8HgtPVAh1K3
eFCNgUCc6jk84w5XDbufhbVly9u6kcF1q6CGkPMRTSV7t2j04ZAsGNBRQfPTG0RIYKzj0CGH0aas
EfCh2UelaTaJm2m11czOmFU3juqgZU2ePGd1v3HiOUSubk78qJ26H2LKsVumG32+bCSvsjrcaf/N
MaeJW+yoXbFBa+ORZV460dJqThlcUF6kuQvfMLrRXcqLUTfj471VubrKN1Nskyad1I3sUmEFqd96
nJhjBoFWlE/TtL6Ut4JGTmk+NanzS4jxCWMTJIDa/iIWM0iWjiUuOqYsSJ2WLPFWek4nrSmoOF+1
uIJdjaSuCjJdMumRJr5wpgcxpGAtG6DYQdu/ENLXYyhDVf6IMcZvZXYDd9Qq25pSnlEy76gUx6D3
jPcxepw0q84zJM9IBir6dftIOt2vr0l9x3SrukbSt0Sipe9bVME8w4z0Kg7f9gZL+5ykT+worBhH
NvFrDnKQeMrcYYV7XKWnLxsi/B3P706qjUr/m23OngCmbDW82znZj0RiKC8v88vPvd93C1KNtK1x
Jz2PWPa/1VZaCD6QxGyRJBSQxiGXoTsSMVzflCGF1RCGZmhsYU6pMz51hhAjk1WM5xnxQ1/853e5
AyHMwxJYslVEt3SpI3LHlHJf0SgKwSYoCCB61ljxIx5YRBUrkyxG1lhLEhNZdVee4zz78WAmCD84
Ejz/51bz9zKVljj78QmM0RFukTcLmHktsj5UYi9aMxoQZSXHNGVihD8ZWF+AgST0MSUGhCQ3EnSR
ZReEFxIuUjAgMoPZIQZu4EO6dVSj8WU/wjOLkyuR9YGFNIUNoSdfoSmdQx0msTGBKBV+8W4N/wM1
jeBgy8V+CmESIzMlgwIVxTFRNeFv9oR6euSI7fIWpLdFn4ZGGtgwvhIiLJOEYQh+Kmgl5iEmMJIu
7jQmaQMmWZiBA+VDV8cyaBI8l9gjtAJmAVhMnNIt2MEYVdMuXlEqK9MSTbIZr4YvUtJ9Z6FckyMj
EzNmhvgzooEs1FKEuhY8FDQ2fuMvpnhst4MT+bY4vZcqBnYjz/ggEGMcR/ItaIFfxyYlZqYQYnJG
JpN7MbNjr/ckH9GBkYcQ3KhjX6cvOJgTVig5ByIXmyWJAdISdrJwCAErCoJrKtZ36mItDTEe76gv
KVRt7GePBcUeBMlBdRQWZOFHS5Mi+GOLY/+GNzYjkLKnIIrBklg3iHvCRf8oc62yD07oge0mIk8y
EKIIEfW2gAc0PD2SjuZybG9hhuBoGK9yhkS0kAzSZpuRS7UhEVUGitQEed7mJMMHlvcSeS8pOaaI
XzPmUYahk2PCITV5PlHIYzRyb12CiqEGkg4hJco2aq0UIwoxMpnYhSrBG0ckgOs4INCiKeliHrHo
Rw85MgHiiHkyEUVhHp1RGWqRUMVjEJlFJk7ClpCkRdxRlBYYZmAngN/hXXe5k/xyFWY2XYjSNJwp
YmzDQKkxHg+CjaBxlKN1WZTWk/MBIpnxig0hIHSDQCPxdcV4TAOoFx/DmeeFfMd2NAyjhW7cYjA/
gXkN6S9MAps+QYxUqBB+EWNfchRm92ATGYCSkRk8IXr+VRSnAWBY1i6KuHOM1VEJoZ4W8TH59FVU
GZhuF35nMSeiYZjnFXgKRCDbWSGNcjadI4UVykO4haGDuCi6aKAXIYX1YqJ6c4t3FH8c2iotdosT
NTfuhGLnCSRfMjpI45xpUZHtWRABGhET8h9r8R84yIIXYRo8cY1mASIf4ponkV/ZKaQlihEqWKRW
Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7=="="c:\\Users\\1\\AppData\\Local\\Temp\\2590940263.exe"
"LvKhfngtapoline.info&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnPgwU6ZJky5ezEix40Rl+0B6DDmypMmTDZVpzMhypctJ
KCFCq7dQ5EGbMSHizMnTYyY0GFsKXcnR5MyByupBK4hTzFKBTnsqI6Zsp0KcVntqLbnxpUagXbMK
rEqQpkExYgaivflxqluCIm1eRCh2a02Sde/qjAiNGFCWQ1miyaQM5sAbatMONOuwqluqdXFazISU
pMCMlO1KzLzvKULPBkFr/szUopiLaDVaxDx4ks24kMlCnMy57Go0+4iltLuTMzFimYCrBP4bskLR
o5kyNisGN0LGhGMD9zrJDeGbxBNiJqg7eUTDDqkS/w8enDhV8sM/Cc870HlohiAR15TO3qDX1UQB
z+WuDDlb7/uAt5BFAhFI0VTokSfceJOYN9xBjO2TyQ31iIFYXI+xl9VyA9EmYIEaBdhVg24IpV9C
9VlGEWf1EQjNdo1NNFhnHQqH3nBoNedYVX0R88lBSyXVH00gObaPUkVKCJyEH66mUG0Q/iQUWAtF
OFZEmViJYoHdMTkjUw55ZpVKMIkUJE0zOYaGGEmNVU+SElpk3m/q/TaceMO5ZSBGHbYGZkFQjvYh
Q4M6ZBGcGSkF15FpFukokQESdJRZ4E3VF4JrQQjSURNNV2RwKhV2UXGhoneej12SBleKA4kW1ZUL
Qf+TWZFK1TrTrW+GZNaSrYqomIoMvWhQVbpxatmaxx050WQEzYUfqwKhGh2opqL6IHEgoQlfpCrm
FWhEaFJlEEsMpeqaW7I1qxhGYmn52nsgQukSd3rxKtFrVZU33niMuTcuQoU+BBp5B3U1bHO5ORYw
oGiBtpS2ylrWZq/RMlsQZoNuSleHFD0F7cVl7dPcwt8qpKV94h6E0XUSZtoeQ6kt3OywndHELJ8D
tZRQqkiptNLHi1WW0EUqFfTrZf4iVBtWulYGTSNBAxunxBcfiuzMYzW3Zlo55pwZzxwPO13El8Eo
0MlLhzTJDWLEEEPbN8SAhqJSCyTaw93itx8xoP3/ClTS2kEYLQAGnIbG2ICrHChok+h4tkCJb42G
G1qn9VNuBoFNsMSqGbaRv+/CBffbN7BNOs1XXSYqR2Z5PC4asENUT8lL3QBADLd3edFgP3mo93QW
mfVazNZddtYkkWM0mDJawxpnoJiBtPg+f4PHszKlo8V2g8EBVaWyg83OUbsFEgS7Yew6r3TUZcVg
wAoAAJCJaFATlDFImE2WqDJrjqqaams5WshyJhLD5eiAyAvK1CzjnwLlDy1retvbQJKqvlDPZSHp
XSZK9B8gdQcoaTGM7eJ2OPU9jlvvEQMAVmAAtyEkaQJqDpuiVZTDvMp+mUhNc1RDDIzpzyIgZNsO
/9WEBraxDYQhicuVmAPCyuHnBly4gVs8I4bGiYQo3wpdXfzyK5gQwwBccJvbSjYz5FSFhbcDAG7e
9KY0UY+NIJmb9Kp4A90osUjNIYaiiLSWHBLmTP3By2Mm00MLdQ44yMvR4eSUETHQ5G8IG+BAJFjC
AMkQPzXcVs+ch7z9UE9CYhzdyRgnqWalEXcKEaCEBkIMCNonSw0jyNEUY7BhEexcW8uIHUWUSK01
7nyTmR1thqm/Ir4Nds2xWWaWAjbBoQ5yMtxJBGNwAzQow23yGVDUzGI73AGATXx74b8KtDWykXOG
UFnlDZvFJ/JA6XBrS42XkBnP0wwLToCaRCOa+P+20wDPh//zoYCyMrfqBQg3OJkENccISrltaZUF
m8QKWxiD7tTDOCdcpP2QIsODyDM1lAnhEp/SPU/iJzdFvOSgiJG9xyyqILOrRzWRt4/s3SCRGVkT
TAAD0WZthH85rWL18qdLU2KzgAw9joD6RjjcZdMz4jFfbgz0K+ZFUpY5MlDOhGYVjVRxhyFlG2X+
YjeoyJNm9Vhj5eASxRgkZDBCBUvAqkjTg5LkqmozTdy2J0K3NRNQJ2Tl+7zpmuBQLINkcQ9hTOrK
x8GOTAQSiXMWa8lP5dCBcrrgVXHjPWjaE3L4GdmvUjW7uKHTUNWLa3vqKjKr2LFtbjvaF6nJkNn/
pUU0mSDcCrM51b9WRZW8C0ljLbQ2w1hpOlw7TYjMyUrU3LRL6MMNS7c3F52CbkzXnOCfIGW+BFJv
Lgn8S0edZ8e4ua+CxMBm6tQZ2BW6T34FE85BrDkVVj4vNfLJI+xgBzxu+QxQWn2QWRETzsatZGsy
jN2WjkIZq7qVIQbFXBxp2pqrkiiR1jQvNaFDGYnelCGccU3O3rtC9ggnQopxjLCQBkEEK6k2+XsT
uvCkG9ZOxkLKLQxUOKtIu8IKJ7u0CTWlCKYk0epWhfGeTW4qV/UVZgXm7aRWzVsf8PgLdyx8W0UQ
pDqqCBXDjTtNYZSLJ5YsBWp18aS9yjkWKa0J/zhH7E4iOxjktp0mV0n5m3aki1WDLM+4ew0leL4q
xobUZrK4M8DtlgmX2GQILFTZb2KIyKYcLtJi9svKVzSSqhxKEZnd0R/b/LKdo2SrUUaGCjVFu5Bf
hg2DNEOeGMVogL2CJxOrNln5ZCmyFmbZISNLGjhF5pydjjmu7txlhySbU09Gi4o4TlVVaqW9mjFX
awiaDnG2RtvnEHsSyLmsrlUya37OWgzASeqArCRRNK6gwYGFCDJxmLNqVrEgv+nwT8TnbHxvMkdp
MgskZ5pTsgr1c8gDoR9xLUQ50cZwOVUeRsS6u79UT8EqXPWKLxJoivoVPqEeSAsV7b7u7vdv+/9N
YHgTOLIE9k4wksvNeXgHvHQZWSkXKVFrkDfqQFn1apTCtGkkfjG4MUaBkBuPw/s7NGzGAH1ngW2t
H7ylWd3Om/CLwQoSB5FM4eak7sGYouCULWXmbE0aNZdzDx49NMhtJ0+ROGvbEzuQDNmtyPKMgb2t
dMI8UIzFbiC5XUgogbgtfu7zJoU6gtcAJYkxqc6cqITby4otxJAQnQpahuJVPVOprPYDiwTlhucJ
UZML8ApbD80FlOHIKbjmcxvXAXvNNJ7SAH+FWVTIIr2V6f0ha9Jxh7RKF7S8rZenYSbkOkvMocy3
cUa0cyjfBqXWNbdk9f0kgJGr7ieprZvva2H/YRqYK6b0cWXOVuXCEuwe+hYNRLyKi6UHg0icPNY9
itmVZUwE0BxaaMg4Vk0b8zy7VhDKN3tnk3iGkk8i1mFCAya5AhYhBj1Cc2iNBSa65FLDp2x+dlCN
Y19qYXnmpDw7Ny4HtHmqwRT2UoBBQxaqBCiFBmIL0R2q5DON5H9Xkj9+pINB4SRo94KNlhkJdlGS
0SZP0XLzUzCyFEirxClN5kABAxR6h0k/BB6GUYQyAxVxk4XG432QIxjOdjXsFDEiAR1oxzvc8z8u
8U8O90NdsTthBjIvJReKoTvrdDleYxiuYjOeEm8tMRevkVYQdl6GNiA641H+EnekoTBKKEmH/7JV
GxNe2qZBVHhSukGDlDc3ZXEUg7ISkrIk/TY0M5MijRMDDQQyJxMtUtVn4wITrhKHOWNqkKgiV0gp
YBJhY0EszWUvm4cWyvAJwdZZ7CM0/pEv8bdjQLhRYyFisjMfh5WLrhKCBohCxDZvQFI/V0IWZhFg
rQITwZaF0KCLoLWCEpJkCPWDCKgsFDQt+pYl+KRn2oRQMVEsw9hTq6g41IN2wDdfC6REImNpenFP
58ElmaAeyNMlNfYnWIEgV1Qw3lN+l5EpEHMkwpd7LyWD8daQ/HgWaLBPFLFGzdJMO1Eop3gQPSQS
yjMrmJNO2GEpBLkwurESoiFpHUgjAqNNXv84gsgohh4hj/YoMsgDkd6WiiY0T7JxI1QUJHjCHcQn
boDFToOCRJADgkX5HaXkb6BHbJFERrWlNLVhJVlhJhIxMoaViyIhHg32FoBCjuqiKm1WQwInVELj
Ls6kNKKhRJTxSBcIE1yZEBMpF11iE6ARllOBlizCPnLZhUyBLvkihPEygAJXN0WWUxeDREDTas7E
Js1jH5XSEYZpUaf4MW+CllPRetGBIOgREhgVVXEyNt8xKCdzRRjBQWe3IeDCGUenj2RkGOloKJlB
N+uVEHe5WrO3IKGSbcSyI1DBK2KyGMihZFiSSWlVRUdRkqKIjOBGL1GTSVw4IOSjLHhTFw36lHB0
YRwIeJe/pSQWGVEXGW8i0yHZaRNzZhBE2SeNhzX3KI1+eVgz4WyFeZqQIR6fIGMB+hjicR4ulxSg
kiHJWRXWhCeOQWPZBxVksRrp0mq9KT30qTI8aRLvlEULQi10cirGISf/uZ7t+UJf0jMXqjLTSBfo
Ak47YiOkuR6xgTwZAqGiwqCEwaCQgXbnkReFSWPRsSDYQio2opjz0ZeaBDDu0aCz8ZFc4Rwz2ZO9
eZVPGRzWeYpiMjEewTT56EXi+BGMV5W78SH9CSDwQhnTo6b/EXfS1aJuypIegRwwUZ+6hhee2TGj
kRdPgad5WhKA2nV3kWpG2BABAQA7"="c:\\Users\\1\\AppData\\Local\\Temp\\user.exe"
"LvKhfngtrfuck.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEhxYaaKB5Vh3Mixo8ePHIllEplpZMmLEVGCTKhy5UaN
LmMu1KixpMGTJkuSJIlTTESYFIntyzSppcyJQI+6TCpQZ1Fik4RCJMYTZ06rD5MqI8lUqUNlYrR6
9SpGDBqzZ8+WLau2rdm1b8VMKjs3Ll26J4tazXtVLrSBmbqORQhWoOCPaIj9HUzQZsN6ypRBi6xM
r1GChw+KFNl0ZNSRUPeeZEsarlq7dk+jVp3WbKOzNyYBzYwZIdFJg9EQPeg4IhrKlDUnrMdTIWVo
kJMrSz40J1eTm0/SVuizI9WrOwNvVlxw+eKOOIvW/+tsMOn4grgJEou8fn3X0Jf3aRQa+fu+T5w5
QqvqXKd/6ABGd52A2gGo0klfDSQUGpOkBxJRt10WWXqLnVedQu1tFRlE55k00GyNteefMiaR2N5m
WxGDn4pU4QcUTtlVVRxBFwqk1z7nOcRgJrp9NB2EDX5o1F813qSTfRqCFmOAI6Vo0iSxkejhUUU2
JCNO9diXEDST6NYgGgJJ9ZGYBuVoE5B6bcfifyg2GRmATC133HqByQcYhDHcQCZCWlJU3XSHiVGS
gwLlCNSOPWak6GPdhckkjNCph1NT+0Sn6HSAiaThcheBKZAYeW61UI4UQXMhpgVBGFZtBBXFIKEJ
Sf9GKkZ7MtTbPvsB1iCEC9U60GL5DXRjmJEZAGqYBSH3F1B9OlRlrPLVg2BCXVY7HEGGfohtQxUa
FpFPPCo44UDV6eVqeQppaZN9i3FxQwzAuUeqVOehWpBPi01XlBv17iPGX1/uVpFQs/76UL5bGlQd
SUU1lRSYRkF4ZrK8Mbjth8rEEEONW022KZ02+krdQFmy1LC39TAoKKzpzjQqQgXb+ZBuIzWWKUxg
PnsnhJ62anFD7/asrUHuKfOJqH1qWSSZAAu8j2xPT0KkwYziSHWYCBtHcUFSxVnoaNRKdZGYQl9c
qbC7BukQZBtf+N2ejqmkoXu13jD01zcyCGZXKZv/bVCz2C4G+NUEfUdqyUPvZCNDDY+tEdQW8eZq
DA6e1a18ef4m3NNMOW0faBr5lDEA9Jn7KstCfaczYYUXql7MfudIKkxJTUrjQ8OCVTZvxPRM09Pv
xhChSIgPxQXlMjdmk3nkJVTdDQAIf9LPAilb6GS3Y1qwnF7fzafr5XUpF/UF7X7Q56qK0TV64Yrs
rxg3FDmoTu+i9CJK6w130XhNTk0UANEzjIN+lxELeQtX0JJPJuC3sfhBzl7pIsa7GDjBVX3oVIUb
T7OkFRi27IYmagOMwjJxgxXUTyOQKd8ES8K/TMxKKs0qiTIACACJQQkAK0gKvhgCkwulsFcTzFMQ
/+NXs8G1qlr2mUSeQAWXPFEOJumZznk0OBA0qEUo87OJbOZTRbMoyIliGg8U8yQ2ICULhQfZVQxW
UMNw+QsABqAJzhqxrb8YSiN2e0gFBVWpBcYvfkCBneQY9EcuaK56CxSDsRbIOmfFTwxuyJ/PyjK2
sxyEgYfEViY2NiVEFuWTZwOY3tJzFgCKaYYAwE3BrNgrDCbvXky8wUV4ZaOgMSslG4uBl27TIC6B
KjYQ6RNY1uKp9Q2zS4M62b2WWB4SCs87P0yKuWg5lIahAYAXmgQAJUO78j1rMaujUVhu8MhbAQZ+
6REkYeCnp1fayI+GPAlJFiVGYblFUBcR1VDi5/87G33SUxl7F3cUBKoYHESMPCJUGaclBgDKUiAA
NCiOllWwPyksTjkqy6c4uRD4cUEyVnvIJg2JLIRo9Gm85JGH+iWQHe1DLcq4QWKaI5/W1O4muhGD
uyQ6FFyV5QZQXJmn6rkYL6WqJNADAGSUwUaA1gZToovLr+DXHDSQ04cF4Z+/gMmhrfIUJoLDEcSo
pbfbkEiZykjLUDQ6F9CspVEJCR7lElXQl14mX0XZEKUKVR0uAFBlANwfugo2HrNAiUGdw43AysLT
a92ApBDEXPwOqDCJIKpaDaLkWuVCEDfAryv2u9gfP9kgchr0h+xzIauW4y/AYHMfBogBDnfktIn/
+ktvaCHX0AaV1T82EntQopxhzXeT+BkTfFX6TmLj81K2FAV+LamLhJ760rlorJ0blQtRGARcQjFF
L3b7HRzhRUM45ohmeskMMDXUuKcKlFWfQsNr5jLZg+2jEe9KEnvetB4Xaeo6czPRVkCjMKuSki5e
cmCTkocS0joISp8ViBAb0yBkwoop9bRRQwHQUBPScJogNipBaFsWFPLopMALS8rOssC5OLW5jR3V
cuL31aaA0iLKtAx0pETJ9lhRUAN2Lo9E0iD3aMdFBSpoWDJWYhENZb+ny2fixAY9NtZwH7KNLYl4
Z5lP9uTHlmxpXHTJMlYxMyIT9Bi53kXEWpVk/3d96lJzKTmaVWXCs3bWFIlO5yW9GoaBinHXQ6sX
reTtpzK9zFBgjEaV8rZnwyvQjj4prLLWjK9ao5xfnmw4PwVVip+UPR+N3jXRpS7QiVe9yK4Uch4r
OsgsssyoYRMpSwgN+E0FWiuaNvmuScS2zL+aT1GhVhgF4SbLF0KDbGeLnNDhti18PpDExCTBj9rG
MjRGa0OYyMVPcYqx2vVe+eRcOLp417iJ/A3B5kdklUYHJUSh8WO5SrKBzLc6f7IgAgUFG2y+5VMG
wOFFTOViufAbR4GsN3skRsL6JkQkoFbnQZTdzh42hpN+rvewEUIMs9haO3Q27K9qRiw7gRhIqP/m
5KV1Y8W93XZ847NTCmGSicCOWIk01OitWEvA7tSqHvRFprREhzUmuq9MFwSkQXIaYfkER1iv2d56
4IdPb6rFboEhOdduJT7Pdqltuhylp1Rpxk8tpJQBP01aam5KYV2kRj8EFnN9Gj/+Be2DVO+ZESd+
5uriJqYby0haNLKfAkny5RHrUjmH0ru0dGmU32ZldS3m61UJqNk3cVVCwXzpyixbavmpSWC0VLYK
sYchEiRipUoMY46GFCLDFB4fhbVpzFhrqfoELfw6/qXhpuY1R//NoMhnR6rRPDsv/XG1VrbABar1
XQDI5MXk5K/Hlcc9hOPaH8OSOXB7ippr+zT/1ZXpUaDMfsQwf7zy2UKzPZ0mVZ96vIvP1lOGaPA1
Yu8Sc+L/b7TNBZu4sXfdQRPB4k4chwY7tRZXRVwSURkTxGY0ZlgeJ4Etx2qToRPmk27+8ngHx3Hv
VGAudhZSI0YElBZrZyLNIUMiVE1EoV3VwSV6UzZ14i1yFFKHURns1Gt7IoBU8xd6g1/v4i4JyIC2
ok9Al3FowU8yyFdqcUC4NVwH1HNP8xaJsRd9pCSh5S1U4SX8Rlq1dYXMRRMkaIBhsjF8E2owA1fn
ZBYQ9CKbsXRdwj2fYkE+cRrO9zQxGHPUBROt9hZSY3YyExVethcN80+TEEkLgUxPghsNE3Nj/7gt
rHUvMuU3LgM+r0Ru9dYQC1ZF6kc+QoIGKTNcmGYtKUgsMxcaBfdjc1cpDcOD82Eg4ZFF19Epu7Ij
IURZtAEWwsMRBNR8D5EjmkJfzrc76eFxLcZiBvcf0oE9zNFNaOFFtvJmCfQ9IfKGCkJkr5JFnMZy
mHh2s8eD1IFYCLF9VJcp27U6xKSKpFhZPAcZtRIXYaYr1yZYTjce9hg4GSZzCKE3dOIGmphGYgck
4XFjP2Ej4ihuEwc/sHFPDgRz2/U0PFRoMvcm7GdRJqMr9CiRCDQTkYhArtZ/tTMjaRSGX+Ml2agr
uwIhhzdxRPhwM2iQo2gxqlEacDEyyeeHdv/kZ0fXaZiRcVuzj6N4fQpBFCYSMaqVIP8EfoCzjtOo
IKPke74hiVRnGs94ExijZuBDSyfzdGszjN1oiZP2EDJSf1H4HkDpicgBjVmVRlQIcy3ZEMBGGv4I
iKfxSFS5N1LCQgahTGoYOuKjG7SxGC+JkJqYE0PTkWRYES1Hha3xlpYlZosZK4jpPDNpVXBRHUfZ
GJcGbGooH0fXmdH4X3KDhpbVCIZVF/FIEbcEgmqpNR0xGdiTd1MJF3nEIfokTByhVTvjdBVBlddi
fwzhFnYjNOrUFbSxPYhpRds1LOgnm5fJeu4IOM2CmBBkToYhcQXRNgwomHoGOv6hKU0yIunWhmKt
spGEyS0ctyE/KF/lwUGWNU7POZXgIxiZwVJuxzXYgy6wtxEw6IfBuZYUky1Il5BuwJQDuhicmZ4M
oZD8pIA/FU6vhx42aDWR9RGkkaAIQSgbBBEUiKHR2BBhyREPOqINGk5aUaEU4RYbQYSZAUWLWSco
qj+DCVbrAY4rYZnxaZeeJjMSpyX2SUytKaIgSi7O14375xIF+GSMkYbU+D4yVY6/aB8GF6TYCRGr
eF/KGaTEYqMYEUWfuaQVwYONCaEgATssZhFVihG4mYlgGkwDShABAQA7=="="c:\\Users\\1\\AppData\\Local\\Temp\\svchost.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-23 19:11:55
ComboFix-quarantined-files.txt 2011-06-24 00:11
ComboFix2.txt 2011-06-23 01:06
.
Pre-Run: 208,468,725,760 bytes free
Post-Run: 208,413,065,216 bytes free
.
- - End Of File - - 2CCECE240F9D2B2E77758F8EB33EC906
 
