Jump to content


Photo

Homepage hijacked


  • This topic is locked This topic is locked
7 replies to this topic

#1 Kappa

Kappa

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 14 June 2004 - 05:38 PM

Hello,
I have been unable to remove some spyware from my computer. I have used Spybot S&D, Ad-Aware, Spy Killer and some other antivirus. My homepage shows SmarSearch logo, with various links all of them directing to yafoo.biz/search.cgi

Apparently there are few errors as shown by HijackThis log. But these come again after I restart my PC.

I can only imagine what the problem might be. Actually I used Bazooka Spyware Scanner, and it found some errors. I manually deleted the erros. May be I missed some of the files, or didnt follow the procedure exactly. So there might be some traces left. I dont know, but its a headache.

I have already tried deleting entries in bold in the follwoing log, but they come again.
Here is my HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 23:12:00, on 14/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe

O1 - Hosts: 213.159.117.235 auto.search.msn.com
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ChatSpace Java Client 2.1.0.89 -
O16 - DPF: ChatSpace Java Client 2.1.0.90 -
O16 - DPF: Yahoo! Chess -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: Yahoo! Towers 2.0 -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{94C313C6-5789-4557-A6B0-2B3A2CA65171}: NameServer = 195.93.33.134
O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}

#2 Fireflyer

Fireflyer

    Spyware Scorcher

  • Retired Staff
  • PipPipPipPipPip
  • 571 posts

Posted 16 June 2004 - 08:24 AM

Let's start with CWShredder. Download it here:
http://www.spywarein.../CWShredder.exe

Install it into its own folder and run it.

Go into Spybot S&D and disable its protection features - TeaTimer, etc., so it won't interfere with HijackThis changes. You should re-enable them when we're done cleaning up.

Run a new HijackThis scan and check these items for removal (if they are still present):

O1 - Hosts: 213.159.117.235 auto.search.msn.com

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -

O18 - Protocol hijack: about - {53B95211-7D77-11D2-9F81-00104B107C96}


Make sure all other programs are closed (including this browser window) and click Fix Checked.

Reboot your computer, run a new HijackThis scan and post the log as a reply in this thread.

You appear to be running both Norton and McAfee antiviruses - these can conflict with one another - it's usually best to choose just one to run.

Edited by Fireflyer, 16 June 2004 - 08:31 AM.

How did I get infected in the first place?
Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan
Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix
Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall
Help support this site! Click here to learn how.

#3 Kappa

Kappa

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 16 June 2004 - 09:22 AM

Hello,

The problem is solved now. The hero is Aluria Spyware Eliminator. It found some entries of coolWebSearch, BrilliantDigital, WebP2P installer, iWon, ILookup, 2020Search, n BargainBuddy.

All of the above are registory errors, except Bargain Buddy which is associated with an application, C:\WINDOWS\SYSTEM32\chktrust.exe

Deleted all the errors, and everything seems to be fine since then even after restart :-)

Well u might be thinking y didnt I paste the log file here. Actually log file is not in a readable format, I dont know. It was fine as seen with spyware eliminator.

