|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
12-28-2008, 10:25 AM
|
#1 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
 |
Can't Roll Back[moved from video cards]
After downloading an update for Intel R/82845G/GL/GE/PE/ I got an virus, trogen and I can't roll back or get a new re-store point.
I got the virus deleted by using my ZoneAlarm or AVG, can't remember which. My Flight Sim v9 wont "Go-To" the correct Airfield. So, anyway of getting my re store point back? TIA Ron
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
12-28-2008, 10:59 AM
|
#2 (permalink) |
|
Manager, Hardware Forums
Join Date: Jul 2004
Location: west australia
Posts: 56,539
OS: win 7 32x 64x rtm
|
Re: Can't Roll Back
the restore points are probably corrupted
check you got rid of everything http://www.techsupportforum.com/secu...oval-help.html
__________________
|
|
|
|
|
12-30-2008, 12:13 PM
|
#3 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back
Prior to running DDS there was a note on a black screen which read:
FINDSTR: Cannot read string from whiteDir. But then the DDS was produced. Do you think I've missed something? Ron DDS (Version 1.1.0) - NTFSx86 Run by martin at 17:48:46.39 on 30/12/2008 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.99 [GMT 0:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: F-Secure Anti-Virus 2006 6.12 *disabled* ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\isposure\IsposureAgent.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\martin\Desktop\dds.com ============== Pseudo HJT Report =============== uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01 uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.tiscali.co.uk/broadband uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll TB: Wanadoo: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\wanadoo\wsbar\WSBar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe mRun: [CTDVDDet] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [CTHelper] CTHELPER.EXE mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [CTStartup] "c:\program files\creative\splash screen\CTEaxSpl.EXE" /run mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u mRun: [WorksFUD] c:\program files\microsoft works\wkfud.exe mRun: [Microsoft Works Portfolio] c:\program files\microsoft works\WksSb.exe /AllUsers mRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NapsterShell] c:\program files\napster\napster.exe /systray mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_09\bin\jusched.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE mExplorerRun: [wininet.dll] regperf.exe StartupFolder: c:\docume~1\martin\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\msn toolbar suite\ds\02.05.0001.1119\en-gb\bin\WindowsSearch.exe mPolicies-explorer: <NO NAME> = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\npjpi150_09.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL TCP: NameServer = 85.255.116.119 85.255.112.220 TCP: {C8EEB9AD-FE8C-4067-B15E-D5619E8BBE24} = 212.139.132.105 212.139.132.107 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: igfxcui - igfxsrvc.dll AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL,avgrsstx.dll SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - No File SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} - No File STS: cholecyst - No File SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll LSA: Authentication Packages = msv1_0 nwprovau ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\martin\applic~1\mozilla\firefox\profiles\cwj0st0g.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\google\google updater\2.4.1399.3742\npCIDetect13.dll FF - plugin: c:\program files\google\picasa3\npPicasa2.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll FF - plugin: c:\program files\yahoo!\common\npyaxmpb.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-21 97928] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-21 26824] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-11-21 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-21 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-21 76040] R2 isposure_svc;IsposureAgent;"c:\program files\isposure\IsposureAgent.exe" -svc [2008-10-23 712704] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2005-1-28 10368] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2005-7-17 24197] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\google\google desktop search\GoogleDesktop.exe" [2008-11-9 29744] S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2008-4-16 48128] =============== Created Last 30 ================ ==================== Find3M ==================== 2008-12-22 17:47 4,212 a---h--- c:\windows\system32\zllictbl.dat 2008-11-21 16:05 76,040 a------- c:\windows\system32\drivers\avgtdix.sys 2008-11-21 16:05 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-11-21 16:05 97,928 a------- c:\windows\system32\drivers\avgldx86.sys 2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr 2008-10-23 13:01 283,648 a------- c:\windows\system32\gdi32.dll 2008-10-16 20:38 826,368 a------- c:\windows\system32\wininet.dll 2008-10-03 10:15 247,326 a------- c:\windows\system32\strmdll.dll ============= FINISH: 17:50:00.53 ===============
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader Last edited by Ronski; 12-30-2008 at 12:23 PM. |
|
|
|
|
12-30-2008, 12:27 PM
|
#4 (permalink) |
|
Manager, Hardware Forums
Join Date: Jul 2004
Location: west australia
Posts: 56,539
OS: win 7 32x 64x rtm
|
Re: Can't Roll Back
we cannot help with infections you have to post into the security section as they are the only ones that can deal with it
__________________
|
|
|
|
|
12-30-2008, 02:13 PM
|
#5 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back
Dai,
Thanks for your reply. I only followed the instructions from your last post. Now can a moderator or someone transfer this thread to the security section? Or do I have to start from scratch again? Regards, Ron
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
12-31-2008, 10:21 AM
|
#6 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
Thanks for transfering this Dai.
I have since found out the Trojan name: Downloader.Zlob.ABNR, .AHDZ, .VR, .XCY and a few more. Because this thread now shows 5 Posts, I hope that the team are not thinking it is being delt with!! Because it isn't, yet. Regards, Ron
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-03-2009, 11:47 PM
|
#8 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
Hello Ron,
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. |
|
|
|
|
01-04-2009, 08:20 AM
|
#9 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
ComboFix 09-01-02.01 - martin 2009-01-04 14:56:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.79 [GMT 0:00] Running from: c:\documents and settings\martin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\martin\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) FW: F-Secure Anti-Virus 2006 6.12 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Online Security Guide.url c:\documents and settings\All Users\Start Menu\Security Troubleshooting.url c:\windows\system32\charset.dll . ((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 ))))))))))))))))))))))))))))))) . 2008-12-31 14:10 . 2008-12-31 14:10 142 --a------ c:\windows\system32\spupdsvc.inf 2008-12-30 18:03 . 2008-12-30 20:38 250 --a------ c:\windows\gmer.ini 2008-12-23 17:18 . 2008-12-23 17:18 <DIR> d-------- c:\program files\SonicWallES 2008-12-23 11:20 . 2005-06-21 16:43 163,840 --a------ c:\windows\system32\igfxres.dll 2008-12-23 11:15 . 2005-01-23 11:04 878,651 --a------ c:\windows\system32\SET1B.tmp 2008-12-23 11:15 . 2005-01-23 11:04 878,651 --a------ c:\windows\system32\SET17.tmp 2008-12-23 11:15 . 2005-01-23 10:31 348,160 --a------ c:\windows\system32\SET2D.tmp 2008-12-23 11:15 . 2005-01-23 10:55 178,779 --a------ c:\windows\system32\SET18.tmp 2008-12-23 11:15 . 2005-01-23 10:55 178,779 --a------ c:\windows\system32\SET14.tmp 2008-12-23 11:15 . 2005-01-23 10:30 139,264 --a------ c:\windows\system32\SET57.tmp 2008-12-23 11:15 . 2005-01-23 10:30 118,784 --a------ c:\windows\system32\SET2A.tmp 2008-12-23 11:15 . 2005-01-23 10:55 108,092 --a------ c:\windows\system32\SET15.tmp 2008-12-23 11:15 . 2005-01-23 10:55 108,092 --a------ c:\windows\system32\SET11.tmp 2008-12-23 11:15 . 2005-01-23 10:56 37,951 --a------ c:\windows\system32\SETE.tmp 2008-12-23 11:15 . 2005-01-23 10:56 37,951 --a------ c:\windows\system32\SET12.tmp 2008-12-23 10:59 . 2008-12-23 10:59 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-12-23 10:59 . 2008-12-23 10:59 <DIR> d-------- c:\documents and settings\martin\Application Data\SystemRequirementsLab 2008-12-22 18:09 . 2008-12-23 16:40 5,092 --a------ C:\rollback.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-04 15:01 --------- d-----w c:\program files\isposure 2009-01-04 14:14 --------- d-----w c:\documents and settings\All Users\Application Data\Epitiro 2009-01-03 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-30 20:51 --------- d-----w c:\program files\PCRescue3.0 2008-12-28 19:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Napster 2008-12-23 17:07 --------- d-----w c:\program files\Java 2008-12-23 17:02 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-23 17:02 --------- d-----w c:\program files\iPod 2008-12-23 10:14 --------- d-----w c:\program files\CCleaner 2008-12-23 09:56 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2008-11-30 11:08 --------- d-----w c:\documents and settings\martin\Application Data\AVGTOOLBAR 2008-11-26 17:42 --------- d-----w c:\program files\Google 2008-11-22 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2008-11-21 16:05 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-11-21 16:05 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-11-21 16:05 --------- d-----w c:\program files\AVG 2008-11-21 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-21 15:34 --------- d-----w c:\program files\F-Secure Internet Security 2008-11-17 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-09 19:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-04 20:19 --------- d-----w c:\program files\Yahoo! 2008-11-09 14:45 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-30 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-03 311350] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-30 28739] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-06 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-30 155648] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-09 29744] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "CTHelper"="CTHELPER.EXE" [2002-09-03 c:\windows\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\martin\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588] Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-21 97928] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2005-01-28 10368] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-21 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-21 76040] R4 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [2008-10-23 712704] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2005-07-17 24197] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-09 29744] S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2008-04-16 48128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe SharedTaskScheduler-cholecyst - (no file) . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.tiscali.co.uk/broadband IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: {C8EEB9AD-FE8C-4067-B15E-D5619E8BBE24} = 212.139.132.105 212.139.132.107 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\martin\Application Data\Mozilla\Firefox\Profiles\cwj0st0g.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-04 15:05:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????z???????h?@?x?????B~D??????sx??s????????y??w????@@@????|D@@?????>??w?????92?H??????|???|???????|L(?s?92??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\MsPMSPSv.exe c:\program files\AVG\AVG8\avgrsx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchFilter.exe . ************************************************************************** . Completion time: 2009-01-04 15:10:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-04 15:09:55 Pre-Run: 2,385,887,232 bytes free Post-Run: 2,317,901,824 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 179 --- E O F --- 2008-12-31 14:13:33
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-04-2009, 08:30 AM
|
#10 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
How is the system behaving now, Ron?
It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review:
3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
|
|
|
|
|
01-04-2009, 12:15 PM
|
#11 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
Ried, you asked how is my system now?
Well the Flight Simulator seams OK , I don't want to try and do a "Roll-back" or a "Restore point", do I? The following report said that my computer is infected. I copied and pasted the report, I hope that was the right way to do it? Ron -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, January 4, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, January 04, 2009 15:43:32 Records in database: 1558856 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 87909 Threat name: 6 Infected objects: 9 Suspicious objects: 0 Duration of the scan: 02:29:31 File name / Threat name / Threats count C:\Documents and Settings\martin\.housecall\Quarantine\A_ClearSearch.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.j 1 C:\Documents and Settings\martin\.housecall\Quarantine\CSAOLINST.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.j 1 C:\Documents and Settings\martin\.housecall\Quarantine\csAOLldr.exe.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.j 1 C:\Documents and Settings\martin\.housecall\Quarantine\CSIEINST.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.s 1 C:\Documents and Settings\martin\.housecall\Quarantine\CSLDRUPDATER.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.r 1 C:\Documents and Settings\martin\.housecall\Quarantine\CSTMINST.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.o 1 C:\Documents and Settings\martin\.housecall\Quarantine\CSTVINST.DLL.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.a 1 C:\Documents and Settings\martin\.housecall\Quarantine\FNuninstaller.EXE.bac_a03844 Infected: not-a-virus:AdWare.Win32.ClearSearch.o 1 C:\WINDOWS\system32\1024\ld533E.tmp Infected: Trojan-Downloader.Win32.Zlob.pdq 1 The selected area was scanned.