and this is the TDS log

2011/06/23 21:59:08.0518 5948 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 21:59:09.0340 5948 ================================================================================
2011/06/23 21:59:09.0340 5948 SystemInfo:
2011/06/23 21:59:09.0340 5948
2011/06/23 21:59:09.0340 5948 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/23 21:59:09.0340 5948 Product type: Workstation
2011/06/23 21:59:09.0341 5948 ComputerName: 1-PC
2011/06/23 21:59:09.0366 5948 UserName: 1
2011/06/23 21:59:09.0366 5948 Windows directory: C:\windows
2011/06/23 21:59:09.0366 5948 System windows directory: C:\windows
2011/06/23 21:59:09.0366 5948 Processor architecture: Intel x86
2011/06/23 21:59:09.0366 5948 Number of processors: 2
2011/06/23 21:59:09.0366 5948 Page size: 0x1000
2011/06/23 21:59:09.0366 5948 Boot type: Normal boot
2011/06/23 21:59:09.0366 5948 ================================================================================
2011/06/23 21:59:10.0325 5948 Initialize success
2011/06/23 21:59:15.0218 6116 ================================================================================
2011/06/23 21:59:15.0218 6116 Scan started
2011/06/23 21:59:15.0218 6116 Mode: Manual;
2011/06/23 21:59:15.0218 6116 ================================================================================
2011/06/23 21:59:17.0355 6116 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/06/23 21:59:17.0651 6116 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/06/23 21:59:17.0916 6116 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/06/23 21:59:19.0835 6116 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/06/23 21:59:20.0038 6116 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/06/23 21:59:20.0241 6116 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/06/23 21:59:20.0490 6116 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/06/23 21:59:20.0646 6116 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/06/23 21:59:20.0849 6116 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/06/23 21:59:21.0426 6116 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/06/23 21:59:21.0660 6116 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/06/23 21:59:21.0894 6116 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/06/23 21:59:22.0128 6116 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/06/23 21:59:22.0362 6116 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/06/23 21:59:22.0690 6116 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/06/23 21:59:22.0908 6116 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/06/23 21:59:23.0080 6116 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/06/23 21:59:23.0314 6116 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/06/23 21:59:23.0642 6116 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/06/23 21:59:23.0798 6116 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/06/23 21:59:24.0016 6116 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/06/23 21:59:24.0297 6116 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/06/23 21:59:24.0687 6116 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
2011/06/23 21:59:25.0326 6116 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/06/23 21:59:25.0576 6116 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/06/23 21:59:26.0512 6116 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/06/23 21:59:26.0746 6116 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/06/23 21:59:26.0933 6116 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
2011/06/23 21:59:27.0152 6116 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/06/23 21:59:27.0448 6116 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/06/23 21:59:27.0900 6116 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/06/23 21:59:28.0134 6116 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/06/23 21:59:28.0415 6116 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/06/23 21:59:28.0649 6116 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/06/23 21:59:29.0055 6116 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/06/23 21:59:29.0523 6116 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/06/23 21:59:29.0741 6116 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/06/23 21:59:30.0006 6116 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/06/23 21:59:30.0131 6116 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/06/23 21:59:30.0350 6116 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/06/23 21:59:30.0584 6116 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/06/23 21:59:30.0833 6116 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/06/23 21:59:31.0083 6116 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/06/23 21:59:31.0286 6116 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/06/23 21:59:31.0551 6116 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/06/23 21:59:31.0878 6116 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/06/23 21:59:32.0081 6116 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/06/23 21:59:32.0362 6116 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/06/23 21:59:32.0612 6116 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/06/23 21:59:32.0783 6116 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
2011/06/23 21:59:33.0236 6116 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/06/23 21:59:33.0719 6116 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/06/23 21:59:34.0140 6116 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/06/23 21:59:34.0546 6116 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/06/23 21:59:34.0780 6116 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/06/23 21:59:35.0139 6116 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/06/23 21:59:35.0451 6116 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/06/23 21:59:35.0763 6116 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/06/23 21:59:36.0371 6116 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/06/23 21:59:36.0777 6116 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/06/23 21:59:37.0042 6116 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/06/23 21:59:37.0276 6116 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/06/23 21:59:37.0526 6116 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/06/23 21:59:37.0806 6116 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/06/23 21:59:38.0118 6116 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/06/23 21:59:38.0430 6116 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/06/23 21:59:38.0696 6116 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/06/23 21:59:39.0117 6116 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/06/23 21:59:39.0320 6116 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/06/23 21:59:39.0538 6116 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/06/23 21:59:39.0772 6116 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/06/23 21:59:40.0037 6116 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/06/23 21:59:40.0318 6116 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/06/23 21:59:40.0552 6116 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/06/23 21:59:40.0724 6116 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/06/23 21:59:40.0926 6116 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/06/23 21:59:41.0160 6116 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/06/23 21:59:41.0566 6116 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/06/23 21:59:41.0925 6116 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/06/23 21:59:42.0440 6116 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys
2011/06/23 21:59:42.0736 6116 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/06/23 21:59:42.0939 6116 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/06/23 21:59:43.0110 6116 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/06/23 21:59:43.0360 6116 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/06/23 21:59:43.0532 6116 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/06/23 21:59:43.0734 6116 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/06/23 21:59:43.0906 6116 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/06/23 21:59:44.0093 6116 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/06/23 21:59:44.0343 6116 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/06/23 21:59:44.0592 6116 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/06/23 21:59:44.0795 6116 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/06/23 21:59:44.0967 6116 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/06/23 21:59:45.0294 6116 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/06/23 21:59:45.0840 6116 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/06/23 21:59:46.0152 6116 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/06/23 21:59:46.0386 6116 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/06/23 21:59:46.0620 6116 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/06/23 21:59:46.0854 6116 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/06/23 21:59:47.0073 6116 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/06/23 21:59:47.0276 6116 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/06/23 21:59:47.0478 6116 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/06/23 21:59:47.0759 6116 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/06/23 21:59:48.0009 6116 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/06/23 21:59:48.0227 6116 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/06/23 21:59:48.0414 6116 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/06/23 21:59:48.0602 6116 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/06/23 21:59:48.0804 6116 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/06/23 21:59:48.0976 6116 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/06/23 21:59:49.0179 6116 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/06/23 21:59:49.0491 6116 mrxsmb (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/06/23 21:59:49.0725 6116 mrxsmb10 (e593d45024a3fdd11e93cc4a6ca91101) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/06/23 21:59:50.0006 6116 mrxsmb20 (a9f86c82c9cc3b679cc3957e1183a30f) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/06/23 21:59:50.0318 6116 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/06/23 21:59:50.0520 6116 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/06/23 21:59:50.0754 6116 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/06/23 21:59:50.0957 6116 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/06/23 21:59:51.0176 6116 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/06/23 21:59:51.0488 6116 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/06/23 21:59:51.0737 6116 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/06/23 21:59:52.0034 6116 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/06/23 21:59:52.0252 6116 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/06/23 21:59:52.0455 6116 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/06/23 21:59:52.0751 6116 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/06/23 21:59:52.0970 6116 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/06/23 21:59:53.0266 6116 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/06/23 21:59:53.0640 6116 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/06/23 21:59:53.0968 6116 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/06/23 21:59:54.0202 6116 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/06/23 21:59:54.0483 6116 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/06/23 21:59:54.0764 6116 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/06/23 21:59:54.0998 6116 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/06/23 21:59:55.0466 6116 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/06/23 21:59:55.0856 6116 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/06/23 21:59:56.0090 6116 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/06/23 21:59:56.0480 6116 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/06/23 21:59:56.0901 6116 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/06/23 21:59:57.0291 6116 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/06/23 21:59:57.0525 6116 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/06/23 21:59:58.0227 6116 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/06/23 21:59:58.0514 6116 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/06/23 21:59:58.0727 6116 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/06/23 21:59:58.0946 6116 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/06/23 21:59:59.0137 6116 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/06/23 21:59:59.0783 6116 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/06/23 22:00:00.0023 6116 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/06/23 22:00:00.0216 6116 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/06/23 22:00:00.0484 6116 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/06/23 22:00:00.0671 6116 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/06/23 22:00:00.0854 6116 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/06/23 22:00:01.0341 6116 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/06/23 22:00:01.0664 6116 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/06/23 22:00:02.0363 6116 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/06/23 22:00:02.0887 6116 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/06/23 22:00:03.0261 6116 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/06/23 22:00:03.0575 6116 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/06/23 22:00:03.0921 6116 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/06/23 22:00:04.0491 6116 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/06/23 22:00:04.0990 6116 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/06/23 22:00:05.0285 6116 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/06/23 22:00:05.0541 6116 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/06/23 22:00:05.0846 6116 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/06/23 22:00:06.0226 6116 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/06/23 22:00:06.0761 6116 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/06/23 22:00:07.0022 6116 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/06/23 22:00:07.0180 6116 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/06/23 22:00:07.0390 6116 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/06/23 22:00:07.0635 6116 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/06/23 22:00:07.0901 6116 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/06/23 22:00:08.0106 6116 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/06/23 22:00:08.0352 6116 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/06/23 22:00:08.0721 6116 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/06/23 22:00:08.0923 6116 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys
2011/06/23 22:00:09.0154 6116 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/06/23 22:00:09.0306 6116 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/23 22:00:09.0515 6116 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/23 22:00:09.0745 6116 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/06/23 22:00:10.0056 6116 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/06/23 22:00:10.0333 6116 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/06/23 22:00:10.0656 6116 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/06/23 22:00:10.0891 6116 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/06/23 22:00:11.0108 6116 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/06/23 22:00:11.0419 6116 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/06/23 22:00:11.0641 6116 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/06/23 22:00:11.0820 6116 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/06/23 22:00:12.0035 6116 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/06/23 22:00:12.0225 6116 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\windows\system32\DRIVERS\Sftfslh.sys
2011/06/23 22:00:12.0488 6116 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\windows\system32\DRIVERS\Sftplaylh.sys
2011/06/23 22:00:12.0687 6116 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\windows\system32\DRIVERS\Sftredirlh.sys
2011/06/23 22:00:12.0865 6116 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\windows\system32\DRIVERS\Sftvollh.sys
2011/06/23 22:00:13.0121 6116 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/06/23 22:00:13.0343 6116 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/06/23 22:00:13.0513 6116 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/06/23 22:00:13.0702 6116 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/06/23 22:00:13.0947 6116 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/06/23 22:00:14.0229 6116 srv (4a9b0f215de2519e2363f91df25c1e97) C:\windows\system32\DRIVERS\srv.sys
2011/06/23 22:00:14.0410 6116 srv2 (14c44875518ae1c982e54ea8c5f7fe28) C:\windows\system32\DRIVERS\srv2.sys
2011/06/23 22:00:14.0613 6116 srvnet (07a14223b0a50e76ade003fdf95d4fec) C:\windows\system32\DRIVERS\srvnet.sys
2011/06/23 22:00:14.0942 6116 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/06/23 22:00:15.0221 6116 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/06/23 22:00:15.0484 6116 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
2011/06/23 22:00:15.0851 6116 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys
2011/06/23 22:00:16.0317 6116 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys
2011/06/23 22:00:16.0607 6116 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/06/23 22:00:16.0848 6116 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/06/23 22:00:17.0019 6116 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/06/23 22:00:17.0286 6116 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/06/23 22:00:17.0709 6116 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/06/23 22:00:17.0889 6116 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/06/23 22:00:18.0356 6116 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/06/23 22:00:18.0615 6116 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/06/23 22:00:18.0804 6116 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/06/23 22:00:18.0994 6116 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/06/23 22:00:19.0165 6116 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/06/23 22:00:19.0428 6116 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/06/23 22:00:19.0645 6116 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/06/23 22:00:19.0872 6116 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/06/23 22:00:20.0072 6116 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/06/23 22:00:20.0262 6116 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/06/23 22:00:20.0440 6116 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\windows\system32\DRIVERS\usbehci.sys
2011/06/23 22:00:20.0684 6116 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\windows\system32\DRIVERS\usbhub.sys
2011/06/23 22:00:21.0305 6116 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/06/23 22:00:21.0522 6116 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/06/23 22:00:21.0719 6116 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/06/23 22:00:21.0891 6116 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/06/23 22:00:22.0097 6116 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/06/23 22:00:22.0336 6116 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/06/23 22:00:22.0537 6116 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/06/23 22:00:22.0748 6116 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/06/23 22:00:22.0943 6116 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/06/23 22:00:23.0154 6116 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/06/23 22:00:23.0365 6116 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/06/23 22:00:23.0576 6116 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/06/23 22:00:23.0770 6116 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/06/23 22:00:23.0965 6116 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/06/23 22:00:24.0173 6116 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/06/23 22:00:24.0179 6116 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/23 22:00:24.0271 6116 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/23 22:00:24.0469 6116 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/06/23 22:00:24.0651 6116 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/06/23 22:00:24.0863 6116 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/06/23 22:00:25.0056 6116 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/06/23 22:00:25.0311 6116 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/23 22:00:25.0361 6116 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/06/23 22:00:25.0623 6116 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/06/23 22:00:25.0821 6116 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/06/23 22:00:26.0684 6116 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/06/23 22:00:26.0851 6116 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/06/23 22:00:27.0313 6116 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/06/23 22:00:27.0619 6116 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/06/23 22:00:27.0898 6116 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/06/23 22:00:28.0119 6116 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/06/23 22:00:28.0150 6116 ================================================================================
2011/06/23 22:00:28.0150 6116 Scan finished
2011/06/23 22:00:28.0150 6116 ================================================================================
2011/06/23 22:00:28.0212 4176 Detected object count: 1
2011/06/23 22:00:28.0212 4176 Actual detected object count: 1
2011/06/23 22:01:00.0348 4176 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/06/23 22:01:00.0358 4176 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/06/23 22:01:03.0040 4176 Backup copy found, using it..
2011/06/23 22:01:03.0070 4176 C:\windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/06/23 22:01:03.0070 4176 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/06/23 22:01:23.0221 0676 Deinitialize success
 
Ok good. Rootkit on board. Check Malwarebytes for updates and do a scan with it. You rebooted after you ran Tdsskiller, right?