If u insist, have a look:
----------------------------------------------------------------
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXfln_`q]@@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXflne`l]B@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXflne`l]B@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXoW\Z\S>e>JpW=pfXdFdUGuMpc]l;qTwZvvsdoMHI^R>AvdhdBAz]g=rFvQYHwUdufRNF_]@vJKEHfHkiIvYn`ZVJZp;hSn@psw_puBIyAqggW;Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEdeU<ogXFHRn;ivu=w<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pxak;yqsZmdodeqsIzCQRwc_tVLurb\MZvQ<HG?afrz^ZD`ZeUWKS?aRyIrGmCQvIk;ns\wx\x@`pr^SyBWZwtBgr[uNwkFFAjb\CX[iooD`IgpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJdX[tpAjEqJrBQvZgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXoW\Z\S>e>JpW=pfXdFdUGuMpc]l;qTwZvvsdoMHI;g>BpLNwMlP]cwVZ]NxDxthewMeYfIAfrTzHXE=iTt?nFxTUA;nspuw\pxrpaK`uq^qtv[Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuxexfdwtgHKH>c>ee<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pxak;yqsZmdodeqsIzCQRwc_tVLurb\MZvQ<HG?@fGzhUlVEyhqOTuEIiFOH^fMgJptwhHz@\okNpkLJy@AlxV@p]PDydtmAQioxCEFY`\N=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[Iyljxi_?sQiLqOa?MS<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXo@CZ;BZj;fRGafeS]CEIYuU`KlwPYPWF^ekdaGwY[>oMLaVdVKnrCdKZvNrDpn\emN@EDf`znAxCTAHiJpVnpRIE@rTsCtsovse[zURfG?Qdv[Gb@>>cuqC>fd_X;t_[An=UfPWPfB>s`VSyzmov<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=p_JL;\evEQFKdornVwf?Aw[WsCWM]f<EJeYNGMp`e^CDJAN>fGKoHj<RiFY@^\Y]IoQYwcW<lfmR\wYTyDTJwlMq]]^>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeum;cna;>s;iv]A;fxOo<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSX<esZcBGeJDqWr]hWt<AJb<g[KahPfgRFuvdwlpkVG^FN>DghnDfm`ICYFF?C_KpuFs_Y;OKi;lRSBVAiAu]rbUnIjULdKuy\xv\pv?Xz]BVwsyBm>_^sZJSR\ObS?r\pVeCIyJC;SDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJIx[E<cybv?bBQ^Yc>=gG;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pG`c;qhnZqgsdUtjJsYJB=MVgBLi]TvwF]BBSf^`zBrgEqGjz\DdCEdPjj]VqynfYSkYdaac_lZE[W?SyFImskb>mPDfd]pIQhejC?biockJJJf_<yixgYbQifMhzY?Fzbfhw\joNQYkfbSYv[ITlJIx[EaCyOcEqTCaZqXZgQsdZfccqAMixmvHePPp?A[Ru\K<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>W?r>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<XoR>ZF\xejsQWrdhWwTdZl>dpEtr;ulmZU@Kx=rbFhf?AsKGtZWLn;`VZpN_TtqcfQ;tI_c?vNCwH]>AiTRaqD_gJphuhGrx\a\[oH[kzg?Qdv[Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\CIudT;v_g]dHFIBgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXo@CZ;<?jjiYWZriC<nEJK=_k@AQPUfkZujNhbjsIrAGB>H@tYPyrJwYYFUOHp[deez^JFmKe;foX[FGiWdGmYbVJZKtcCtsovse[zURfG?Qdv[Gb@>>cuqC>fd_X;t_[AO]Uza\@aRSx`;Vuv[<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=p_JL;blOFN=dccnKVBfE>?YDgzqQ^PhNZjxMXllmfakVUhHAfDXnHuJbe=x@nmQuISkWdldm_AviplZEyPI_s<Bgr@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeXMOd;VH>cVijt@?u<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?W?r>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<XoR>ZF\xejsQWrUnXhEoVl?=paBJ;UVDZgIdcllhVC_FNWKUgnEmmPwHEeYECf^yzf<ZZxKZy_JjCxibySb\]GuMY[;ncjTVp`rhppyWiFFAxl^l];B_wUNlAv^TW>xep>iVJABPLZdXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJIx[EajyoVTmRQsJn><wF]S<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh@WHr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXfCZZ?lqePfbXWejCDv=Vt>h[_xl@bfaEm]_glpfV[PsACPWgqJhmMDuJwIyWQTGunCDZDf^zOTkHi\=yAzQmaY<YuOYwcW<lfmR\wYTyDTJwlMq]]^>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeum;cna;>s;iv]A;fxOo<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZEF>Hkvue^;pED??fPnjHeELirDSnb@]IprqhGaI\<[jpm=WyFX[wKaMm<GXxXQj=@qoHEY?