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-04-2009, 02:45 PM
|
#12 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
No--do not do any sort of rollback or system restore or you'll undo everything we've just done.
Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. *************************************************** Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- Open notepad and copy/paste the text in the code box below into it: Quote:
in the same location as ComboFix.exe  Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt. Please post that in your next reply. |
|
|
|
|
|
01-05-2009, 07:25 AM
|
#13 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
RIED
Couple of things to tell you: I used the Combo file that I had on my Desktop from a couple of days' ago. Warning saying that AVG live was active but I couldn't see any signs of it in the system tray.(should I have looked elsewhere?) Also it said there is a newer version of Combo, but I used the old one. Hope this hasn't caused any extra problems for you,or me! ComboFix 09-01-02.01 - martin 2009-01-05 14:00:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.77 [GMT 0:00] Running from: c:\documents and settings\martin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\martin\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) FW: F-Secure Anti-Virus 2006 6.12 *disabled* * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\1024 c:\windows\system32\1024\ld1002.tmp c:\windows\system32\1024\ld1014.tmp c:\windows\system32\1024\ld103D.tmp c:\windows\system32\1024\ld107E.tmp c:\windows\system32\1024\ld1089.tmp c:\windows\system32\1024\ld1095.tmp c:\windows\system32\1024\ld10C9.tmp c:\windows\system32\1024\ld1109.tmp c:\windows\system32\1024\ld115F.tmp c:\windows\system32\1024\ld118F.tmp c:\windows\system32\1024\ld1191.tmp c:\windows\system32\1024\ld1195.tmp c:\windows\system32\1024\ld119E.tmp c:\windows\system32\1024\ld11B4.tmp c:\windows\system32\1024\ld120.tmp c:\windows\system32\1024\ld1219.tmp c:\windows\system32\1024\ld1239.tmp c:\windows\system32\1024\ld124D.tmp c:\windows\system32\1024\ld1256.tmp c:\windows\system32\1024\ld128.tmp c:\windows\system32\1024\ld12A1.tmp c:\windows\system32\1024\ld12CD.tmp c:\windows\system32\1024\ld1329.tmp c:\windows\system32\1024\ld1382.tmp c:\windows\system32\1024\ld1388.tmp c:\windows\system32\1024\ld138B.tmp c:\windows\system32\1024\ld13E0.tmp c:\windows\system32\1024\ld1422.tmp c:\windows\system32\1024\ld1423.tmp c:\windows\system32\1024\ld1436.tmp c:\windows\system32\1024\ld1437.tmp c:\windows\system32\1024\ld1450.tmp c:\windows\system32\1024\ld1460.tmp c:\windows\system32\1024\ld146D.tmp c:\windows\system32\1024\ld1480.tmp c:\windows\system32\1024\ld1486.tmp c:\windows\system32\1024\ld14A9.tmp c:\windows\system32\1024\ld1531.tmp c:\windows\system32\1024\ld1571.tmp c:\windows\system32\1024\ld15F1.tmp c:\windows\system32\1024\ld1618.tmp c:\windows\system32\1024\ld1635.tmp c:\windows\system32\1024\ld1685.tmp c:\windows\system32\1024\ld16BE.tmp c:\windows\system32\1024\ld16DB.tmp c:\windows\system32\1024\ld172C.tmp c:\windows\system32\1024\ld176.tmp c:\windows\system32\1024\ld177.tmp c:\windows\system32\1024\ld1777.tmp c:\windows\system32\1024\ld1785.tmp c:\windows\system32\1024\ld17BA.tmp c:\windows\system32\1024\ld17CB.tmp c:\windows\system32\1024\ld182.tmp c:\windows\system32\1024\ld183C.tmp c:\windows\system32\1024\ld1890.tmp c:\windows\system32\1024\ld18C4.tmp c:\windows\system32\1024\ld18C9.tmp c:\windows\system32\1024\ld18CD.tmp c:\windows\system32\1024\ld1903.tmp c:\windows\system32\1024\ld1922.tmp c:\windows\system32\1024\ld1974.tmp c:\windows\system32\1024\ld19DB.tmp c:\windows\system32\1024\ld19E.tmp c:\windows\system32\1024\ld19E6.tmp c:\windows\system32\1024\ld1A01.tmp c:\windows\system32\1024\ld1A27.tmp c:\windows\system32\1024\ld1A47.tmp c:\windows\system32\1024\ld1AAC.tmp c:\windows\system32\1024\ld1AB6.tmp c:\windows\system32\1024\ld1ACA.tmp c:\windows\system32\1024\ld1B06.tmp c:\windows\system32\1024\ld1B2C.tmp c:\windows\system32\1024\ld1B6F.tmp c:\windows\system32\1024\ld1BB3.tmp c:\windows\system32\1024\ld1BED.tmp c:\windows\system32\1024\ld1C06.tmp c:\windows\system32\1024\ld1C17.tmp c:\windows\system32\1024\ld1C77.tmp c:\windows\system32\1024\ld1CBE.tmp c:\windows\system32\1024\ld1D5A.tmp c:\windows\system32\1024\ld1D7D.tmp c:\windows\system32\1024\ld1D89.tmp c:\windows\system32\1024\ld1D92.tmp c:\windows\system32\1024\ld1DC8.tmp c:\windows\system32\1024\ld1E03.tmp c:\windows\system32\1024\ld1E05.tmp c:\windows\system32\1024\ld1E9C.tmp c:\windows\system32\1024\ld1EB4.tmp c:\windows\system32\1024\ld1EBF.tmp c:\windows\system32\1024\ld1EED.tmp c:\windows\system32\1024\ld1F03.tmp c:\windows\system32\1024\ld1F2C.tmp c:\windows\system32\1024\ld1F44.tmp c:\windows\system32\1024\ld2009.tmp c:\windows\system32\1024\ld2031.tmp c:\windows\system32\1024\ld206B.tmp c:\windows\system32\1024\ld20DD.tmp c:\windows\system32\1024\ld2192.tmp c:\windows\system32\1024\ld219A.tmp c:\windows\system32\1024\ld21C8.tmp c:\windows\system32\1024\ld21D0.tmp c:\windows\system32\1024\ld21D8.tmp c:\windows\system32\1024\ld2219.tmp c:\windows\system32\1024\ld223B.tmp c:\windows\system32\1024\ld2262.tmp c:\windows\system32\1024\ld227E.tmp c:\windows\system32\1024\ld22A2.tmp c:\windows\system32\1024\ld22C8.tmp c:\windows\system32\1024\ld22DE.tmp c:\windows\system32\1024\ld22E.tmp c:\windows\system32\1024\ld2314.tmp c:\windows\system32\1024\ld2342.tmp c:\windows\system32\1024\ld237F.tmp c:\windows\system32\1024\ld2389.tmp c:\windows\system32\1024\ld23AE.tmp c:\windows\system32\1024\ld2417.tmp c:\windows\system32\1024\ld2442.tmp c:\windows\system32\1024\ld245D.tmp c:\windows\system32\1024\ld2462.tmp c:\windows\system32\1024\ld2478.tmp c:\windows\system32\1024\ld24A0.tmp c:\windows\system32\1024\ld24F8.tmp c:\windows\system32\1024\ld2552.tmp c:\windows\system32\1024\ld255A.tmp c:\windows\system32\1024\ld2560.tmp c:\windows\system32\1024\ld256C.tmp c:\windows\system32\1024\ld2579.tmp c:\windows\system32\1024\ld2605.tmp c:\windows\system32\1024\ld262F.tmp c:\windows\system32\1024\ld2671.tmp c:\windows\system32\1024\ld274D.tmp c:\windows\system32\1024\ld2765.tmp c:\windows\system32\1024\ld2766.tmp c:\windows\system32\1024\ld2787.tmp c:\windows\system32\1024\ld27C5.tmp c:\windows\system32\1024\ld27E3.tmp c:\windows\system32\1024\ld27F0.tmp c:\windows\system32\1024\ld282.tmp c:\windows\system32\1024\ld2885.tmp c:\windows\system32\1024\ld28E2.tmp c:\windows\system32\1024\ld28F1.tmp c:\windows\system32\1024\ld2937.tmp c:\windows\system32\1024\ld2938.tmp c:\windows\system32\1024\ld299C.tmp c:\windows\system32\1024\ld29EF.tmp c:\windows\system32\1024\ld2A9.tmp c:\windows\system32\1024\ld2AD1.tmp c:\windows\system32\1024\ld2B21.tmp c:\windows\system32\1024\ld2B7F.tmp c:\windows\system32\1024\ld2B8D.tmp c:\windows\system32\1024\ld2B97.tmp c:\windows\system32\1024\ld2BC3.tmp c:\windows\system32\1024\ld2BD4.tmp c:\windows\system32\1024\ld2C1.tmp c:\windows\system32\1024\ld2C1A.tmp c:\windows\system32\1024\ld2C73.tmp c:\windows\system32\1024\ld2C7C.tmp c:\windows\system32\1024\ld2C8.tmp c:\windows\system32\1024\ld2CA2.tmp c:\windows\system32\1024\ld2CA5.tmp c:\windows\system32\1024\ld2CE0.tmp c:\windows\system32\1024\ld2D29.tmp c:\windows\system32\1024\ld2D70.tmp c:\windows\system32\1024\ld2DD5.tmp c:\windows\system32\1024\ld2DF2.tmp c:\windows\system32\1024\ld2E7.tmp c:\windows\system32\1024\ld2E83.tmp c:\windows\system32\1024\ld2EEF.tmp c:\windows\system32\1024\ld2F5C.tmp c:\windows\system32\1024\ld2F5D.tmp c:\windows\system32\1024\ld2FC8.tmp c:\windows\system32\1024\ld3029.tmp c:\windows\system32\1024\ld3062.tmp c:\windows\system32\1024\ld3073.tmp c:\windows\system32\1024\ld307A.tmp c:\windows\system32\1024\ld30B2.tmp c:\windows\system32\1024\ld30D7.tmp c:\windows\system32\1024\ld30E5.tmp c:\windows\system32\1024\ld3108.tmp c:\windows\system32\1024\ld3152.tmp c:\windows\system32\1024\ld3178.tmp c:\windows\system32\1024\ld3185.tmp c:\windows\system32\1024\ld31B5.tmp c:\windows\system32\1024\ld3230.tmp c:\windows\system32\1024\ld328.tmp c:\windows\system32\1024\ld3286.tmp c:\windows\system32\1024\ld3293.tmp c:\windows\system32\1024\ld32AB.tmp c:\windows\system32\1024\ld333F.tmp c:\windows\system32\1024\ld3355.tmp c:\windows\system32\1024\ld33C.tmp c:\windows\system32\1024\ld33C1.tmp c:\windows\system32\1024\ld33C5.tmp c:\windows\system32\1024\ld340B.tmp c:\windows\system32\1024\ld3429.tmp c:\windows\system32\1024\ld3456.tmp c:\windows\system32\1024\ld345D.tmp c:\windows\system32\1024\ld3466.tmp c:\windows\system32\1024\ld3468.tmp c:\windows\system32\1024\ld34D1.tmp c:\windows\system32\1024\ld34ED.tmp c:\windows\system32\1024\ld352D.tmp c:\windows\system32\1024\ld3534.tmp