C:\windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
Click to expand...
 
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6964

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/27/2011 10:03:19 PM
mbam-log-2011-06-27 (22-03-19).txt

Scan type: Full scan (C:\|)
Objects scanned: 225901
Time elapsed: 49 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvKhfngMz1cft.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECFmikixoTJiyjJqVFavosePIAsqC0lxZMJJJPeZTFkQWkaM
MDdqxHiR5b6OAldKzPmwnk6bBSdlmmgQ2j5imZAORYoRIhqhaMQ8nToJTVSg0HAWJHpR5kaaM3+u
zKrTpEkxaI0aRPlTJcGhBDNWnStQbcSMSzNdTKq0b9KpmeZaFTyYqlSqB+GiBRq36VuHfpG+/CoT
rNTFA01qJeq26KTPaAI/zeRzoU5oSvPyFS1VcFWqVW12XIpyHxqRLFcm1Q1SddK/aKMSU8nRa9fj
XfcJFkPX9iQxeq0+zRg16nPY1pmv5swwqUDuvffB/yUoxuNKrQt3z+7s8XlVqQaZDs3UurWbuVUD
Iye+f/J500vZ9VBtyhGEXkOofTaRZgJdBZIyBEK2IHgIQSgddMwV5pp0rtEXmFBC4bTbUHjJJxlC
xIBlHFg0UTSebQQJONCBKqWWmUHlfaRTJrd1Vg80y201HGtzZVjde88xpCBoPEpE40CqpZjJJ5FN
VA+FOVGnoopdOSZQhA69yBOO3+0mkkYKoceZWuhxCNhwdXVUHXMJPSWUVIFheVODGb7WI5TsPfTb
b0j5pMxQYE4SlpffDUQTixdJ1qVZDc02H5xePZnQSmBCpgxzYhj12XehMfnUWnP6Wd5UBHW6p5dq
mf8kVJlKxcVdcZPmeJClBk0Ep0IuHffocENemhF/Hx0WVIQykgefXsRMBViGGG7YnHM3NDJncLq6
kZCVvaqmEDGoXVSuXX8ixJ1aPYoVJrkjDccRagZpqtB5r4HqYFwDmXrngsRcFxValw28Lbe6KilQ
Rz/pteeH3sUl7EtQ3gphS2+B2+pjxI2rV0aGrrQvYzjSR/DJBM9p3Q2XRewinn3+ySmWRqV2a0wc
pSfer5MIqKZBI4HZItBeJZQwbgXZ6yzLKUvFsm0Tvcbjn78KVHXVJNFHVWjQBUbrfJMySpxPze5T
nojR6lXajGJuzNOxWU62aUFHP9TWQ7qCR8wNN8T/wHK63LkM1EgTgY0RiMkpY9RIx969D7uAk7Zn
ljsjXWDcG7V90E83pJv0QWVTlDCBmfQdg98d5RuaSMMZhZNdod8LYZfiOezWSE9lWOHCAuWIaFZ2
uaz45hkFW2KKPdHN75iP15tSukAuGIMYpjN/VHBP1Yz1UcVhNKiCK4tB8cWHImXgUj8VeaEyPeY5
HMMwsncoVzLN1khVVWflkE71eC4eWqPiXaAEOMBNDWUFN+Cfok7ntxisJGXcEZj5BMLAGBjAghW0
4ApiAIAbAMCBGcuLlLYyK4UM6ja4iw0afgQ/jXSEGAxjGBo4CIAP1vAGcKJXQvRHEDTcYEb9smDf
//Rkm9MRMTFiYCDL2NJDv3EBdQcRH7e2Qh8MVvCDHOyb6Rjolg/dZCSLu5KJ5EMa4E0CKUysR2kY
Z7bi8Md3l/oODQFggBpycAUy21WMBvJDhMyQgXULYgz8p5BJNLBvF2zL6UzXFsbBq2NsVMYNkBSa
+UBLKAwUyngywSZgcYVQJJJPZkA2vLccDjH/s+ENfMIUNHTQUQQ0EHmASLcK4rBsf2RiQwx5gycm
8Wk3cmLffrUSwjGMQmhBilVm9B5o/BEA0AnK8g4ilAl+5yJiuA+5BmUiEdZlczSUF5SGkzeMBQoz
exwI9aZ3QV0J6I9H7FUD5znIViWRgQs6FGzEA/+oWB6FGCn7G0BvgEDrTM5/ukFUo+YFUA5aUXxQ
0mSxqsSU3tWwoouzGmdMEjpoHO1u98wEA0dyoHu66luLXCQXhtk4LfYtkF9CVJ5mqkkeQSswrXRo
y6wiFYCacj5flElOEFlBA2wQOtHiGPH2QscYcNNhJvEOeHKWE20lRCumA1Lf/qSVdcZzK/f8JSDJ
E4MnOpWQA9GhRhNSrD86VZ2X6RrYivY4nJCLGAxcAbeIKpXi7KY4ZHHj4w7FQaH9pnz8/NXrzAaf
hphuOAxcrEAIikOJZBAtDeQM3xo4nJM2aivq8pUSf9Q4FpKyHgSrSiN4Qq4r0eeC9czMPWGLhu3/
EY2CNbxbxPQ3Hp00diFqGSmELug/Rn6TIQP1Gw61eLqzpLR9irqRiPjDERKVCA0joV71rBayyyWE
abmr7R9XICPCxWCDACjcrMqrGzHUsHkHsWaNfGuRL+5jpBQ8nUFOZwAGMUQZKZVigHtnut/yc1dY
+g167gmAmjLPcxlVzcBMdsFJpgt3SlyW5OD2pX14kLw7PMqCfiTiZfKLrgSBbV1Myp4GOg4h0Jje
SKMi48pi1m/l4dS33lKbwDEQrZ217/zk+xgsoqw6q+UbAGwrnov1y6IA+EnZzMcRq6iRcWtjCBeH
ql+CMJDJCKnHIR0ovpT+cBIGWOfRoteWqLVN/1Gh+TFjN2eUpYyLn0lMM924lsQOjoxyyhFNTjKx
gigvzHV0VubaBPffLXNEzV1iYOwQYkuf8vJ0VZFxbCf3WYLId6Y1umcC1blQ8RDIMU+C0GtjQORT
XS8G72EahyOqmDp2Cldoso0YJhjVr+bExRoRqZ65HIOIxLiXwzSbRwNsOmBSM6ZEcZ9BZvhBk9SK
pE/+Zq5BW0RWR3BBMP7UyaLCmTzd0FAF7F1Uet2xA19VPJKenN9WMDwAd1lpBVnpIidym72dbp1O
LPY0A10mlNiWGFisJKNCle3bqlNeIT1wHkWiqYFBh4U09GzvzJbu0hSqMccRKTRFgkCBS3LkEf9h
Lqs93DuAj/m43ykhmAI3lAZO/IGA4iGnabI6q7XzSxFy19hcwh7uUG8FF1RoXDDbIzAr7lFwC6NI
nb3i0xFrkaLT9ER0pURNCzzmFHL1zpTu3uZuBkerutFBVsidH8dGYgwly1oIvt8avidP2FXUBdW+
R5hUTCvW/nd8BC9S6lGk2bCOH7x7eUgxpI6IqYETZ34JYiGVbCEyO9YML9gzxs2r3X7UXGZq2OAU
PoWG0+s0p2NkbbUunpBaRIrgI0I9ffdIV2Kt4FBQhpY4qt68RvwWeFxlFDohLc8I3PWPMtEIoVes
O6T/YBLdC4BC8xtDCVuPAIdnTZG7SqSDzIT/UdGqEIADU1f2fukgozpkxh5MfNll8MQJyB2eEhCM
8lobSqqCQKRjkI6e9RlgoikAZlQ1VEd0hFC2UR3YdSYLQzhb1zeuYm81BlOFNGAsByVLdFNEBjrN
QxTN1jRowTQv9VLUgxFk8yPbozhoUhuSlFeZhDT7x3fW8x1S8WMao1Q8kSGKgxKAF3N+c1KGNE8a
50d9s1K3N059UV8/cSWGBFt8s0FWNIX6lRVxBX/1I2450j5K4UN8oyhtMSveIkuPAxq58xlbSH5W
wzv8MxA8NRg5Yzp68oL4RBF41UDl4SEdaBoLsUUZxF8ZhEUqQnRi52nXhzAW9xwpIytEURsa/5I7
BZE9G7c503Qek7ZMYUWDZjNPX9UwONY1k2gRLxYUSsQyTDNuh5EfTEFGoGRJZBQZ85MXnzIJf4Mw
TVMd6lRCGTg5ZTEm5AJ6aaISu/d2dSeB+6MUunhYUWJJy2gzl+KKrugXnyARnNEXPJMZAhI0DfIh
DehdRmMd2HWK3DIwxAMnODGKu0NlQENi93IiC2GBduMTrKQTtQURarFrNiJf7QIh1mIgYyiMmthD
0RSKUcR7UUF0DiFZaRUvvkYym2Icd4M1G7UQosQx2KE73xJdXYQsa0cXxZcesVgl0PiMg0JERKeO
tEQRmpKNEGk3veJZ8wEVbtgyr7GNSUElT//1VFJiPmKUk2gEVPXgF9BYK+kEZipJOfmTGzMRlLPm
EVgiks+4k7JojdaVHrdSQGBEHHhCIAz3EDr3EVrxJAhpHv6xbYwBZn+BH9fSEI7XHZtTRp83Oczh
ZOiYTqxEMo4DN/gWMjXhkDWYlcoxGNpROB5oGkVoamGGbf4EI2xUKULml8DCjpDpPO8oHKJRTdwm
FKOoExjhOQcieoPlbg90G6EBP9wDLMclTgWEbyAhmZM5TUfSJ7shX2qBaOWWkpR4UkFTGz/YYUNC
Hj2iS2XBYTRimgP3mm+DnGajNRFCKDV4Eg1Hhj0kZf0EnR/ohg1XTJzGYY3pbsopnatHMizXFB9L
qIMCRCOcQYxp9U0uiCC9sob/s4XtCWPnyJ3pZk7fqZx5URQBmU7V+SWIJkCBhB6AeSB5hE5sMWnT
5BiSB5r5+Zqo4aBsCGPgSRRqQSA4NzfgqY1plTAXtpicpiZiMygExJrJ86AVUTVN6BCFaIFq0U31
5yz9gqHPuUMEKjY78wkmShIK+qCAmRKN6JOyGGbu5iC4E5A9OiYsiaJM6qPlQ6If0SOodZx6ZBpt
KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw (Trojan.Downloader.Gen) -> Value: LvKhfngMz1cft.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECFmikixoTJiyjJqVFavosePIAsqC0lxZMJJJPeZTFkQWkaM
MDdqxHiR5b6OAldKzPmwnk6bBSdlmmgQ2j5imZAORYoRIhqhaMQ8nToJTVSg0HAWJHpR5kaaM3+u
zKrTpEkxaI0aRPlTJcGhBDNWnStQbcSMSzNdTKq0b9KpmeZaFTyYqlSqB+GiBRq36VuHfpG+/CoT
rNTFA01qJeq26KTPaAI/zeRzoU5oSvPyFS1VcFWqVW12XIpyHxqRLFcm1Q1SddK/aKMSU8nRa9fj
XfcJFkPX9iQxeq0+zRg16nPY1pmv5swwqUDuvffB/yUoxuNKrQt3z+7s8XlVqQaZDs3UurWbuVUD
Iye+f/J500vZ9VBtyhGEXkOofTaRZgJdBZIyBEK2IHgIQSgddMwV5pp0rtEXmFBC4bTbUHjJJxlC
xIBlHFg0UTSebQQJONCBKqWWmUHlfaRTJrd1Vg80y201HGtzZVjde88xpCBoPEpE40CqpZjJJ5FN
VA+FOVGnoopdOSZQhA69yBOO3+0mkkYKoceZWuhxCNhwdXVUHXMJPSWUVIFheVODGb7WI5TsPfTb
b0j5pMxQYE4SlpffDUQTixdJ1qVZDc02H5xePZnQSmBCpgxzYhj12XehMfnUWnP6Wd5UBHW6p5dq
mf8kVJlKxcVdcZPmeJClBk0Ep0IuHffocENemhF/Hx0WVIQykgefXsRMBViGGG7YnHM3NDJncLq6
kZCVvaqmEDGoXVSuXX8ixJ1aPYoVJrkjDccRagZpqtB5r4HqYFwDmXrngsRcFxValw28Lbe6KilQ
Rz/pteeH3sUl7EtQ3gphS2+B2+pjxI2rV0aGrrQvYzjSR/DJBM9p3Q2XRewinn3+ySmWRqV2a0wc
pSfer5MIqKZBI4HZItBeJZQwbgXZ6yzLKUvFsm0Tvcbjn78KVHXVJNFHVWjQBUbrfJMySpxPze5T
nojR6lXajGJuzNOxWU62aUFHP9TWQ7qCR8wNN8T/wHK63LkM1EgTgY0RiMkpY9RIx969D7uAk7Zn
ljsjXWDcG7V90E83pJv0QWVTlDCBmfQdg98d5RuaSMMZhZNdod8LYZfiOezWSE9lWOHCAuWIaFZ2
uaz45hkFW2KKPdHN75iP15tSukAuGIMYpjN/VHBP1Yz1UcVhNKiCK4tB8cWHImXgUj8VeaEyPeY5
HMMwsncoVzLN1khVVWflkE71eC4eWqPiXaAEOMBNDWUFN+Cfok7ntxisJGXcEZj5BMLAGBjAghW0
4ApiAIAbAMCBGcuLlLYyK4UM6ja4iw0afgQ/jXSEGAxjGBo4CIAP1vAGcKJXQvRHEDTcYEb9smDf
//Rkm9MRMTFiYCDL2NJDv3EBdQcRH7e2Qh8MVvCDHOyb6Rjolg/dZCSLu5KJ5EMa4E0CKUysR2kY
Z7bi8Md3l/oODQFggBpycAUy21WMBvJDhMyQgXULYgz8p5BJNLBvF2zL6UzXFsbBq2NsVMYNkBSa
+UBLKAwUyngywSZgcYVQJJJPZkA2vLccDjH/s+ENfMIUNHTQUQQ0EHmASLcK4rBsf2RiQwx5gycm
8Wk3cmLffrUSwjGMQmhBilVm9B5o/BEA0AnK8g4ilAl+5yJiuA+5BmUiEdZlczSUF5SGkzeMBQoz
exwI9aZ3QV0J6I9H7FUD5znIViWRgQs6FGzEA/+oWB6FGCn7G0BvgEDrTM5/ukFUo+YFUA5aUXxQ
0mSxqsSU3tWwoouzGmdMEjpoHO1u98wEA0dyoHu66luLXCQXhtk4LfYtkF9CVJ5mqkkeQSswrXRo
y6wiFYCacj5flElOEFlBA2wQOtHiGPH2QscYcNNhJvEOeHKWE20lRCumA1Lf/qSVdcZzK/f8JSDJ
E4MnOpWQA9GhRhNSrD86VZ2X6RrYivY4nJCLGAxcAbeIKpXi7KY4ZHHj4w7FQaH9pnz8/NXrzAaf
hphuOAxcrEAIikOJZBAtDeQM3xo4nJM2aivq8pUSf9Q4FpKyHgSrSiN4Qq4r0eeC9czMPWGLhu3/
EY2CNbxbxPQ3Hp00diFqGSmELug/Rn6TIQP1Gw61eLqzpLR9irqRiPjDERKVCA0joV71rBayyyWE
abmr7R9XICPCxWCDACjcrMqrGzHUsHkHsWaNfGuRL+5jpBQ8nUFOZwAGMUQZKZVigHtnut/yc1dY
+g167gmAmjLPcxlVzcBMdsFJpgt3SlyW5OD2pX14kLw7PMqCfiTiZfKLrgSBbV1Myp4GOg4h0Jje
SKMi48pi1m/l4dS33lKbwDEQrZ217/zk+xgsoqw6q+UbAGwrnov1y6IA+EnZzMcRq6iRcWtjCBeH
ql+CMJDJCKnHIR0ovpT+cBIGWOfRoteWqLVN/1Gh+TFjN2eUpYyLn0lMM924lsQOjoxyyhFNTjKx
gigvzHV0VubaBPffLXNEzV1iYOwQYkuf8vJ0VZFxbCf3WYLId6Y1umcC1blQ8RDIMU+C0GtjQORT
XS8G72EahyOqmDp2Cldoso0YJhjVr+bExRoRqZ65HIOIxLiXwzSbRwNsOmBSM6ZEcZ9BZvhBk9SK
pE/+Zq5BW0RWR3BBMP7UyaLCmTzd0FAF7F1Uet2xA19VPJKenN9WMDwAd1lpBVnpIidym72dbp1O
LPY0A10mlNiWGFisJKNCle3bqlNeIT1wHkWiqYFBh4U09GzvzJbu0hSqMccRKTRFgkCBS3LkEf9h
Lqs93DuAj/m43ykhmAI3lAZO/IGA4iGnabI6q7XzSxFy19hcwh7uUG8FF1RoXDDbIzAr7lFwC6NI
nb3i0xFrkaLT9ER0pURNCzzmFHL1zpTu3uZuBkerutFBVsidH8dGYgwly1oIvt8avidP2FXUBdW+
R5hUTCvW/nd8BC9S6lGk2bCOH7x7eUgxpI6IqYETZ34JYiGVbCEyO9YML9gzxs2r3X7UXGZq2OAU
PoWG0+s0p2NkbbUunpBaRIrgI0I9ffdIV2Kt4FBQhpY4qt68RvwWeFxlFDohLc8I3PWPMtEIoVes
O6T/YBLdC4BC8xtDCVuPAIdnTZG7SqSDzIT/UdGqEIADU1f2fukgozpkxh5MfNll8MQJyB2eEhCM
8lobSqqCQKRjkI6e9RlgoikAZlQ1VEd0hFC2UR3YdSYLQzhb1zeuYm81BlOFNGAsByVLdFNEBjrN
QxTN1jRowTQv9VLUgxFk8yPbozhoUhuSlFeZhDT7x3fW8x1S8WMao1Q8kSGKgxKAF3N+c1KGNE8a
50d9s1K3N059UV8/cSWGBFt8s0FWNIX6lRVxBX/1I2450j5K4UN8oyhtMSveIkuPAxq58xlbSH5W
wzv8MxA8NRg5Yzp68oL4RBF41UDl4SEdaBoLsUUZxF8ZhEUqQnRi52nXhzAW9xwpIytEURsa/5I7
BZE9G7c503Qek7ZMYUWDZjNPX9UwONY1k2gRLxYUSsQyTDNuh5EfTEFGoGRJZBQZ85MXnzIJf4Mw
TVMd6lRCGTg5ZTEm5AJ6aaISu/d2dSeB+6MUunhYUWJJy2gzl+KKrugXnyARnNEXPJMZAhI0DfIh
DehdRmMd2HWK3DIwxAMnODGKu0NlQENi93IiC2GBduMTrKQTtQURarFrNiJf7QIh1mIgYyiMmthD
0RSKUcR7UUF0DiFZaRUvvkYym2Icd4M1G7UQosQx2KE73xJdXYQsa0cXxZcesVgl0PiMg0JERKeO
tEQRmpKNEGk3veJZ8wEVbtgyr7GNSUElT//1VFJiPmKUk2gEVPXgF9BYK+kEZipJOfmTGzMRlLPm
EVgiks+4k7JojdaVHrdSQGBEHHhCIAz3EDr3EVrxJAhpHv6xbYwBZn+BH9fSEI7XHZtTRp83Oczh
ZOiYTqxEMo4DN/gWMjXhkDWYlcoxGNpROB5oGkVoamGGbf4EI2xUKULml8DCjpDpPO8oHKJRTdwm
FKOoExjhOQcieoPlbg90G6EBP9wDLMclTgWEbyAhmZM5TUfSJ7shX2qBaOWWkpR4UkFTGz/YYUNC
Hj2iS2XBYTRimgP3mm+DnGajNRFCKDV4Eg1Hhj0kZf0EnR/ohg1XTJzGYY3pbsopnatHMizXFB9L
qIMCRCOcQYxp9U0uiCC9sob/s4XtCWPnyJ3pZk7fqZx5URQBmU7V+SWIJkCBhB6AeSB5hE5sMWnT
5BiSB5r5+Zqo4aBsCGPgSRRqQSA4NzfgqY1plTAXtpicpiZiMygExJrJ86AVUTVN6BCFaIFq0U31
5yz9gqHPuUMEKjY78wkmShIK+qCAmRKN6JOyGGbu5iC4E5A9OiYsiaJM6qPlQ6If0SOodZx6ZBpt