[`hHJFzF@nIMdfOivtgcjWD@zyghwxQYMp;vy\zyf@rD`@ny`IcHfDl;]fm<FQXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^RK>gLor^HZZmukS_w^Z;fUK<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLept=m;bubZteddaB`YxE\N><VtIjur;uXZba<HkBheb;EEgosfglRC>fQjLu\aGy]YkRnwgmz\oc[kWwMyD@Dw\Bgr[uNwkFFAjb\CX[iooD`IgpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJdX[tpAjEqJrBQvZgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpD?Sy>;JwqzOmUBEtzljRFIESZdi[\N\VMuc<mhQtwLQifrou=KrfptzxURoNQvDirM^u^ER_EN_p;OmvnCEqTCaZqXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb?RkkzPuIXXdM]vnWs<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpDC@yYUNwya?mIVBwnnJQGD>WiaokGO]Ujf[<z>thkTDjl`qu;MOe>xgxFWLMLyPeYCOfXHX_<F[pNgujiJeaTCaZqXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^Rr^ZKbYXDmD]jkVvw<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpDZVy;XOwys>mG@;xnrLQj[\SBY?k\XXIWzCOSe>toTGi@_djPU?u]czcDgW=xAty`zyf@rD`@ny`IcHfDl;]fm<FQXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^RK>gLor^HZZmukS_w^Z;fUK<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WHr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfon]`n]<@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfon\`n]?@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
LPs<Jzqo_thTx^rB__Rp>p?B@KY]SAniAckmCHPTa?W^_HvMILSUdcPoGL_cVtLNrgM;eO;okRfQJGXzWEb@iXfsH`k^wfrmAsS<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtW_SXle`rsEbX?hjZaA?fH@yWm[vTsHcJ[>d[P;<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtFuAXqh`raH`XUejV]SneRIbHZqfGsIrJ<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtBbVXglhrzXlXAb^J[gNfEYbT?hfSvDC<e
LPs<Jzqo_thTx^rB__Rp>p@BHKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkIt[zkaqhhrOwkC=X<IfaSn`k^NXw?>ZTyA`pNoiPq<\mLDJT\HjIFzW@kvl=foSA[F<[<e
LPs<Jzqo_thTx^rB__Rp>p@BHKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aNACrNo\XnO;FxDSOwHpI>z[ICzQ=`[YArZwQ=d;rRZWSqJbWqg;YYWs]F^aVeXHkPZoLYvU@bHZijD<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=Q[QbZ\@IfC`\>]=vFYu<ZU<D<zsX]@m`mr]@vpXeWAVkzBanoaAzg\RYC`Nl>GpnqjPQ^?GMIxCHGg<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQs>i@Y[d_Da@QtNCz<WuPsSLt`=HaR>^qFcfXALAFotjb=BmMue_RVR]N?oU[^Q\<@\XWIGkSFD^fqIbe?mr\LfiZPBSgUZnUTBW<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNl@mRMrqZDOTELZFqKN]_qfQ\hLAUEO<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKFn`_jHS=ymXyWYA<m[acXykrbcn^<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQs>i@Y[d_Da@QU@De=XjLferdXafa\oerZjDDy<@ZnaY]opjB<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSvtB`\a\t]rMhGDbZLVwvZqs>g=sfKQ;FiN>@M`uV\<@ulXszvGRtajkCKf>;;_O@jFpIpdGJnIUS`Y\Efs<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QEQ@sH@sLD_sA@QU@DeDXeKn@\cZ^lnyiv]=ExSnLAVk_fb@BhM^W_NSIMMqlvkqSi<qedD?YxWINNilF_f<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNl@mRMlq?aLX>c>JmbVaTvvRuhERTI\N;k<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKFn`_dQr>vv_z;Ul;uXfcH`k^wfrmAsS<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNlWmynirS`pD\GXIngSniUM>=OG>;ZKATfFofXAO]IDCTIxCPCNumGg<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKMU?_qEoQZT;zYVuPteEx_XDaumarr\wDn;>IRTnntaf=uqLMTHaM<e
LPs<Jzqo_thTx^rB__Rp>p@BDKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNlWmynirS`pD\GXIngSniUM>=OG>;ZKATfFofXAO]t<G_>hDICCflC^ep[<e
LPs<Jzqo_thTx^rB__Rp>p@BDKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKMU?_qEoQZT;zYVuPteEx_XDaumarr\wDn;>IRT?mlVa=ehLA=I]>Br_<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfpn_`n]@@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfpne`n];@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`n];@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`n];@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]>@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]>@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]@@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gYflne`k]<@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]B@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]B@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]C@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\ePq>EDAe;Zj;z_^gXfln^`k]=@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e