c:\windows\system32\1024\ld3537.tmp c:\windows\system32\1024\ld3598.tmp c:\windows\system32\1024\ld35CB.tmp c:\windows\system32\1024\ld364.tmp c:\windows\system32\1024\ld3652.tmp c:\windows\system32\1024\ld3663.tmp c:\windows\system32\1024\ld3698.tmp c:\windows\system32\1024\ld369C.tmp c:\windows\system32\1024\ld36A.tmp c:\windows\system32\1024\ld36EF.tmp c:\windows\system32\1024\ld375E.tmp c:\windows\system32\1024\ld3786.tmp c:\windows\system32\1024\ld37B8.tmp c:\windows\system32\1024\ld37B9.tmp c:\windows\system32\1024\ld37EB.tmp c:\windows\system32\1024\ld3858.tmp c:\windows\system32\1024\ld386A.tmp c:\windows\system32\1024\ld3893.tmp c:\windows\system32\1024\ld38AD.tmp c:\windows\system32\1024\ld38C4.tmp c:\windows\system32\1024\ld38CE.tmp c:\windows\system32\1024\ld38D3.tmp c:\windows\system32\1024\ld3919.tmp c:\windows\system32\1024\ld3936.tmp c:\windows\system32\1024\ld3939.tmp c:\windows\system32\1024\ld395F.tmp c:\windows\system32\1024\ld39D8.tmp c:\windows\system32\1024\ld39F5.tmp c:\windows\system32\1024\ld3A49.tmp c:\windows\system32\1024\ld3A67.tmp c:\windows\system32\1024\ld3A95.tmp c:\windows\system32\1024\ld3AA6.tmp c:\windows\system32\1024\ld3AB7.tmp c:\windows\system32\1024\ld3AF.tmp c:\windows\system32\1024\ld3B0F.tmp c:\windows\system32\1024\ld3B1C.tmp c:\windows\system32\1024\ld3B60.tmp c:\windows\system32\1024\ld3B9.tmp c:\windows\system32\1024\ld3BDA.tmp c:\windows\system32\1024\ld3BF9.tmp c:\windows\system32\1024\ld3BFF.tmp c:\windows\system32\1024\ld3C42.tmp c:\windows\system32\1024\ld3C83.tmp c:\windows\system32\1024\ld3C87.tmp c:\windows\system32\1024\ld3CC3.tmp c:\windows\system32\1024\ld3CE0.tmp c:\windows\system32\1024\ld3CE7.tmp c:\windows\system32\1024\ld3D79.tmp c:\windows\system32\1024\ld3D8A.tmp c:\windows\system32\1024\ld3DEE.tmp c:\windows\system32\1024\ld3E0E.tmp c:\windows\system32\1024\ld3E19.tmp c:\windows\system32\1024\ld3E57.tmp c:\windows\system32\1024\ld3E6.tmp c:\windows\system32\1024\ld3E7C.tmp c:\windows\system32\1024\ld3EBC.tmp c:\windows\system32\1024\ld3EC2.tmp c:\windows\system32\1024\ld3ECE.tmp c:\windows\system32\1024\ld3ED8.tmp c:\windows\system32\1024\ld3EDC.tmp c:\windows\system32\1024\ld3F07.tmp c:\windows\system32\1024\ld3F25.tmp c:\windows\system32\1024\ld3F5C.tmp c:\windows\system32\1024\ld3FB6.tmp c:\windows\system32\1024\ld3FF1.tmp c:\windows\system32\1024\ld3FF4.tmp c:\windows\system32\1024\ld4026.tmp c:\windows\system32\1024\ld407E.tmp c:\windows\system32\1024\ld4098.tmp c:\windows\system32\1024\ld40CB.tmp c:\windows\system32\1024\ld4172.tmp c:\windows\system32\1024\ld41B9.tmp c:\windows\system32\1024\ld41EB.tmp c:\windows\system32\1024\ld425D.tmp c:\windows\system32\1024\ld42AE.tmp c:\windows\system32\1024\ld4348.tmp c:\windows\system32\1024\ld435C.tmp c:\windows\system32\1024\ld438C.tmp c:\windows\system32\1024\ld43E2.tmp c:\windows\system32\1024\ld43E7.tmp c:\windows\system32\1024\ld43E8.tmp c:\windows\system32\1024\ld4421.tmp c:\windows\system32\1024\ld4451.tmp c:\windows\system32\1024\ld44CD.tmp c:\windows\system32\1024\ld452.tmp c:\windows\system32\1024\ld453A.tmp c:\windows\system32\1024\ld4560.tmp c:\windows\system32\1024\ld4576.tmp c:\windows\system32\1024\ld45B2.tmp c:\windows\system32\1024\ld45FE.tmp c:\windows\system32\1024\ld4605.tmp c:\windows\system32\1024\ld460D.tmp c:\windows\system32\1024\ld46AC.tmp c:\windows\system32\1024\ld46E3.tmp c:\windows\system32\1024\ld46E8.tmp c:\windows\system32\1024\ld47.tmp c:\windows\system32\1024\ld476.tmp c:\windows\system32\1024\ld47B.tmp c:\windows\system32\1024\ld484C.tmp c:\windows\system32\1024\ld487.tmp c:\windows\system32\1024\ld48AB.tmp c:\windows\system32\1024\ld49.tmp c:\windows\system32\1024\ld491C.tmp c:\windows\system32\1024\ld492E.tmp c:\windows\system32\1024\ld4941.tmp c:\windows\system32\1024\ld496D.tmp c:\windows\system32\1024\ld4975.tmp c:\windows\system32\1024\ld49AB.tmp c:\windows\system32\1024\ld49B3.tmp c:\windows\system32\1024\ld49B9.tmp c:\windows\system32\1024\ld49C1.tmp c:\windows\system32\1024\ld49D3.tmp c:\windows\system32\1024\ld49DC.tmp c:\windows\system32\1024\ld4A0A.tmp c:\windows\system32\1024\ld4A0F.tmp c:\windows\system32\1024\ld4A49.tmp c:\windows\system32\1024\ld4AE9.tmp c:\windows\system32\1024\ld4B15.tmp c:\windows\system32\1024\ld4B2F.tmp c:\windows\system32\1024\ld4B44.tmp c:\windows\system32\1024\ld4B4A.tmp c:\windows\system32\1024\ld4B52.tmp c:\windows\system32\1024\ld4B6B.tmp c:\windows\system32\1024\ld4B9E.tmp c:\windows\system32\1024\ld4BCC.tmp c:\windows\system32\1024\ld4BDE.tmp c:\windows\system32\1024\ld4BE8.tmp c:\windows\system32\1024\ld4BF6.tmp c:\windows\system32\1024\ld4BF8.tmp c:\windows\system32\1024\ld4C27.tmp c:\windows\system32\1024\ld4C3F.tmp c:\windows\system32\1024\ld4C54.tmp c:\windows\system32\1024\ld4C76.tmp c:\windows\system32\1024\ld4CFC.tmp c:\windows\system32\1024\ld4D6B.tmp c:\windows\system32\1024\ld4D71.tmp c:\windows\system32\1024\ld4D72.tmp c:\windows\system32\1024\ld4D7E.tmp c:\windows\system32\1024\ld4D80.tmp c:\windows\system32\1024\ld4DD5.tmp c:\windows\system32\1024\ld4DE0.tmp c:\windows\system32\1024\ld4E62.tmp c:\windows\system32\1024\ld4E78.tmp c:\windows\system32\1024\ld4ED3.tmp c:\windows\system32\1024\ld4EE.tmp c:\windows\system32\1024\ld4F3E.tmp c:\windows\system32\1024\ld4F93.tmp c:\windows\system32\1024\ld4FC5.tmp c:\windows\system32\1024\ld5012.tmp c:\windows\system32\1024\ld5066.tmp c:\windows\system32\1024\ld506B.tmp c:\windows\system32\1024\ld50DD.tmp c:\windows\system32\1024\ld50F9.tmp c:\windows\system32\1024\ld510.tmp c:\windows\system32\1024\ld512C.tmp c:\windows\system32\1024\ld517.tmp c:\windows\system32\1024\ld5177.tmp c:\windows\system32\1024\ld518.tmp c:\windows\system32\1024\ld51A5.tmp c:\windows\system32\1024\ld51D9.tmp c:\windows\system32\1024\ld527D.tmp c:\windows\system32\1024\ld527E.tmp c:\windows\system32\1024\ld52A9.tmp c:\windows\system32\1024\ld5313.tmp c:\windows\system32\1024\ld533E.tmp c:\windows\system32\1024\ld5363.tmp c:\windows\system32\1024\ld536A.tmp c:\windows\system32\1024\ld53BC.tmp c:\windows\system32\1024\ld53C9.tmp c:\windows\system32\1024\ld53DB.tmp c:\windows\system32\1024\ld53DD.tmp c:\windows\system32\1024\ld5438.tmp c:\windows\system32\1024\ld5441.tmp c:\windows\system32\1024\ld5458.tmp c:\windows\system32\1024\ld5486.tmp c:\windows\system32\1024\ld549F.tmp c:\windows\system32\1024\ld54BC.tmp c:\windows\system32\1024\ld54D8.tmp c:\windows\system32\1024\ld54E9.tmp c:\windows\system32\1024\ld550D.tmp c:\windows\system32\1024\ld5510.tmp c:\windows\system32\1024\ld555E.tmp c:\windows\system32\1024\ld5619.tmp c:\windows\system32\1024\ld567E.tmp c:\windows\system32\1024\ld56BE.tmp c:\windows\system32\1024\ld56BF.tmp c:\windows\system32\1024\ld57.tmp c:\windows\system32\1024\ld570D.tmp c:\windows\system32\1024\ld5741.tmp c:\windows\system32\1024\ld574A.tmp c:\windows\system32\1024\ld5756.tmp c:\windows\system32\1024\ld576A.tmp c:\windows\system32\1024\ld577A.tmp c:\windows\system32\1024\ld5789.tmp c:\windows\system32\1024\ld57AA.tmp c:\windows\system32\1024\ld57C0.tmp c:\windows\system32\1024\ld57D2.tmp c:\windows\system32\1024\ld57E.tmp c:\windows\system32\1024\ld5801.tmp c:\windows\system32\1024\ld5831.tmp c:\windows\system32\1024\ld5841.tmp c:\windows\system32\1024\ld58BD.tmp c:\windows\system32\1024\ld58C5.tmp c:\windows\system32\1024\ld58F1.tmp c:\windows\system32\1024\ld5944.tmp c:\windows\system32\1024\ld5995.tmp c:\windows\system32\1024\ld59A1.tmp c:\windows\system32\1024\ld59DE.tmp c:\windows\system32\1024\ld5A07.tmp c:\windows\system32\1024\ld5A19.tmp c:\windows\system32\1024\ld5A51.tmp c:\windows\system32\1024\ld5AA8.tmp c:\windows\system32\1024\ld5AE6.tmp c:\windows\system32\1024\ld5AEC.tmp c:\windows\system32\1024\ld5B05.tmp c:\windows\system32\1024\ld5B5B.tmp c:\windows\system32\1024\ld5B66.tmp c:\windows\system32\1024\ld5BA1.tmp c:\windows\system32\1024\ld5BF2.tmp c:\windows\system32\1024\ld5C5B.tmp c:\windows\system32\1024\ld5CA.tmp c:\windows\system32\1024\ld5CAB.tmp c:\windows\system32\1024\ld5CB6.tmp c:\windows\system32\1024\ld5CED.tmp c:\windows\system32\1024\ld5D0E.tmp c:\windows\system32\1024\ld5D5E.tmp c:\windows\system32\1024\ld5D7C.tmp c:\windows\system32\1024\ld5DA.tmp c:\windows\system32\1024\ld5E2E.tmp c:\windows\system32\1024\ld5E78.tmp c:\windows\system32\1024\ld5E8D.tmp c:\windows\system32\1024\ld5EAA.tmp c:\windows\system32\1024\ld5EB7.tmp c:\windows\system32\1024\ld5F32.tmp c:\windows\system32\1024\ld5F3F.tmp c:\windows\system32\1024\ld5F87.tmp c:\windows\system32\1024\ld5F8B.tmp c:\windows\system32\1024\ld5FB0.tmp c:\windows\system32\1024\ld5FB5.tmp c:\windows\system32\1024\ld5FC4.tmp c:\windows\system32\1024\ld5FF4.tmp c:\windows\system32\1024\ld6040.tmp