# Recent Computer Promblem, Help Needed



## thawilso (Sep 25, 2007)

My computer recently started messing up. I restarted it the other day after it 
froze up, and I've had problems ever since. Some problems are that AOL Explorer
no longer works, and Internet Explorer freezes up after 10-15 minutes. I tried
to do a system restore when I first noticed the problems, but that no longer works
and it says 'Restore Incomplete' when I try. Also, I have had problems completing
Windows Updates in the past. I had Symantec Antivirus and Spybot, but they've not 
been working for a year or so now. I also have AVG Free and Ad-Aware which to my 
knowledge currently work. Also, here are some of the error messages I've been getting
lately whenever I start my computer.

-Important - Potential Errors found in the system
During a scan of files at system startup, potential errors in the system registry
were found.
p-07-0100 irql: 1f SYSVER 0xff00024
NT-Kernel error 1256
KMODE_EXCEPTION_NOT_HANDLED

-c:\WINDOWS\system32\vtsqq.exe
Windows cannot access the specified device, path, or file. You may not
have the appropriate permissions to access the item.

-Could not load run 'c:\WINDOWS\system32\vtsqq.exe' specified in registry. Make sure
the files exists on your computer or remove the reference to it in the registry.

-RUNDLL - Error Loading C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\ljffjasy.dll
The specified module could not be found.

-RUNDLL - Error Loading C:\WINDOWS\system32\tewyjomj.dll
The specified module could not be found.

-Your system could become unstable
A Potential problem has been detected and Windows has been shutdown buggy
application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, Date Stamp 36b072A3
Kernel Debugger Using: COM2 (Port 0x28f, Baud rate 192000)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:13 PM, on 1/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
F3 - REG:win.ini: load=C:\WINDOWS\system32\vtsqq.exe
O3 - Toolbar: Htm Active Cool - {D1F453D2-B56C-737C-1A32-B109F40F1916} - C:\PROGRA~1\WINDOW~4\Inter bone.dll (file missing)
O3 - Toolbar: SEARCHESSISTANT Search - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O3 - Toolbar: SEARCHESSISTANT Related - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [couponsandoffers] C:\Program Files\couponsandoffers\couponsandoffersrun.exe /cp "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [{D9-9D-DD-D2-ZN}] C:\windows\system32\modsregj.exe CHD003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwinpndq.exe CHD003
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\ljffjasy.dll",forkonce
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\tewyjomj.dll",sitypnow
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394661A64DB7C8F0287E55E246220D9E728F9FC17D446BC57D5375FB0FB68AD6
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\thawilso\HXIUL.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\thawilso\Client\HelpExp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [mfif] C:\PROGRA~1\COMMON~1\mfif\mfifm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mfif] C:\PROGRA~1\COMMON~1\mfif\mfifm.exe (User 'Default user')
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\lwinpndq.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\hfhxynal.exe (file missing)
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe (file missing)
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Prevx - C:\Program Files\Prevx1\PXAgent.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gwbjmlz.exe (file missing)
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 10821 bytes


----------



## Cookiegal (Aug 27, 2003)

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet *after downloading the program and before scanning*.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *ComboFix* and save it to your desktop.

***Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

 WARNING: *IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts. *
*Please do not re-connect your machine back to the Internet until ComboFix has completely finished.*
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on *combofix.exe* and follow the prompts. When finished, it will produce a report for you. Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall***