#4 Kappa

Kappa

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 16 June 2004 - 09:30 AM

Hello,

The problem is solved now. The hero is Aluria Spyware Eliminator. It found some entries of coolWebSearch, BrilliantDigital, WebP2P installer, iWon, ILookup, 2020Search, n BargainBuddy.

All of the above are registory errors, except Bargain Buddy which is associated with an application, C:\WINDOWS\SYSTEM32\chktrust.exe

Deleted all the errors, and everything seems to be fine since then even after restart :-)

I have already used CWShredder, Ad-aware, Spybot S&D, and some others. CWShredder found something but it wasnt coolwebsearch. coz my home page was changing to SmarSearch with entries on the page linked to yafoo.biz

Actually I scanned with Bazooka Spyware Scanner once, and it found some problems. It asked me to fix the problem manually, so I did. But I can imagine may be I didnt missed some of the entries. Anyway

Well u might be thinking y didnt I paste the log file here. Actually log file is not in a readable format, I dont know. It was fine as seen with spyware eliminator.

If u insist, have a look:
----------------------------------------------------------------
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXfln_`q]@@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXflne`l]B@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gXflne`l]B@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXoW\Z\S>e>JpW=pfXdFdUGuMpc]l;qTwZvvsdoMHI^R>AvdhdBAz]g=rFvQYHwUdufRNF_]@vJKEHfHkiIvYn`ZVJZp;hSn@psw_puBIyAqggW;Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEdeU<ogXFHRn;ivu=w<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pxak;yqsZmdodeqsIzCQRwc_tVLurb\MZvQ<HG?afrz^ZD`ZeUWKS?aRyIrGmCQvIk;ns\wx\x@`pr^SyBWZwtBgr[uNwkFFAjb\CX[iooD`IgpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJdX[tpAjEqJrBQvZgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXoW\Z\S>e>JpW=pfXdFdUGuMpc]l;qTwZvvsdoMHI;g>BpLNwMlP]cwVZ]NxDxthewMeYfIAfrTzHXE=iTt?nFxTUA;nspuw\pxrpaK`uq^qtv[Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuxexfdwtgHKH>c>ee<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pxak;yqsZmdodeqsIzCQRwc_tVLurb\MZvQ<HG?@fGzhUlVEyhqOTuEIiFOH^fMgJptwhHz@\okNpkLJy@AlxV@p]PDydtmAQioxCEFY`\N=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[Iyljxi_?sQiLqOa?MS<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXo@CZ;BZj;fRGafeS]CEIYuU`KlwPYPWF^ekdaGwY[>oMLaVdVKnrCdKZvNrDpn\emN@EDf`znAxCTAHiJpVnpRIE@rTsCtsovse[zURfG?Qdv[Gb@>>cuqC>fd_X;t_[An=UfPWPfB>s`VSyzmov<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