c:\windows\system32\1024\ld606.tmp c:\windows\system32\1024\ld60B6.tmp c:\windows\system32\1024\ld60B9.tmp c:\windows\system32\1024\ld60E6.tmp c:\windows\system32\1024\ld610A.tmp c:\windows\system32\1024\ld6112.tmp c:\windows\system32\1024\ld611A.tmp c:\windows\system32\1024\ld6126.tmp c:\windows\system32\1024\ld6185.tmp c:\windows\system32\1024\ld61B0.tmp c:\windows\system32\1024\ld61B3.tmp c:\windows\system32\1024\ld61BF.tmp c:\windows\system32\1024\ld61DA.tmp c:\windows\system32\1024\ld61EF.tmp c:\windows\system32\1024\ld620C.tmp c:\windows\system32\1024\ld6215.tmp c:\windows\system32\1024\ld6244.tmp c:\windows\system32\1024\ld625E.tmp c:\windows\system32\1024\ld6260.tmp c:\windows\system32\1024\ld6268.tmp c:\windows\system32\1024\ld628F.tmp c:\windows\system32\1024\ld629E.tmp c:\windows\system32\1024\ld62C.tmp c:\windows\system32\1024\ld62CE.tmp c:\windows\system32\1024\ld62FC.tmp c:\windows\system32\1024\ld630A.tmp c:\windows\system32\1024\ld6355.tmp c:\windows\system32\1024\ld6386.tmp c:\windows\system32\1024\ld639A.tmp c:\windows\system32\1024\ld63E1.tmp c:\windows\system32\1024\ld6412.tmp c:\windows\system32\1024\ld6421.tmp c:\windows\system32\1024\ld6434.tmp c:\windows\system32\1024\ld6437.tmp c:\windows\system32\1024\ld6491.tmp c:\windows\system32\1024\ld64A1.tmp c:\windows\system32\1024\ld64C1.tmp c:\windows\system32\1024\ld64DD.tmp c:\windows\system32\1024\ld6513.tmp c:\windows\system32\1024\ld6560.tmp c:\windows\system32\1024\ld658.tmp c:\windows\system32\1024\ld65D9.tmp c:\windows\system32\1024\ld65DE.tmp c:\windows\system32\1024\ld65FD.tmp c:\windows\system32\1024\ld664E.tmp c:\windows\system32\1024\ld672E.tmp c:\windows\system32\1024\ld67A6.tmp c:\windows\system32\1024\ld67BF.tmp c:\windows\system32\1024\ld6837.tmp c:\windows\system32\1024\ld684E.tmp c:\windows\system32\1024\ld6869.tmp c:\windows\system32\1024\ld686E.tmp c:\windows\system32\1024\ld68A4.tmp c:\windows\system32\1024\ld68D9.tmp c:\windows\system32\1024\ld6958.tmp c:\windows\system32\1024\ld6969.tmp c:\windows\system32\1024\ld6986.tmp c:\windows\system32\1024\ld698D.tmp c:\windows\system32\1024\ld69B5.tmp c:\windows\system32\1024\ld6A0E.tmp c:\windows\system32\1024\ld6B76.tmp c:\windows\system32\1024\ld6B82.tmp c:\windows\system32\1024\ld6BA3.tmp c:\windows\system32\1024\ld6BC8.tmp c:\windows\system32\1024\ld6C0E.tmp c:\windows\system32\1024\ld6C19.tmp c:\windows\system32\1024\ld6C53.tmp c:\windows\system32\1024\ld6C70.tmp c:\windows\system32\1024\ld6C89.tmp c:\windows\system32\1024\ld6C90.tmp c:\windows\system32\1024\ld6CAC.tmp c:\windows\system32\1024\ld6CE7.tmp c:\windows\system32\1024\ld6CEC.tmp c:\windows\system32\1024\ld6CF0.tmp c:\windows\system32\1024\ld6D4A.tmp c:\windows\system32\1024\ld6DBC.tmp c:\windows\system32\1024\ld6DC9.tmp c:\windows\system32\1024\ld6DD1.tmp c:\windows\system32\1024\ld6DE2.tmp c:\windows\system32\1024\ld6DFA.tmp c:\windows\system32\1024\ld6E77.tmp c:\windows\system32\1024\ld6F06.tmp c:\windows\system32\1024\ld6F7B.tmp c:\windows\system32\1024\ld6FA0.tmp c:\windows\system32\1024\ld6FB0.tmp c:\windows\system32\1024\ld6FB5.tmp c:\windows\system32\1024\ld6FCE.tmp c:\windows\system32\1024\ld6FE6.tmp c:\windows\system32\1024\ld7045.tmp c:\windows\system32\1024\ld70B7.tmp c:\windows\system32\1024\ld7119.tmp c:\windows\system32\1024\ld7126.tmp c:\windows\system32\1024\ld712C.tmp c:\windows\system32\1024\ld71C7.tmp c:\windows\system32\1024\ld726E.tmp c:\windows\system32\1024\ld727.tmp c:\windows\system32\1024\ld7271.tmp c:\windows\system32\1024\ld7296.tmp c:\windows\system32\1024\ld72EA.tmp c:\windows\system32\1024\ld7325.tmp c:\windows\system32\1024\ld7339.tmp c:\windows\system32\1024\ld7375.tmp c:\windows\system32\1024\ld738B.tmp c:\windows\system32\1024\ld73A6.tmp c:\windows\system32\1024\ld73FC.tmp c:\windows\system32\1024\ld742.tmp c:\windows\system32\1024\ld7426.tmp c:\windows\system32\1024\ld7461.tmp c:\windows\system32\1024\ld7473.tmp c:\windows\system32\1024\ld74A1.tmp c:\windows\system32\1024\ld74C9.tmp c:\windows\system32\1024\ld74EF.tmp c:\windows\system32\1024\ld74FA.tmp c:\windows\system32\1024\ld755C.tmp c:\windows\system32\1024\ld7582.tmp c:\windows\system32\1024\ld7599.tmp c:\windows\system32\1024\ld759F.tmp c:\windows\system32\1024\ld75B9.tmp c:\windows\system32\1024\ld76.tmp c:\windows\system32\1024\ld7611.tmp c:\windows\system32\1024\ld7616.tmp c:\windows\system32\1024\ld768D.tmp c:\windows\system32\1024\ld7714.tmp c:\windows\system32\1024\ld7734.tmp c:\windows\system32\1024\ld7755.tmp c:\windows\system32\1024\ld7789.tmp c:\windows\system32\1024\ld77BE.tmp c:\windows\system32\1024\ld77C.tmp c:\windows\system32\1024\ld77F0.tmp c:\windows\system32\1024\ld7857.tmp c:\windows\system32\1024\ld7875.tmp c:\windows\system32\1024\ld79.tmp c:\windows\system32\1024\ld792B.tmp c:\windows\system32\1024\ld799.tmp c:\windows\system32\1024\ld79A2.tmp c:\windows\system32\1024\ld79F.tmp c:\windows\system32\1024\ld79FC.tmp c:\windows\system32\1024\ld7A46.tmp c:\windows\system32\1024\ld7A4B.tmp c:\windows\system32\1024\ld7A90.tmp c:\windows\system32\1024\ld7AC5.tmp c:\windows\system32\1024\ld7B56.tmp c:\windows\system32\1024\ld7B79.tmp c:\windows\system32\1024\ld7B8A.tmp c:\windows\system32\1024\ld7BC5.tmp c:\windows\system32\1024\ld7C1.tmp c:\windows\system32\1024\ld7C43.tmp c:\windows\system32\1024\ld7C86.tmp c:\windows\system32\1024\ld7C94.tmp c:\windows\system32\1024\ld7CA2.tmp c:\windows\system32\1024\ld7DB8.tmp c:\windows\system32\1024\ld7DC0.tmp c:\windows\system32\1024\ld7DE5.tmp c:\windows\system32\1024\ld7E2A.tmp c:\windows\system32\1024\ld7E51.tmp c:\windows\system32\1024\ld7E63.tmp c:\windows\system32\1024\ld7E8.tmp c:\windows\system32\1024\ld7F1E.tmp c:\windows\system32\1024\ld7F49.tmp c:\windows\system32\1024\ld7F9A.tmp c:\windows\system32\1024\ld7FA2.tmp c:\windows\system32\1024\ld7FB7.tmp c:\windows\system32\1024\ld7FD2.tmp c:\windows\system32\1024\ld7FD4.tmp c:\windows\system32\1024\ld7FD7.tmp c:\windows\system32\1024\ld80.tmp c:\windows\system32\1024\ld802D.tmp c:\windows\system32\1024\ld8039.tmp c:\windows\system32\1024\ld807.tmp c:\windows\system32\1024\ld80A2.tmp c:\windows\system32\1024\ld80F0.tmp c:\windows\system32\1024\ld80FC.tmp c:\windows\system32\1024\ld813D.tmp c:\windows\system32\1024\ld816A.tmp c:\windows\system32\1024\ld820E.tmp c:\windows\system32\1024\ld830F.tmp c:\windows\system32\1024\ld8351.tmp c:\windows\system32\1024\ld8414.tmp c:\windows\system32\1024\ld847.tmp c:\windows\system32\1024\ld8487.tmp c:\windows\system32\1024\ld84A4.tmp c:\windows\system32\1024\ld85D2.tmp c:\windows\system32\1024\ld85F.tmp c:\windows\system32\1024\ld8646.tmp c:\windows\system32\1024\ld8649.tmp c:\windows\system32\1024\ld8651.tmp c:\windows\system32\1024\ld8671.tmp c:\windows\system32\1024\ld86A4.tmp c:\windows\system32\1024\ld86E1.tmp c:\windows\system32\1024\ld86FF.tmp c:\windows\system32\1024\ld8719.tmp c:\windows\system32\1024\ld8739.tmp c:\windows\system32\1024\ld8755.tmp c:\windows\system32\1024\ld8774.tmp c:\windows\system32\1024\ld8777.tmp c:\windows\system32\1024\ld8783.tmp c:\windows\system32\1024\ld87A8.tmp c:\windows\system32\1024\ld87C3.tmp c:\windows\system32\1024\ld87F9.tmp c:\windows\system32\1024\ld8800.tmp c:\windows\system32\1024\ld8823.tmp c:\windows\system32\1024\ld882A.tmp c:\windows\system32\1024\ld8839.tmp c:\windows\system32\1024\ld8931.tmp c:\windows\system32\1024\ld89BC.tmp c:\windows\system32\1024\ld89BE.tmp c:\windows\system32\1024\ld89E.tmp c:\windows\system32\1024\ld8A14.tmp c:\windows\system32\1024\ld8B52.tmp c:\windows\system32\1024\ld8B78.tmp c:\windows\system32\1024\ld8B84.tmp c:\windows\system32\1024\ld8B9D.tmp c:\windows\system32\1024\ld8BB1.tmp c:\windows\system32\1024\ld8C0A.tmp c:\windows\system32\1024\ld8C4A.tmp c:\windows\system32\1024\ld8C5.tmp c:\windows\system32\1024\ld8C7C.tmp c:\windows\system32\1024\ld8CEE.tmp c:\windows\system32\1024\ld8D5F.tmp c:\windows\system32\1024\ld8D70.tmp c:\windows\system32\1024\ld8D95.tmp c:\windows\system32\1024\ld8E39.tmp c:\windows\system32\1024\ld8E3A.tmp c:\windows\system32\1024\ld8E4.tmp c:\windows\system32\1024\ld8E4A.tmp c:\windows\system32\1024\ld8ED9.tmp c:\windows\system32\1024\ld8F60.tmp c:\windows\system32\1024\ld9018.tmp c:\windows\system32\1024\ld9020.tmp c:\windows\system32\1024\ld902D.tmp c:\windows\system32\1024\ld9036.tmp c:\windows\system32\1024\ld90A9.tmp c:\windows\system32\1024\ld90AA.tmp c:\windows\system32\1024\ld90B2.tmp c:\windows\system32\1024\ld90D1.tmp c:\windows\system32\1024\ld9150.tmp c:\windows\system32\1024\ld9186.tmp c:\windows\system32\1024\ld9195.tmp c:\windows\system32\1024\ld91F2.tmp c:\windows\system32\1024\ld9209.tmp c:\windows\system32\1024\ld9269.tmp c:\windows\system32\1024\ld9291.tmp c:\windows\system32\1024\ld92B6.tmp