----------



## thawilso (Sep 25, 2007)

ComboFix 08-01-16.4 - thawilso 2008-01-16 13:58:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT -5:00]
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas Wilson\Application Data\WinTouch
C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\think-adz.lnk
C:\pos10.tmp
C:\pos100.tmp
C:\pos1000.tmp
C:\pos1001.tmp
C:\pos1002.tmp
C:\pos1003.tmp
C:\pos1004.tmp
C:\pos1005.tmp
C:\pos1006.tmp
C:\pos1007.tmp
C:\pos1008.tmp
C:\pos1009.tmp
C:\pos100A.tmp
C:\pos100B.tmp
C:\pos100C.tmp
C:\pos100D.tmp
C:\pos100E.tmp
C:\pos100F.tmp
C:\pos101.tmp
C:\pos1010.tmp
C:\pos1011.tmp
C:\pos1012.tmp
C:\pos1013.tmp
C:\pos1014.tmp
C:\pos1015.tmp
C:\pos1016.tmp
C:\pos1017.tmp
C:\pos1018.tmp
C:\pos1019.tmp
C:\pos101A.tmp
C:\pos101B.tmp
C:\pos101C.tmp
C:\pos101D.tmp
C:\pos101E.tmp
C:\pos101F.tmp
C:\pos102.tmp
C:\pos1020.tmp
C:\pos1021.tmp
C:\pos1022.tmp
C:\pos1023.tmp
C:\pos1024.tmp
C:\pos1025.tmp
C:\pos1026.tmp
C:\pos1027.tmp
C:\pos1028.tmp
C:\pos1029.tmp
C:\pos102A.tmp
C:\pos102B.tmp
C:\pos102C.tmp
C:\pos102D.tmp
C:\pos102E.tmp
C:\pos102F.tmp
C:\pos103.tmp
C:\pos1030.tmp
C:\pos1031.tmp
C:\pos1032.tmp
C:\pos1033.tmp
C:\pos1034.tmp
C:\pos1035.tmp
C:\pos1036.tmp
C:\pos1037.tmp
C:\pos1038.tmp
C:\pos1039.tmp
C:\pos103A.tmp
C:\pos103B.tmp
C:\pos103C.tmp
C:\pos103D.tmp
C:\pos103E.tmp
C:\pos103F.tmp
C:\pos104.tmp
C:\pos1040.tmp
C:\pos1041.tmp
C:\pos1042.tmp
C:\pos1043.tmp
C:\pos1044.tmp
C:\pos1045.tmp
C:\pos1046.tmp
C:\pos1047.tmp
C:\pos1048.tmp
C:\pos1049.tmp
C:\pos104A.tmp
C:\pos104B.tmp
C:\pos104C.tmp
C:\pos104D.tmp
C:\pos104E.tmp
C:\pos104F.tmp
C:\pos105.tmp
C:\pos1050.tmp
C:\pos1051.tmp
C:\pos1052.tmp
C:\pos1053.tmp
C:\pos1054.tmp
C:\pos1055.tmp
C:\pos1056.tmp
C:\pos1057.tmp
C:\pos1058.tmp
C:\pos1059.tmp
C:\pos105A.tmp
C:\pos105B.tmp
C:\pos105C.tmp
C:\pos105D.tmp
C:\pos105E.tmp
C:\pos105F.tmp
C:\pos106.tmp
C:\pos1060.tmp
C:\pos1061.tmp
C:\pos1062.tmp
C:\pos1063.tmp
C:\pos1064.tmp
C:\pos1065.tmp
C:\pos1066.tmp
C:\pos1067.tmp
C:\pos1068.tmp
C:\pos1069.tmp
C:\pos106A.tmp
C:\pos106B.tmp
C:\pos106C.tmp
C:\pos106D.tmp
C:\pos106E.tmp
C:\pos106F.tmp
C:\pos107.tmp
C:\pos1070.tmp
C:\pos1071.tmp
C:\pos1072.tmp
C:\pos1073.tmp
C:\pos1074.tmp
C:\pos1075.tmp
C:\pos1076.tmp
C:\pos1077.tmp
C:\pos1078.tmp
C:\pos1079.tmp
C:\pos107A.tmp
C:\pos107B.tmp
C:\pos107C.tmp
C:\pos107D.tmp
C:\pos107E.tmp
C:\pos107F.tmp
C:\pos108.tmp