=p_JL;\evEQFKdornVwf?Aw[WsCWM]f<EJeYNGMp`e^CDJAN>fGKoHj<RiFY@^\Y]IoQYwcW<lfmR\wYTyDTJwlMq]]^>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeum;cna;>s;iv]A;fxOo<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSX<esZcBGeJDqWr]hWt<AJb<g[KahPfgRFuvdwlpkVG^FN>DghnDfm`ICYFF?C_KpuFs_Y;OKi;lRSBVAiAu]rbUnIjULdKuy\xv\pv?Xz]BVwsyBm>_^sZJSR\ObS?r\pVeCIyJC;SDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJIx[E<cybv?bBQ^Yc>=gG;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=pG`c;qhnZqgsdUtjJsYJB=MVgBLi]TvwF]BBSf^`zBrgEqGjz\DdCEdPjj]VqynfYSkYdaac_lZE[W?SyFImskb>mPDfd]pIQhejC?biockJJJf_<yixgYbQifMhzY?Fzbfhw\joNQYkfbSYv[ITlJIx[EaCyOcEqTCaZqXZgQsdZfccqAMixmvHePPp?A[Ru\K<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh>W?r>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<XoR>ZF\xejsQWrdhWwTdZl>dpEtr;ulmZU@Kx=rbFhf?AsKGtZWLn;`VZpN_TtqcfQ;tI_c?vNCwH]>AiTRaqD_gJphuhGrx\a\[oH[kzg?Qdv[Gb@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\CIudT;v_g]dHFIBgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXo@CZ;<?jjiYWZriC<nEJK=_k@AQPUfkZujNhbjsIrAGB>H@tYPyrJwYYFUOHp[deez^JFmKe;foX[FGiWdGmYbVJZKtcCtsovse[zURfG?Qdv[Gb@>>cuqC>fd_X;t_[AO]Uza\@aRSx`;Vuv[<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?WEr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<Xor^Zf<XeJSqWrunXhEoVl?=p_JL;blOFN=dccnKVBfE>?YDgzqQ^PhNZjxMXllmfakVUhHAfDXnHuJbe=x@nmQuISkWdldm_AviplZEyPI_s<Bgr@>>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeXMOd;VH>cVijt@?u<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh?W?r>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcXJUyUgzXnX><=r>\<XoR>ZF\xejsQWrUnXhEoVl?=paBJ;UVDZgIdcllhVC_FNWKUgnEmmPwHEeYECf^yzf<ZZxKZy_JjCxibySb\]GuMY[;ncjTVp`rhppyWiFFAxl^l];B_wUNlAv^TW>xep>iVJABPLZdXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJIx[EajyoVTmRQsJn><wF]S<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\uP^<Fh@WHr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJTwCg[BhXXK@r@vSXfCZZ?lqePfbXWejCDv=Vt>h[_xl@bfaEm]_glpfV[PsACPWgqJhmMDuJwIyWQTGunCDZDf^zOTkHi\=yAzQmaY<YuOYwcW<lfmR\wYTyDTJwlMq]]^>cuqC>fd_X;t_[An=UGpjOsDXwvYAu\jiuUEIeum;cna;>s;iv]A;fxOo<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZEF>Hkvue^;pED??fPnjHeELirDSnb@]IprqhGaI\<[jpm=WyFX[wKaMm<GXxXQj=@qoHEY?