|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-28-2007, 01:34 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 9
OS: xp home sp 2
|
Help with Trojans
Hi,
Recently I began having trouble with trojans on my computer. Adaware and my virus scans find them but after I remove them they come back. I don't have much experience with them and everything I have tried has not worked. My Hijackthis log is attached. Some notes: -explorer.exe takes up almost 99% of my cpu. I can close it manually, but then my desktop disappears -The panda online scan would not work on my computer. Not sure what the problem is there. -Mcafee finds trojan loader.exe and runme.exe -adaware finds Win32.TrojanSpy.Bzub (both process and file) -I followed the five steps before posting. Logs are attached. thanks in advance for any help. this is becoming frustrating. thanks, Chris Hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:17:10 PM, on 11/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\bigfix.exe C:\Program Files\palmOne\Hotsync.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hostwl.exe C:\Documents and Settings\Owner\Desktop\dss.exe C:\Program Files\Windows Defender\MpCmdRun.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Owner\Desktop\Owner.exe c:\program files\mcafee.com\vso\mcvsmap.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.h...s=PTB&M=MX6440 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.200.2:8080 O2 - BHO: (no name) - {975c56ce-1d53-430a-9489-e1c3f4c3eaa6} - C:\WINDOWS\system32\r.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1196122478156 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1196122458312 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Themes ThemesNetman (ThemesNetman) - Unknown owner - C:\WINDOWS\system32\apcupsx.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 9022 bytes |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-03-2007, 12:18 PM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
Hi and welcome to TSF.
Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- Download combofix from here or Alternate link **Save it directly to your desktop** Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall A log will be produced that will ultimately be named C:\ComboFix.txt I'll need that in your next reply
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by forhockey; 12-03-2007 at 12:20 PM. |
|
|
|
|
12-03-2007, 10:43 PM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 9
OS: xp home sp 2
|
Re: Help with Trojans
Thank you for you help on this. The ComboFix log is attached. A strange thing did happen at the end of the scan. All of the icons on my screen disappeared when ComboFix tried to reboot windows. All that was left was my background image. I tried ctl alt del but nothing happened. I had to manually power off the computer and then turn it back on. When I turned it on ComboFix resumed and created the log. Spybot-Search and Destroy has been detecting registry changes and giving me pop up warnings. Should I remove it from my computer? I won't be back at my computer until 10pm est tomorrow so if you reply early in the day I won't be able to work on the fix until late tomorrow night.
Thanks, Chris |
|
|
|
|
12-04-2007, 05:29 PM
|
#6 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
Hi cjcasey,
Allow Spybot-Search and Destroy to accept any changes made to the registry. We are going to disable the protection for the meantime, as it may prevent the fixes being made to your computer. -------------------------------------------------------------- Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Also be sure to carry out the instructions in the sequence listed below. -------------------------------------------------------------- Disable S& D Spybot's Tea Timer While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things. Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
-------------------------------------------------------------- Disable Windows Defender Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
-------------------------------------------------------------- Open notepad and copy/paste the text in the quotebox below into it: Quote:
 Referring to the picture above, drag CFScript into ComboFix.exe Follow the prompts, and post the resulting log, C:\ComboFix.txt Warning: Do not mouseclick combofix's window whilst it's running. That may cause it to stall -------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------- Please reply back with the following logs: C:\ComboFix.txt Panda Online Scan Results
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
12-04-2007, 10:38 PM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 9
OS: xp home sp 2
|
Re: Help with Trojans
The ComboFix log would not attach for some reason. Here it is:
ComboFix 07-12-02.6 - Owner 2007-12-04 0:18:49.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.533 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\r.dll C:\WINDOWS\Temp\1004014013.exe C:\WINDOWS\Temp\100550405.exe C:\WINDOWS\Temp\1006316503.exe C:\WINDOWS\Temp\1011009115.exe C:\WINDOWS\Temp\10135221.exe C:\WINDOWS\Temp\1018631293.exe C:\WINDOWS\Temp\102040999.exe C:\WINDOWS\Temp\1021229115.exe C:\WINDOWS\Temp\1023799843.exe C:\WINDOWS\Temp\1024825093.exe C:\WINDOWS\Temp\1027324021.exe C:\WINDOWS\Temp\1040431013.exe C:\WINDOWS\Temp\1040727997.exe C:\WINDOWS\Temp\1043253911.exe C:\WINDOWS\Temp\1043948853.exe C:\WINDOWS\Temp\1051672647.exe C:\WINDOWS\Temp\1057310101.exe C:\WINDOWS\Temp\105745083.exe C:\WINDOWS\Temp\1063228773.exe C:\WINDOWS\Temp\107355363.exe C:\WINDOWS\Temp\1075246375.exe C:\WINDOWS\Temp\1077550669.exe C:\WINDOWS\Temp\1078067269.exe C:\WINDOWS\Temp\1081836141.exe C:\WINDOWS\Temp\1096314999.exe C:\WINDOWS\Temp\109861053.exe C:\WINDOWS\Temp\109930549.exe C:\WINDOWS\Temp\1102922621.exe C:\WINDOWS\Temp\1103321115.exe C:\WINDOWS\Temp\1107174725.exe C:\WINDOWS\Temp\1108543853.exe C:\WINDOWS\Temp\1108894309.exe C:\WINDOWS\Temp\1116530941.exe C:\WINDOWS\Temp\1121319165.exe C:\WINDOWS\Temp\11217205.exe C:\WINDOWS\Temp\1129152885.exe C:\WINDOWS\Temp\1131407917.exe