c:\windows\system32\1024\ld92C5.tmp c:\windows\system32\1024\ld92D5.tmp c:\windows\system32\1024\ld92FC.tmp c:\windows\system32\1024\ld9326.tmp c:\windows\system32\1024\ld9384.tmp c:\windows\system32\1024\ld93A9.tmp c:\windows\system32\1024\ld93BD.tmp c:\windows\system32\1024\ld93E0.tmp c:\windows\system32\1024\ld9422.tmp c:\windows\system32\1024\ld9466.tmp c:\windows\system32\1024\ld9489.tmp c:\windows\system32\1024\ld94BD.tmp c:\windows\system32\1024\ld9519.tmp c:\windows\system32\1024\ld955E.tmp c:\windows\system32\1024\ld95A2.tmp c:\windows\system32\1024\ld968F.tmp c:\windows\system32\1024\ld96EB.tmp c:\windows\system32\1024\ld9700.tmp c:\windows\system32\1024\ld971.tmp c:\windows\system32\1024\ld9766.tmp c:\windows\system32\1024\ld9771.tmp c:\windows\system32\1024\ld977A.tmp c:\windows\system32\1024\ld977C.tmp c:\windows\system32\1024\ld9784.tmp c:\windows\system32\1024\ld9799.tmp c:\windows\system32\1024\ld97A3.tmp c:\windows\system32\1024\ld97F9.tmp c:\windows\system32\1024\ld9807.tmp c:\windows\system32\1024\ld9812.tmp c:\windows\system32\1024\ld9834.tmp c:\windows\system32\1024\ld9841.tmp c:\windows\system32\1024\ld9872.tmp c:\windows\system32\1024\ld9880.tmp c:\windows\system32\1024\ld989C.tmp c:\windows\system32\1024\ld9909.tmp c:\windows\system32\1024\ld9921.tmp c:\windows\system32\1024\ld997A.tmp c:\windows\system32\1024\ld99C5.tmp c:\windows\system32\1024\ld99CF.tmp c:\windows\system32\1024\ld99EE.tmp c:\windows\system32\1024\ld9A1.tmp c:\windows\system32\1024\ld9AA9.tmp c:\windows\system32\1024\ld9AC.tmp c:\windows\system32\1024\ld9AE6.tmp c:\windows\system32\1024\ld9AEA.tmp c:\windows\system32\1024\ld9B27.tmp c:\windows\system32\1024\ld9B3.tmp c:\windows\system32\1024\ld9B58.tmp c:\windows\system32\1024\ld9B68.tmp c:\windows\system32\1024\ld9B7C.tmp c:\windows\system32\1024\ld9B7F.tmp c:\windows\system32\1024\ld9B85.tmp c:\windows\system32\1024\ld9BBC.tmp c:\windows\system32\1024\ld9BE2.tmp c:\windows\system32\1024\ld9BF7.tmp c:\windows\system32\1024\ld9C4E.tmp c:\windows\system32\1024\ld9C6C.tmp c:\windows\system32\1024\ld9C74.tmp c:\windows\system32\1024\ld9C7A.tmp c:\windows\system32\1024\ld9C99.tmp c:\windows\system32\1024\ld9CA3.tmp c:\windows\system32\1024\ld9CC.tmp c:\windows\system32\1024\ld9CD8.tmp c:\windows\system32\1024\ld9CDF.tmp c:\windows\system32\1024\ld9CFE.tmp c:\windows\system32\1024\ld9D1.tmp c:\windows\system32\1024\ld9D4F.tmp c:\windows\system32\1024\ld9D51.tmp c:\windows\system32\1024\ld9DA5.tmp c:\windows\system32\1024\ld9DB2.tmp c:\windows\system32\1024\ld9DE5.tmp c:\windows\system32\1024\ld9E21.tmp c:\windows\system32\1024\ld9E3.tmp c:\windows\system32\1024\ld9E33.tmp c:\windows\system32\1024\ld9E52.tmp c:\windows\system32\1024\ld9E6.tmp c:\windows\system32\1024\ld9E70.tmp c:\windows\system32\1024\ld9EB9.tmp c:\windows\system32\1024\ld9EBD.tmp c:\windows\system32\1024\ld9EC9.tmp c:\windows\system32\1024\ld9ED4.tmp c:\windows\system32\1024\ld9EDF.tmp c:\windows\system32\1024\ld9EE3.tmp c:\windows\system32\1024\ld9F15.tmp c:\windows\system32\1024\ld9F23.tmp c:\windows\system32\1024\ld9F24.tmp c:\windows\system32\1024\ld9F80.tmp c:\windows\system32\1024\ld9F81.tmp c:\windows\system32\1024\ld9FD3.tmp c:\windows\system32\1024\ld9FD4.tmp c:\windows\system32\1024\ld9FEB.tmp c:\windows\system32\1024\ld9FED.tmp c:\windows\system32\1024\ld9FFF.tmp c:\windows\system32\1024\ldA00.tmp c:\windows\system32\1024\ldA011.tmp c:\windows\system32\1024\ldA01E.tmp c:\windows\system32\1024\ldA07C.tmp c:\windows\system32\1024\ldA09E.tmp c:\windows\system32\1024\ldA0A3.tmp c:\windows\system32\1024\ldA0C1.tmp c:\windows\system32\1024\ldA105.tmp c:\windows\system32\1024\ldA10F.tmp c:\windows\system32\1024\ldA118.tmp c:\windows\system32\1024\ldA15B.tmp c:\windows\system32\1024\ldA219.tmp c:\windows\system32\1024\ldA2B7.tmp c:\windows\system32\1024\ldA30C.tmp c:\windows\system32\1024\ldA366.tmp c:\windows\system32\1024\ldA37F.tmp c:\windows\system32\1024\ldA3B2.tmp c:\windows\system32\1024\ldA3C3.tmp c:\windows\system32\1024\ldA3D.tmp c:\windows\system32\1024\ldA3D2.tmp c:\windows\system32\1024\ldA42.tmp c:\windows\system32\1024\ldA422.tmp c:\windows\system32\1024\ldA47.tmp c:\windows\system32\1024\ldA4C2.tmp c:\windows\system32\1024\ldA50F.tmp c:\windows\system32\1024\ldA519.tmp c:\windows\system32\1024\ldA533.tmp c:\windows\system32\1024\ldA58B.tmp c:\windows\system32\1024\ldA60B.tmp c:\windows\system32\1024\ldA615.tmp c:\windows\system32\1024\ldA63.tmp c:\windows\system32\1024\ldA63C.tmp c:\windows\system32\1024\ldA667.tmp c:\windows\system32\1024\ldA671.tmp c:\windows\system32\1024\ldA685.tmp c:\windows\system32\1024\ldA6EB.tmp c:\windows\system32\1024\ldA7B.tmp c:\windows\system32\1024\ldA7DF.tmp c:\windows\system32\1024\ldA7F9.tmp c:\windows\system32\1024\ldA844.tmp c:\windows\system32\1024\ldA855.tmp c:\windows\system32\1024\ldA85E.tmp c:\windows\system32\1024\ldA861.tmp c:\windows\system32\1024\ldA87C.tmp c:\windows\system32\1024\ldA8E7.tmp c:\windows\system32\1024\ldA90A.tmp c:\windows\system32\1024\ldA959.tmp c:\windows\system32\1024\ldA987.tmp c:\windows\system32\1024\ldA9B2.tmp c:\windows\system32\1024\ldA9F8.tmp c:\windows\system32\1024\ldAA1C.tmp c:\windows\system32\1024\ldAA46.tmp c:\windows\system32\1024\ldAA5C.tmp c:\windows\system32\1024\ldAA68.tmp c:\windows\system32\1024\ldAAB5.tmp c:\windows\system32\1024\ldAAD3.tmp c:\windows\system32\1024\ldAAE9.tmp c:\windows\system32\1024\ldAB46.tmp c:\windows\system32\1024\ldAB68.tmp c:\windows\system32\1024\ldAC25.tmp c:\windows\system32\1024\ldAC46.tmp c:\windows\system32\1024\ldAC7E.tmp c:\windows\system32\1024\ldAC8B.tmp c:\windows\system32\1024\ldAC8F.tmp c:\windows\system32\1024\ldACAF.tmp c:\windows\system32\1024\ldACB4.tmp c:\windows\system32\1024\ldACEA.tmp c:\windows\system32\1024\ldACF5.tmp c:\windows\system32\1024\ldAD36.tmp c:\windows\system32\1024\ldADBD.tmp c:\windows\system32\1024\ldAE0C.tmp c:\windows\system32\1024\ldAE2D.tmp c:\windows\system32\1024\ldAE5.tmp c:\windows\system32\1024\ldAE95.tmp c:\windows\system32\1024\ldAEBC.tmp c:\windows\system32\1024\ldAEF1.tmp c:\windows\system32\1024\ldAEFF.tmp c:\windows\system32\1024\ldAF04.tmp c:\windows\system32\1024\ldAF1B.tmp c:\windows\system32\1024\ldAF2C.tmp c:\windows\system32\1024\ldAF65.tmp c:\windows\system32\1024\ldAF7.tmp c:\windows\system32\1024\ldAFAF.tmp c:\windows\system32\1024\ldB003.tmp c:\windows\system32\1024\ldB004.tmp c:\windows\system32\1024\ldB060.tmp c:\windows\system32\1024\ldB0E8.tmp c:\windows\system32\1024\ldB102.tmp c:\windows\system32\1024\ldB123.tmp c:\windows\system32\1024\ldB190.tmp c:\windows\system32\1024\ldB1BC.tmp c:\windows\system32\1024\ldB1DE.tmp c:\windows\system32\1024\ldB1EA.tmp c:\windows\system32\1024\ldB211.tmp c:\windows\system32\1024\ldB21C.tmp c:\windows\system32\1024\ldB22B.tmp c:\windows\system32\1024\ldB23B.tmp c:\windows\system32\1024\ldB295.tmp c:\windows\system32\1024\ldB2A8.tmp c:\windows\system32\1024\ldB2AA.tmp c:\windows\system32\1024\ldB2AD.tmp c:\windows\system32\1024\ldB2C6.tmp c:\windows\system32\1024\ldB2DF.tmp c:\windows\system32\1024\ldB2E.tmp c:\windows\system32\1024\ldB2F1.tmp c:\windows\system32\1024\ldB323.tmp c:\windows\system32\1024\ldB346.tmp c:\windows\system32\1024\ldB34C.tmp c:\windows\system32\1024\ldB355.tmp c:\windows\system32\1024\ldB35D.tmp c:\windows\system32\1024\ldB361.tmp c:\windows\system32\1024\ldB36D.tmp c:\windows\system32\1024\ldB3A3.tmp c:\windows\system32\1024\ldB3CE.tmp c:\windows\system32\1024\ldB428.tmp c:\windows\system32\1024\ldB462.tmp c:\windows\system32\1024\ldB48E.tmp c:\windows\system32\1024\ldB495.tmp c:\windows\system32\1024\ldB4B.tmp c:\windows\system32\1024\ldB4D7.tmp c:\windows\system32\1024\ldB4F6.tmp c:\windows\system32\1024\ldB54D.tmp c:\windows\system32\1024\ldB615.tmp c:\windows\system32\1024\ldB618.tmp c:\windows\system32\1024\ldB63A.tmp c:\windows\system32\1024\ldB63C.tmp c:\windows\system32\1024\ldB666.tmp c:\windows\system32\1024\ldB6AE.tmp c:\windows\system32\1024\ldB6E2.tmp c:\windows\system32\1024\ldB6FC.tmp c:\windows\system32\1024\ldB73D.tmp c:\windows\system32\1024\ldB750.tmp c:\windows\system32\1024\ldB7E7.tmp c:\windows\system32\1024\ldB86A.tmp c:\windows\system32\1024\ldB8CC.tmp c:\windows\system32\1024\ldB91C.tmp c:\windows\system32\1024\ldB921.tmp c:\windows\system32\1024\ldB95F.tmp c:\windows\system32\1024\ldB97.tmp c:\windows\system32\1024\ldB98C.tmp c:\windows\system32\1024\ldB993.tmp c:\windows\system32\1024\ldB9D6.tmp c:\windows\system32\1024\ldB9FB.tmp c:\windows\system32\1024\ldBA0D.tmp c:\windows\system32\1024\ldBA1E.tmp c:\windows\system32\1024\ldBA40.tmp c:\windows\system32\1024\ldBA58.tmp c:\windows\system32\1024\ldBA78.tmp c:\windows\system32\1024\ldBA7E.tmp c:\windows\system32\1024\ldBAA5.tmp