C:\pos1080.tmp
C:\pos1081.tmp
C:\pos1082.tmp
C:\pos1083.tmp
C:\pos1084.tmp
C:\pos1085.tmp
C:\pos1086.tmp
C:\pos1087.tmp
C:\pos1088.tmp
C:\pos1089.tmp
C:\pos108A.tmp
C:\pos108B.tmp
C:\pos108C.tmp
C:\pos108D.tmp
C:\pos108E.tmp
C:\pos108F.tmp
C:\pos109.tmp
C:\pos1090.tmp
C:\pos1091.tmp
C:\pos1092.tmp
C:\pos1093.tmp
C:\pos1094.tmp
C:\pos1095.tmp
C:\pos1096.tmp
C:\pos1097.tmp
C:\pos1098.tmp
C:\pos1099.tmp
C:\pos109A.tmp
C:\pos109B.tmp
C:\pos109C.tmp
C:\pos109D.tmp
C:\pos109E.tmp
C:\pos109F.tmp
C:\pos10A.tmp
C:\pos10A0.tmp
C:\pos10A1.tmp
C:\pos10A2.tmp
C:\pos10A3.tmp
C:\pos10A4.tmp
C:\pos10A5.tmp
C:\pos10A6.tmp
C:\pos10A7.tmp
C:\pos10A8.tmp
C:\pos10A9.tmp
C:\pos10AA.tmp
C:\pos10AB.tmp
C:\pos10AC.tmp
C:\pos10AD.tmp
C:\pos10AE.tmp
C:\pos10AF.tmp
C:\pos10B.tmp
C:\pos10B0.tmp
C:\pos10B1.tmp
C:\pos10B2.tmp
C:\pos10B3.tmp
C:\pos10B4.tmp
C:\pos10B5.tmp
C:\pos10B6.tmp
C:\pos10B7.tmp
C:\pos10B8.tmp
C:\pos10B9.tmp
C:\pos10BA.tmp
C:\pos10BB.tmp
C:\pos10BC.tmp
C:\pos10BD.tmp
C:\pos10BE.tmp
C:\pos10BF.tmp
C:\pos10C.tmp
C:\pos10C0.tmp
C:\pos10C1.tmp
C:\pos10C2.tmp
C:\pos10C3.tmp
C:\pos10C4.tmp
C:\pos10C5.tmp
C:\pos10C6.tmp
C:\pos10C7.tmp
C:\pos10C8.tmp
C:\pos10C9.tmp
C:\pos10CA.tmp
C:\pos10CB.tmp
C:\pos10CC.tmp
C:\pos10CD.tmp
C:\pos10CE.tmp
C:\pos10CF.tmp
C:\pos10D.tmp
C:\pos10D0.tmp
C:\pos10D1.tmp
C:\pos10D2.tmp
C:\pos10D3.tmp
C:\pos10D4.tmp
C:\pos10D5.tmp
C:\pos10D6.tmp
C:\pos10D7.tmp
C:\pos10D8.tmp
C:\pos10D9.tmp
C:\pos10DA.tmp
C:\pos10DB.tmp
C:\pos10DC.tmp
C:\pos10DD.tmp
C:\pos10DE.tmp
C:\pos10DF.tmp
C:\pos10E.tmp
C:\pos10E0.tmp
C:\pos10E1.tmp
C:\pos10E2.tmp
C:\pos10E3.tmp
C:\pos10E4.tmp
C:\pos10E5.tmp
C:\pos10E6.tmp
C:\pos10E7.tmp
C:\pos10E8.tmp
C:\pos10E9.tmp
C:\pos10EA.tmp
C:\pos10EB.tmp
C:\pos10EC.tmp
C:\pos10ED.tmp
C:\pos10EE.tmp
C:\pos10EF.tmp
C:\pos10F.tmp
C:\pos10F0.tmp
C:\pos10F1.tmp
C:\pos10F2.tmp
C:\pos10F3.tmp
C:\pos10F4.tmp
C:\pos10F5.tmp
C:\pos10F6.tmp
C:\pos10F7.tmp
C:\pos10F8.tmp
C:\pos10F9.tmp
C:\pos10FA.tmp
C:\pos10FB.tmp
C:\pos10FC.tmp
C:\pos10FD.tmp
C:\pos10FE.tmp
C:\pos10FF.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos1100.tmp
C:\pos1101.tmp
C:\pos1102.tmp
C:\pos1103.tmp
C:\pos1104.tmp
C:\pos1105.tmp
C:\pos1106.tmp
C:\pos1107.tmp
C:\pos1108.tmp
C:\pos1109.tmp
C:\pos110A.tmp
C:\pos110B.tmp
C:\pos110C.tmp
C:\pos110D.tmp
C:\pos110E.tmp
C:\pos110F.tmp
C:\pos111.tmp
C:\pos1110.tmp
C:\pos1111.tmp
C:\pos1112.tmp