C:\WINDOWS\Temp\113476005.exe C:\WINDOWS\Temp\113891511.exe C:\WINDOWS\Temp\114088311.exe C:\WINDOWS\Temp\1147027415.exe C:\WINDOWS\Temp\1152000749.exe C:\WINDOWS\Temp\1153238861.exe C:\WINDOWS\Temp\1153915669.exe C:\WINDOWS\Temp\115875069.exe C:\WINDOWS\Temp\1159384535.exe C:\WINDOWS\Temp\116703779.exe C:\WINDOWS\Temp\1171038087.exe C:\WINDOWS\Temp\1174105133.exe C:\WINDOWS\Temp\1186827965.exe C:\WINDOWS\Temp\1191393069.exe C:\WINDOWS\Temp\1194002915.exe C:\WINDOWS\Temp\1199790267.exe C:\WINDOWS\Temp\1200624219.exe C:\WINDOWS\Temp\1208938587.exe C:\WINDOWS\Temp\1217094647.exe C:\WINDOWS\Temp\1218241815.exe C:\WINDOWS\Temp\1226980981.exe C:\WINDOWS\Temp\1233631831.exe C:\WINDOWS\Temp\1236790061.exe C:\WINDOWS\Temp\1237874885.exe C:\WINDOWS\Temp\123839293.exe C:\WINDOWS\Temp\1241145493.exe C:\WINDOWS\Temp\1243492283.exe C:\WINDOWS\Temp\1244475415.exe C:\WINDOWS\Temp\1245744291.exe C:\WINDOWS\Temp\1245914021.exe C:\WINDOWS\Temp\1250644237.exe C:\WINDOWS\Temp\1251906549.exe C:\WINDOWS\Temp\1258796477.exe C:\WINDOWS\Temp\1266308789.exe C:\WINDOWS\Temp\1274885347.exe C:\WINDOWS\Temp\128077859.exe C:\WINDOWS\Temp\12826103.exe C:\WINDOWS\Temp\1282942829.exe C:\WINDOWS\Temp\1285049357.exe C:\WINDOWS\Temp\1290391067.exe C:\WINDOWS\Temp\1294877949.exe C:\WINDOWS\Temp\1294972405.exe C:\WINDOWS\Temp\1296474151.exe C:\WINDOWS\Temp\1299863079.exe C:\WINDOWS\Temp\1310725053.exe C:\WINDOWS\Temp\1312846965.exe C:\WINDOWS\Temp\1313779381.exe C:\WINDOWS\Temp\1314099797.exe C:\WINDOWS\Temp\131646589.exe C:\WINDOWS\Temp\1323148859.exe C:\WINDOWS\Temp\1327548059.exe C:\WINDOWS\Temp\1327630501.exe C:\WINDOWS\Temp\1333340157.exe C:\WINDOWS\Temp\1339234725.exe C:\WINDOWS\Temp\1339506979.exe C:\WINDOWS\Temp\1344851111.exe C:\WINDOWS\Temp\1350677831.exe C:\WINDOWS\Temp\1351111383.exe C:\WINDOWS\Temp\1355385965.exe C:\WINDOWS\Temp\1355768535.exe C:\WINDOWS\Temp\1359290645.exe C:\WINDOWS\Temp\136680375.exe C:\WINDOWS\Temp\1370335117.exe C:\WINDOWS\Temp\1372703413.exe C:\WINDOWS\Temp\1375649431.exe C:\WINDOWS\Temp\1377828197.exe C:\WINDOWS\Temp\1378298861.exe C:\WINDOWS\Temp\1379122997.exe C:\WINDOWS\Temp\1381692285.exe C:\WINDOWS\Temp\1384586637.exe C:\WINDOWS\Temp\1394753965.exe C:\WINDOWS\Temp\1396402555.exe C:\WINDOWS\Temp\1397365229.exe C:\WINDOWS\Temp\1402239559.exe C:\WINDOWS\Temp\1403676515.exe C:\WINDOWS\Temp\1405664373.exe C:\WINDOWS\Temp\1410086821.exe C:\WINDOWS\Temp\1413933813.exe C:\WINDOWS\Temp\1416982819.exe C:\WINDOWS\Temp\1418520853.exe C:\WINDOWS\Temp\142367075.exe C:\WINDOWS\Temp\1428516059.exe C:\WINDOWS\Temp\1430317877.exe C:\WINDOWS\Temp\1430718973.exe C:\WINDOWS\Temp\1432805461.exe C:\WINDOWS\Temp\1433560469.exe C:\WINDOWS\Temp\1434940635.exe C:\WINDOWS\Temp\14422821.exe C:\WINDOWS\Temp\144290861.exe C:\WINDOWS\Temp\1443556453.exe C:\WINDOWS\Temp\1448979005.exe C:\WINDOWS\Temp\1455352509.exe C:\WINDOWS\Temp\1462016109.exe C:\WINDOWS\Temp\146478117.exe C:\WINDOWS\Temp\1469109787.exe C:\WINDOWS\Temp\1470795957.exe C:\WINDOWS\Temp\1476257653.exe C:\WINDOWS\Temp\1477433213.exe C:\WINDOWS\Temp\1480422871.exe C:\WINDOWS\Temp\1486175293.exe C:\WINDOWS\Temp\1486813941.exe C:\WINDOWS\Temp\1487788029.exe C:\WINDOWS\Temp\1489676507.exe C:\WINDOWS\Temp\1492216791.exe C:\WINDOWS\Temp\1497935525.exe C:\WINDOWS\Temp\1499999075.exe C:\WINDOWS\Temp\1504453197.exe C:\WINDOWS\Temp\1515100643.exe C:\WINDOWS\Temp\1515766819.exe C:\WINDOWS\Temp\1522289559.exe C:\WINDOWS\Temp\1522359653.exe C:\WINDOWS\Temp\1522793367.exe C:\WINDOWS\Temp\152487237.exe C:\WINDOWS\Temp\1525566717.exe C:\WINDOWS\Temp\1527278807.exe C:\WINDOWS\Temp\1531521861.exe C:\WINDOWS\Temp\1531721069.exe C:\WINDOWS\Temp\1542308093.exe C:\WINDOWS\Temp\1544131445.exe C:\WINDOWS\Temp\1545061671.exe C:\WINDOWS\Temp\155273095.exe C:\WINDOWS\Temp\1552792311.exe C:\WINDOWS\Temp\1554670885.exe C:\WINDOWS\Temp\1556206477.exe C:\WINDOWS\Temp\1561036003.exe C:\WINDOWS\Temp\1564935675.exe C:\WINDOWS\Temp\1565850701.exe C:\WINDOWS\Temp\1579484087.exe C:\WINDOWS\Temp\158028963.exe C:\WINDOWS\Temp\158188579.exe C:\WINDOWS\Temp\1586497275.exe C:\WINDOWS\Temp\1590284821.exe C:\WINDOWS\Temp\1590429511.exe C:\WINDOWS\Temp\1591567493.exe C:\WINDOWS\Temp\1593692749.exe C:\WINDOWS\Temp\1606318375.exe C:\WINDOWS\Temp\1608262951.exe C:\WINDOWS\Temp\1609557111.exe C:\WINDOWS\Temp\1609611127.exe C:\WINDOWS\Temp\1616142445.exe C:\WINDOWS\Temp\1635036307.exe C:\WINDOWS\Temp\1636261821.exe C:\WINDOWS\Temp\1640632443.exe C:\WINDOWS\Temp\1644436311.exe C:\WINDOWS\Temp\1651434007.exe C:\WINDOWS\Temp\1652664915.exe C:\WINDOWS\Temp\1656384125.exe C:\WINDOWS\Temp\1657439357.exe C:\WINDOWS\Temp\166420083.exe C:\WINDOWS\Temp\1665150653.exe C:\WINDOWS\Temp\1670972541.exe C:\WINDOWS\Temp\1673120685.exe C:\WINDOWS\Temp\1678452579.exe C:\WINDOWS\Temp\1679881469.exe C:\WINDOWS\Temp\1680691453.exe C:\WINDOWS\Temp\1686649207.exe C:\WINDOWS\Temp\1690715515.exe C:\WINDOWS\Temp\169588215.exe C:\WINDOWS\Temp\1697107469.exe C:\WINDOWS\Temp\1703283981.exe C:\WINDOWS\Temp\1706121797.exe C:\WINDOWS\Temp\1706648759.exe C:\WINDOWS\Temp\1707736685.exe C:\WINDOWS\Temp\1710676903.exe C:\WINDOWS\Temp\1714631949.exe C:\WINDOWS\Temp\1719152573.exe C:\WINDOWS\Temp\1723404603.exe C:\WINDOWS\Temp\1724932647.exe C:\WINDOWS\Temp\1727185221.exe C:\WINDOWS\Temp\1727747005.exe C:\WINDOWS\Temp\1730441879.exe C:\WINDOWS\Temp\1730869733.exe C:\WINDOWS\Temp\1733935989.exe C:\WINDOWS\Temp\1734200859.exe C:\WINDOWS\Temp\1739216723.exe C:\WINDOWS\Temp\1741167387.exe C:\WINDOWS\Temp\1743292493.exe C:\WINDOWS\Temp\1743379899.exe C:\WINDOWS\Temp\1743901285.exe C:\WINDOWS\Temp\1749203735.exe C:\WINDOWS\Temp\1751546951.exe C:\WINDOWS\Temp\1754368917.exe C:\WINDOWS\Temp\1756545109.exe C:\WINDOWS\Temp\1756575927.exe C:\WINDOWS\Temp\1756866547.exe C:\WINDOWS\Temp\1760191165.exe C:\WINDOWS\Temp\1760918615.exe C:\WINDOWS\Temp\1771256803.exe C:\WINDOWS\Temp\1773350535.exe C:\WINDOWS\Temp\1773542871.exe C:\WINDOWS\Temp\1774714391.exe C:\WINDOWS\Temp\1780800007.exe C:\WINDOWS\Temp\1784201469.exe C:\WINDOWS\Temp\1792166387.exe C:\WINDOWS\Temp\1794120439.exe C:\WINDOWS\Temp\1799091571.exe C:\WINDOWS\Temp\1803862005.exe