KDFNmqUO+SRqyBBAom6Wk6R2mW5fqaVmCpnwuEu6RonhCRF1eaYHERAAOw -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvKhfngrufr.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLIhGzKRMYjIp25gwE8mTDEeiRKhM5UqC
k9BMEoMGzcCYNhPWy8STGM+fQIP+NGjypVGFLve1TEqRGFOBTyPSxClGILSCHtH05Plxa8+MPI++
VFlv4EiXLQnWW5rWoUhiA8tC1amUoLKYM0FGhVlzkti4Aov+pXh2r0FlcgU63cuWZVurkNVG7guy
I8GrBKvO3Scm5MGyiVeaDD2YsFKfynyiqYfZbCa/Zg1/Xkp3X2WQM2G3hnlQM+7NBnfbHb6P9MLX
pU9CS+w0EzGfTuvug4Y2qfPhykQelBmyO+yHgjnS/0wu+fRh8hbLXs3esuZAp2udPo890DlcpSPx
ytTPMLxclTIZJJNNmmUkG2AEhYdeQ2gRZ1tZk4wkV01VUYdfYKk9hxoxaLCXV0RXITcQZvX0lRl3
mZ1XHHATGVfffWNBx5NlF0H4mku7ISZQgJtNglMmWj1mVm1D2sZSYDQlmVCBRfLlokLCWbXTdAhB
8x1S2ckoI0I0WXYgR1wVlBqLZ4W0n4XvSSfkPs1pKdJVocFlXFk8NcJjR50ZxKSAH7W4WWKjFQQn
jwc5ZyiME8W053Af+XieSnnFhFtO/ylmFly0RUclVIiyuaGhYg6EIpd57kNgcZj5SGiUFIlY0IQL
4v95XaOuClSWmYjVlNOKTdalTEdpKQgVYqS9RRRs7Mk3FUOYiXHDTKbaFpOKEiUFzXUjJkajUYYB
KYYbnu2jn6Q2QdOpoEiJ2+FCaT3WUlHm3iBeTSaxJ5Jz2SV0VZKLRpRYa0t1GtqVR7G2lrqv+aiq
ogY9yZ5DZUmojGYOF4ZfatjuuC3BBrWJL4fIBahkeogRs1xYl4m660LqWaTffquxetBjPomxQgwI
vjpitMN2hNlTaxbW0ZV9PvSRTKm1RIwYSnPWWb8ssqn0bsLyVlDVkTnE3YDLLrTcbp2tC1UMNwAQ
gwESnucf0PkVuZOcKlW22nRtrWzrQddqRW1O9yr/7dy6rL1HW5OCPWW3QBw3bGtHXOvqF1fhfWnr
1xd3BlIMmMfAZJQKGmby5mKQLYa5A0qdmI5rcuQor6SiG9jbGMtWdG+Js4lQaJTlxB3G557uUNKb
oYE5ADfE8FTLliIus0tPC7RC2WIAIMZiRRa92OCmrs6ms8NjTpNLQEonOG1J4puxkXcDlhOcm2EN
MMbdhS462aby615CSd0VugGdyn/D8x5RSVSKYpL7RCUpHTHAzQyQuRjwRCU+6RjvWhI425wtcwwE
AANX4JIOCRB7BgFXqa4CI6bcDyFYq1QmiucjkcSNbLUb2tMOtxOzbTA8mbgg5kZipfGgsHYH4ZBM
/zBXtguazXuTcAOoNiUT53yCGMjKYQzMdkTiXbBwjQBhQzryk+w8jSZ6OZSh7PMVheykQpK5gbOA
KKCweSRezyMbzgbyv8zl5DkmGRlzEiQZlVRlXcRgYAOJaEPvnUVcXQHZR7JEjP8J0nudmWIMIhQw
NEAROjISo5vu48YbFC90WCPIucQXmKqhgQshCaXXlII5Be4QcRhcVHM4Q6Fh6QsnEXTK/m7WkeId
cXjPagleuoIXIKlGkmTTyiSWMxKarOVoTVSmVpRJrqO9ZkYtjCT3wqawAT0rLKEc0Ez2My6yPWtc
4kwnOl/jk+K1UnMxeafm0gmkYmYTWCGx012GBv8zRwFJh/IaSOiKCEPXKGQSj8TYGCloIftohlIK
QRlBeinHT2KFezc4X9RIKdDQsUaV6WKTFb1npSm6EyfjXNRQTMWh7N1vgDFYIA5nsj/EgeRCCBGe
JEeJFtb8SkvZ8cqWDkJEMXBBjfIq1cTmhz4HKaSRDkQciA42EGSeDaENjEqSKPQR6EiLa6zrqKlW
kEG5NCJ8NwmXXarjlEkU8gZNtBVZ9HSxkrBJjP8cqOZeWZ9PxsAmIE0IUuUCxAmaK6wCkd8gdQi1
eekHRiXa1q+mQ4zMedJkEjWVYEq11goKJHNkJWsrAzicsnhwKWsJWGZh0pkbcMGcmkOUXqdnO6f/
IlYxmssEZgIbm7fEzlka1GHmmqlGqCVsZROryT63WqBMCBIAN5vkjmbHF7awRlOJLSTmQpvBYJrE
hRObKFR8apwAVfRZAxVMIyMpr1AiT0zFC6hUU4KUxRrgiAYIidI86awdeQSFthmTuLY6EwzKcYqd
YdtSPCKftFxvqfj9pSALFBom+WZIS4FNDkOXYDVKdyRo+F/xvtsQ4UxCjbAxrb7M8qTPvjOOZ3ve
CgRTIh+ZiWn3EmWCwovIZR4xuvhFcL2UQpqr0KhdAjzxL5dsgEUG72qB4gt+nIXUTNSjonRsLW15
KybNyTcwt1OMzCa6WMv+sktITq3T8vWu5/yq/yu72t/Z3HlBGc8RO7jTzHzachaeiOG+lvVLBG3V
XHFli2dje61rP8s9qChac5aSDWlOfAO4FIiNkmPTI5+7XYDCiGBsCRh1Qh2fTPzSeBNzpyDFJiXA
LEdFqVNGFf+oFa/yTVTihQl/4aqUbeaHv1FtKoZ1dhcWTqfQOlLTU1qDmfXIE2c6pfPwmMZGxE1i
aZtTyiS650LbFRgA1sXYiuNGH7O8k0lJvPbEFGSTabHOtWTjgh+5Z2U630AuqoxSa4GnlLfoTYBm
zFnoopvfRkAjdNptZYRSZlpH6W0fxQ3JR4rHQAPgjoD1ePDFQj1BTMnJlmxCZr+mKeCbzGyv/f9F
Etmc42UfCltnVwvdlapC2FA3GD5jRhzFMberpQLz3IiT+K7uWB8XRi9zIwdO6kK1lByq8YE1A/QU
G2SeceJxWhSjkrPo/Z5418TDMYBRp1TJPbAZaYUjGSVlY9cmWqLh1HceG9lOLWJ2F0iRZI6xGtN2
kyi9Gksht+HN4E62pFEw1KaSiRvmg+jEfvLeI2r5XvceGM6xLlUotkuHPFI8jpanIDjZr4F39Bqt
DDS6mmNeYusTJIOgPrd+2XpdONZi4EBjyZkLrtl2ZqSz1OxCbPlOZd25p3gjNXS7wtqQCeJlrjxN
dPs5ZHA4si1R6VB6SmOLEPc0nr9Otz4FCeT/O8uW30M2b2bLJs0uyT/teqUNWawFveJrpjlQYsXL
RAw7+AHMK6d3pitp4RlJ4Vma91+ldE3xZFnodjQXQwyfEBNNc00dYxd/FlMIpkNWpnXn51RUJSYY
QytqEx2V0niZ4S3xBXmZ4VeyZyuhpCC1p19H4l+WBDmJI1w4w4BXAmLf0RMBkyHi9ior1D0NBAC7
0ixaphh0ki+/kxR+sXSrxyUexllxM1DcszKqFB6s4kdRoTDaxmX1ID8MRChXUmM3UW2nkSy+RQxu
gEy/JBt/FWKAoiVPBX4GFBU9ZxCwoSvhNz+px0cHxRAH01yNUhM/E1LvkXl+6F9WQV3HMX1J/xOE
N8BAjWUXX3hwPmQS1CFGOxNU2DUsTCEGLbYy1QcSrqVGV4NYocFlBcI4HtGKU4EYaoQneDJDLpdr
tJQZe3IgamcXM4E28rEhnyBg+dNMTyMsZVRATiUkd0hX1GJLcpFx0zcRXNUqD8dRI1EvdnM4DRE5
ZiQbymAuJacnwlN9YNZn+KN6tmWGHTNmmZZ4mpFz5fERkzh76oKL0aiLh6U16PcZnmcSIdYZG6Jj
5/iET6KNERVm6UMcrAhmrpNTbkCAB3VTcaEVtZKQvJeICfkk7pY8oTIinbI6n/BFp4gUB9eRKeJ5
hfIQLjFOeLhiiVVPMJcQMiEcTAI5q3UYEP/kELsxLe34FGHBPBFnHkgBNYmRgwdpNORoNbeVG+zS
G4tSi/QlVxgJEdlhlClTEvYhWJZjkeLVGnKxGwapkz6xFU20GG6GQ4fBhVmDP1BBLwgyj4rjQoVz
GV+JKsUxV8CxkW4DYPdRkZuiGEkSUBV2kUSyURKxkxnSE2MpH08kUbWHKrDxHVHymJ8XGF2BLzrJ
jygpPlPyK6UTlpySWEniRybZK4ORKm7AiBKRE3dRJZR5lSXhE12lmq+yG1bSH5gJE9eUTkRxUXpI
GqTBFO34EKlCKBqRGl5pmng5EThSH8REYw1pnKcYFa0xO+lETYfzNGpUl58Bj35Sj1TZlPWI8B0u
8ZrNGBVTchyXGWXy15KZxkZXsU5FI5JiMZzeyJYx+BK7iJWGQjDu9kDJxnfmqTXkQopMkj9cuSDM
uZYMahFcxp9fESDJlh4WwR2lN0wKmqENYRzDiZCUxRXqqKHj0qEaSh4msxHxUXmEWaINSqIsihKe
VUIYMYAvWqM2ephjUZk3qhABAQA7 (Trojan.Downloader.Gen) -> Value: LvKhfngrufr.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGDNqLIhGzKRMYjIp25gwE8mTDEeiRKhM5UqC
k9BMEoMGzcCYNhPWy8STGM+fQIP+NGjypVGFLve1TEqRGFOBTyPSxClGILSCHtH05Plxa8+MPI++
VFlv4EiXLQnWW5rWoUhiA8tC1amUoLKYM0FGhVlzkti4Aov+pXh2r0FlcgU63cuWZVurkNVG7guy
I8GrBKvO3Scm5MGyiVeaDD2YsFKfynyiqYfZbCa/Zg1/Xkp3X2WQM2G3hnlQM+7NBnfbHb6P9MLX
pU9CS+w0EzGfTuvug4Y2qfPhykQelBmyO+yHgjnS/0wu+fRh8hbLXs3esuZAp2udPo890DlcpSPx
ytTPMLxclTIZJJNNmmUkG2AEhYdeQ2gRZ1tZk4wkV01VUYdfYKk9hxoxaLCXV0RXITcQZvX0lRl3
mZ1XHHATGVfffWNBx5NlF0H4mku7ISZQgJtNglMmWj1mVm1D2sZSYDQlmVCBRfLlokLCWbXTdAhB
8x1S2ckoI0I0WXYgR1wVlBqLZ4W0n4XvSSfkPs1pKdJVocFlXFk8NcJjR50ZxKSAH7W4WWKjFQQn
jwc5ZyiME8W053Af+XieSnnFhFtO/ylmFly0RUclVIiyuaGhYg6EIpd57kNgcZj5SGiUFIlY0IQL
4v95XaOuClSWmYjVlNOKTdalTEdpKQgVYqS9RRRs7Mk3FUOYiXHDTKbaFpOKEiUFzXUjJkajUYYB
KYYbnu2jn6Q2QdOpoEiJ2+FCaT3WUlHm3iBeTSaxJ5Jz2SV0VZKLRpRYa0t1GtqVR7G2lrqv+aiq
ogY9yZ5DZUmojGYOF4ZfatjuuC3BBrWJL4fIBahkeogRs1xYl4m660LqWaTffquxetBjPomxQgwI
vjpitMN2hNlTaxbW0ZV9PvSRTKm1RIwYSnPWWb8ssqn0bsLyVlDVkTnE3YDLLrTcbp2tC1UMNwAQ
gwESnucf0PkVuZOcKlW22nRtrWzrQddqRW1O9yr/7dy6rL1HW5OCPWW3QBw3bGtHXOvqF1fhfWnr
1xd3BlIMmMfAZJQKGmby5mKQLYa5A0qdmI5rcuQor6SiG9jbGMtWdG+Js4lQaJTlxB3G557uUNKb
oYE5ADfE8FTLliIus0tPC7RC2WIAIMZiRRa92OCmrs6ms8NjTpNLQEonOG1J4puxkXcDlhOcm2EN
MMbdhS462aby615CSd0VugGdyn/D8x5RSVSKYpL7RCUpHTHAzQyQuRjwRCU+6RjvWhI425wtcwwE
AANX4JIOCRB7BgFXqa4CI6bcDyFYq1QmiucjkcSNbLUb2tMOtxOzbTA8mbgg5kZipfGgsHYH4ZBM
/zBXtguazXuTcAOoNiUT53yCGMjKYQzMdkTiXbBwjQBhQzryk+w8jSZ6OZSh7PMVheykQpK5gbOA
KKCweSRezyMbzgbyv8zl5DkmGRlzEiQZlVRlXcRgYAOJaEPvnUVcXQHZR7JEjP8J0nudmWIMIhQw
NEAROjISo5vu48YbFC90WCPIucQXmKqhgQshCaXXlII5Be4QcRhcVHM4Q6Fh6QsnEXTK/m7WkeId
cXjPagleuoIXIKlGkmTTyiSWMxKarOVoTVSmVpRJrqO9ZkYtjCT3wqawAT0rLKEc0Ez2My6yPWtc
4kwnOl/jk+K1UnMxeafm0gmkYmYTWCGx012GBv8zRwFJh/IaSOiKCEPXKGQSj8TYGCloIftohlIK
QRlBeinHT2KFezc4X9RIKdDQsUaV6WKTFb1npSm6EyfjXNRQTMWh7N1vgDFYIA5nsj/EgeRCCBGe
JEeJFtb8SkvZ8cqWDkJEMXBBjfIq1cTmhz4HKaSRDkQciA42EGSeDaENjEqSKPQR6EiLa6zrqKlW
kEG5NCJ8NwmXXarjlEkU8gZNtBVZ9HSxkrBJjP8cqOZeWZ9PxsAmIE0IUuUCxAmaK6wCkd8gdQi1
eekHRiXa1q+mQ4zMedJkEjWVYEq11goKJHNkJWsrAzicsnhwKWsJWGZh0pkbcMGcmkOUXqdnO6f/
IlYxmssEZgIbm7fEzlka1GHmmqlGqCVsZROryT63WqBMCBIAN5vkjmbHF7awRlOJLSTmQpvBYJrE
hRObKFR8apwAVfRZAxVMIyMpr1AiT0zFC6hUU4KUxRrgiAYIidI86awdeQSFthmTuLY6EwzKcYqd
YdtSPCKftFxvqfj9pSALFBom+WZIS4FNDkOXYDVKdyRo+F/xvtsQ4UxCjbAxrb7M8qTPvjOOZ3ve
CgRTIh+ZiWn3EmWCwovIZR4xuvhFcL2UQpqr0KhdAjzxL5dsgEUG72qB4gt+nIXUTNSjonRsLW15
KybNyTcwt1OMzCa6WMv+sktITq3T8vWu5/yq/yu72t/Z3HlBGc8RO7jTzHzachaeiOG+lvVLBG3V
XHFli2dje61rP8s9qChac5aSDWlOfAO4FIiNkmPTI5+7XYDCiGBsCRh1Qh2fTPzSeBNzpyDFJiXA
LEdFqVNGFf+oFa/yTVTihQl/4aqUbeaHv1FtKoZ1dhcWTqfQOlLTU1qDmfXIE2c6pfPwmMZGxE1i
aZtTyiS650LbFRgA1sXYiuNGH7O8k0lJvPbEFGSTabHOtWTjgh+5Z2U630AuqoxSa4GnlLfoTYBm
zFnoopvfRkAjdNptZYRSZlpH6W0fxQ3JR4rHQAPgjoD1ePDFQj1BTMnJlmxCZr+mKeCbzGyv/f9F
Etmc42UfCltnVwvdlapC2FA3GD5jRhzFMberpQLz3IiT+K7uWB8XRi9zIwdO6kK1lByq8YE1A/QU
G2SeceJxWhSjkrPo/Z5418TDMYBRp1TJPbAZaYUjGSVlY9cmWqLh1HceG9lOLWJ2F0iRZI6xGtN2
kyi9Gksht+HN4E62pFEw1KaSiRvmg+jEfvLeI2r5XvceGM6xLlUotkuHPFI8jpanIDjZr4F39Bqt
DDS6mmNeYusTJIOgPrd+2XpdONZi4EBjyZkLrtl2ZqSz1OxCbPlOZd25p3gjNXS7wtqQCeJlrjxN
dPs5ZHA4si1R6VB6SmOLEPc0nr9Otz4FCeT/O8uW30M2b2bLJs0uyT/teqUNWawFveJrpjlQYsXL
RAw7+AHMK6d3pitp4RlJ4Vma91+ldE3xZFnodjQXQwyfEBNNc00dYxd/FlMIpkNWpnXn51RUJSYY
QytqEx2V0niZ4S3xBXmZ4VeyZyuhpCC1p19H4l+WBDmJI1w4w4BXAmLf0RMBkyHi9ior1D0NBAC7
0ixaphh0ki+/kxR+sXSrxyUexllxM1DcszKqFB6s4kdRoTDaxmX1ID8MRChXUmM3UW2nkSy+RQxu
gEy/JBt/FWKAoiVPBX4GFBU9ZxCwoSvhNz+px0cHxRAH01yNUhM/E1LvkXl+6F9WQV3HMX1J/xOE
N8BAjWUXX3hwPmQS1CFGOxNU2DUsTCEGLbYy1QcSrqVGV4NYocFlBcI4HtGKU4EYaoQneDJDLpdr
tJQZe3IgamcXM4E28rEhnyBg+dNMTyMsZVRATiUkd0hX1GJLcpFx0zcRXNUqD8dRI1EvdnM4DRE5
ZiQbymAuJacnwlN9YNZn+KN6tmWGHTNmmZZ4mpFz5fERkzh76oKL0aiLh6U16PcZnmcSIdYZG6Jj
5/iET6KNERVm6UMcrAhmrpNTbkCAB3VTcaEVtZKQvJeICfkk7pY8oTIinbI6n/BFp4gUB9eRKeJ5
hfIQLjFOeLhiiVVPMJcQMiEcTAI5q3UYEP/kELsxLe34FGHBPBFnHkgBNYmRgwdpNORoNbeVG+zS
G4tSi/QlVxgJEdlhlClTEvYhWJZjkeLVGnKxGwapkz6xFU20GG6GQ4fBhVmDP1BBLwgyj4rjQoVz
GV+JKsUxV8CxkW4DYPdRkZuiGEkSUBV2kUSyURKxkxnSE2MpH08kUbWHKrDxHVHymJ8XGF2BLzrJ
jygpPlPyK6UTlpySWEniRybZK4ORKm7AiBKRE3dRJZR5lSXhE12lmq+yG1bSH5gJE9eUTkRxUXpI
GqTBFO34EKlCKBqRGl5pmng5EThSH8REYw1pnKcYFa0xO+lETYfzNGpUl58Bj35Sj1TZlPWI8B0u
8ZrNGBVTchyXGWXy15KZxkZXsU5FI5JiMZzeyJYx+BK7iJWGQjDu9kDJxnfmqTXkQopMkj9cuSDM
uZYMahFcxp9fESDJlh4WwR2lN0wKmqENYRzDiZCUxRXqqKHj0qEaSh4msxHxUXmEWaINSqIsihKe
VUIYMYAvWqM2ephjUZk3qhABAQA7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvKhfngM1ycnd.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGPdlmpSpo0ePHD1mHDlSDMmLyjDW6zgp5EaW
IGNudBlyksN6AlNG1HlyIk+BaBxmIgbN4k+FR5W9XFqTJRpiBU0ytFlxKbGOFH9y7AlR6sCjBq92
/KkTLMGgBs2ORGsQ5z6caIumbfqS49aeLXNybQiNqsR6Yt06pApWDOGvFdkq9EjMLsyNe/eBRQP5
oNqROHX6fSh4oMfOCtGAHtg36GjLCW02ddyR8tuDUNGIkX0zIty8qCOTJugVcVWRC9meRjNJbsKV
dZe+XJgpqpjnymY/JO76ITSsBY3rLiiYrfaRyxMq/9ZLcBKaRjBZNzfoVe3zTM/j7yuq1CL1luYP