[`hHJFzF@nIMdfOivtgcjWD@zyghwxQYMp;vy\zyf@rD`@ny`IcHfDl;]fm<FQXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^RK>gLor^HZZmukS_w^Z;fUK<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLept=m;bubZteddaB`YxE\N><VtIjur;uXZba<HkBheb;EEgosfglRC>fQjLu\aGy]YkRnwgmz\oc[kWwMyD@Dw\Bgr[uNwkFFAjb\CX[iooD`IgpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[ITlJdX[tpAjEqJrBQvZgk<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpD?Sy>;JwqzOmUBEtzljRFIESZdi[\N\VMuc<mhQtwLQifrou=KrfptzxURoNQvDirM^u^ER_EN_p;OmvnCEqTCaZqXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb?RkkzPuIXXdM]vnWs<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpDC@yYUNwya?mIVBwnnJQGD>WiaokGO]Ujf[<z>thkTDjl`qu;MOe>xgxFWLMLyPeYCOfXHX_<F[pNgujiJeaTCaZqXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^Rr^ZKbYXDmD]jkVvw<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vPa<=h=WDr>SvZNzgNuzzQ=o>BtYPDGgx[=ZrcMJ;jDgqGeXXRTrJxSXvfeZt=FeWJJWakwXyQoVvLeptWp;xvuZ[w<d@rjIz>[N@mGt;JqrIa]ZAXBHtaae^ADFR?YfOPnHdWzilp=n^urI`aRxHyn\swnpDZVy;XOwys>mG@;xnrLQj[\SBY?k\XXIWzCOSe>toTGi@_djPU?u]czcDgW=xAty`zyf@rD`@ny`IcHfDl;]fm<FQXZgQsdZfccqApIx<c>vFFk@SyEuvYqFEb^RK>gLor^HZZmukS_w^Z;fUK<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WHr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?bo]SAtiEmwmA?THmsJrGrUMvavJ;Qw\dcLx]Bd>ssD@yYF_vbsAIUNyMVm;tmzgT`DnTG[bKakCNGWI]nEqlrkAyjEQZEaN?bJ\vP_<>h;WGr>SvZNzgNuzzQ=o>BtYPDGgQLVVtyZJLmGg[YhXVLYrJ]rWUSjJ`YYeWZ[WZruToWEUYuU`KlwP`blFizgwy[yYfBrM>AGd@Ef]SyXFyB;Szlwf[FHIb?beepdXf=>j`v<n^HqFRV\x@mv\zm=l[OTyZ^qtYTWnJy;hysHQqkiDm>>oan=UGpjOsDXwvYAu\jiuUEIeumbcNPNBqYkfbSYv[dtlwXnlOsHzEqRq>;<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfon]`n]<@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB?Eu^t@qiHp\mV=SHwWe^Ta@N\qyJSFu\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfon\`n]?@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
LPs<Jzqo_thTx^rB__Rp>p?B@KY]SAniAckmCHPTa?W^_HvMILSUdcPoGL_cVtLNrgM;eO;okRfQJGXzWEb@iXfsH`k^wfrmAsS<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtW_SXle`rsEbX?hjZaA?fH@yWm[vTsHcJ[>d[P;<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtFuAXqh`raH`XUejV]SneRIbHZqfGsIrJ<e
LPs<Jzqo_thTx^rB__Rp>p@BGKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aZAYnUow<nOAr^HSIxHNM;zq[IzeS\[\NbYhr>dSEiZ;?HJpBvtBbVXglhrzXlXAb^J[gNfEYbT?hfSvDC<e
LPs<Jzqo_thTx^rB__Rp>p@BHKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkIt[zkaqhhrOwkC=X<IfaSn`k^NXw?>ZTyA`pNoiPq<\mLDJT\HjIFzW@kvl=foSA[F<[<e
LPs<Jzqo_thTx^rB__Rp>p@BHKY]SAniAckmCHyTRXMnm;eMNOIUvjNoEQ_c?QkQ?eW@xQU_yzOQNWVzXWkPhkItysearkor=ONDmR>I]bYnQbhNxkE>>aNACrNo\XnO;FxDSOwHpI>z[ICzQ=`[YArZwQ=d;rRZWSqJbWqg;YYWs]F^aVeXHkPZoLYvU@bHZijD<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=Q[QbZ\@IfC`\>]=vFYu<ZU<D<zsX]@m`mr]@vpXeWAVkzBanoaAzg\RYC`Nl>GpnqjPQ^?GMIxCHGg<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQs>i@Y[d_Da@QtNCz<WuPsSLt`=HaR>^qFcfXALAFotjb=BmMue_RVR]N?oU[^Q\<@\XWIGkSFD^fqIbe?mr\LfiZPBSgUZnUTBW<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNl@mRMrqZDOTELZFqKN]_qfQ\hLAUEO<e