C:\WINDOWS\Temp\1807019693.exe C:\WINDOWS\Temp\1813988279.exe C:\WINDOWS\Temp\1814010407.exe C:\WINDOWS\Temp\1815118757.exe C:\WINDOWS\Temp\18164451.exe C:\WINDOWS\Temp\1818723661.exe C:\WINDOWS\Temp\1831946837.exe C:\WINDOWS\Temp\1832258291.exe C:\WINDOWS\Temp\1838385831.exe C:\WINDOWS\Temp\1840809827.exe C:\WINDOWS\Temp\1844799731.exe C:\WINDOWS\Temp\1849011581.exe C:\WINDOWS\Temp\1849656819.exe C:\WINDOWS\Temp\1851996279.exe C:\WINDOWS\Temp\186045511.exe C:\WINDOWS\Temp\1865809405.exe C:\WINDOWS\Temp\1866950739.exe C:\WINDOWS\Temp\1871590845.exe C:\WINDOWS\Temp\1884244443.exe C:\WINDOWS\Temp\1894896827.exe C:\WINDOWS\Temp\1898912725.exe C:\WINDOWS\Temp\1899421565.exe C:\WINDOWS\Temp\189972215.exe C:\WINDOWS\Temp\1912300949.exe C:\WINDOWS\Temp\1913622981.exe C:\WINDOWS\Temp\1923146213.exe C:\WINDOWS\Temp\1935376699.exe C:\WINDOWS\Temp\1935582821.exe C:\WINDOWS\Temp\1944020965.exe C:\WINDOWS\Temp\1946926711.exe C:\WINDOWS\Temp\1948583045.exe C:\WINDOWS\Temp\1954281491.exe C:\WINDOWS\Temp\1956456421.exe C:\WINDOWS\Temp\1974744859.exe C:\WINDOWS\Temp\1979811575.exe C:\WINDOWS\Temp\19832647.exe C:\WINDOWS\Temp\1983592373.exe C:\WINDOWS\Temp\198984279.exe C:\WINDOWS\Temp\2002836949.exe C:\WINDOWS\Temp\2003942893.exe C:\WINDOWS\Temp\2007532327.exe C:\WINDOWS\Temp\2009746165.exe C:\WINDOWS\Temp\2010842999.exe C:\WINDOWS\Temp\2011050023.exe C:\WINDOWS\Temp\2027964501.exe C:\WINDOWS\Temp\2028469947.exe C:\WINDOWS\Temp\2033895047.exe C:\WINDOWS\Temp\2035203029.exe C:\WINDOWS\Temp\2039814627.exe C:\WINDOWS\Temp\2045514247.exe C:\WINDOWS\Temp\2051714485.exe C:\WINDOWS\Temp\2055602583.exe C:\WINDOWS\Temp\2064181319.exe C:\WINDOWS\Temp\207317437.exe C:\WINDOWS\Temp\2073445143.exe C:\WINDOWS\Temp\2073783165.exe C:\WINDOWS\Temp\2076926205.exe C:\WINDOWS\Temp\2096344763.exe C:\WINDOWS\Temp\209659323.exe C:\WINDOWS\Temp\2100006125.exe C:\WINDOWS\Temp\2102253043.exe C:\WINDOWS\Temp\2102353165.exe C:\WINDOWS\Temp\2103002445.exe C:\WINDOWS\Temp\2104059773.exe C:\WINDOWS\Temp\210818487.exe C:\WINDOWS\Temp\211049799.exe C:\WINDOWS\Temp\2111346365.exe C:\WINDOWS\Temp\2111569069.exe C:\WINDOWS\Temp\2114104987.exe C:\WINDOWS\Temp\2114159037.exe C:\WINDOWS\Temp\2121836887.exe C:\WINDOWS\Temp\2124362541.exe C:\WINDOWS\Temp\2124487579.exe C:\WINDOWS\Temp\2125759893.exe C:\WINDOWS\Temp\2128478195.exe C:\WINDOWS\Temp\2130308221.exe C:\WINDOWS\Temp\213148941.exe C:\WINDOWS\Temp\2134599843.exe C:\WINDOWS\Temp\2147663213.exe C:\WINDOWS\Temp\2148086325.exe C:\WINDOWS\Temp\2150929319.exe C:\WINDOWS\Temp\2151639829.exe C:\WINDOWS\Temp\2156814663.exe C:\WINDOWS\Temp\2157593239.exe C:\WINDOWS\Temp\2163661539.exe C:\WINDOWS\Temp\2165115557.exe C:\WINDOWS\Temp\2167198909.exe C:\WINDOWS\Temp\2176187143.exe C:\WINDOWS\Temp\2180134797.exe C:\WINDOWS\Temp\2181785301.exe C:\WINDOWS\Temp\2183354995.exe C:\WINDOWS\Temp\21877895.exe C:\WINDOWS\Temp\2192821261.exe C:\WINDOWS\Temp\2192898195.exe C:\WINDOWS\Temp\219317501.exe C:\WINDOWS\Temp\2194961703.exe C:\WINDOWS\Temp\2201150165.exe C:\WINDOWS\Temp\2202607611.exe C:\WINDOWS\Temp\2204647255.exe C:\WINDOWS\Temp\2207357445.exe C:\WINDOWS\Temp\2208708219.exe C:\WINDOWS\Temp\2211136533.exe C:\WINDOWS\Temp\2215435163.exe C:\WINDOWS\Temp\2216271911.exe C:\WINDOWS\Temp\2217036069.exe C:\WINDOWS\Temp\2220170535.exe C:\WINDOWS\Temp\2223523245.exe C:\WINDOWS\Temp\2226449173.exe C:\WINDOWS\Temp\2228385469.exe C:\WINDOWS\Temp\2231598709.exe C:\WINDOWS\Temp\2232848165.exe C:\WINDOWS\Temp\223570413.exe C:\WINDOWS\Temp\2242277757.exe C:\WINDOWS\Temp\2244701939.exe C:\WINDOWS\Temp\2245330341.exe C:\WINDOWS\Temp\2246752699.exe C:\WINDOWS\Temp\2249538405.exe C:\WINDOWS\Temp\2251077621.exe C:\WINDOWS\Temp\2252056147.exe C:\WINDOWS\Temp\2255094587.exe C:\WINDOWS\Temp\2257124501.exe C:\WINDOWS\Temp\2257382583.exe C:\WINDOWS\Temp\2262869595.exe C:\WINDOWS\Temp\2264619341.exe C:\WINDOWS\Temp\2267053171.exe C:\WINDOWS\Temp\2267248711.exe C:\WINDOWS\Temp\2273529427.exe C:\WINDOWS\Temp\2275957499.exe C:\WINDOWS\Temp\2277779811.exe C:\WINDOWS\Temp\2288207843.exe C:\WINDOWS\Temp\2289138645.exe C:\WINDOWS\Temp\2289275653.exe C:\WINDOWS\Temp\2294137683.exe C:\WINDOWS\Temp\2298120637.exe C:\WINDOWS\Temp\2298628059.exe C:\WINDOWS\Temp\2303453765.exe C:\WINDOWS\Temp\2310117799.exe C:\WINDOWS\Temp\2310392795.exe C:\WINDOWS\Temp\2320530677.exe C:\WINDOWS\Temp\2320687031.exe C:\WINDOWS\Temp\2320864117.exe C:\WINDOWS\Temp\2326743549.exe C:\WINDOWS\Temp\233231547.exe C:\WINDOWS\Temp\2337041831.exe C:\WINDOWS\Temp\2340808941.exe C:\WINDOWS\Temp\2345374523.exe C:\WINDOWS\Temp\2346350775.exe C:\WINDOWS\Temp\234707277.exe C:\WINDOWS\Temp\2350686135.exe C:\WINDOWS\Temp\2364304749.exe C:\WINDOWS\Temp\2365278179.exe C:\WINDOWS\Temp\2371334629.exe C:\WINDOWS\Temp\2374999349.exe C:\WINDOWS\Temp\237681317.exe C:\WINDOWS\Temp\2377065173.exe C:\WINDOWS\Temp\2385701895.exe C:\WINDOWS\Temp\2385950711.exe C:\WINDOWS\Temp\2387643291.exe C:\WINDOWS\Temp\2389620827.exe C:\WINDOWS\Temp\239082887.exe C:\WINDOWS\Temp\2392533587.exe C:\WINDOWS\Temp\2399113179.exe C:\WINDOWS\Temp\2402628323.exe C:\WINDOWS\Temp\2408273341.exe C:\WINDOWS\Temp\2409597595.exe C:\WINDOWS\Temp\2414304531.exe C:\WINDOWS\Temp\2415581941.exe C:\WINDOWS\Temp\2415956501.exe C:\WINDOWS\Temp\2418564973.exe C:\WINDOWS\Temp\2428353021.exe C:\WINDOWS\Temp\2429301693.exe C:\WINDOWS\Temp\2435618231.exe C:\WINDOWS\Temp\2436022805.exe C:\WINDOWS\Temp\2437409365.exe C:\WINDOWS\Temp\2437565947.exe C:\WINDOWS\Temp\2444947965.exe C:\WINDOWS\Temp\2449890557.exe C:\WINDOWS\Temp\2451453685.exe C:\WINDOWS\Temp\2461523277.exe C:\WINDOWS\Temp\2465908663.exe C:\WINDOWS\Temp\247007195.exe C:\WINDOWS\Temp\2471818327.exe C:\WINDOWS\Temp\2473503203.exe C:\WINDOWS\Temp\2479329605.exe C:\WINDOWS\Temp\2484137085.exe C:\WINDOWS\Temp\2486613659.exe C:\WINDOWS\Temp\2505850267.exe C:\WINDOWS\Temp\2509991333.exe C:\WINDOWS\Temp\2514985635.exe C:\WINDOWS\Temp\252668663.exe C:\WINDOWS\Temp\252758023.exe C:\WINDOWS\Temp\2530074007.exe C:\WINDOWS\Temp\2532754005.exe C:\WINDOWS\Temp\2533774883.exe C:\WINDOWS\Temp\2534926371.exe C:\WINDOWS\Temp\2539125511.exe C:\WINDOWS\Temp\2539572805.exe C:\WINDOWS\Temp\2542812667.exe