Ut488PT2+QP1JtBs0h0EzWiX7eOSQUzJhN0+xDk0XnTxyWYSfwMRtZ5A/hWkTD3QQJWSMnKZZyJu
DKmVYG4LKWMTgZMUeJxAcn1nEEdiOWYXUJI1lB93vFloIULjCUSMMkc2hgaSyiiV5IdNHtgkQ+Ht
Y1hL8KFFoodIIbTiQLI1Ql2RnHGY01WsJdQRVG8pttJhBZn3nIU3EGgZWc2NKNl1PV6XST0Rengk
k4Q2mUmTTNrV5KCIEjRTlsUBCaZd9xH3EnGUxiikYa3VxdFT5m1IkFJ3PZTgoSwxOMlV8RE4248D
0v9Xz5Q67adjqFiaiF5IEFr66aVLUbYrrpdSatWiiEK5KLCYSiibeWRmpJyoBJ3WWVCOifGStjp6
RFld9xk7E6a1hsVcc2hEe9COBYk6lEQt+arYswR6Z+pBHR4kU1qjSqanni4dSVBRQ1U2qXCWwdnj
wAi9a1h/qlLrKINXQTxdjJpupC6L/FY0a07J/QkNlM9ZeSGsbK1po0YdPQwUhgPxd2iZBQdaHsxa
kQcmcPjKlq7PqbHLMkdzluoWiC2OOmuTs35MUAwxGEDgtGbhl8l4Yr12llgb/micTTxB5ZZc+UZH
4lXpKlgqQjhJDGFv777ts4C+pSUWca26KsYNxCD//eWMzu29gtRqBrxuXTEXLJDMvNp8WH0WS8rb
3qtqZKKB2WnkXJCaisGmZ7QdNQmSqK5J4aZ7P3eDbMblqy8AABjweVQGrGCWWR9t6FVyi99A7YYF
azrw2F76FuINdcZwA1VO0aj1jbxlCXRYXZfsb8Fcz07hbIfqdF18bitUZ4BR3wCWMlAL6DRDT8G0
sEnwiQE1ZRVrxKYy7WusOdIp9rc3FzeIgbbKczWTCMYtKZkbcWyEpCINJTrIE9gDw7cPYqxONAuL
mXwW9re9SSaAK6AbGmAnqtZlrkMh4ZqCAngDX+xHcRtCy6dw5jwisTB5Dbua3F4VFGLQRj+pmyCT
/wbEvYrBbFRzyqDlMrG6JErkOfUwAABioCXJrCCAMzmQEp/nPLOwBX6ZgJrvCHgVtGVocc+S2Gla
kj75jQ8x8aEUezBYLSPFSHXtatlzjOilEeHvPenJiZ3+EiAxGCAGAPDLJGrXHIHxqi2Rq2ECBxSU
MMbAJo35SAUDCMACWc9F3NoNh/QXP+WlTk5yEsNP9AeUqWmEdFPyWZ1WNRY21QktYwFThZ5DtNn4
B48YycQUDaATFtbwNRrjSIJGczkrBXB2RmLh/LimRwCFaiNsqo5klCfAAFqPRnurE1HK8xQk1UmV
65plneSiuzmZhHTwScljJDPIOsZvM38jEtRsR/+MwU3CLTZZ2dVYuZBBCjAG2qnH3rjJvDJ+BHxq
eyExeJi8OjUCi1+THwCNxKQj5WpvsxMLSGVTp6FAx5kiS4l60rLBJB2KGG54T0ZwcgMAsHCKKZGV
j+ATPqkEBX0C/AoauBnUdn3Ifh55D6WKmImLdtOCe8PJx5SHPGX26SyTuOWasuSqt4nhOyWtCcWQ
iAbzJWVO+XTIPg8pIApuUSPcQgtbLKU8XB50lgmBJsvAl6vm1OmWzozBA/HXRl1K5aueKyA6K6iT
vY2IlwK52h1Nwz8zcTRJ56TeSU8C1ENC061T4dSArKQ8VnGTb/w5ysyEppF0OeV/N+BCR7qZIeT/
yU9vuMwaXN8DuX3UiUlBpMpEzScoQx2JnYqNrGTgU9KMfEd+U8Sa60KTOI5ArZvXbU6kFrO2o8wJ
qt6kUEmH8tfnQAN+SNrKhhJ4y7vcMT8Q7N58fltBVI0IJzaKT1+4Ohu9VqQsvoXaFPnzCS5x6SgT
UuVpBfgnBfXLstoU2CufdKTUCVCVSgkgeph70KFIGHofumNcD/VGIkpFKbxVyPqiYyF3+u4y0wWS
W4QptagBwF1c1JlBfhiVMCZPgJZKmZNyV0ZYiiinI7IgAKmIJpnu46CAzIRcVDsi5mJYQarjiTLO
6aLh1i9pVirrbJ61opXx5clQU4qAwxYRuq3p/zlQi5E312SXrRSFGE/KKchEFBXkBTU+AeylbUsk
suT4JU9O3u1YcCJnsFnvwwlJyZziVl81UoQ+GllBUcUwxRjwRMoZ8vBWy6hKh355qAH8oPK890ok
6bZLYYstfTsi675YuMEE3Oqh3utb6HjUZ1iaj0yZSxA869g5N2jYdgFknchxWrCku8HgtPVAh1K3
eFCNgUCc6jk84w5XDbufhbVly9u6kcF1q6CGkPMRTSV7t2j04ZAsGNBRQfPTG0RIYKzj0CGH0aas
EfCh2UelaTaJm2m11czOmFU3juqgZU2ePGd1v3HiOUSubk78qJ26H2LKsVumG32+bCSvsjrcaf/N
MaeJW+yoXbFBa+ORZV460dJqThlcUF6kuQvfMLrRXcqLUTfj471VubrKN1Nskyad1I3sUmEFqd96
nJhjBoFWlE/TtL6Ut4JGTmk+NanzS4jxCWMTJIDa/iIWM0iWjiUuOqYsSJ2WLPFWek4nrSmoOF+1
uIJdjaSuCjJdMumRJr5wpgcxpGAtG6DYQdu/ENLXYyhDVf6IMcZvZXYDd9Qq25pSnlEy76gUx6D3
jPcxepw0q84zJM9IBir6dftIOt2vr0l9x3SrukbSt0Sipe9bVME8w4z0Kg7f9gZL+5ykT+worBhH
NvFrDnKQeMrcYYV7XKWnLxsi/B3P706qjUr/m23OngCmbDW82znZj0RiKC8v88vPvd93C1KNtK1x
Jz2PWPa/1VZaCD6QxGyRJBSQxiGXoTsSMVzflCGF1RCGZmhsYU6pMz51hhAjk1WM5xnxQ1/853e5
AyHMwxJYslVEt3SpI3LHlHJf0SgKwSYoCCB61ljxIx5YRBUrkyxG1lhLEhNZdVee4zz78WAmCD84
Ejz/51bz9zKVljj78QmM0RFukTcLmHktsj5UYi9aMxoQZSXHNGVihD8ZWF+AgST0MSUGhCQ3EnSR
ZReEFxIuUjAgMoPZIQZu4EO6dVSj8WU/wjOLkyuR9YGFNIUNoSdfoSmdQx0msTGBKBV+8W4N/wM1
jeBgy8V+CmESIzMlgwIVxTFRNeFv9oR6euSI7fIWpLdFn4ZGGtgwvhIiLJOEYQh+Kmgl5iEmMJIu
7jQmaQMmWZiBA+VDV8cyaBI8l9gjtAJmAVhMnNIt2MEYVdMuXlEqK9MSTbIZr4YvUtJ9Z6FckyMj
EzNmhvgzooEs1FKEuhY8FDQ2fuMvpnhst4MT+bY4vZcqBnYjz/ggEGMcR/ItaIFfxyYlZqYQYnJG
JpN7MbNjr/ckH9GBkYcQ3KhjX6cvOJgTVig5ByIXmyWJAdISdrJwCAErCoJrKtZ36mItDTEe76gv
KVRt7GePBcUeBMlBdRQWZOFHS5Mi+GOLY/+GNzYjkLKnIIrBklg3iHvCRf8oc62yD07oge0mIk8y
EKIIEfW2gAc0PD2SjuZybG9hhuBoGK9yhkS0kAzSZpuRS7UhEVUGitQEed7mJMMHlvcSeS8pOaaI
XzPmUYahk2PCITV5PlHIYzRyb12CiqEGkg4hJco2aq0UIwoxMpnYhSrBG0ckgOs4INCiKeliHrHo
Rw85MgHiiHkyEUVhHp1RGWqRUMVjEJlFJk7ClpCkRdxRlBYYZmAngN/hXXe5k/xyFWY2XYjSNJwp
YmzDQKkxHg+CjaBxlKN1WZTWk/MBIpnxig0hIHSDQCPxdcV4TAOoFx/DmeeFfMd2NAyjhW7cYjA/
gXkN6S9MAps+QYxUqBB+EWNfchRm92ATGYCSkRk8IXr+VRSnAWBY1i6KuHOM1VEJoZ4W8TH59FVU
GZhuF35nMSeiYZjnFXgKRCDbWSGNcjadI4UVykO4haGDuCi6aKAXIYX1YqJ6c4t3FH8c2iotdosT
NTfuhGLnCSRfMjpI45xpUZHtWRABGhET8h9r8R84yIIXYRo8cY1mASIf4ponkV/ZKaQlihEqWKRW
Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7== (Trojan.Downloader.Gen) -> Value: LvKhfngM1ycnd.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEixosWLGPdlmpSpo0ePHD1mHDlSDMmLyjDW6zgp5EaW
IGNudBlyksN6AlNG1HlyIk+BaBxmIgbN4k+FR5W9XFqTJRpiBU0ytFlxKbGOFH9y7AlR6sCjBq92
/KkTLMGgBs2ORGsQ5z6caIumbfqS49aeLXNybQiNqsR6Yt06pApWDOGvFdkq9EjMLsyNe/eBRQP5
oNqROHX6fSh4oMfOCtGAHtg36GjLCW02ddyR8tuDUNGIkX0zIty8qCOTJugVcVWRC9meRjNJbsKV
dZe+XJgpqpjnymY/JO76ITSsBY3rLiiYrfaRyxMq/9ZLcBKaRjBZNzfoVe3zTM/j7yuq1CL1luYP
Ut488PT2+QP1JtBs0h0EzWiX7eOSQUzJhN0+xDk0XnTxyWYSfwMRtZ5A/hWkTD3QQJWSMnKZZyJu
DKmVYG4LKWMTgZMUeJxAcn1nEEdiOWYXUJI1lB93vFloIULjCUSMMkc2hgaSyiiV5IdNHtgkQ+Ht
Y1hL8KFFoodIIbTiQLI1Ql2RnHGY01WsJdQRVG8pttJhBZn3nIU3EGgZWc2NKNl1PV6XST0Rengk
k4Q2mUmTTNrV5KCIEjRTlsUBCaZd9xH3EnGUxiikYa3VxdFT5m1IkFJ3PZTgoSwxOMlV8RE4248D
0v9Xz5Q67adjqFiaiF5IEFr66aVLUbYrrpdSatWiiEK5KLCYSiibeWRmpJyoBJ3WWVCOifGStjp6
RFld9xk7E6a1hsVcc2hEe9COBYk6lEQt+arYswR6Z+pBHR4kU1qjSqanni4dSVBRQ1U2qXCWwdnj
wAi9a1h/qlLrKINXQTxdjJpupC6L/FY0a07J/QkNlM9ZeSGsbK1po0YdPQwUhgPxd2iZBQdaHsxa
kQcmcPjKlq7PqbHLMkdzluoWiC2OOmuTs35MUAwxGEDgtGbhl8l4Yr12llgb/micTTxB5ZZc+UZH
4lXpKlgqQjhJDGFv777ts4C+pSUWca26KsYNxCD//eWMzu29gtRqBrxuXTEXLJDMvNp8WH0WS8rb
3qtqZKKB2WnkXJCaisGmZ7QdNQmSqK5J4aZ7P3eDbMblqy8AABjweVQGrGCWWR9t6FVyi99A7YYF
azrw2F76FuINdcZwA1VO0aj1jbxlCXRYXZfsb8Fcz07hbIfqdF18bitUZ4BR3wCWMlAL6DRDT8G0
sEnwiQE1ZRVrxKYy7WusOdIp9rc3FzeIgbbKczWTCMYtKZkbcWyEpCINJTrIE9gDw7cPYqxONAuL
mXwW9re9SSaAK6AbGmAnqtZlrkMh4ZqCAngDX+xHcRtCy6dw5jwisTB5Dbua3F4VFGLQRj+pmyCT
/wbEvYrBbFRzyqDlMrG6JErkOfUwAABioCXJrCCAMzmQEp/nPLOwBX6ZgJrvCHgVtGVocc+S2Gla
kj75jQ8x8aEUezBYLSPFSHXtatlzjOilEeHvPenJiZ3+EiAxGCAGAPDLJGrXHIHxqi2Rq2ECBxSU
MMbAJo35SAUDCMACWc9F3NoNh/QXP+WlTk5yEsNP9AeUqWmEdFPyWZ1WNRY21QktYwFThZ5DtNn4
B48YycQUDaATFtbwNRrjSIJGczkrBXB2RmLh/LimRwCFaiNsqo5klCfAAFqPRnurE1HK8xQk1UmV
65plneSiuzmZhHTwScljJDPIOsZvM38jEtRsR/+MwU3CLTZZ2dVYuZBBCjAG2qnH3rjJvDJ+BHxq
eyExeJi8OjUCi1+THwCNxKQj5WpvsxMLSGVTp6FAx5kiS4l60rLBJB2KGG54T0ZwcgMAsHCKKZGV
j+ATPqkEBX0C/AoauBnUdn3Ifh55D6WKmImLdtOCe8PJx5SHPGX26SyTuOWasuSqt4nhOyWtCcWQ
iAbzJWVO+XTIPg8pIApuUSPcQgtbLKU8XB50lgmBJsvAl6vm1OmWzozBA/HXRl1K5aueKyA6K6iT
vY2IlwK52h1Nwz8zcTRJ56TeSU8C1ENC061T4dSArKQ8VnGTb/w5ysyEppF0OeV/N+BCR7qZIeT/
yU9vuMwaXN8DuX3UiUlBpMpEzScoQx2JnYqNrGTgU9KMfEd+U8Sa60KTOI5ArZvXbU6kFrO2o8wJ
qt6kUEmH8tfnQAN+SNrKhhJ4y7vcMT8Q7N58fltBVI0IJzaKT1+4Ohu9VqQsvoXaFPnzCS5x6SgT
UuVpBfgnBfXLstoU2CufdKTUCVCVSgkgeph70KFIGHofumNcD/VGIkpFKbxVyPqiYyF3+u4y0wWS
W4QptagBwF1c1JlBfhiVMCZPgJZKmZNyV0ZYiiinI7IgAKmIJpnu46CAzIRcVDsi5mJYQarjiTLO
6aLh1i9pVirrbJ61opXx5clQU4qAwxYRuq3p/zlQi5E312SXrRSFGE/KKchEFBXkBTU+AeylbUsk
suT4JU9O3u1YcCJnsFnvwwlJyZziVl81UoQ+GllBUcUwxRjwRMoZ8vBWy6hKh355qAH8oPK890ok
6bZLYYstfTsi675YuMEE3Oqh3utb6HjUZ1iaj0yZSxA869g5N2jYdgFknchxWrCku8HgtPVAh1K3
eFCNgUCc6jk84w5XDbufhbVly9u6kcF1q6CGkPMRTSV7t2j04ZAsGNBRQfPTG0RIYKzj0CGH0aas
EfCh2UelaTaJm2m11czOmFU3juqgZU2ePGd1v3HiOUSubk78qJ26H2LKsVumG32+bCSvsjrcaf/N
MaeJW+yoXbFBa+ORZV460dJqThlcUF6kuQvfMLrRXcqLUTfj471VubrKN1Nskyad1I3sUmEFqd96
nJhjBoFWlE/TtL6Ut4JGTmk+NanzS4jxCWMTJIDa/iIWM0iWjiUuOqYsSJ2WLPFWek4nrSmoOF+1
uIJdjaSuCjJdMumRJr5wpgcxpGAtG6DYQdu/ENLXYyhDVf6IMcZvZXYDd9Qq25pSnlEy76gUx6D3
jPcxepw0q84zJM9IBir6dftIOt2vr0l9x3SrukbSt0Sipe9bVME8w4z0Kg7f9gZL+5ykT+worBhH
NvFrDnKQeMrcYYV7XKWnLxsi/B3P706qjUr/m23OngCmbDW82znZj0RiKC8v88vPvd93C1KNtK1x
Jz2PWPa/1VZaCD6QxGyRJBSQxiGXoTsSMVzflCGF1RCGZmhsYU6pMz51hhAjk1WM5xnxQ1/853e5
AyHMwxJYslVEt3SpI3LHlHJf0SgKwSYoCCB61ljxIx5YRBUrkyxG1lhLEhNZdVee4zz78WAmCD84
Ejz/51bz9zKVljj78QmM0RFukTcLmHktsj5UYi9aMxoQZSXHNGVihD8ZWF+AgST0MSUGhCQ3EnSR
ZReEFxIuUjAgMoPZIQZu4EO6dVSj8WU/wjOLkyuR9YGFNIUNoSdfoSmdQx0msTGBKBV+8W4N/wM1
jeBgy8V+CmESIzMlgwIVxTFRNeFv9oR6euSI7fIWpLdFn4ZGGtgwvhIiLJOEYQh+Kmgl5iEmMJIu
7jQmaQMmWZiBA+VDV8cyaBI8l9gjtAJmAVhMnNIt2MEYVdMuXlEqK9MSTbIZr4YvUtJ9Z6FckyMj
EzNmhvgzooEs1FKEuhY8FDQ2fuMvpnhst4MT+bY4vZcqBnYjz/ggEGMcR/ItaIFfxyYlZqYQYnJG
JpN7MbNjr/ckH9GBkYcQ3KhjX6cvOJgTVig5ByIXmyWJAdISdrJwCAErCoJrKtZ36mItDTEe76gv
KVRt7GePBcUeBMlBdRQWZOFHS5Mi+GOLY/+GNzYjkLKnIIrBklg3iHvCRf8oc62yD07oge0mIk8y
EKIIEfW2gAc0PD2SjuZybG9hhuBoGK9yhkS0kAzSZpuRS7UhEVUGitQEed7mJMMHlvcSeS8pOaaI
XzPmUYahk2PCITV5PlHIYzRyb12CiqEGkg4hJco2aq0UIwoxMpnYhSrBG0ckgOs4INCiKeliHrHo
Rw85MgHiiHkyEUVhHp1RGWqRUMVjEJlFJk7ClpCkRdxRlBYYZmAngN/hXXe5k/xyFWY2XYjSNJwp
YmzDQKkxHg+CjaBxlKN1WZTWk/MBIpnxig0hIHSDQCPxdcV4TAOoFx/DmeeFfMd2NAyjhW7cYjA/
gXkN6S9MAps+QYxUqBB+EWNfchRm92ATGYCSkRk8IXr+VRSnAWBY1i6KuHOM1VEJoZ4W8TH59FVU
GZhuF35nMSeiYZjnFXgKRCDbWSGNcjadI4UVykO4haGDuCi6aKAXIYX1YqJ6c4t3FH8c2iotdosT
NTfuhGLnCSRfMjpI45xpUZHtWRABGhET8h9r8R84yIIXYRo8cY1mASIf4ponkV/ZKaQlihEqWKRW
Ol2igiBl85CIFyBSyhU88aNfShpWioODkjSxeBFOSqJjyqAy16bgUShGGhkBAQA7== -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvKhfngtapoline.info&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnPgwU6ZJky5ezEix40Rl+0B6DDmypMmTDZVpzMhypctJ
KCFCq7dQ5EGbMSHizMnTYyY0GFsKXcnR5MyByupBK4hTzFKBTnsqI6Zsp0KcVntqLbnxpUagXbMK
rEqQpkExYgaivflxqluCIm1eRCh2a02Sde/qjAiNGFCWQ1miyaQM5sAbatMONOuwqluqdXFazISU
pMCMlO1KzLzvKULPBkFr/szUopiLaDVaxDx4ks24kMlCnMy57Go0+4iltLuTMzFimYCrBP4bskLR
o5kyNisGN0LGhGMD9zrJDeGbxBNiJqg7eUTDDqkS/w8enDhV8sM/Cc870HlohiAR15TO3qDX1UQB
z+WuDDlb7/uAt5BFAhFI0VTokSfceJOYN9xBjO2TyQ31iIFYXI+xl9VyA9EmYIEaBdhVg24IpV9C
9VlGEWf1EQjNdo1NNFhnHQqH3nBoNedYVX0R88lBSyXVH00gObaPUkVKCJyEH66mUG0Q/iQUWAtF
OFZEmViJYoHdMTkjUw55ZpVKMIkUJE0zOYaGGEmNVU+SElpk3m/q/TaceMO5ZSBGHbYGZkFQjvYh