C:\pos1113.tmp
C:\pos1114.tmp
C:\pos1115.tmp
C:\pos1116.tmp
C:\pos1117.tmp
C:\pos1118.tmp
C:\pos1119.tmp
C:\pos111A.tmp
C:\pos111B.tmp
C:\pos111C.tmp
C:\pos111D.tmp
C:\pos111E.tmp
C:\pos111F.tmp
C:\pos112.tmp
C:\pos1120.tmp
C:\pos1121.tmp
C:\pos1122.tmp
C:\pos1123.tmp
C:\pos1124.tmp
C:\pos1125.tmp
C:\pos1126.tmp
C:\pos1127.tmp
C:\pos1128.tmp
C:\pos1129.tmp
C:\pos112A.tmp
C:\pos112B.tmp
C:\pos112C.tmp
C:\pos112D.tmp
C:\pos112E.tmp
C:\pos112F.tmp
C:\pos113.tmp
C:\pos1130.tmp
C:\pos1131.tmp
C:\pos1132.tmp
C:\pos1133.tmp
C:\pos1134.tmp
C:\pos1135.tmp
C:\pos1136.tmp
C:\pos1137.tmp
C:\pos1138.tmp
C:\pos1139.tmp
C:\pos113A.tmp
C:\pos113B.tmp
C:\pos113C.tmp
C:\pos113D.tmp
C:\pos113E.tmp
C:\pos113F.tmp
C:\pos114.tmp
C:\pos1140.tmp
C:\pos1141.tmp
C:\pos1142.tmp
C:\pos1143.tmp
C:\pos1144.tmp
C:\pos1145.tmp
C:\pos1146.tmp
C:\pos1147.tmp
C:\pos1148.tmp
C:\pos1149.tmp
C:\pos114A.tmp
C:\pos114B.tmp
C:\pos114C.tmp
C:\pos114D.tmp
C:\pos114E.tmp
C:\pos114F.tmp
C:\pos115.tmp
C:\pos1150.tmp
C:\pos1151.tmp
C:\pos1152.tmp
C:\pos1153.tmp
C:\pos1154.tmp
C:\pos1155.tmp
C:\pos1156.tmp
C:\pos1157.tmp
C:\pos1158.tmp
C:\pos1159.tmp
C:\pos115A.tmp
C:\pos115B.tmp
C:\pos115C.tmp
C:\pos115D.tmp
C:\pos115E.tmp
C:\pos115F.tmp
C:\pos116.tmp
C:\pos1160.tmp
C:\pos1161.tmp
C:\pos1162.tmp
C:\pos1163.tmp
C:\pos1164.tmp
C:\pos1165.tmp
C:\pos1166.tmp
C:\pos1167.tmp
C:\pos1168.tmp
C:\pos1169.tmp
C:\pos116A.tmp
C:\pos116B.tmp
C:\pos116C.tmp
C:\pos116D.tmp
C:\pos116E.tmp
C:\pos116F.tmp
C:\pos117.tmp
C:\pos1170.tmp
C:\pos1171.tmp
C:\pos1172.tmp
C:\pos1173.tmp
C:\pos1174.tmp
C:\pos1175.tmp
C:\pos1176.tmp
C:\pos1177.tmp
C:\pos1178.tmp
C:\pos1179.tmp
C:\pos117A.tmp
C:\pos117B.tmp
C:\pos117C.tmp
C:\pos117D.tmp
C:\pos117E.tmp
C:\pos117F.tmp
C:\pos118.tmp
C:\pos1180.tmp
C:\pos1181.tmp
C:\pos1182.tmp
C:\pos1183.tmp
C:\pos1184.tmp
C:\pos1185.tmp
C:\pos1186.tmp
C:\pos1187.tmp
C:\pos1188.tmp
C:\pos1189.tmp
C:\pos118A.tmp
C:\pos118B.tmp
C:\pos118C.tmp
C:\pos118D.tmp
C:\pos118E.tmp
C:\pos118F.tmp
C:\pos119.tmp
C:\pos1190.tmp
C:\pos1191.tmp
C:\pos1192.tmp
C:\pos1193.tmp
C:\pos1194.tmp
C:\pos1195.tmp
C:\pos1196.tmp
C:\pos1197.tmp
C:\pos1198.tmp
C:\pos1199.tmp
C:\pos119A.tmp
C:\pos119B.tmp
C:\pos119C.tmp
C:\pos119D.tmp
C:\pos119E.tmp
C:\pos119F.tmp
C:\pos11A.tmp
C:\pos11A0.tmp
C:\pos11A1.tmp
C:\pos11A2.tmp
C:\pos11A3.tmp
C:\pos11A4.tmp
C:\pos11A5.tmp
C:\pos11A6.tmp
C:\pos11A7.tmp
C:\pos11A8.tmp