LPs<Jzqo_thTx^rB__Rp>p@BIKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKFn`_jHS=ymXyWYA<m[acXykrbcn^<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQs>i@Y[d_Da@QU@De=XjLferdXafa\oerZjDDy<@ZnaY]opjB<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSvtB`\a\t]rMhGDbZLVwvZqs>g=sfKQ;FiN>@M`uV\<@ulXszvGRtajkCKf>;;_O@jFpIpdGJnIUS`Y\Efs<e
LPs<Jzqo_thTx^rB__Rp>p@BJKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QEQ@sH@sLD_sA@QU@DeDXeKn@\cZ^lnyiv]=ExSnLAVk_fb@BhM^W_NSIMMqlvkqSi<qedD?YxWINNilF_f<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNl@mRMlq?aLX>c>JmbVaTvvRuhERTI\N;k<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKFn`_dQr>vv_z;Ul;uXfcH`k^wfrmAsS<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNlWmynirS`pD\GXIngSniUM>=OG>;ZKATfFofXAO]IDCTIxCPCNumGg<e
LPs<Jzqo_thTx^rB__Rp>p@BCKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKMU?_qEoQZT;zYVuPteEx_XDaumarr\wDn;>IRTnntaf=uqLMTHaM<e
LPs<Jzqo_thTx^rB__Rp>p@BDKY]SAniAckmCHyTRXMnmJkM=BBUeqHoWHccSJzQS^I@y;D_dA@QTNCz<WuPsSmsNlWmynirS`pD\GXIngSniUM>=OG>;ZKATfFofXAO]t<G_>hDICCflC^ep[<e
LPs<Jzqo_thTx^rB__Rp>p@BDKY]SAniAckmCHyTRXMnm;nM;PSUkcNoHEic=QzQFqCKMU?_qEoQZT;zYVuPteEx_XDaumarr\wDn;>IRT?mlVa=ehLA=I]>Br_<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfpn_`n]@@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfpne`n];@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`n];@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`n];@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]>@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]>@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gZfqn^`r]@@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gYflne`k]<@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]B@UWAA@Iia?nu]zAGw=>?OqBqiNofJ@KLqYDkkATdABuMPuz\Tn[ZMJU\yagZ<hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npC<nYJhNe_L_cLbc`F<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]B@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\eQq>EDAe;Zj;z_]gLfon^`n]C@UWAA@Iia?nu]zAGw=>?OqB]]SobW]O;iKCiTcHOlhuEjiy`\hk=QsYA;GchvEY_XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNhIyuO[wms?bfuF^vewq;<e
\nMOZZwl_uoGahxNmhDp<\AB@Eu^t@qiHp\mV=SHwWe^Ta@N\qxJSFp\mpPxqe>>jhW@jHC\ePq>EDAe;Zj;z_^gXfln^`k]=@UWAA@Iia?nu]zAGw=>?OqBx]Mo\XjOM?NTWO?GknojzW>fgS[[>@_YLfwts\hE?XvUzRltTcOCcc[][@iC=iaEbZ;z?;tD<npCaNEIYib_<zc@wf\U[zs<e