Q4M6ZBGcGSkF15FpFukokQESdJRZ4E3VF4JrQQjSURNNV2RwKhV2UXGhoneej12SBleKA4kW1ZUL
Qf+TWZFK1TrTrW+GZNaSrYqomIoMvWhQVbpxatmaxx050WQEzYUfqwKhGh2opqL6IHEgoQlfpCrm
FWhEaFJlEEsMpeqaW7I1qxhGYmn52nsgQukSd3rxKtFrVZU33niMuTcuQoU+BBp5B3U1bHO5ORYw
oGiBtpS2ylrWZq/RMlsQZoNuSleHFD0F7cVl7dPcwt8qpKV94h6E0XUSZtoeQ6kt3OywndHELJ8D
tZRQqkiptNLHi1WW0EUqFfTrZf4iVBtWulYGTSNBAxunxBcfiuzMYzW3Zlo55pwZzxwPO13El8Eo
0MlLhzTJDWLEEEPbN8SAhqJSCyTaw93itx8xoP3/ClTS2kEYLQAGnIbG2ICrHChok+h4tkCJb42G
G1qn9VNuBoFNsMSqGbaRv+/CBffbN7BNOs1XXSYqR2Z5PC4asENUT8lL3QBADLd3edFgP3mo93QW
mfVazNZddtYkkWM0mDJawxpnoJiBtPg+f4PHszKlo8V2g8EBVaWyg83OUbsFEgS7Yew6r3TUZcVg
wAoAAJCJaFATlDFImE2WqDJrjqqaams5WshyJhLD5eiAyAvK1CzjnwLlDy1retvbQJKqvlDPZSHp
XSZK9B8gdQcoaTGM7eJ2OPU9jlvvEQMAVmAAtyEkaQJqDpuiVZTDvMp+mUhNc1RDDIzpzyIgZNsO
/9WEBraxDYQhicuVmAPCyuHnBly4gVs8I4bGiYQo3wpdXfzyK5gQwwBccJvbSjYz5FSFhbcDAG7e
9KY0UY+NIJmb9Kp4A90osUjNIYaiiLSWHBLmTP3By2Mm00MLdQ44yMvR4eSUETHQ5G8IG+BAJFjC
AMkQPzXcVs+ch7z9UE9CYhzdyRgnqWalEXcKEaCEBkIMCNonSw0jyNEUY7BhEexcW8uIHUWUSK01
7nyTmR1thqm/Ir4Nds2xWWaWAjbBoQ5yMtxJBGNwAzQow23yGVDUzGI73AGATXx74b8KtDWykXOG
UFnlDZvFJ/JA6XBrS42XkBnP0wwLToCaRCOa+P+20wDPh//zoYCyMrfqBQg3OJkENccISrltaZUF
m8QKWxiD7tTDOCdcpP2QIsODyDM1lAnhEp/SPU/iJzdFvOSgiJG9xyyqILOrRzWRt4/s3SCRGVkT
TAAD0WZthH85rWL18qdLU2KzgAw9joD6RjjcZdMz4jFfbgz0K+ZFUpY5MlDOhGYVjVRxhyFlG2X+
YjeoyJNm9Vhj5eASxRgkZDBCBUvAqkjTg5LkqmozTdy2J0K3NRNQJ2Tl+7zpmuBQLINkcQ9hTOrK
x8GOTAQSiXMWa8lP5dCBcrrgVXHjPWjaE3L4GdmvUjW7uKHTUNWLa3vqKjKr2LFtbjvaF6nJkNn/
pUU0mSDcCrM51b9WRZW8C0ljLbQ2w1hpOlw7TYjMyUrU3LRL6MMNS7c3F52CbkzXnOCfIGW+BFJv
Lgn8S0edZ8e4ua+CxMBm6tQZ2BW6T34FE85BrDkVVj4vNfLJI+xgBzxu+QxQWn2QWRETzsatZGsy
jN2WjkIZq7qVIQbFXBxp2pqrkiiR1jQvNaFDGYnelCGccU3O3rtC9ggnQopxjLCQBkEEK6k2+XsT
uvCkG9ZOxkLKLQxUOKtIu8IKJ7u0CTWlCKYk0epWhfGeTW4qV/UVZgXm7aRWzVsf8PgLdyx8W0UQ
pDqqCBXDjTtNYZSLJ5YsBWp18aS9yjkWKa0J/zhH7E4iOxjktp0mV0n5m3aki1WDLM+4ew0leL4q
xobUZrK4M8DtlgmX2GQILFTZb2KIyKYcLtJi9svKVzSSqhxKEZnd0R/b/LKdo2SrUUaGCjVFu5Bf
hg2DNEOeGMVogL2CJxOrNln5ZCmyFmbZISNLGjhF5pydjjmu7txlhySbU09Gi4o4TlVVaqW9mjFX
awiaDnG2RtvnEHsSyLmsrlUya37OWgzASeqArCRRNK6gwYGFCDJxmLNqVrEgv+nwT8TnbHxvMkdp
MgskZ5pTsgr1c8gDoR9xLUQ50cZwOVUeRsS6u79UT8EqXPWKLxJoivoVPqEeSAsV7b7u7vdv+/9N
YHgTOLIE9k4wksvNeXgHvHQZWSkXKVFrkDfqQFn1apTCtGkkfjG4MUaBkBuPw/s7NGzGAH1ngW2t
H7ylWd3Om/CLwQoSB5FM4eak7sGYouCULWXmbE0aNZdzDx49NMhtJ0+ROGvbEzuQDNmtyPKMgb2t
dMI8UIzFbiC5XUgogbgtfu7zJoU6gtcAJYkxqc6cqITby4otxJAQnQpahuJVPVOprPYDiwTlhucJ
UZML8ApbD80FlOHIKbjmcxvXAXvNNJ7SAH+FWVTIIr2V6f0ha9Jxh7RKF7S8rZenYSbkOkvMocy3
cUa0cyjfBqXWNbdk9f0kgJGr7ieprZvva2H/YRqYK6b0cWXOVuXCEuwe+hYNRLyKi6UHg0icPNY9
itmVZUwE0BxaaMg4Vk0b8zy7VhDKN3tnk3iGkk8i1mFCAya5AhYhBj1Cc2iNBSa65FLDp2x+dlCN
Y19qYXnmpDw7Ny4HtHmqwRT2UoBBQxaqBCiFBmIL0R2q5DON5H9Xkj9+pINB4SRo94KNlhkJdlGS
0SZP0XLzUzCyFEirxClN5kABAxR6h0k/BB6GUYQyAxVxk4XG432QIxjOdjXsFDEiAR1oxzvc8z8u
8U8O90NdsTthBjIvJReKoTvrdDleYxiuYjOeEm8tMRevkVYQdl6GNiA641H+EnekoTBKKEmH/7JV
GxNe2qZBVHhSukGDlDc3ZXEUg7ISkrIk/TY0M5MijRMDDQQyJxMtUtVn4wITrhKHOWNqkKgiV0gp
YBJhY0EszWUvm4cWyvAJwdZZ7CM0/pEv8bdjQLhRYyFisjMfh5WLrhKCBohCxDZvQFI/V0IWZhFg
rQITwZaF0KCLoLWCEpJkCPWDCKgsFDQt+pYl+KRn2oRQMVEsw9hTq6g41IN2wDdfC6REImNpenFP
58ElmaAeyNMlNfYnWIEgV1Qw3lN+l5EpEHMkwpd7LyWD8daQ/HgWaLBPFLFGzdJMO1Eop3gQPSQS
yjMrmJNO2GEpBLkwurESoiFpHUgjAqNNXv84gsgohh4hj/YoMsgDkd6WiiY0T7JxI1QUJHjCHcQn
boDFToOCRJADgkX5HaXkb6BHbJFERrWlNLVhJVlhJhIxMoaViyIhHg32FoBCjuqiKm1WQwInVELj
Ls6kNKKhRJTxSBcIE1yZEBMpF11iE6ARllOBlizCPnLZhUyBLvkihPEygAJXN0WWUxeDREDTas7E
Js1jH5XSEYZpUaf4MW+CllPRetGBIOgREhgVVXEyNt8xKCdzRRjBQWe3IeDCGUenj2RkGOloKJlB
N+uVEHe5WrO3IKGSbcSyI1DBK2KyGMihZFiSSWlVRUdRkqKIjOBGL1GTSVw4IOSjLHhTFw36lHB0
YRwIeJe/pSQWGVEXGW8i0yHZaRNzZhBE2SeNhzX3KI1+eVgz4WyFeZqQIR6fIGMB+hjicR4ulxSg
kiHJWRXWhCeOQWPZBxVksRrp0mq9KT30qTI8aRLvlEULQi10cirGISf/uZ7t+UJf0jMXqjLTSBfo
Ak47YiOkuR6xgTwZAqGiwqCEwaCQgXbnkReFSWPRsSDYQio2opjz0ZeaBDDu0aCz8ZFc4Rwz2ZO9
eZVPGRzWeYpiMjEewTT56EXi+BGMV5W78SH9CSDwQhnTo6b/EXfS1aJuypIegRwwUZ+6hhee2TGj
kRdPgad5WhKA2nV3kWpG2BABAQA7 (Trojan.Downloader.Gen) -> Value: LvKhfngtapoline.info&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnPgwU6ZJky5ezEix40Rl+0B6DDmypMmTDZVpzMhypctJ
KCFCq7dQ5EGbMSHizMnTYyY0GFsKXcnR5MyByupBK4hTzFKBTnsqI6Zsp0KcVntqLbnxpUagXbMK
rEqQpkExYgaivflxqluCIm1eRCh2a02Sde/qjAiNGFCWQ1miyaQM5sAbatMONOuwqluqdXFazISU
pMCMlO1KzLzvKULPBkFr/szUopiLaDVaxDx4ks24kMlCnMy57Go0+4iltLuTMzFimYCrBP4bskLR
o5kyNisGN0LGhGMD9zrJDeGbxBNiJqg7eUTDDqkS/w8enDhV8sM/Cc870HlohiAR15TO3qDX1UQB
z+WuDDlb7/uAt5BFAhFI0VTokSfceJOYN9xBjO2TyQ31iIFYXI+xl9VyA9EmYIEaBdhVg24IpV9C
9VlGEWf1EQjNdo1NNFhnHQqH3nBoNedYVX0R88lBSyXVH00gObaPUkVKCJyEH66mUG0Q/iQUWAtF
OFZEmViJYoHdMTkjUw55ZpVKMIkUJE0zOYaGGEmNVU+SElpk3m/q/TaceMO5ZSBGHbYGZkFQjvYh
Q4M6ZBGcGSkF15FpFukokQESdJRZ4E3VF4JrQQjSURNNV2RwKhV2UXGhoneej12SBleKA4kW1ZUL
Qf+TWZFK1TrTrW+GZNaSrYqomIoMvWhQVbpxatmaxx050WQEzYUfqwKhGh2opqL6IHEgoQlfpCrm
FWhEaFJlEEsMpeqaW7I1qxhGYmn52nsgQukSd3rxKtFrVZU33niMuTcuQoU+BBp5B3U1bHO5ORYw
oGiBtpS2ylrWZq/RMlsQZoNuSleHFD0F7cVl7dPcwt8qpKV94h6E0XUSZtoeQ6kt3OywndHELJ8D
tZRQqkiptNLHi1WW0EUqFfTrZf4iVBtWulYGTSNBAxunxBcfiuzMYzW3Zlo55pwZzxwPO13El8Eo
0MlLhzTJDWLEEEPbN8SAhqJSCyTaw93itx8xoP3/ClTS2kEYLQAGnIbG2ICrHChok+h4tkCJb42G
G1qn9VNuBoFNsMSqGbaRv+/CBffbN7BNOs1XXSYqR2Z5PC4asENUT8lL3QBADLd3edFgP3mo93QW
mfVazNZddtYkkWM0mDJawxpnoJiBtPg+f4PHszKlo8V2g8EBVaWyg83OUbsFEgS7Yew6r3TUZcVg
wAoAAJCJaFATlDFImE2WqDJrjqqaams5WshyJhLD5eiAyAvK1CzjnwLlDy1retvbQJKqvlDPZSHp
XSZK9B8gdQcoaTGM7eJ2OPU9jlvvEQMAVmAAtyEkaQJqDpuiVZTDvMp+mUhNc1RDDIzpzyIgZNsO
/9WEBraxDYQhicuVmAPCyuHnBly4gVs8I4bGiYQo3wpdXfzyK5gQwwBccJvbSjYz5FSFhbcDAG7e
9KY0UY+NIJmb9Kp4A90osUjNIYaiiLSWHBLmTP3By2Mm00MLdQ44yMvR4eSUETHQ5G8IG+BAJFjC
AMkQPzXcVs+ch7z9UE9CYhzdyRgnqWalEXcKEaCEBkIMCNonSw0jyNEUY7BhEexcW8uIHUWUSK01
7nyTmR1thqm/Ir4Nds2xWWaWAjbBoQ5yMtxJBGNwAzQow23yGVDUzGI73AGATXx74b8KtDWykXOG
UFnlDZvFJ/JA6XBrS42XkBnP0wwLToCaRCOa+P+20wDPh//zoYCyMrfqBQg3OJkENccISrltaZUF
m8QKWxiD7tTDOCdcpP2QIsODyDM1lAnhEp/SPU/iJzdFvOSgiJG9xyyqILOrRzWRt4/s3SCRGVkT
TAAD0WZthH85rWL18qdLU2KzgAw9joD6RjjcZdMz4jFfbgz0K+ZFUpY5MlDOhGYVjVRxhyFlG2X+
YjeoyJNm9Vhj5eASxRgkZDBCBUvAqkjTg5LkqmozTdy2J0K3NRNQJ2Tl+7zpmuBQLINkcQ9hTOrK
x8GOTAQSiXMWa8lP5dCBcrrgVXHjPWjaE3L4GdmvUjW7uKHTUNWLa3vqKjKr2LFtbjvaF6nJkNn/
pUU0mSDcCrM51b9WRZW8C0ljLbQ2w1hpOlw7TYjMyUrU3LRL6MMNS7c3F52CbkzXnOCfIGW+BFJv
Lgn8S0edZ8e4ua+CxMBm6tQZ2BW6T34FE85BrDkVVj4vNfLJI+xgBzxu+QxQWn2QWRETzsatZGsy
jN2WjkIZq7qVIQbFXBxp2pqrkiiR1jQvNaFDGYnelCGccU3O3rtC9ggnQopxjLCQBkEEK6k2+XsT
uvCkG9ZOxkLKLQxUOKtIu8IKJ7u0CTWlCKYk0epWhfGeTW4qV/UVZgXm7aRWzVsf8PgLdyx8W0UQ
pDqqCBXDjTtNYZSLJ5YsBWp18aS9yjkWKa0J/zhH7E4iOxjktp0mV0n5m3aki1WDLM+4ew0leL4q
xobUZrK4M8DtlgmX2GQILFTZb2KIyKYcLtJi9svKVzSSqhxKEZnd0R/b/LKdo2SrUUaGCjVFu5Bf
hg2DNEOeGMVogL2CJxOrNln5ZCmyFmbZISNLGjhF5pydjjmu7txlhySbU09Gi4o4TlVVaqW9mjFX
awiaDnG2RtvnEHsSyLmsrlUya37OWgzASeqArCRRNK6gwYGFCDJxmLNqVrEgv+nwT8TnbHxvMkdp
MgskZ5pTsgr1c8gDoR9xLUQ50cZwOVUeRsS6u79UT8EqXPWKLxJoivoVPqEeSAsV7b7u7vdv+/9N
YHgTOLIE9k4wksvNeXgHvHQZWSkXKVFrkDfqQFn1apTCtGkkfjG4MUaBkBuPw/s7NGzGAH1ngW2t
H7ylWd3Om/CLwQoSB5FM4eak7sGYouCULWXmbE0aNZdzDx49NMhtJ0+ROGvbEzuQDNmtyPKMgb2t
dMI8UIzFbiC5XUgogbgtfu7zJoU6gtcAJYkxqc6cqITby4otxJAQnQpahuJVPVOprPYDiwTlhucJ
UZML8ApbD80FlOHIKbjmcxvXAXvNNJ7SAH+FWVTIIr2V6f0ha9Jxh7RKF7S8rZenYSbkOkvMocy3
cUa0cyjfBqXWNbdk9f0kgJGr7ieprZvva2H/YRqYK6b0cWXOVuXCEuwe+hYNRLyKi6UHg0icPNY9
itmVZUwE0BxaaMg4Vk0b8zy7VhDKN3tnk3iGkk8i1mFCAya5AhYhBj1Cc2iNBSa65FLDp2x+dlCN
Y19qYXnmpDw7Ny4HtHmqwRT2UoBBQxaqBCiFBmIL0R2q5DON5H9Xkj9+pINB4SRo94KNlhkJdlGS
0SZP0XLzUzCyFEirxClN5kABAxR6h0k/BB6GUYQyAxVxk4XG432QIxjOdjXsFDEiAR1oxzvc8z8u
8U8O90NdsTthBjIvJReKoTvrdDleYxiuYjOeEm8tMRevkVYQdl6GNiA641H+EnekoTBKKEmH/7JV
GxNe2qZBVHhSukGDlDc3ZXEUg7ISkrIk/TY0M5MijRMDDQQyJxMtUtVn4wITrhKHOWNqkKgiV0gp
YBJhY0EszWUvm4cWyvAJwdZZ7CM0/pEv8bdjQLhRYyFisjMfh5WLrhKCBohCxDZvQFI/V0IWZhFg
rQITwZaF0KCLoLWCEpJkCPWDCKgsFDQt+pYl+KRn2oRQMVEsw9hTq6g41IN2wDdfC6REImNpenFP
58ElmaAeyNMlNfYnWIEgV1Qw3lN+l5EpEHMkwpd7LyWD8daQ/HgWaLBPFLFGzdJMO1Eop3gQPSQS
yjMrmJNO2GEpBLkwurESoiFpHUgjAqNNXv84gsgohh4hj/YoMsgDkd6WiiY0T7JxI1QUJHjCHcQn
boDFToOCRJADgkX5HaXkb6BHbJFERrWlNLVhJVlhJhIxMoaViyIhHg32FoBCjuqiKm1WQwInVELj
Ls6kNKKhRJTxSBcIE1yZEBMpF11iE6ARllOBlizCPnLZhUyBLvkihPEygAJXN0WWUxeDREDTas7E
Js1jH5XSEYZpUaf4MW+CllPRetGBIOgREhgVVXEyNt8xKCdzRRjBQWe3IeDCGUenj2RkGOloKJlB
N+uVEHe5WrO3IKGSbcSyI1DBK2KyGMihZFiSSWlVRUdRkqKIjOBGL1GTSVw4IOSjLHhTFw36lHB0
YRwIeJe/pSQWGVEXGW8i0yHZaRNzZhBE2SeNhzX3KI1+eVgz4WyFeZqQIR6fIGMB+hjicR4ulxSg
kiHJWRXWhCeOQWPZBxVksRrp0mq9KT30qTI8aRLvlEULQi10cirGISf/uZ7t+UJf0jMXqjLTSBfo
Ak47YiOkuR6xgTwZAqGiwqCEwaCQgXbnkReFSWPRsSDYQio2opjz0ZeaBDDu0aCz8ZFc4Rwz2ZO9
eZVPGRzWeYpiMjEewTT56EXi+BGMV5W78SH9CSDwQhnTo6b/EXfS1aJuypIegRwwUZ+6hhee2TGj
kRdPgad5WhKA2nV3kWpG2BABAQA7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LvKhfngtrfuck.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEhxYaaKB5Vh3Mixo8ePHIllEplpZMmLEVGCTKhy5UaN
LmMu1KixpMGTJkuSJIlTTESYFIntyzSppcyJQI+6TCpQZ1Fik4RCJMYTZ06rD5MqI8lUqUNlYrR6
9SpGDBqzZ8+WLau2rdm1b8VMKjs3Ll26J4tazXtVLrSBmbqORQhWoOCPaIj9HUzQZsN6ypRBi6xM
r1GChw+KFNl0ZNSRUPeeZEsarlq7dk+jVp3WbKOzNyYBzYwZIdFJg9EQPeg4IhrKlDUnrMdTIWVo
kJMrSz40J1eTm0/SVuizI9WrOwNvVlxw+eKOOIvW/+tsMOn4grgJEou8fn3X0Jf3aRQa+fu+T5w5
QqvqXKd/6ABGd52A2gGo0klfDSQUGpOkBxJRt10WWXqLnVedQu1tFRlE55k00GyNteefMiaR2N5m
WxGDn4pU4QcUTtlVVRxBFwqk1z7nOcRgJrp9NB2EDX5o1F813qSTfRqCFmOAI6Vo0iSxkejhUUU2
JCNO9diXEDST6NYgGgJJ9ZGYBuVoE5B6bcfifyg2GRmATC133HqByQcYhDHcQCZCWlJU3XSHiVGS
gwLlCNSOPWak6GPdhckkjNCph1NT+0Sn6HSAiaThcheBKZAYeW61UI4UQXMhpgVBGFZtBBXFIKEJ
Sf9GKkZ7MtTbPvsB1iCEC9U60GL5DXRjmJEZAGqYBSH3F1B9OlRlrPLVg2BCXVY7HEGGfohtQxUa