c:\windows\system32\1024\ldBAAF.tmp c:\windows\system32\1024\ldBB00.tmp c:\windows\system32\1024\ldBB22.tmp c:\windows\system32\1024\ldBB54.tmp c:\windows\system32\1024\ldBBB2.tmp c:\windows\system32\1024\ldBBF2.tmp c:\windows\system32\1024\ldBC1C.tmp c:\windows\system32\1024\ldBC6F.tmp c:\windows\system32\1024\ldBC9B.tmp c:\windows\system32\1024\ldBCA4.tmp c:\windows\system32\1024\ldBCB.tmp c:\windows\system32\1024\ldBCCD.tmp c:\windows\system32\1024\ldBCCE.tmp c:\windows\system32\1024\ldBD02.tmp c:\windows\system32\1024\ldBD0A.tmp c:\windows\system32\1024\ldBD98.tmp c:\windows\system32\1024\ldBDAB.tmp c:\windows\system32\1024\ldBDDC.tmp c:\windows\system32\1024\ldBE18.tmp c:\windows\system32\1024\ldBE20.tmp c:\windows\system32\1024\ldBE2C.tmp c:\windows\system32\1024\ldBE3A.tmp c:\windows\system32\1024\ldBE3F.tmp c:\windows\system32\1024\ldBE60.tmp c:\windows\system32\1024\ldBE6E.tmp c:\windows\system32\1024\ldBEC4.tmp c:\windows\system32\1024\ldBEF0.tmp c:\windows\system32\1024\ldBEF5.tmp c:\windows\system32\1024\ldBF0F.tmp c:\windows\system32\1024\ldBF8A.tmp c:\windows\system32\1024\ldBFA3.tmp c:\windows\system32\1024\ldBFB3.tmp c:\windows\system32\1024\ldC01B.tmp c:\windows\system32\1024\ldC074.tmp c:\windows\system32\1024\ldC091.tmp c:\windows\system32\1024\ldC09B.tmp c:\windows\system32\1024\ldC0B3.tmp c:\windows\system32\1024\ldC0E1.tmp c:\windows\system32\1024\ldC0F7.tmp c:\windows\system32\1024\ldC120.tmp c:\windows\system32\1024\ldC164.tmp c:\windows\system32\1024\ldC171.tmp c:\windows\system32\1024\ldC1A3.tmp c:\windows\system32\1024\ldC1C7.tmp c:\windows\system32\1024\ldC208.tmp c:\windows\system32\1024\ldC289.tmp c:\windows\system32\1024\ldC292.tmp c:\windows\system32\1024\ldC297.tmp c:\windows\system32\1024\ldC2C2.tmp c:\windows\system32\1024\ldC2D4.tmp c:\windows\system32\1024\ldC377.tmp c:\windows\system32\1024\ldC3B6.tmp c:\windows\system32\1024\ldC3C9.tmp c:\windows\system32\1024\ldC3DF.tmp c:\windows\system32\1024\ldC405.tmp c:\windows\system32\1024\ldC417.tmp c:\windows\system32\1024\ldC427.tmp c:\windows\system32\1024\ldC435.tmp c:\windows\system32\1024\ldC449.tmp c:\windows\system32\1024\ldC44B.tmp c:\windows\system32\1024\ldC499.tmp c:\windows\system32\1024\ldC4CE.tmp c:\windows\system32\1024\ldC4E.tmp c:\windows\system32\1024\ldC4E1.tmp c:\windows\system32\1024\ldC4E9.tmp c:\windows\system32\1024\ldC4EE.tmp c:\windows\system32\1024\ldC4F9.tmp c:\windows\system32\1024\ldC508.tmp c:\windows\system32\1024\ldC516.tmp c:\windows\system32\1024\ldC53E.tmp c:\windows\system32\1024\ldC54.tmp c:\windows\system32\1024\ldC5A7.tmp c:\windows\system32\1024\ldC624.tmp c:\windows\system32\1024\ldC644.tmp c:\windows\system32\1024\ldC647.tmp c:\windows\system32\1024\ldC65F.tmp c:\windows\system32\1024\ldC66C.tmp c:\windows\system32\1024\ldC6BA.tmp c:\windows\system32\1024\ldC794.tmp c:\windows\system32\1024\ldC7D4.tmp c:\windows\system32\1024\ldC7EE.tmp c:\windows\system32\1024\ldC7F5.tmp c:\windows\system32\1024\ldC87B.tmp c:\windows\system32\1024\ldC8A1.tmp c:\windows\system32\1024\ldC8A6.tmp c:\windows\system32\1024\ldC8AA.tmp c:\windows\system32\1024\ldC92E.tmp c:\windows\system32\1024\ldC941.tmp c:\windows\system32\1024\ldC945.tmp c:\windows\system32\1024\ldC951.tmp c:\windows\system32\1024\ldC98C.tmp c:\windows\system32\1024\ldC9A5.tmp c:\windows\system32\1024\ldC9A8.tmp c:\windows\system32\1024\ldCA01.tmp c:\windows\system32\1024\ldCA4F.tmp c:\windows\system32\1024\ldCA63.tmp c:\windows\system32\1024\ldCA7C.tmp c:\windows\system32\1024\ldCA87.tmp c:\windows\system32\1024\ldCAA5.tmp c:\windows\system32\1024\ldCAC3.tmp c:\windows\system32\1024\ldCACF.tmp c:\windows\system32\1024\ldCADE.tmp c:\windows\system32\1024\ldCB4.tmp c:\windows\system32\1024\ldCB63.tmp c:\windows\system32\1024\ldCBA2.tmp c:\windows\system32\1024\ldCC1C.tmp c:\windows\system32\1024\ldCC54.tmp c:\windows\system32\1024\ldCC55.tmp c:\windows\system32\1024\ldCC8B.tmp c:\windows\system32\1024\ldCC8E.tmp c:\windows\system32\1024\ldCC9D.tmp c:\windows\system32\1024\ldCCB8.tmp c:\windows\system32\1024\ldCCD8.tmp c:\windows\system32\1024\ldCCEC.tmp c:\windows\system32\1024\ldCD12.tmp c:\windows\system32\1024\ldCD28.tmp c:\windows\system32\1024\ldCD7E.tmp c:\windows\system32\1024\ldCD85.tmp c:\windows\system32\1024\ldCDEC.tmp c:\windows\system32\1024\ldCE05.tmp c:\windows\system32\1024\ldCE32.tmp c:\windows\system32\1024\ldCE78.tmp c:\windows\system32\1024\ldCE7D.tmp c:\windows\system32\1024\ldCE80.tmp c:\windows\system32\1024\ldCEE.tmp c:\windows\system32\1024\ldCEE0.tmp c:\windows\system32\1024\ldCF31.tmp c:\windows\system32\1024\ldCF44.tmp c:\windows\system32\1024\ldCF47.tmp c:\windows\system32\1024\ldCF7D.tmp c:\windows\system32\1024\ldCF82.tmp c:\windows\system32\1024\ldCF9D.tmp c:\windows\system32\1024\ldCF9F.tmp c:\windows\system32\1024\ldCFAA.tmp c:\windows\system32\1024\ldD.tmp c:\windows\system32\1024\ldD006.tmp c:\windows\system32\1024\ldD06A.tmp c:\windows\system32\1024\ldD0D1.tmp c:\windows\system32\1024\ldD140.tmp c:\windows\system32\1024\ldD150.tmp c:\windows\system32\1024\ldD16C.tmp c:\windows\system32\1024\ldD179.tmp c:\windows\system32\1024\ldD1EB.tmp c:\windows\system32\1024\ldD24D.tmp c:\windows\system32\1024\ldD257.tmp c:\windows\system32\1024\ldD2D8.tmp c:\windows\system32\1024\ldD2E.tmp c:\windows\system32\1024\ldD2F9.tmp c:\windows\system32\1024\ldD31E.tmp c:\windows\system32\1024\ldD36E.tmp c:\windows\system32\1024\ldD376.tmp c:\windows\system32\1024\ldD3AA.tmp c:\windows\system32\1024\ldD3CF.tmp c:\windows\system32\1024\ldD419.tmp c:\windows\system32\1024\ldD41B.tmp c:\windows\system32\1024\ldD41F.tmp c:\windows\system32\1024\ldD45B.tmp c:\windows\system32\1024\ldD48E.tmp c:\windows\system32\1024\ldD4A9.tmp c:\windows\system32\1024\ldD4E8.tmp c:\windows\system32\1024\ldD572.tmp c:\windows\system32\1024\ldD578.tmp c:\windows\system32\1024\ldD587.tmp c:\windows\system32\1024\ldD58D.tmp c:\windows\system32\1024\ldD5A7.tmp c:\windows\system32\1024\ldD5CF.tmp c:\windows\system32\1024\ldD5DA.tmp c:\windows\system32\1024\ldD606.tmp c:\windows\system32\1024\ldD624.tmp c:\windows\system32\1024\ldD62C.tmp c:\windows\system32\1024\ldD63A.tmp c:\windows\system32\1024\ldD643.tmp c:\windows\system32\1024\ldD6B2.tmp c:\windows\system32\1024\ldD6DC.tmp c:\windows\system32\1024\ldD6E2.tmp c:\windows\system32\1024\ldD6F0.tmp c:\windows\system32\1024\ldD6F2.tmp c:\windows\system32\1024\ldD78F.tmp c:\windows\system32\1024\ldD793.tmp c:\windows\system32\1024\ldD7A7.tmp c:\windows\system32\1024\ldD7B2.tmp c:\windows\system32\1024\ldD7CA.tmp c:\windows\system32\1024\ldD82B.tmp c:\windows\system32\1024\ldD832.tmp c:\windows\system32\1024\ldD863.tmp c:\windows\system32\1024\ldD865.tmp c:\windows\system32\1024\ldD86A.tmp c:\windows\system32\1024\ldD87.tmp c:\windows\system32\1024\ldD883.tmp c:\windows\system32\1024\ldD889.tmp c:\windows\system32\1024\ldD89D.tmp c:\windows\system32\1024\ldD8E1.tmp c:\windows\system32\1024\ldD8E4.tmp c:\windows\system32\1024\ldD907.tmp c:\windows\system32\1024\ldD979.tmp c:\windows\system32\1024\ldD97D.tmp c:\windows\system32\1024\ldD987.tmp c:\windows\system32\1024\ldD9AC.tmp c:\windows\system32\1024\ldD9C5.tmp c:\windows\system32\1024\ldD9C9.tmp c:\windows\system32\1024\ldD9FC.tmp c:\windows\system32\1024\ldDA01.tmp c:\windows\system32\1024\ldDA11.tmp c:\windows\system32\1024\ldDA14.tmp c:\windows\system32\1024\ldDA46.tmp c:\windows\system32\1024\ldDA4F.tmp c:\windows\system32\1024\ldDABB.tmp c:\windows\system32\1024\ldDAC4.tmp c:\windows\system32\1024\ldDAC6.tmp c:\windows\system32\1024\ldDAF4.tmp c:\windows\system32\1024\ldDC2C.tmp c:\windows\system32\1024\ldDCB.tmp c:\windows\system32\1024\ldDCD1.tmp c:\windows\system32\1024\ldDD5E.tmp c:\windows\system32\1024\ldDDE5.tmp c:\windows\system32\1024\ldDDE9.tmp c:\windows\system32\1024\ldDDF1.tmp c:\windows\system32\1024\ldDE11.tmp c:\windows\system32\1024\ldDE30.tmp c:\windows\system32\1024\ldDE50.tmp c:\windows\system32\1024\ldDE82.tmp c:\windows\system32\1024\ldDEB.tmp c:\windows\system32\1024\ldDEC1.tmp c:\windows\system32\1024\ldDEDC.tmp c:\windows\system32\1024\ldDF03.tmp c:\windows\system32\1024\ldDF5.tmp c:\windows\system32\1024\ldDF6C.tmp c:\windows\system32\1024\ldDFB6.tmp c:\windows\system32\1024\ldDFE2.tmp c:\windows\system32\1024\ldDFE7.tmp c:\windows\system32\1024\ldE015.tmp c:\windows\system32\1024\ldE032.tmp c:\windows\system32\1024\ldE05A.tmp c:\windows\system32\1024\ldE05F.tmp c:\windows\system32\1024\ldE06D.tmp c:\windows\system32\1024\ldE07E.tmp c:\windows\system32\1024\ldE0F1.tmp c:\windows\system32\1024\ldE10.tmp c:\windows\system32\1024\ldE117.tmp c:\windows\system32\1024\ldE138.tmp c:\windows\system32\1024\ldE161.tmp c:\windows\system32\1024\ldE188.tmp