#5 Fireflyer

Fireflyer

    Spyware Scorcher

  • Retired Staff
  • PipPipPipPipPip
  • 571 posts

Posted 16 June 2004 - 09:06 PM

Ohhhhkaaaay... very interesting to say the least!

Well, you say the problem is solved now, so I hope it is. Without seeing a followup log I really can't tell.

But, time will tell, so here's hoping that it's really gone and doesn't sneak back on you.

You might want to check out: How did I get infected in the first place?

I would also recommend looking into the following to try and prevent future infections:

SpywareBlaster doesn't scan and clean for spyware - it prevents it from ever being installed.
http://www.wildersse...areblaster.html

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.staff.uiu...rce.htm#IESPYAD

Both are very small free programs that you run once, and then just occasionally check for updates.

Edited by Fireflyer, 16 June 2004 - 09:10 PM.

How did I get infected in the first place?
Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan
Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix
Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall
Help support this site! Click here to learn how.

#6 Kappa

Kappa

    Member

  • Full Member
  • Pip
  • 5 posts

Posted 17 June 2004 - 09:27 AM

Hello Fireflyer,

The bold entries r actually downloaded program file for McAfee Online virus scan, TrendMicro, Symantic, and some other virus scan. I deleted these entries. First there was name right next to them so I could recognise them. I guess its ok now. Same is true for ChatSpace Java files.

Here is my HijackThis log file:

Logfile of HijackThis v1.97.7
Scan saved at 15:19:15, on 17/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALURIA~1\ASE\ASEserv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\unzipped\hijackthis\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: ChatSpace Java Client 2.1.0.89 -
O16 - DPF: ChatSpace Java Client 2.1.0.90 -
O16 - DPF: Yahoo! Chess -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: Yahoo! Towers 2.0 -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -

O17 - HKLM\System\CCS\Services\Tcpip\..\{94C313C6-5789-4557-A6B0-2B3A2CA65171}: NameServer = 195.93.48.134

#7 Fireflyer

Fireflyer

    Spyware Scorcher

  • Retired Staff
  • PipPipPipPipPip
  • 571 posts

Posted 17 June 2004 - 01:09 PM

Your log looks pretty good now.

Thanks for the info on the O16 - DPF entries. I couldn't find anything on them, but now I can add them to my list of OK items.

I'm presuming that these entries are due to restrictions that you have set in Spybot or other programs.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


I have a question about:

C:\WINDOWS\System32\wuauclt.exe

It didn't appear in your first log. In its proper form it's an automatic check for Windows updates - but there is also a trojan that masquerades as this. If you've set Windows to automatically check for updates then that's most likely what it is. If not, then you should visit the Trojan Scan sites in my signature to check it out. Judging by your log, you've got a lot of things set on automatic update.

Here are a few optional fixes:

You have RealPlayer running at Startup and this is not necessary. You can fix this with HJT, but you will also need to set it not to load from within RealPlayer to keep it from resetting itself. This is the item to fix in HJT:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

Here are a couple of opinions about loadqm.exe:

"loadqm.exe is MSN Queue Manager Loader, a service that is installed with MSN Explorer and MSN Messenger. It can use a lot of system resources."

"...the purpose of LOADQM.EXE is not clear. Some refer to the program as Microsoft's attempt to spy on you and report your every move to some sort of a central database system. The honest truth is that there is much speculation about what LOADQM.EXE does which causes the computer to respond sluggishly. ... many users noted that disabling LOADQM.EXE did not interfere with MSN Messenger or any other Microsoft programs that 'use' it."

I wouldn't want it on my system. This is the item to fix:

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

This is also an optional removal - it's related to McAfee but the file has already been removed leaving this fragment - leaving it is not harmful, but it's serving no purpose.

O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)

If you decide to fix these, run another HijackThis scan, check their boxes, make sure all other programs are closed (including this browser window) and click Fix Checked. Reboot your computer before running another HijackThis scan.

Is your system performing OK, and do you still feel that the problems are solved?
How did I get infected in the first place?
Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan
Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix
Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall
Help support this site! Click here to learn how.

#8 Fireflyer

Fireflyer

    Spyware Scorcher

  • Retired Staff
  • PipPipPipPipPip
  • 571 posts

Posted 07 March 2005 - 10:19 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
How did I get infected in the first place?
Online Virus and Trojan Scanners
Panda Software . . . Trend Micro . . . Bitdefender . . . Sygate Trojan Scan . . . Trojan Scan
Tools for Fighting Spyware
Spybot S & D . . . Ad-aware . . . CWShredder . . . HijackThis . . . PeperFix
Tools for Prevention
SpywareBlaster . . . SpywareGuard . . . IE-Spyad . . . avast! Free Anti-Virus . . . AVG Free Anti-Virus
Zone Alarm Free Firewall . . . Kerio Personal Firewall
Help support this site! Click here to learn how.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button