C:\WINDOWS\Temp\2544718933.exe C:\WINDOWS\Temp\2545997307.exe C:\WINDOWS\Temp\2549021047.exe C:\WINDOWS\Temp\2551536551.exe C:\WINDOWS\Temp\2554292155.exe C:\WINDOWS\Temp\2558253293.exe C:\WINDOWS\Temp\2561881659.exe C:\WINDOWS\Temp\2562037893.exe C:\WINDOWS\Temp\2566072205.exe C:\WINDOWS\Temp\2569665661.exe C:\WINDOWS\Temp\2573116455.exe C:\WINDOWS\Temp\2574786875.exe C:\WINDOWS\Temp\2592950725.exe C:\WINDOWS\Temp\2597020485.exe C:\WINDOWS\Temp\2600735159.exe C:\WINDOWS\Temp\2604708219.exe C:\WINDOWS\Temp\2605228635.exe C:\WINDOWS\Temp\2612517373.exe C:\WINDOWS\Temp\2616785789.exe C:\WINDOWS\Temp\26198701.exe C:\WINDOWS\Temp\2624389053.exe C:\WINDOWS\Temp\2625488461.exe C:\WINDOWS\Temp\2626433911.exe C:\WINDOWS\Temp\2630857829.exe C:\WINDOWS\Temp\2630909687.exe C:\WINDOWS\Temp\2634361229.exe C:\WINDOWS\Temp\263749749.exe C:\WINDOWS\Temp\2643518279.exe C:\WINDOWS\Temp\26455437.exe C:\WINDOWS\Temp\2647477799.exe C:\WINDOWS\Temp\2652148295.exe C:\WINDOWS\Temp\2657306151.exe C:\WINDOWS\Temp\2658571837.exe C:\WINDOWS\Temp\2665258893.exe C:\WINDOWS\Temp\2665322429.exe C:\WINDOWS\Temp\2669569413.exe C:\WINDOWS\Temp\2670143239.exe C:\WINDOWS\Temp\2671754323.exe C:\WINDOWS\Temp\267433661.exe C:\WINDOWS\Temp\2676990307.exe C:\WINDOWS\Temp\2678326875.exe C:\WINDOWS\Temp\2681522261.exe C:\WINDOWS\Temp\2683176999.exe C:\WINDOWS\Temp\2683799431.exe C:\WINDOWS\Temp\2686889037.exe C:\WINDOWS\Temp\2689308567.exe C:\WINDOWS\Temp\2701925559.exe C:\WINDOWS\Temp\2703502087.exe C:\WINDOWS\Temp\2705270899.exe C:\WINDOWS\Temp\2705841773.exe C:\WINDOWS\Temp\2707848069.exe C:\WINDOWS\Temp\27097203.exe C:\WINDOWS\Temp\2710255395.exe C:\WINDOWS\Temp\2717200551.exe C:\WINDOWS\Temp\2717746245.exe C:\WINDOWS\Temp\2719736293.exe C:\WINDOWS\Temp\2725127451.exe C:\WINDOWS\Temp\272542451.exe C:\WINDOWS\Temp\2739651607.exe C:\WINDOWS\Temp\2742362109.exe C:\WINDOWS\Temp\2747362709.exe C:\WINDOWS\Temp\2748571707.exe C:\WINDOWS\Temp\2752425925.exe C:\WINDOWS\Temp\2752606125.exe C:\WINDOWS\Temp\2758275349.exe C:\WINDOWS\Temp\2758407799.exe C:\WINDOWS\Temp\2767512005.exe C:\WINDOWS\Temp\2768753061.exe C:\WINDOWS\Temp\2771097819.exe C:\WINDOWS\Temp\2778063451.exe C:\WINDOWS\Temp\2778440997.exe C:\WINDOWS\Temp\2780892251.exe C:\WINDOWS\Temp\2781469735.exe C:\WINDOWS\Temp\2783596871.exe C:\WINDOWS\Temp\2783627763.exe C:\WINDOWS\Temp\2783809955.exe C:\WINDOWS\Temp\2784215223.exe C:\WINDOWS\Temp\278819429.exe C:\WINDOWS\Temp\2790051667.exe C:\WINDOWS\Temp\2791609141.exe C:\WINDOWS\Temp\2795329911.exe C:\WINDOWS\Temp\27973275.exe C:\WINDOWS\Temp\2800480167.exe C:\WINDOWS\Temp\2804945213.exe C:\WINDOWS\Temp\2807345405.exe C:\WINDOWS\Temp\2811439863.exe C:\WINDOWS\Temp\2812638299.exe C:\WINDOWS\Temp\2815549859.exe C:\WINDOWS\Temp\2822178789.exe C:\WINDOWS\Temp\2826321235.exe C:\WINDOWS\Temp\282826663.exe C:\WINDOWS\Temp\2830914949.exe C:\WINDOWS\Temp\2841186939.exe C:\WINDOWS\Temp\2852265093.exe C:\WINDOWS\Temp\2853166419.exe C:\WINDOWS\Temp\2854192343.exe C:\WINDOWS\Temp\2858575549.exe C:\WINDOWS\Temp\2865143333.exe C:\WINDOWS\Temp\2866179197.exe C:\WINDOWS\Temp\2866238707.exe C:\WINDOWS\Temp\2866775.exe C:\WINDOWS\Temp\2880750061.exe C:\WINDOWS\Temp\2884900941.exe C:\WINDOWS\Temp\2885383677.exe C:\WINDOWS\Temp\2885985853.exe C:\WINDOWS\Temp\2893639357.exe C:\WINDOWS\Temp\2894320027.exe C:\WINDOWS\Temp\2894656813.exe C:\WINDOWS\Temp\2894990925.exe C:\WINDOWS\Temp\2896709997.exe C:\WINDOWS\Temp\290206779.exe C:\WINDOWS\Temp\2904681917.exe C:\WINDOWS\Temp\2918038093.exe C:\WINDOWS\Temp\2919765467.exe C:\WINDOWS\Temp\2923152795.exe C:\WINDOWS\Temp\2923506779.exe C:\WINDOWS\Temp\2925117773.exe C:\WINDOWS\Temp\2926667709.exe C:\WINDOWS\Temp\2928564109.exe C:\WINDOWS\Temp\2935058427.exe C:\WINDOWS\Temp\2939452029.exe C:\WINDOWS\Temp\2940965027.exe C:\WINDOWS\Temp\2941233093.exe C:\WINDOWS\Temp\2943293371.exe C:\WINDOWS\Temp\2943591643.exe C:\WINDOWS\Temp\2943813447.exe C:\WINDOWS\Temp\2949090021.exe C:\WINDOWS\Temp\2949435127.exe C:\WINDOWS\Temp\295051509.exe C:\WINDOWS\Temp\2951291061.exe C:\WINDOWS\Temp\2954374101.exe C:\WINDOWS\Temp\2954565525.exe C:\WINDOWS\Temp\2955360915.exe C:\WINDOWS\Temp\2958453143.exe C:\WINDOWS\Temp\2962511655.exe C:\WINDOWS\Temp\2962704675.exe C:\WINDOWS\Temp\2966289789.exe C:\WINDOWS\Temp\2967266381.exe C:\WINDOWS\Temp\2969596327.exe C:\WINDOWS\Temp\2971126011.exe C:\WINDOWS\Temp\2979190643.exe C:\WINDOWS\Temp\297920315.exe C:\WINDOWS\Temp\2979267781.exe C:\WINDOWS\Temp\2987790039.exe C:\WINDOWS\Temp\2993755015.exe C:\WINDOWS\Temp\2993953527.exe C:\WINDOWS\Temp\2996272567.exe C:\WINDOWS\Temp\3005618803.exe C:\WINDOWS\Temp\3006369047.exe C:\WINDOWS\Temp\3009103943.exe C:\WINDOWS\Temp\3012289509.exe C:\WINDOWS\Temp\3014556861.exe C:\WINDOWS\Temp\3016443639.exe C:\WINDOWS\Temp\3018649415.exe C:\WINDOWS\Temp\3025158279.exe C:\WINDOWS\Temp\3025919013.exe C:\WINDOWS\Temp\3029697395.exe C:\WINDOWS\Temp\3033109565.exe C:\WINDOWS\Temp\3035666759.exe C:\WINDOWS\Temp\3035869203.exe C:\WINDOWS\Temp\3036043581.exe C:\WINDOWS\Temp\3038446157.exe C:\WINDOWS\Temp\303936325.exe C:\WINDOWS\Temp\304038397.exe C:\WINDOWS\Temp\3040687443.exe C:\WINDOWS\Temp\3048687783.exe C:\WINDOWS\Temp\3049380357.exe C:\WINDOWS\Temp\3049712219.exe C:\WINDOWS\Temp\3052108631.exe C:\WINDOWS\Temp\3053157659.exe C:\WINDOWS\Temp\3060995427.exe C:\WINDOWS\Temp\30661061.exe C:\WINDOWS\Temp\3066807463.exe C:\WINDOWS\Temp\3069034587.exe C:\WINDOWS\Temp\3069473787.exe C:\WINDOWS\Temp\307016901.exe C:\WINDOWS\Temp\30791301.exe C:\WINDOWS\Temp\3085882605.exe C:\WINDOWS\Temp\3088957709.exe C:\WINDOWS\Temp\3090830413.exe C:\WINDOWS\Temp\3091931003.exe C:\WINDOWS\Temp\3096920949.exe C:\WINDOWS\Temp\3097376589.exe C:\WINDOWS\Temp\3098207037.exe C:\WINDOWS\Temp\3105467205.exe C:\WINDOWS\Temp\3107294357.exe C:\WINDOWS\Temp\3107762503.exe C:\WINDOWS\Temp\3110014391.exe C:\WINDOWS\Temp\3112386341.exe C:\WINDOWS\Temp\3113251261.exe C:\WINDOWS\Temp\3114932135.exe C:\WINDOWS\Temp\312208789.exe C:\WINDOWS\Temp\3131089717.exe C:\WINDOWS\Temp\3132518733.exe C:\WINDOWS\Temp\313307069.exe C:\WINDOWS\Temp\3137941575.exe C:\WINDOWS\Temp\3140335093.exe C:\WINDOWS\Temp\3141622899.exe