FpFPPCo44UDV6eVqeQppaZN9i3FxQwzAuUeqVOehWpBPi01XlBv17iPGX1/uVpFQs/76UL5bGlQd
SUU1lRSYRkF4ZrK8Mbjth8rEEEONW022KZ02+krdQFmy1LC39TAoKKzpzjQqQgXb+ZBuIzWWKUxg
PnsnhJ62anFD7/asrUHuKfOJqH1qWSSZAAu8j2xPT0KkwYziSHWYCBtHcUFSxVnoaNRKdZGYQl9c
qbC7BukQZBtf+N2ejqmkoXu13jD01zcyCGZXKZv/bVCz2C4G+NUEfUdqyUPvZCNDDY+tEdQW8eZq
DA6e1a18ef4m3NNMOW0faBr5lDEA9Jn7KstCfaczYYUXql7MfudIKkxJTUrjQ8OCVTZvxPRM09Pv
xhChSIgPxQXlMjdmk3nkJVTdDQAIf9LPAilb6GS3Y1qwnF7fzafr5XUpF/UF7X7Q56qK0TV64Yrs
rxg3FDmoTu+i9CJK6w130XhNTk0UANEzjIN+lxELeQtX0JJPJuC3sfhBzl7pIsa7GDjBVX3oVIUb
T7OkFRi27IYmagOMwjJxgxXUTyOQKd8ES8K/TMxKKs0qiTIACACJQQkAK0gKvhgCkwulsFcTzFMQ
/+NXs8G1qlr2mUSeQAWXPFEOJumZznk0OBA0qEUo87OJbOZTRbMoyIliGg8U8yQ2ICULhQfZVQxW
UMNw+QsABqAJzhqxrb8YSiN2e0gFBVWpBcYvfkCBneQY9EcuaK56CxSDsRbIOmfFTwxuyJ/PyjK2
sxyEgYfEViY2NiVEFuWTZwOY3tJzFgCKaYYAwE3BrNgrDCbvXky8wUV4ZaOgMSslG4uBl27TIC6B
KjYQ6RNY1uKp9Q2zS4M62b2WWB4SCs87P0yKuWg5lIahAYAXmgQAJUO78j1rMaujUVhu8MhbAQZ+
6REkYeCnp1fayI+GPAlJFiVGYblFUBcR1VDi5/87G33SUxl7F3cUBKoYHESMPCJUGaclBgDKUiAA
NCiOllWwPyksTjkqy6c4uRD4cUEyVnvIJg2JLIRo9Gm85JGH+iWQHe1DLcq4QWKaI5/W1O4muhGD
uyQ6FFyV5QZQXJmn6rkYL6WqJNADAGSUwUaA1gZToovLr+DXHDSQ04cF4Z+/gMmhrfIUJoLDEcSo
pbfbkEiZykjLUDQ6F9CspVEJCR7lElXQl14mX0XZEKUKVR0uAFBlANwfugo2HrNAiUGdw43AysLT
a92ApBDEXPwOqDCJIKpaDaLkWuVCEDfAryv2u9gfP9kgchr0h+xzIauW4y/AYHMfBogBDnfktIn/
+ktvaCHX0AaV1T82EntQopxhzXeT+BkTfFX6TmLj81K2FAV+LamLhJ760rlorJ0blQtRGARcQjFF
L3b7HRzhRUM45ohmeskMMDXUuKcKlFWfQsNr5jLZg+2jEe9KEnvetB4Xaeo6czPRVkCjMKuSki5e
cmCTkocS0joISp8ViBAb0yBkwoop9bRRQwHQUBPScJogNipBaFsWFPLopMALS8rOssC5OLW5jR3V
cuL31aaA0iLKtAx0pETJ9lhRUAN2Lo9E0iD3aMdFBSpoWDJWYhENZb+ny2fixAY9NtZwH7KNLYl4
Z5lP9uTHlmxpXHTJMlYxMyIT9Bi53kXEWpVk/3d96lJzKTmaVWXCs3bWFIlO5yW9GoaBinHXQ6sX
reTtpzK9zFBgjEaV8rZnwyvQjj4prLLWjK9ao5xfnmw4PwVVip+UPR+N3jXRpS7QiVe9yK4Uch4r
OsgsssyoYRMpSwgN+E0FWiuaNvmuScS2zL+aT1GhVhgF4SbLF0KDbGeLnNDhti18PpDExCTBj9rG
MjRGa0OYyMVPcYqx2vVe+eRcOLp417iJ/A3B5kdklUYHJUSh8WO5SrKBzLc6f7IgAgUFG2y+5VMG
wOFFTOViufAbR4GsN3skRsL6JkQkoFbnQZTdzh42hpN+rvewEUIMs9haO3Q27K9qRiw7gRhIqP/m
5KV1Y8W93XZ847NTCmGSicCOWIk01OitWEvA7tSqHvRFprREhzUmuq9MFwSkQXIaYfkER1iv2d56
4IdPb6rFboEhOdduJT7Pdqltuhylp1Rpxk8tpJQBP01aam5KYV2kRj8EFnN9Gj/+Be2DVO+ZESd+
5uriJqYby0haNLKfAkny5RHrUjmH0ru0dGmU32ZldS3m61UJqNk3cVVCwXzpyixbavmpSWC0VLYK
sYchEiRipUoMY46GFCLDFB4fhbVpzFhrqfoELfw6/qXhpuY1R//NoMhnR6rRPDsv/XG1VrbABar1
XQDI5MXk5K/Hlcc9hOPaH8OSOXB7ippr+zT/1ZXpUaDMfsQwf7zy2UKzPZ0mVZ96vIvP1lOGaPA1
Yu8Sc+L/b7TNBZu4sXfdQRPB4k4chwY7tRZXRVwSURkTxGY0ZlgeJ4Etx2qToRPmk27+8ngHx3Hv
VGAudhZSI0YElBZrZyLNIUMiVE1EoV3VwSV6UzZ14i1yFFKHURns1Gt7IoBU8xd6g1/v4i4JyIC2
ok9Al3FowU8yyFdqcUC4NVwH1HNP8xaJsRd9pCSh5S1U4SX8Rlq1dYXMRRMkaIBhsjF8E2owA1fn
ZBYQ9CKbsXRdwj2fYkE+cRrO9zQxGHPUBROt9hZSY3YyExVethcN80+TEEkLgUxPghsNE3Nj/7gt
rHUvMuU3LgM+r0Ru9dYQC1ZF6kc+QoIGKTNcmGYtKUgsMxcaBfdjc1cpDcOD82Eg4ZFF19Epu7Ij
IURZtAEWwsMRBNR8D5EjmkJfzrc76eFxLcZiBvcf0oE9zNFNaOFFtvJmCfQ9IfKGCkJkr5JFnMZy
mHh2s8eD1IFYCLF9VJcp27U6xKSKpFhZPAcZtRIXYaYr1yZYTjce9hg4GSZzCKE3dOIGmphGYgck
4XFjP2Ej4ihuEwc/sHFPDgRz2/U0PFRoMvcm7GdRJqMr9CiRCDQTkYhArtZ/tTMjaRSGX+Ml2agr
uwIhhzdxRPhwM2iQo2gxqlEacDEyyeeHdv/kZ0fXaZiRcVuzj6N4fQpBFCYSMaqVIP8EfoCzjtOo
IKPke74hiVRnGs94ExijZuBDSyfzdGszjN1oiZP2EDJSf1H4HkDpicgBjVmVRlQIcy3ZEMBGGv4I
iKfxSFS5N1LCQgahTGoYOuKjG7SxGC+JkJqYE0PTkWRYES1Hha3xlpYlZosZK4jpPDNpVXBRHUfZ
GJcGbGooH0fXmdH4X3KDhpbVCIZVF/FIEbcEgmqpNR0xGdiTd1MJF3nEIfokTByhVTvjdBVBlddi
fwzhFnYjNOrUFbSxPYhpRds1LOgnm5fJeu4IOM2CmBBkToYhcQXRNgwomHoGOv6hKU0yIunWhmKt
spGEyS0ctyE/KF/lwUGWNU7POZXgIxiZwVJuxzXYgy6wtxEw6IfBuZYUky1Il5BuwJQDuhicmZ4M
oZD8pIA/FU6vhx42aDWR9RGkkaAIQSgbBBEUiKHR2BBhyREPOqINGk5aUaEU4RYbQYSZAUWLWSco
qj+DCVbrAY4rYZnxaZeeJjMSpyX2SUytKaIgSi7O14375xIF+GSMkYbU+D4yVY6/aB8GF6TYCRGr
eF/KGaTEYqMYEUWfuaQVwYONCaEgATssZhFVihG4mYlgGkwDShABAQA7== (Trojan.Agent) -> Value: LvKhfngtrfuck.com&p=R0lGODlhyAA8APcAAAAAAAAAMwAAZgAAmQAAzAAA/wArAAArMwArZgArmQArzAAr/wBVAABVMwBV
ZgBVmQBVzABV/wCAAACAMwCAZgCAmQCAzACA/wCqAACqMwCqZgCqmQCqzACq/wDVAADVMwDVZgDV
mQDVzADV/wD/AAD/MwD/ZgD/mQD/zAD//zMAADMAMzMAZjMAmTMAzDMA/zMrADMrMzMrZjMrmTMr
zDMr/zNVADNVMzNVZjNVmTNVzDNV/zOAADOAMzOAZjOAmTOAzDOA/zOqADOqMzOqZjOqmTOqzDOq
/zPVADPVMzPVZjPVmTPVzDPV/zP/ADP/MzP/ZjP/mTP/zDP//2YAAGYAM2YAZmYAmWYAzGYA/2Yr
AGYrM2YrZmYrmWYrzGYr/2ZVAGZVM2ZVZmZVmWZVzGZV/2aAAGaAM2aAZmaAmWaAzGaA/2aqAGaq
M2aqZmaqmWaqzGaq/2bVAGbVM2bVZmbVmWbVzGbV/2b/AGb/M2b/Zmb/mWb/zGb//5kAAJkAM5kA
ZpkAmZkAzJkA/5krAJkrM5krZpkrmZkrzJkr/5lVAJlVM5lVZplVmZlVzJlV/5mAAJmAM5mAZpmA
mZmAzJmA/5mqAJmqM5mqZpmqmZmqzJmq/5nVAJnVM5nVZpnVmZnVzJnV/5n/AJn/M5n/Zpn/mZn/
zJn//8wAAMwAM8wAZswAmcwAzMwA/8wrAMwrM8wrZswrmcwrzMwr/8xVAMxVM8xVZsxVmcxVzMxV
/8yAAMyAM8yAZsyAmcyAzMyA/8yqAMyqM8yqZsyqmcyqzMyq/8zVAMzVM8zVZszVmczVzMzV/8z/
AMz/M8z/Zsz/mcz/zMz///8AAP8AM/8AZv8Amf8AzP8A//8rAP8rM/8rZv8rmf8rzP8r//9VAP9V
M/9VZv9Vmf9VzP9V//+AAP+AM/+AZv+Amf+AzP+A//+qAP+qM/+qZv+qmf+qzP+q///VAP/VM//V
Zv/Vmf/VzP/V////AP//M///Zv//mf//zP///wAAAAAAAAAAAAAAACH5BAEAAPwALAAAAADIADwA
AAj/APcJHEiwoMGDCBMqXMiwocOHECNKnEhxYaaKB5Vh3Mixo8ePHIllEplpZMmLEVGCTKhy5UaN
LmMu1KixpMGTJkuSJIlTTESYFIntyzSppcyJQI+6TCpQZ1Fik4RCJMYTZ06rD5MqI8lUqUNlYrR6
9SpGDBqzZ8+WLau2rdm1b8VMKjs3Ll26J4tazXtVLrSBmbqORQhWoOCPaIj9HUzQZsN6ypRBi6xM
r1GChw+KFNl0ZNSRUPeeZEsarlq7dk+jVp3WbKOzNyYBzYwZIdFJg9EQPeg4IhrKlDUnrMdTIWVo
kJMrSz40J1eTm0/SVuizI9WrOwNvVlxw+eKOOIvW/+tsMOn4grgJEou8fn3X0Jf3aRQa+fu+T5w5
QqvqXKd/6ABGd52A2gGo0klfDSQUGpOkBxJRt10WWXqLnVedQu1tFRlE55k00GyNteefMiaR2N5m
WxGDn4pU4QcUTtlVVRxBFwqk1z7nOcRgJrp9NB2EDX5o1F813qSTfRqCFmOAI6Vo0iSxkejhUUU2
JCNO9diXEDST6NYgGgJJ9ZGYBuVoE5B6bcfifyg2GRmATC133HqByQcYhDHcQCZCWlJU3XSHiVGS
gwLlCNSOPWak6GPdhckkjNCph1NT+0Sn6HSAiaThcheBKZAYeW61UI4UQXMhpgVBGFZtBBXFIKEJ
Sf9GKkZ7MtTbPvsB1iCEC9U60GL5DXRjmJEZAGqYBSH3F1B9OlRlrPLVg2BCXVY7HEGGfohtQxUa
FpFPPCo44UDV6eVqeQppaZN9i3FxQwzAuUeqVOehWpBPi01XlBv17iPGX1/uVpFQs/76UL5bGlQd
SUU1lRSYRkF4ZrK8Mbjth8rEEEONW022KZ02+krdQFmy1LC39TAoKKzpzjQqQgXb+ZBuIzWWKUxg
PnsnhJ62anFD7/asrUHuKfOJqH1qWSSZAAu8j2xPT0KkwYziSHWYCBtHcUFSxVnoaNRKdZGYQl9c
qbC7BukQZBtf+N2ejqmkoXu13jD01zcyCGZXKZv/bVCz2C4G+NUEfUdqyUPvZCNDDY+tEdQW8eZq
DA6e1a18ef4m3NNMOW0faBr5lDEA9Jn7KstCfaczYYUXql7MfudIKkxJTUrjQ8OCVTZvxPRM09Pv
xhChSIgPxQXlMjdmk3nkJVTdDQAIf9LPAilb6GS3Y1qwnF7fzafr5XUpF/UF7X7Q56qK0TV64Yrs
rxg3FDmoTu+i9CJK6w130XhNTk0UANEzjIN+lxELeQtX0JJPJuC3sfhBzl7pIsa7GDjBVX3oVIUb
T7OkFRi27IYmagOMwjJxgxXUTyOQKd8ES8K/TMxKKs0qiTIACACJQQkAK0gKvhgCkwulsFcTzFMQ
/+NXs8G1qlr2mUSeQAWXPFEOJumZznk0OBA0qEUo87OJbOZTRbMoyIliGg8U8yQ2ICULhQfZVQxW
UMNw+QsABqAJzhqxrb8YSiN2e0gFBVWpBcYvfkCBneQY9EcuaK56CxSDsRbIOmfFTwxuyJ/PyjK2
sxyEgYfEViY2NiVEFuWTZwOY3tJzFgCKaYYAwE3BrNgrDCbvXky8wUV4ZaOgMSslG4uBl27TIC6B
KjYQ6RNY1uKp9Q2zS4M62b2WWB4SCs87P0yKuWg5lIahAYAXmgQAJUO78j1rMaujUVhu8MhbAQZ+
6REkYeCnp1fayI+GPAlJFiVGYblFUBcR1VDi5/87G33SUxl7F3cUBKoYHESMPCJUGaclBgDKUiAA
NCiOllWwPyksTjkqy6c4uRD4cUEyVnvIJg2JLIRo9Gm85JGH+iWQHe1DLcq4QWKaI5/W1O4muhGD
uyQ6FFyV5QZQXJmn6rkYL6WqJNADAGSUwUaA1gZToovLr+DXHDSQ04cF4Z+/gMmhrfIUJoLDEcSo
pbfbkEiZykjLUDQ6F9CspVEJCR7lElXQl14mX0XZEKUKVR0uAFBlANwfugo2HrNAiUGdw43AysLT
a92ApBDEXPwOqDCJIKpaDaLkWuVCEDfAryv2u9gfP9kgchr0h+xzIauW4y/AYHMfBogBDnfktIn/
+ktvaCHX0AaV1T82EntQopxhzXeT+BkTfFX6TmLj81K2FAV+LamLhJ760rlorJ0blQtRGARcQjFF
L3b7HRzhRUM45ohmeskMMDXUuKcKlFWfQsNr5jLZg+2jEe9KEnvetB4Xaeo6czPRVkCjMKuSki5e
cmCTkocS0joISp8ViBAb0yBkwoop9bRRQwHQUBPScJogNipBaFsWFPLopMALS8rOssC5OLW5jR3V
cuL31aaA0iLKtAx0pETJ9lhRUAN2Lo9E0iD3aMdFBSpoWDJWYhENZb+ny2fixAY9NtZwH7KNLYl4
Z5lP9uTHlmxpXHTJMlYxMyIT9Bi53kXEWpVk/3d96lJzKTmaVWXCs3bWFIlO5yW9GoaBinHXQ6sX
reTtpzK9zFBgjEaV8rZnwyvQjj4prLLWjK9ao5xfnmw4PwVVip+UPR+N3jXRpS7QiVe9yK4Uch4r
OsgsssyoYRMpSwgN+E0FWiuaNvmuScS2zL+aT1GhVhgF4SbLF0KDbGeLnNDhti18PpDExCTBj9rG
MjRGa0OYyMVPcYqx2vVe+eRcOLp417iJ/A3B5kdklUYHJUSh8WO5SrKBzLc6f7IgAgUFG2y+5VMG
wOFFTOViufAbR4GsN3skRsL6JkQkoFbnQZTdzh42hpN+rvewEUIMs9haO3Q27K9qRiw7gRhIqP/m
5KV1Y8W93XZ847NTCmGSicCOWIk01OitWEvA7tSqHvRFprREhzUmuq9MFwSkQXIaYfkER1iv2d56
4IdPb6rFboEhOdduJT7Pdqltuhylp1Rpxk8tpJQBP01aam5KYV2kRj8EFnN9Gj/+Be2DVO+ZESd+
5uriJqYby0haNLKfAkny5RHrUjmH0ru0dGmU32ZldS3m61UJqNk3cVVCwXzpyixbavmpSWC0VLYK
sYchEiRipUoMY46GFCLDFB4fhbVpzFhrqfoELfw6/qXhpuY1R//NoMhnR6rRPDsv/XG1VrbABar1
XQDI5MXk5K/Hlcc9hOPaH8OSOXB7ippr+zT/1ZXpUaDMfsQwf7zy2UKzPZ0mVZ96vIvP1lOGaPA1
Yu8Sc+L/b7TNBZu4sXfdQRPB4k4chwY7tRZXRVwSURkTxGY0ZlgeJ4Etx2qToRPmk27+8ngHx3Hv
VGAudhZSI0YElBZrZyLNIUMiVE1EoV3VwSV6UzZ14i1yFFKHURns1Gt7IoBU8xd6g1/v4i4JyIC2
ok9Al3FowU8yyFdqcUC4NVwH1HNP8xaJsRd9pCSh5S1U4SX8Rlq1dYXMRRMkaIBhsjF8E2owA1fn
ZBYQ9CKbsXRdwj2fYkE+cRrO9zQxGHPUBROt9hZSY3YyExVethcN80+TEEkLgUxPghsNE3Nj/7gt
rHUvMuU3LgM+r0Ru9dYQC1ZF6kc+QoIGKTNcmGYtKUgsMxcaBfdjc1cpDcOD82Eg4ZFF19Epu7Ij
IURZtAEWwsMRBNR8D5EjmkJfzrc76eFxLcZiBvcf0oE9zNFNaOFFtvJmCfQ9IfKGCkJkr5JFnMZy
mHh2s8eD1IFYCLF9VJcp27U6xKSKpFhZPAcZtRIXYaYr1yZYTjce9hg4GSZzCKE3dOIGmphGYgck
4XFjP2Ej4ihuEwc/sHFPDgRz2/U0PFRoMvcm7GdRJqMr9CiRCDQTkYhArtZ/tTMjaRSGX+Ml2agr
uwIhhzdxRPhwM2iQo2gxqlEacDEyyeeHdv/kZ0fXaZiRcVuzj6N4fQpBFCYSMaqVIP8EfoCzjtOo
IKPke74hiVRnGs94ExijZuBDSyfzdGszjN1oiZP2EDJSf1H4HkDpicgBjVmVRlQIcy3ZEMBGGv4I
iKfxSFS5N1LCQgahTGoYOuKjG7SxGC+JkJqYE0PTkWRYES1Hha3xlpYlZosZK4jpPDNpVXBRHUfZ
GJcGbGooH0fXmdH4X3KDhpbVCIZVF/FIEbcEgmqpNR0xGdiTd1MJF3nEIfokTByhVTvjdBVBlddi
fwzhFnYjNOrUFbSxPYhpRds1LOgnm5fJeu4IOM2CmBBkToYhcQXRNgwomHoGOv6hKU0yIunWhmKt
spGEyS0ctyE/KF/lwUGWNU7POZXgIxiZwVJuxzXYgy6wtxEw6IfBuZYUky1Il5BuwJQDuhicmZ4M
oZD8pIA/FU6vhx42aDWR9RGkkaAIQSgbBBEUiKHR2BBhyREPOqINGk5aUaEU4RYbQYSZAUWLWSco
qj+DCVbrAY4rYZnxaZeeJjMSpyX2SUytKaIgSi7O14375xIF+GSMkYbU+D4yVY6/aB8GF6TYCRGr
eF/KGaTEYqMYEUWfuaQVwYONCaEgATssZhFVihG4mYlgGkwDShABAQA7== -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Hi,