c:\windows\system32\1024\ldE1A4.tmp c:\windows\system32\1024\ldE1B2.tmp c:\windows\system32\1024\ldE207.tmp c:\windows\system32\1024\ldE20A.tmp c:\windows\system32\1024\ldE217.tmp c:\windows\system32\1024\ldE24.tmp c:\windows\system32\1024\ldE244.tmp c:\windows\system32\1024\ldE26D.tmp c:\windows\system32\1024\ldE284.tmp c:\windows\system32\1024\ldE2BB.tmp c:\windows\system32\1024\ldE2EF.tmp c:\windows\system32\1024\ldE304.tmp c:\windows\system32\1024\ldE332.tmp c:\windows\system32\1024\ldE389.tmp c:\windows\system32\1024\ldE3A3.tmp c:\windows\system32\1024\ldE439.tmp c:\windows\system32\1024\ldE45D.tmp c:\windows\system32\1024\ldE47D.tmp c:\windows\system32\1024\ldE4A1.tmp c:\windows\system32\1024\ldE500.tmp c:\windows\system32\1024\ldE50C.tmp c:\windows\system32\1024\ldE511.tmp c:\windows\system32\1024\ldE521.tmp c:\windows\system32\1024\ldE586.tmp c:\windows\system32\1024\ldE5B6.tmp c:\windows\system32\1024\ldE5CF.tmp c:\windows\system32\1024\ldE5D2.tmp c:\windows\system32\1024\ldE5DB.tmp c:\windows\system32\1024\ldE5E5.tmp c:\windows\system32\1024\ldE5FD.tmp c:\windows\system32\1024\ldE603.tmp c:\windows\system32\1024\ldE638.tmp c:\windows\system32\1024\ldE68A.tmp c:\windows\system32\1024\ldE69A.tmp c:\windows\system32\1024\ldE6B6.tmp c:\windows\system32\1024\ldE6DC.tmp c:\windows\system32\1024\ldE6DD.tmp c:\windows\system32\1024\ldE704.tmp c:\windows\system32\1024\ldE71.tmp c:\windows\system32\1024\ldE717.tmp c:\windows\system32\1024\ldE755.tmp c:\windows\system32\1024\ldE76.tmp c:\windows\system32\1024\ldE76F.tmp c:\windows\system32\1024\ldE792.tmp c:\windows\system32\1024\ldE79E.tmp c:\windows\system32\1024\ldE7F.tmp c:\windows\system32\1024\ldE818.tmp c:\windows\system32\1024\ldE820.tmp c:\windows\system32\1024\ldE823.tmp c:\windows\system32\1024\ldE83B.tmp c:\windows\system32\1024\ldE87C.tmp c:\windows\system32\1024\ldE8A2.tmp c:\windows\system32\1024\ldE8D.tmp c:\windows\system32\1024\ldE91E.tmp c:\windows\system32\1024\ldE93A.tmp c:\windows\system32\1024\ldE977.tmp c:\windows\system32\1024\ldE9AB.tmp c:\windows\system32\1024\ldE9ED.tmp c:\windows\system32\1024\ldEA0E.tmp c:\windows\system32\1024\ldEA5C.tmp c:\windows\system32\1024\ldEA5F.tmp c:\windows\system32\1024\ldEABB.tmp c:\windows\system32\1024\ldEABF.tmp c:\windows\system32\1024\ldEAFF.tmp c:\windows\system32\1024\ldEB1F.tmp c:\windows\system32\1024\ldEB38.tmp c:\windows\system32\1024\ldEB47.tmp c:\windows\system32\1024\ldEB57.tmp c:\windows\system32\1024\ldEBD.tmp c:\windows\system32\1024\ldEBFF.tmp c:\windows\system32\1024\ldEC12.tmp c:\windows\system32\1024\ldEC1B.tmp c:\windows\system32\1024\ldEC22.tmp c:\windows\system32\1024\ldEC5B.tmp c:\windows\system32\1024\ldEC5C.tmp c:\windows\system32\1024\ldEC6B.tmp c:\windows\system32\1024\ldECC4.tmp c:\windows\system32\1024\ldECCC.tmp c:\windows\system32\1024\ldECE1.tmp c:\windows\system32\1024\ldED31.tmp c:\windows\system32\1024\ldED72.tmp c:\windows\system32\1024\ldED9B.tmp c:\windows\system32\1024\ldEDF9.tmp c:\windows\system32\1024\ldEDFD.tmp c:\windows\system32\1024\ldEE08.tmp c:\windows\system32\1024\ldEE18.tmp c:\windows\system32\1024\ldEE1F.tmp c:\windows\system32\1024\ldEE39.tmp c:\windows\system32\1024\ldEE3B.tmp c:\windows\system32\1024\ldEE47.tmp c:\windows\system32\1024\ldEEA5.tmp c:\windows\system32\1024\ldEEAE.tmp c:\windows\system32\1024\ldEEB5.tmp c:\windows\system32\1024\ldEEEA.tmp c:\windows\system32\1024\ldEEFA.tmp c:\windows\system32\1024\ldEEFC.tmp c:\windows\system32\1024\ldEF68.tmp c:\windows\system32\1024\ldEFA5.tmp c:\windows\system32\1024\ldF002.tmp c:\windows\system32\1024\ldF01D.tmp c:\windows\system32\1024\ldF044.tmp c:\windows\system32\1024\ldF045.tmp c:\windows\system32\1024\ldF049.tmp c:\windows\system32\1024\ldF057.tmp c:\windows\system32\1024\ldF05D.tmp c:\windows\system32\1024\ldF10D.tmp c:\windows\system32\1024\ldF129.tmp c:\windows\system32\1024\ldF13F.tmp c:\windows\system32\1024\ldF157.tmp c:\windows\system32\1024\ldF189.tmp c:\windows\system32\1024\ldF197.tmp c:\windows\system32\1024\ldF1E6.tmp c:\windows\system32\1024\ldF1F5.tmp c:\windows\system32\1024\ldF207.tmp c:\windows\system32\1024\ldF250.tmp c:\windows\system32\1024\ldF299.tmp c:\windows\system32\1024\ldF29C.tmp c:\windows\system32\1024\ldF2E7.tmp c:\windows\system32\1024\ldF2ED.tmp c:\windows\system32\1024\ldF309.tmp c:\windows\system32\1024\ldF310.tmp c:\windows\system32\1024\ldF31E.tmp c:\windows\system32\1024\ldF37B.tmp c:\windows\system32\1024\ldF402.tmp c:\windows\system32\1024\ldF405.tmp c:\windows\system32\1024\ldF40F.tmp c:\windows\system32\1024\ldF413.tmp c:\windows\system32\1024\ldF417.tmp c:\windows\system32\1024\ldF493.tmp c:\windows\system32\1024\ldF4A8.tmp c:\windows\system32\1024\ldF4C1.tmp c:\windows\system32\1024\ldF4D1.tmp c:\windows\system32\1024\ldF501.tmp c:\windows\system32\1024\ldF50F.tmp c:\windows\system32\1024\ldF57E.tmp c:\windows\system32\1024\ldF585.tmp c:\windows\system32\1024\ldF5C7.tmp c:\windows\system32\1024\ldF625.tmp c:\windows\system32\1024\ldF626.tmp c:\windows\system32\1024\ldF629.tmp c:\windows\system32\1024\ldF66.tmp c:\windows\system32\1024\ldF66E.tmp c:\windows\system32\1024\ldF695.tmp c:\windows\system32\1024\ldF6FD.tmp c:\windows\system32\1024\ldF70D.tmp c:\windows\system32\1024\ldF71A.tmp c:\windows\system32\1024\ldF787.tmp c:\windows\system32\1024\ldF7B8.tmp c:\windows\system32\1024\ldF7F9.tmp c:\windows\system32\1024\ldF80D.tmp c:\windows\system32\1024\ldF831.tmp c:\windows\system32\1024\ldF861.tmp c:\windows\system32\1024\ldF897.tmp c:\windows\system32\1024\ldF8CB.tmp c:\windows\system32\1024\ldF900.tmp c:\windows\system32\1024\ldF91B.tmp c:\windows\system32\1024\ldF93F.tmp c:\windows\system32\1024\ldF96A.tmp c:\windows\system32\1024\ldF9E.tmp c:\windows\system32\1024\ldFA0E.tmp c:\windows\system32\1024\ldFA13.tmp c:\windows\system32\1024\ldFA17.tmp c:\windows\system32\1024\ldFA3F.tmp c:\windows\system32\1024\ldFACA.tmp c:\windows\system32\1024\ldFB09.tmp c:\windows\system32\1024\ldFB0E.tmp c:\windows\system32\1024\ldFB60.tmp c:\windows\system32\1024\ldFB9A.tmp c:\windows\system32\1024\ldFBA2.tmp c:\windows\system32\1024\ldFBA7.tmp c:\windows\system32\1024\ldFBD8.tmp c:\windows\system32\1024\ldFC.tmp c:\windows\system32\1024\ldFC6F.tmp c:\windows\system32\1024\ldFC75.tmp c:\windows\system32\1024\ldFC83.tmp c:\windows\system32\1024\ldFC84.tmp c:\windows\system32\1024\ldFC9E.tmp c:\windows\system32\1024\ldFCD8.tmp c:\windows\system32\1024\ldFCF6.tmp c:\windows\system32\1024\ldFD3A.tmp c:\windows\system32\1024\ldFD3B.tmp c:\windows\system32\1024\ldFD3E.tmp c:\windows\system32\1024\ldFD45.tmp c:\windows\system32\1024\ldFD5.tmp c:\windows\system32\1024\ldFD59.tmp c:\windows\system32\1024\ldFD91.tmp c:\windows\system32\1024\ldFDC2.tmp c:\windows\system32\1024\ldFE.tmp c:\windows\system32\1024\ldFE24.tmp c:\windows\system32\1024\ldFE94.tmp c:\windows\system32\1024\ldFECC.tmp c:\windows\system32\1024\ldFF11.tmp c:\windows\system32\1024\ldFF1E.tmp c:\windows\system32\1024\ldFF25.tmp c:\windows\system32\1024\ldFFD0.tmp . ((((((((((((((((((((((((( Files Created from 2008-12-05 to 2009-01-05 ))))))))))))))))))))))))))))))) . 2008-12-30 18:03 . 2008-12-30 20:38 250 --a------ c:\windows\gmer.ini 2008-12-23 17:18 . 2008-12-23 17:18 <DIR> d-------- c:\program files\SonicWallES 2008-12-23 11:20 . 2005-06-21 16:43 163,840 --a------ c:\windows\system32\igfxres.dll 2008-12-23 11:15 . 2005-01-23 11:04 878,651 --a------ c:\windows\system32\SET1B.tmp 2008-12-23 11:15 . 2005-01-23 11:04 878,651 --a------ c:\windows\system32\SET17.tmp 2008-12-23 11:15 . 2005-01-23 10:31 348,160 --a------ c:\windows\system32\SET2D.tmp 2008-12-23 11:15 . 2005-01-23 10:55 178,779 --a------ c:\windows\system32\SET18.tmp 2008-12-23 11:15 . 2005-01-23 10:55 178,779 --a------ c:\windows\system32\SET14.tmp 2008-12-23 11:15 . 2005-01-23 10:30 139,264 --a------ c:\windows\system32\SET57.tmp 2008-12-23 11:15 . 2005-01-23 10:30 118,784 --a------ c:\windows\system32\SET2A.tmp 2008-12-23 11:15 . 2005-01-23 10:55 108,092 --a------ c:\windows\system32\SET15.tmp 2008-12-23 11:15 . 2005-01-23 10:55 108,092 --a------ c:\windows\system32\SET11.tmp 2008-12-23 11:15 . 2005-01-23 10:56 37,951 --a------ c:\windows\system32\SETE.tmp 2008-12-23 11:15 . 2005-01-23 10:56 37,951 --a------ c:\windows\system32\SET12.tmp 2008-12-23 10:59 . 2008-12-23 10:59 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-12-23 10:59 . 2008-12-23 10:59 <DIR> d-------- c:\documents and settings\martin\Application Data\SystemRequirementsLab 2008-12-22 18:09 . 2008-12-23 16:40 5,092 --a------ C:\rollback.