C:\WINDOWS\Temp\3153024667.exe C:\WINDOWS\Temp\3155504551.exe C:\WINDOWS\Temp\3156311237.exe C:\WINDOWS\Temp\3158278203.exe C:\WINDOWS\Temp\3158858259.exe C:\WINDOWS\Temp\3160762739.exe C:\WINDOWS\Temp\3164339099.exe C:\WINDOWS\Temp\3169984709.exe C:\WINDOWS\Temp\3175453893.exe C:\WINDOWS\Temp\3178113765.exe C:\WINDOWS\Temp\3179627917.exe C:\WINDOWS\Temp\3186550181.exe C:\WINDOWS\Temp\3192267701.exe C:\WINDOWS\Temp\3203092887.exe C:\WINDOWS\Temp\320784309.exe C:\WINDOWS\Temp\3209594939.exe C:\WINDOWS\Temp\3214013693.exe C:\WINDOWS\Temp\3214195621.exe C:\WINDOWS\Temp\322013459.exe C:\WINDOWS\Temp\3223646213.exe C:\WINDOWS\Temp\3225890181.exe C:\WINDOWS\Temp\3229781819.exe C:\WINDOWS\Temp\3230671717.exe C:\WINDOWS\Temp\3238701191.exe C:\WINDOWS\Temp\3242456901.exe C:\WINDOWS\Temp\3243608437.exe C:\WINDOWS\Temp\3245855731.exe C:\WINDOWS\Temp\3249342637.exe C:\WINDOWS\Temp\3249973175.exe C:\WINDOWS\Temp\3251317943.exe C:\WINDOWS\Temp\3251504429.exe C:\WINDOWS\Temp\325168533.exe C:\WINDOWS\Temp\3252199141.exe C:\WINDOWS\Temp\3256222071.exe C:\WINDOWS\Temp\3256720987.exe C:\WINDOWS\Temp\3258660781.exe C:\WINDOWS\Temp\3267646085.exe C:\WINDOWS\Temp\3270273339.exe C:\WINDOWS\Temp\3276067987.exe C:\WINDOWS\Temp\3281023845.exe C:\WINDOWS\Temp\3286271421.exe C:\WINDOWS\Temp\3288105229.exe C:\WINDOWS\Temp\3295717799.exe C:\WINDOWS\Temp\3299618853.exe C:\WINDOWS\Temp\330169979.exe C:\WINDOWS\Temp\3304337789.exe C:\WINDOWS\Temp\3305980571.exe C:\WINDOWS\Temp\3309217959.exe C:\WINDOWS\Temp\3313656373.exe C:\WINDOWS\Temp\331713549.exe C:\WINDOWS\Temp\3321859607.exe C:\WINDOWS\Temp\3326241955.exe C:\WINDOWS\Temp\3326836101.exe C:\WINDOWS\Temp\3331185669.exe C:\WINDOWS\Temp\3331506773.exe C:\WINDOWS\Temp\3334466957.exe C:\WINDOWS\Temp\3339286029.exe C:\WINDOWS\Temp\3343150471.exe C:\WINDOWS\Temp\3345220541.exe C:\WINDOWS\Temp\3355991159.exe C:\WINDOWS\Temp\3359810131.exe C:\WINDOWS\Temp\3365063099.exe C:\WINDOWS\Temp\3374398247.exe C:\WINDOWS\Temp\3385036359.exe C:\WINDOWS\Temp\3387563175.exe C:\WINDOWS\Temp\3389026487.exe C:\WINDOWS\Temp\3390308349.exe C:\WINDOWS\Temp\3392420093.exe C:\WINDOWS\Temp\3398088763.exe C:\WINDOWS\Temp\3399214843.exe C:\WINDOWS\Temp\3400639479.exe C:\WINDOWS\Temp\3400672695.exe C:\WINDOWS\Temp\3413483645.exe C:\WINDOWS\Temp\3416772135.exe C:\WINDOWS\Temp\3423766519.exe C:\WINDOWS\Temp\3427742141.exe C:\WINDOWS\Temp\3430476781.exe C:\WINDOWS\Temp\3433627653.exe C:\WINDOWS\Temp\343462819.exe C:\WINDOWS\Temp\3438945555.exe C:\WINDOWS\Temp\3444589975.exe C:\WINDOWS\Temp\3445407495.exe C:\WINDOWS\Temp\3450926269.exe C:\WINDOWS\Temp\3454890587.exe C:\WINDOWS\Temp\3456957941.exe C:\WINDOWS\Temp\3459913389.exe C:\WINDOWS\Temp\3468888987.exe C:\WINDOWS\Temp\3472237979.exe C:\WINDOWS\Temp\3478963107.exe C:\WINDOWS\Temp\3484285979.exe C:\WINDOWS\Temp\3487539223.exe C:\WINDOWS\Temp\3489718435.exe C:\WINDOWS\Temp\3492656663.exe C:\WINDOWS\Temp\350142683.exe C:\WINDOWS\Temp\350481467.exe C:\WINDOWS\Temp\3505741155.exe C:\WINDOWS\Temp\351560315.exe C:\WINDOWS\Temp\3516036023.exe C:\WINDOWS\Temp\3518441047.exe C:\WINDOWS\Temp\3519308667.exe C:\WINDOWS\Temp\3519580387.exe C:\WINDOWS\Temp\3523904261.exe C:\WINDOWS\Temp\3529927459.exe C:\WINDOWS\Temp\3532406205.exe C:\WINDOWS\Temp\3533208071.exe C:\WINDOWS\Temp\3538255527.exe C:\WINDOWS\Temp\3545656653.exe C:\WINDOWS\Temp\354699963.exe C:\WINDOWS\Temp\3548824931.exe C:\WINDOWS\Temp\3549967543.exe C:\WINDOWS\Temp\3557111459.exe C:\WINDOWS\Temp\3567320231.exe C:\WINDOWS\Temp\357120627.exe C:\WINDOWS\Temp\3581371379.exe C:\WINDOWS\Temp\3586956181.exe C:\WINDOWS\Temp\3589053509.exe C:\WINDOWS\Temp\3592936215.exe C:\WINDOWS\Temp\3597110663.exe C:\WINDOWS\Temp\360100375.exe C:\WINDOWS\Temp\3604188245.exe C:\WINDOWS\Temp\3604287981.exe C:\WINDOWS\Temp\3606421367.exe C:\WINDOWS\Temp\3607705383.exe C:\WINDOWS\Temp\3608680727.exe C:\WINDOWS\Temp\3611938021.exe C:\WINDOWS\Temp\3614470973.exe C:\WINDOWS\Temp\3617613781.exe C:\WINDOWS\Temp\3627083047.exe C:\WINDOWS\Temp\3636631229.exe C:\WINDOWS\Temp\3641672871.exe C:\WINDOWS\Temp\3641817431.exe C:\WINDOWS\Temp\3653070973.exe C:\WINDOWS\Temp\3654047109.exe C:\WINDOWS\Temp\3655985469.exe C:\WINDOWS\Temp\3658447699.exe C:\WINDOWS\Temp\3664127845.exe C:\WINDOWS\Temp\366532837.exe C:\WINDOWS\Temp\3666747943.exe C:\WINDOWS\Temp\3668187451.exe C:\WINDOWS\Temp\3672865957.exe C:\WINDOWS\Temp\3675281275.exe C:\WINDOWS\Temp\3681556141.exe C:\WINDOWS\Temp\368672891.exe C:\WINDOWS\Temp\3687176487.exe C:\WINDOWS\Temp\3692686741.exe C:\WINDOWS\Temp\3696802019.exe C:\WINDOWS\Temp\369867511.exe C:\WINDOWS\Temp\3701155445.exe C:\WINDOWS\Temp\3706819079.exe C:\WINDOWS\Temp\3712123157.exe C:\WINDOWS\Temp\3723362291.exe C:\WINDOWS\Temp\3727094277.exe C:\WINDOWS\Temp\3729867943.exe C:\WINDOWS\Temp\3733276077.exe C:\WINDOWS\Temp\3734225709.exe C:\WINDOWS\Temp\3747541893.exe C:\WINDOWS\Temp\3747695067.exe C:\WINDOWS\Temp\3751440053.exe C:\WINDOWS\Temp\376627043.exe C:\WINDOWS\Temp\3766701.exe C:\WINDOWS\Temp\3767593109.exe C:\WINDOWS\Temp\3768489331.exe C:\WINDOWS\Temp\3769011159.exe C:\WINDOWS\Temp\3780909997.exe C:\WINDOWS\Temp\3786435765.exe C:\WINDOWS\Temp\3790122151.exe C:\WINDOWS\Temp\3791226981.exe C:\WINDOWS\Temp\37975437.exe C:\WINDOWS\Temp\3797617013.exe C:\WINDOWS\Temp\3799635035.exe C:\WINDOWS\Temp\3801294205.exe C:\WINDOWS\Temp\3802698567.exe C:\WINDOWS\Temp\3803040583.exe C:\WINDOWS\Temp\3805195901.exe C:\WINDOWS\Temp\3818420741.exe C:\WINDOWS\Temp\382160469.exe C:\WINDOWS\Temp\3822149367.exe C:\WINDOWS\Temp\3824721645.exe C:\WINDOWS\Temp\3827921031.exe C:\WINDOWS\Temp\3828781607.exe C:\WINDOWS\Temp\3840277701.exe C:\WINDOWS\Temp\3845612667.exe C:\WINDOWS\Temp\3848786583.exe C:\WINDOWS\Temp\3852482341.exe C:\WINDOWS\Temp\3854861191.exe C:\WINDOWS\Temp\3858488503.exe C:\WINDOWS\Temp\3866182055.exe C:\WINDOWS\Temp\3867691925.exe C:\WINDOWS\Temp\3869596455.exe C:\WINDOWS\Temp\3872351677.exe C:\WINDOWS\Temp\3872724631.exe C:\WINDOWS\Temp\3876319319.exe C:\WINDOWS\Temp\3880024279.exe C:\WINDOWS\Temp\388337749.exe C:\WINDOWS\Temp\3884064037.exe C:\WINDOWS\Temp\3890182471.exe C:\WINDOWS\Temp\3894437421.exe