Sorry for the delay. Looking good. Run Combofix once more like you did before, and post the log. Then I think we can call it quits.
 
ComboFix 11-06-30.03 - 1 06/30/2011 20:21:58.3.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1033.18.1013.335 [GMT -5:00]
Running from: c:\users\1\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:33 . 2011-07-01 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 01:16 . 2011-07-01 01:16 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2011-06-29 02:15 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 02:15 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 02:15 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 02:15 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 02:15 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 02:15 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 02:15 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 02:15 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 02:15 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 02:15 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 02:14 . 2011-06-20 13:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D9FB9B8-DAF0-44F1-A656-F2BBFD9AE3A0}\mpengine.dll
2011-06-28 02:11 . 2011-05-29 14:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-26 00:55 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-26 00:55 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-26 00:55 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-26 00:55 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-26 00:55 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-26 00:54 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-06-26 00:54 . 2010-12-18 05:31 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-26 00:54 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-26 00:54 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-26 00:54 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-26 00:53 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-06-26 00:53 . 2011-01-17 05:38 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-26 00:50 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-06-26 00:48 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-26 00:48 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-26 00:48 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-23 23:40 . 2011-04-22 19:36 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-06-23 01:06 . 2011-07-01 01:33 -------- d-----w- c:\users\1\AppData\Local\temp
2011-06-12 00:49 . 2011-06-12 00:49 -------- d-----w- c:\program files\ERUNT
2011-06-05 03:03 . 2011-06-24 03:59 -------- d-----w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 03:02 . 2009-07-13 23:11 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-05-29 14:11 . 2010-11-10 01:24 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-25 00:14 . 2010-08-09 17:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 00:18 . 2011-05-24 00:18 112 ----a-w- c:\users\1\AppData\Roaming\srvblck2.tmp
2011-04-26 22:33 . 2009-08-18 18:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-26 22:32 . 2009-08-18 18:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 06:13 . 2011-05-11 02:22 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 02:22 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-20 11:08 . 2010-09-22 02:55 114688 ----a-w- c:\program files\internet explorer\plugins\ChimeShim.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-26 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-25 2424560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 189984]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.68.166 68.87.74.166
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-79194763.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-30 20:39:07
ComboFix-quarantined-files.txt 2011-07-01 01:39
ComboFix2.txt 2011-06-24 00:11
ComboFix3.txt 2011-06-23 01:06
.
Pre-Run: 208,002,007,040 bytes free
Post-Run: 207,668,912,128 bytes free
.
- - End Of File - - 4DC54A1A1CC8A18E530C7FA5FD6EC0B2
 
Ok good. Your welcome. Couple things left to do;

You can remove combofix like this:
Start>run and type in combofix /uninstall
click ok or enter
Note the space after the x and before the /

You can delete the tdsskiller icon from your desktop.
Remember that Malwarebytes free version must be updated manually and a scan started manually.

You can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

And last some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plug-ins and add-ons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) The why and how for securing your browser for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you download/install files via p2p networks you will encounter malware. A file can be named anything be nothing but malware or have malware bundled in it. Do you really trust the source of the file?


More info/tips with pictures, links below

Happy Safe Surfing.
 
You must log in or register to reply here.
Back
Top