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-05 14:07 --------- d-----w c:\program files\isposure 2009-01-05 13:21 --------- d-----w c:\documents and settings\All Users\Application Data\Epitiro 2009-01-04 20:56 --------- d-----w c:\program files\SpywareGuard 2009-01-04 19:11 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2008-12-30 20:51 --------- d-----w c:\program files\PCRescue3.0 2008-12-28 19:27 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Napster 2008-12-23 17:07 --------- d-----w c:\program files\Java 2008-12-23 17:02 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-23 17:02 --------- d-----w c:\program files\iPod 2008-12-23 10:14 --------- d-----w c:\program files\CCleaner 2008-12-23 09:56 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2008-11-30 11:08 --------- d-----w c:\documents and settings\martin\Application Data\AVGTOOLBAR 2008-11-26 17:42 --------- d-----w c:\program files\Google 2008-11-22 16:04 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2008-11-21 16:05 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-11-21 16:05 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys 2008-11-21 16:05 --------- d-----w c:\program files\AVG 2008-11-21 16:05 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-21 15:34 --------- d-----w c:\program files\F-Secure Internet Security 2008-11-17 16:16 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-11-09 19:49 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-11-09 14:45 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-04_15.08.44.62 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-04 15:05:08 59,440 ----a-w c:\windows\system32\perfc009.dat + 2009-01-05 14:12:17 59,440 ----a-w c:\windows\system32\perfc009.dat - 2009-01-04 15:05:08 395,200 ----a-w c:\windows\system32\perfh009.dat + 2009-01-05 14:12:17 395,200 ----a-w c:\windows\system32\perfh009.dat - 2007-03-15 17:16:42 236,928 ------w c:\windows\system32\WgaLogon.dll + 2008-09-05 23:30:42 241,704 ----a-w c:\windows\system32\WgaLogon.dll + 2009-01-05 14:08:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_780.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-04 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248] "CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "CTStartup"="c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152] "WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2000-06-30 24576] "Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2000-07-03 311350] "Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-06-30 28739] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-06 278528] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-12-30 155648] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-09 29744] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-30 1261336] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 49263] "CTHelper"="CTHELPER.EXE" [2002-09-03 c:\windows\system32\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\martin\Start Menu\Programs\Startup\ SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-21 65588] Windows Desktop Search.lnk - c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe [2005-09-20 18:10:04 238080] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-21 97928] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2005-01-28 10368] R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-21 875288] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-21 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-21 76040] R4 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [2008-10-23 712704] S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2005-07-17 24197] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-09 29744] S3 SaiH0464;SaiH0464;c:\windows\system32\drivers\SaiH0464.sys [2008-04-16 48128] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\LaunchU3.exe -a . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uStart Page = hxxp://www.tiscali.co.uk/broadband IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: {C8EEB9AD-FE8C-4067-B15E-D5619E8BBE24} = 212.139.132.105 212.139.132.107 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd FF - ProfilePath - c:\documents and settings\martin\Application Data\Mozilla\Firefox\Profiles\cwj0st0g.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-05 14:11:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = "c:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????????????h?@?x?????B~D??????sx??s4???????y??w????@@@????|D@@?????>??w?????92?H??????|???|???????|L(?s?92??????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\CTSVCCDA.EXE c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\windows\system32\MsPMSPSv.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\iPod\bin\iPodService.exe c:\program files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe . ************************************************************************** . Completion time: 2009-01-05 14:16:11 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-05 14:16:04 ComboFix2.txt 2009-01-04 15:10:06 Pre-Run: 2,543,575,040 bytes free Post-Run: 2,587,365,376 bytes free 1543 --- E O F --- 2009-01-05 13:32:47
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-05-2009, 03:27 PM
|
#14 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
No problems, Ron. I will tell you that having 2 AV's installed at a given time is never a good idea--even if one is disabled. System slow downs as well as other eratic behavior can ensue.
Uninstall FSecure via the Add or Remove programs panel. How is the system now? |
|
|
|
|
01-07-2009, 07:39 AM
|
#15 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
Ried,
Thanks for that info. All your help and time is very much appriecated. Not only is my computer infected (or was) but my body also. I,ve been in bed for the last two days' so shall not be able to act on any further instructios until the end of the week. So please don't close this thread before, say, Sunday. The compuer is running wonderfully. You have earned TSF another Donation from me. Couldn't FSecure on Add Remove. Can I now download SP3, or don;t I need it? Now back to bed/ Regards. Ron Williams
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader Last edited by Ronski; 01-07-2009 at 07:46 AM. |
|
|
|
|
01-07-2009, 02:17 PM
|
#16 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
Hello Ron. No worried, I'll keep this thread open until Monday of next week (unless I hear from you that you need more time). I'm sorry to hear you're not well.
 When you feel up to it.... Use FSecure's Uninstallation Tool 3. This uninstaller will remove all client products up to version 7. (with the exception of Server Edition).
Note: This will clear the directory in which F-Secure's software was installed unless it was installed in an unsafe location. ------------------------------------- After you've done that, then please do update to SP3. Let me know how you got along. |
|
|
|
|
01-09-2009, 09:35 AM
|
#17 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
Ried,
Thanks again, my machine starts up so fast now that I just can't keep up with it. I ran another Search for F-Secure and found it in C:\Program Files (FSGUI 1.4mb).Apparently, this is an unsafe area!!! PANIC - Do I still download the Zip file you mention? Note: This will clear the directory in which F-Secure's software was installed unless it was installed in an unsafe location. Ron. PS. While it is still on this m/c I'll disable AVG8. In the meantime, I'll stay off line as much as I need to.
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-09-2009, 02:50 PM
|
#18 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
Hi Ron,
Yes, download and run the uninstaller anyway. The worst that will happen is that it will not remove FSecure. After you've run the tool, run a new scan with dds.com and post both logs for review. |
|
|
|
|
01-10-2009, 09:28 AM
|
#19 (permalink) |
|
I helped the forums.
Join Date: Nov 2005
Location: Berkshire. UK.
Posts: 111
OS: Win XP Pro SP2
|
Re: Can't Roll Back[moved from video cards]
Right Sir,
Sorry to drag this out but when I downloaded the Zip file, I found that it was in: C:\Doc Settings\...\...., Which is not where we want it, is it? Or is it? My unzipper is a FireFox Add-on. As you can see, I'm not a teenager 'puter whiz kid. In fact a five year old knows more. So, RIED, what next? I'm quite happy with things as they are but if that F-Secure can cause problems, then I must get rid of it. Ron
__________________
FireFox Ewido Zone Alarm SpyGuard SpyBlaster AVG SpyBot cwshreader |
|
|
|
|
01-10-2009, 09:47 AM
|
#20 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,882
OS: WinXP and Vista
|
Re: Can't Roll Back[moved from video cards]
What is the rest of the path? Does it end up extracted on your desktop? If so, go ahead and run it.
|
|
|
|
| Thread Tools | |
|
|