C:\WINDOWS\Temp\3896379477.exe C:\WINDOWS\Temp\3901779995.exe C:\WINDOWS\Temp\3901994055.exe C:\WINDOWS\Temp\3903049605.exe C:\WINDOWS\Temp\3906136309.exe C:\WINDOWS\Temp\3919631379.exe C:\WINDOWS\Temp\3930293911.exe C:\WINDOWS\Temp\393154813.exe C:\WINDOWS\Temp\3932122885.exe C:\WINDOWS\Temp\3932127285.exe C:\WINDOWS\Temp\3937583077.exe C:\WINDOWS\Temp\3940744531.exe C:\WINDOWS\Temp\3945648407.exe C:\WINDOWS\Temp\3945867847.exe C:\WINDOWS\Temp\394669987.exe C:\WINDOWS\Temp\3953293591.exe C:\WINDOWS\Temp\3960096493.exe C:\WINDOWS\Temp\3962100807.exe C:\WINDOWS\Temp\3962312237.exe C:\WINDOWS\Temp\3966479859.exe C:\WINDOWS\Temp\3967683965.exe C:\WINDOWS\Temp\3969293403.exe C:\WINDOWS\Temp\3973548965.exe C:\WINDOWS\Temp\3974770613.exe C:\WINDOWS\Temp\3975799803.exe C:\WINDOWS\Temp\3979924877.exe C:\WINDOWS\Temp\3981925845.exe C:\WINDOWS\Temp\3986999293.exe C:\WINDOWS\Temp\399828029.exe C:\WINDOWS\Temp\4006423637.exe C:\WINDOWS\Temp\4009522215.exe C:\WINDOWS\Temp\4016186787.exe C:\WINDOWS\Temp\4017765629.exe C:\WINDOWS\Temp\4018260093.exe C:\WINDOWS\Temp\40250605.exe C:\WINDOWS\Temp\4025299671.exe C:\WINDOWS\Temp\4028691173.exe C:\WINDOWS\Temp\4030687931.exe C:\WINDOWS\Temp\4031133757.exe C:\WINDOWS\Temp\4031876855.exe C:\WINDOWS\Temp\403229603.exe C:\WINDOWS\Temp\4033651351.exe C:\WINDOWS\Temp\4034113285.exe C:\WINDOWS\Temp\4037582519.exe C:\WINDOWS\Temp\4037890173.exe C:\WINDOWS\Temp\4038001165.exe C:\WINDOWS\Temp\4049334419.exe C:\WINDOWS\Temp\4054673415.exe C:\WINDOWS\Temp\4059156251.exe C:\WINDOWS\Temp\406052871.exe C:\WINDOWS\Temp\4066006807.exe C:\WINDOWS\Temp\407446675.exe C:\WINDOWS\Temp\4076963437.exe C:\WINDOWS\Temp\4078374519.exe C:\WINDOWS\Temp\4078883683.exe C:\WINDOWS\Temp\4084883117.exe C:\WINDOWS\Temp\4100511317.exe C:\WINDOWS\Temp\4101057149.exe C:\WINDOWS\Temp\4105017339.exe C:\WINDOWS\Temp\4105084157.exe C:\WINDOWS\Temp\4106130253.exe C:\WINDOWS\Temp\4106975655.exe C:\WINDOWS\Temp\4113341911.exe C:\WINDOWS\Temp\4122116973.exe C:\WINDOWS\Temp\412749821.exe C:\WINDOWS\Temp\4134092741.exe C:\WINDOWS\Temp\4135347271.exe C:\WINDOWS\Temp\4137058437.exe C:\WINDOWS\Temp\4138361719.exe C:\WINDOWS\Temp\4138565799.exe C:\WINDOWS\Temp\4142747181.exe C:\WINDOWS\Temp\4144895677.exe C:\WINDOWS\Temp\4149087603.exe C:\WINDOWS\Temp\4151201571.exe C:\WINDOWS\Temp\4155718549.exe C:\WINDOWS\Temp\4156277027.exe C:\WINDOWS\Temp\4159801021.exe C:\WINDOWS\Temp\4160910037.exe C:\WINDOWS\Temp\4162794823.exe C:\WINDOWS\Temp\4180654855.exe C:\WINDOWS\Temp\4184071237.exe C:\WINDOWS\Temp\4188512807.exe C:\WINDOWS\Temp\4188711877.exe C:\WINDOWS\Temp\4190929429.exe C:\WINDOWS\Temp\4196871011.exe C:\WINDOWS\Temp\4199142453.exe C:\WINDOWS\Temp\4202065575.exe C:\WINDOWS\Temp\4203107301.exe C:\WINDOWS\Temp\4211719419.exe C:\WINDOWS\Temp\4214688183.exe C:\WINDOWS\Temp\42150471.exe C:\WINDOWS\Temp\4218075837.exe C:\WINDOWS\Temp\4220361805.exe C:\WINDOWS\Temp\4222600341.exe C:\WINDOWS\Temp\4224089235.exe C:\WINDOWS\Temp\4225486707.exe C:\WINDOWS\Temp\4226187597.exe C:\WINDOWS\Temp\4226701655.exe C:\WINDOWS\Temp\4228835765.exe C:\WINDOWS\Temp\4229544061.exe C:\WINDOWS\Temp\4237491991.exe C:\WINDOWS\Temp\4239623507.exe C:\WINDOWS\Temp\4241622455.exe C:\WINDOWS\Temp\4243280325.exe C:\WINDOWS\Temp\4243691163.exe C:\WINDOWS\Temp\424648317.exe C:\WINDOWS\Temp\4247684391.exe C:\WINDOWS\Temp\4249036653.exe C:\WINDOWS\Temp\4250824955.exe C:\WINDOWS\Temp\4252704213.exe C:\WINDOWS\Temp\4253445133.exe C:\WINDOWS\Temp\4257521709.exe C:\WINDOWS\Temp\4258422061.exe C:\WINDOWS\Temp\4259699323.exe C:\WINDOWS\Temp\4263187447.exe C:\WINDOWS\Temp\4265587061.exe C:\WINDOWS\Temp\4268133851.exe C:\WINDOWS\Temp\4269716835.exe C:\WINDOWS\Temp\4280032391.exe C:\WINDOWS\Temp\4284415303.exe C:\WINDOWS\Temp\428822525.exe C:\WINDOWS\Temp\4290276183.exe C:\WINDOWS\Temp\4291122835.exe C:\WINDOWS\Temp\4292819541.exe C:\WINDOWS\Temp\432776525.exe C:\WINDOWS\Temp\437032461.exe C:\WINDOWS\Temp\437068615.exe C:\WINDOWS\Temp\439710525.exe C:\WINDOWS\Temp\442878325.exe C:\WINDOWS\Temp\452860315.exe C:\WINDOWS\Temp\461115619.exe C:\WINDOWS\Temp\474807549.exe C:\WINDOWS\Temp\475078549.exe C:\WINDOWS\Temp\47767981.exe C:\WINDOWS\Temp\481625235.exe C:\WINDOWS\Temp\483162181.exe C:\WINDOWS\Temp\483381307.exe C:\WINDOWS\Temp\484345939.exe C:\WINDOWS\Temp\486261671.exe C:\WINDOWS\Temp\486503895.exe C:\WINDOWS\Temp\487285477.exe C:\WINDOWS\Temp\489275143.exe C:\WINDOWS\Temp\495518965.exe C:\WINDOWS\Temp\495651655.exe C:\WINDOWS\Temp\495851453.exe C:\WINDOWS\Temp\497977741.exe C:\WINDOWS\Temp\500388429.exe C:\WINDOWS\Temp\501763879.exe C:\WINDOWS\Temp\502476877.exe C:\WINDOWS\Temp\505992741.exe C:\WINDOWS\Temp\51057447.exe C:\WINDOWS\Temp\515337325.exe C:\WINDOWS\Temp\517716407.exe C:\WINDOWS\Temp\524008891.exe C:\WINDOWS\Temp\534146403.exe C:\WINDOWS\Temp\534672187.exe C:\WINDOWS\Temp\535345709.exe C:\WINDOWS\Temp\542767527.exe C:\WINDOWS\Temp\543372781.exe C:\WINDOWS\Temp\546914989.exe C:\WINDOWS\Temp\549101479.exe C:\WINDOWS\Temp\558006555.exe C:\WINDOWS\Temp\563269749.exe C:\WINDOWS\Temp\564003867.exe C:\WINDOWS\Temp\565973883.exe C:\WINDOWS\Temp\570272987.exe C:\WINDOWS\Temp\572409533.exe C:\WINDOWS\Temp\582057093.exe C:\WINDOWS\Temp\583921335.exe C:\WINDOWS\Temp\587411773.exe C:\WINDOWS\Temp\587743149.exe C:\WINDOWS\Temp\588031959.exe C:\WINDOWS\Temp\588589751.exe C:\WINDOWS\Temp\589206279.exe C:\WINDOWS\Temp\590791613.exe C:\WINDOWS\Temp\590877397.exe C:\WINDOWS\Temp\595302405.exe C:\WINDOWS\Temp\600087591.exe C:\WINDOWS\Temp\6027781.exe C:\WINDOWS\Temp\602840973.exe C:\WINDOWS\Temp\603132925.exe C:\WINDOWS\Temp\603410877.exe C:\WINDOWS\Temp\606227133.exe C:\WINDOWS\Temp\61654909.exe C:\WINDOWS\Temp\619858103.exe C:\WINDOWS\Temp\624519815.exe C:\WINDOWS\Temp\625340429.exe C:\WINDOWS\Temp\631019703.exe C:\WINDOWS\Temp\632784739.exe C:\WINDOWS\Temp\634091795.exe C:\WINDOWS\Temp\644789245.exe C:\WINDOWS\Temp\64668549.exe C:\WINDOWS\Temp\656614983.exe C:\WINDOWS\Temp\668697733.exe C:\WINDOWS\Temp\686861365.exe C:\WINDOWS\Temp\686939749.exe C:\WINDOWS\Temp\688670901.exe C:\WINDOWS\Temp\688900853.exe C:\WINDOWS\Temp\699072855.exe C:\WINDOWS\Temp\711487707.exe C:\WINDOWS\Temp\718987795.exe C:\WINDOWS\Temp\721987867.exe C:\WINDOWS\Temp\723154029.exe C:\WINDOWS\Temp\727081037.exe C:\WINDOWS\Temp\731304957.exe C:\WINDOWS\Temp\733354469.exe C:\WINDOWS\Temp\737384717.exe C:\WINDOWS\Temp\737734583.exe C:\WINDOWS\Temp\740556949.exe C:\WINDOWS\Temp\748808379.exe C:\WINDOWS\Temp\751154165.exe C:\WINDOWS\Temp\753122741.exe C:\WINDOWS\Temp\755394037.exe C:\WINDOWS\Temp\757446023.exe C:\WINDOWS\Temp\760891463.exe C:\WINDOWS\Temp\765606733.exe C:\WINDOWS\Temp\77911099.exe C:\WINDOWS\Temp\782232539.exe C:\WINDOWS\Temp\783253093.exe C:\WINDOWS\Temp\790074373.exe C:\WINDOWS\Temp\790419699.exe C:\WINDOWS\Temp\79217365.exe C:\WINDOWS\Temp\797965133.exe C:\WINDOWS\Temp\803818999.exe C:\WINDOWS\Temp\809529413.exe C:\WINDOWS\Temp\813178295.exe C:\WINDOWS\Temp\815100503.exe C:\WINDOWS\Temp\822234133.exe C:\WINDOWS\Temp\823368789.exe C:\WINDOWS\Temp\825370661.exe C:\WINDOWS\Temp\828768141.exe C:\WINDOWS\Temp\830052519.exe C:\WINDOWS\Temp\83261885.exe C:\WINDOWS\Temp\83438675.exe C:\WINDOWS\Temp\834599405.exe C:\WINDOWS\Temp\836963079.exe C:\WINDOWS\Temp\841292325.exe C:\WINDOWS\Temp\841388541.exe C:\WINDOWS\Temp\843410851.exe C:\WINDOWS\Temp\853201735.exe C:\WINDOWS\Temp\853967997.exe C:\WINDOWS\Temp\856589563.exe C:\WINDOWS\Temp\859509381.exe C:\WINDOWS\Temp\868913581.exe C:\WINDOWS\Temp\868961659.exe C:\WINDOWS\Temp\881506325.exe C:\WINDOWS\Temp\887348891.exe C:\WINDOWS\Temp\89134013.exe C:\WINDOWS\Temp\909736013.exe C:\WINDOWS\Temp\910290851.exe C:\WINDOWS\Temp\910431347.exe C:\WINDOWS\Temp\9142819.exe C:\WINDOWS\Temp\916705571.exe C:\WINDOWS\Temp\917666693.exe C:\WINDOWS\Temp\919983707.exe C:\WINDOWS\Temp\93095549.exe C:\WINDOWS\Temp\940766279.exe C:\WINDOWS\Temp\943551477.exe C:\WINDOWS\Temp\944518013.exe C:\WINDOWS\Temp\944568691.exe C:\WINDOWS\Temp\946275987.exe C:\WINDOWS\Temp\946463397.exe C:\WINDOWS\Temp\947387773.exe C:\WINDOWS\Temp\947531943.exe C:\WINDOWS\Temp\947628261.exe C:\WINDOWS\Temp\948609005.exe C:\WINDOWS\Temp\949112341.exe C:\WINDOWS\Temp\950057141.exe C:\WINDOWS\Temp\952703541.exe C:\WINDOWS\Temp\955828083.exe C:\WINDOWS\Temp\956657109.exe C:\WINDOWS\Temp\95904859.exe C:\WINDOWS\Temp\962470917.exe C:\WINDOWS\Temp\970853197.exe C:\WINDOWS\Temp\97564311.exe C:\WINDOWS\Temp\9826541.exe C:\WINDOWS\Temp\982658695.exe C:\WINDOWS\Temp\985980663.exe C:\WINDOWS\Temp\989582805.exe C:\WINDOWS\Temp\993175163.exe C:\WINDOWS\Temp\99338771.exe C:\WINDOWS\Temp\993939565.exe C:\WINDOWS\Temp\994948835.exe C:\WINDOWS\Temp\996301645.exe C:\WINDOWS\Temp\996744999.exe D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))) . 2007-12-03 19:23 . 2007-12-03 19:23 3,153 --ah----- C:\WINDOWS\system32\hostwl.exe 2007-12-03 14:37 . 2007-12-03 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-12-03 14:12 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-12-03 14:12 . 2006-05-04 18:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-12-03 14:12 . 2006-05-04 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView 2007-12-03 13:49 . 2007-12-03 13:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 13:49 . 2007-12-03 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-03 13:46 . 2007-12-03 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 15:14 . 2007-11-28 15:14 <DIR> d-------- C:\Deckard 2007-11-28 15:08 . 2007-11-28 15:10 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-28 00:16 . 2007-11-28 15:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-28 00:16 . 2007-11-28 15:04 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-28 00:16 . 2007-11-28 15:04 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-28 00:16 . 2007-11-28 15:04 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-27 15:16 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-26 19:20 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-11-25 23:48 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\Windows Defender 2007-11-25 21:46 . 2007-12-03 09:50 4,195,315 --a------ C:\WINDOWS\pfirewall.log.old 2007-11-25 21:21 . 2007-11-25 21:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue 2007-11-21 09:28 . 2007-11-21 09:28 <DIR> d-------- C:\WINDOWS\PerfInfo 2007-11-21 09:27 . 2007-11-21 09:27 24,630 -r-hs---- C:\WINDOWS\system32\apcupsx.exe 2007-11-21 09:27 . 2007-12-03 12:31 8,888 --ahs---- C:\WINDOWS\system32\1074239785.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 20:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\RipIt4Me 2007-11-27 20:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall 2007-11-27 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 2007-11-26 05:53 --------- d-----w C:\Program Files\Google 2007-11-22 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss 2007-10-04 02:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2006-05-27 00:45 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 17:42] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 05:01] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 09:47] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 09:47] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 23:05] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 00:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 12:26] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 15:16] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 14:49] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 23:20] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-02 23:40:25] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26] BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-05-04 18:11:34] HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys S2 ThemesNetman;Themes ThemesNetman;C:\WINDOWS\system32\apcupsx.exe srv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2007-12-04 05:31:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 00:28:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 0:31:52 - machine was rebooted . --- E O F --- |
|
|
|
|
12-05-2007, 12:05 PM
|
#9 (permalink) | |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
Hello,
You seemed to have posted the same log for ComboFix as before. Quote:
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
|
12-05-2007, 01:51 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2007
Posts: 9
OS: xp home sp 2
|
Re: Help with Trojans
Sorry about that. I attached the old log. Here is the new one:
ComboFix 07-12-02.6 - Owner 2007-12-04 23:31:41.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\1074239785.dat C:\WINDOWS\system32\apcupsx.exe C:\WINDOWS\system32\hostwl.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\PerfInfo C:\WINDOWS\PerfInfo\7iFXbk8sWb.exe.bak C:\WINDOWS\system32\1074239785.dat C:\WINDOWS\system32\apcupsx.exe C:\WINDOWS\system32\hostwl.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_THEMESNETMAN -------\ThemesNetman ((((((((((((((((((((((((( Files Created from 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))) . 2007-12-03 14:37 . 2007-12-03 14:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft 2007-12-03 14:12 . 2004-08-27 04:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS 2007-12-03 14:12 . 2006-05-04 18:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver 2007-12-03 14:12 . 2006-05-04 18:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView 2007-12-03 13:49 . 2007-12-03 13:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-12-03 13:49 . 2007-12-03 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-12-03 13:46 . 2007-12-03 13:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-28 15:14 . 2007-11-28 15:14 <DIR> d-------- C:\Deckard 2007-11-28 15:08 . 2007-11-28 15:10 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-11-28 00:16 . 2007-11-28 15:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-11-28 00:16 . 2007-11-28 15:04 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-11-28 00:16 . 2007-11-28 15:04 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-11-28 00:16 . 2007-11-28 15:04 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-11-27 15:16 . 2007-11-27 15:16 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-11-27 15:15 . 2007-11-27 15:15 <DIR> d--h----- C:\WINDOWS\PIF 2007-11-26 19:20 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-11-25 23:48 . 2007-11-27 15:15 <DIR> d-------- C:\Program Files\Windows Defender 2007-11-25 21:46 . 2007-12-03 09:50 4,195,315 --a------ C:\WINDOWS\pfirewall.log.old 2007-11-25 21:21 . 2007-11-25 21:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 20:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\RipIt4Me 2007-11-27 20:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\McAfee.com Personal Firewall 2007-11-27 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall 2007-11-26 05:53 --------- d-----w C:\Program Files\Google 2007-11-22 17:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss 2006-05-27 00:45 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\Documents and Settings\Administrator\WINDOWS ---- ((((((((((((((((((((((((((((( snapshot@2007-12-04_ 0.30.46.23 ))))))))))))))))))))))))))))))))))))))))) . + 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 17:42] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 05:01] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 09:47] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 09:47] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 23:05] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY" [] "VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 17:18] "OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 00:02] "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 17:29] "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 11:05] "MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 12:26] "MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 15:16] "VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 14:49] "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 16:00] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 23:20] "Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-06-02 13:25] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-02 23:40:25] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26] BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2006-05-04 18:11:34] HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08] R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder "2007-12-05 04:20:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-04 23:37:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-04 23:39:28 - machine was rebooted C:\ComboFix2.txt ... 2007-12-04 00:31 . --- E O F --- |
|
|
|
|
12-05-2007, 01:59 PM
|
#11 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1
ATF Cleaner * Double-click ATF-Cleaner.exe to run the program. * Click Select All found at the bottom of the list. * Click the Empty Selected button. If you use Firefox browser, do this also: * Click Firefox at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: * Click Opera at the top and choose Select All from the list. * Click the Empty Selected button. * NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. -------------------------------------------------------------- Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
12-06-2007, 04:09 PM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
Hi cjcasey,
No worries... There will always be priorities in life which need attending to. Well done, your logs are clean! There are just a few more things I would like you to do. Go to Start > Run - type ComboFix /u Click OK ---------------------------------------------------------------- Re-Enable Windows Defender Please re-enable your Windows Defender Real-time Protection.
Re-enable S& D Spybot's Tea Timer Please re-enable TeaTimer by:
Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firewalls If you do not have a firewall, here are a few free ones available for personal use: Understanding and Using Firewalls Informational Reading In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
12-08-2007, 04:56 PM
|
#15 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,930
OS: Windows 7 Ultimate
|
Re: Help with Trojans
You're welcome. Safe surfing!
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