C:\pos11A9.tmp
C:\pos11AA.tmp
C:\pos11AB.tmp
C:\pos11AC.tmp
C:\pos11AD.tmp
C:\pos11AE.tmp
C:\pos11AF.tmp
C:\pos11B.tmp
C:\pos11B0.tmp
C:\pos11B1.tmp
C:\pos11B2.tmp
C:\pos11B3.tmp
C:\pos11B4.tmp
C:\pos11B5.tmp
C:\pos11B6.tmp
C:\pos11B7.tmp
C:\pos11B8.tmp
C:\pos11B9.tmp
C:\pos11BA.tmp
C:\pos11BB.tmp
C:\pos11BC.tmp
C:\pos11BD.tmp
C:\pos11BE.tmp
C:\pos11BF.tmp
C:\pos11C.tmp
C:\pos11C0.tmp
C:\pos11C1.tmp
C:\pos11C2.tmp
C:\pos11C3.tmp
C:\pos11C4.tmp
C:\pos11C5.tmp
C:\pos11C6.tmp
C:\pos11C7.tmp
C:\pos11C8.tmp
C:\pos11C9.tmp
C:\pos11CA.tmp
C:\pos11CB.tmp
C:\pos11CC.tmp
C:\pos11CD.tmp
C:\pos11CE.tmp
C:\pos11CF.tmp
C:\pos11D.tmp
C:\pos11D0.tmp
C:\pos11D1.tmp
C:\pos11D2.tmp
C:\pos11D3.tmp
C:\pos11D4.tmp
C:\pos11D5.tmp
C:\pos11D6.tmp
C:\pos11D7.tmp
C:\pos11D8.tmp
C:\pos11D9.tmp
C:\pos11DA.tmp
C:\pos11DB.tmp
C:\pos11DC.tmp
C:\pos11DD.tmp
C:\pos11DE.tmp
C:\pos11DF.tmp
C:\pos11E.tmp
C:\pos11E0.tmp
C:\pos11E1.tmp
C:\pos11E2.tmp
C:\pos11E3.tmp
C:\pos11E4.tmp
C:\pos11E5.tmp
C:\pos11E6.tmp
C:\pos11E7.tmp
C:\pos11E8.tmp
C:\pos11E9.tmp
C:\pos11EA.tmp
C:\pos11EB.tmp
C:\pos11EC.tmp
C:\pos11ED.tmp
C:\pos11EE.tmp
C:\pos11EF.tmp
C:\pos11F.tmp
C:\pos11F0.tmp
C:\pos11F1.tmp
C:\pos11F2.tmp
C:\pos11F3.tmp
C:\pos11F4.tmp
C:\pos11F5.tmp
C:\pos11F6.tmp
C:\pos11F7.tmp
C:\pos11F8.tmp
C:\pos11F9.tmp
C:\pos11FA.tmp
C:\pos11FB.tmp
C:\pos11FC.tmp
C:\pos11FD.tmp
C:\pos11FE.tmp
C:\pos11FF.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos1200.tmp
C:\pos1201.tmp
C:\pos1202.tmp
C:\pos1203.tmp
C:\pos1204.tmp
C:\pos1205.tmp
C:\pos1206.tmp
C:\pos1207.tmp
C:\pos1208.tmp
C:\pos1209.tmp
C:\pos120A.tmp
C:\pos120B.tmp
C:\pos120C.tmp
C:\pos120D.tmp
C:\pos120E.tmp
C:\pos120F.tmp
C:\pos121.tmp
C:\pos1210.tmp
C:\pos1211.tmp
C:\pos1212.tmp
C:\pos1213.tmp
C:\pos1214.tmp
C:\pos1215.tmp
C:\pos1216.tmp
C:\pos1217.tmp
C:\pos1218.tmp
C:\pos1219.tmp
C:\pos121A.tmp
C:\pos121B.tmp
C:\pos121C.tmp
C:\pos121D.tmp
C:\pos121E.tmp
C:\pos121F.tmp
C:\pos122.tmp
C:\pos1220.tmp
C:\pos1221.tmp
C:\pos1222.tmp
C:\pos1223.tmp
C:\pos1224.tmp
C:\pos1225.tmp
C:\pos1226.tmp
C:\pos1227.tmp
C:\pos1228.tmp
C:\pos1229.tmp
C:\pos122A.tmp
C:\pos122B.tmp
C:\pos122C.tmp
C:\pos122D.tmp
C:\pos122E.tmp
C:\pos122F.tmp
C:\pos123.tmp
C:\pos1230.tmp
C:\pos1231.tmp
C:\pos1232.tmp
C:\pos1233.tmp
C:\pos1234.tmp
C:\pos1235.tmp
C:\pos1236.tmp
C:\pos1237.tmp
C:\pos1238.tmp
C:\pos1239.tmp
C:\pos123A.tmp
C:\pos123B.tmp
C:\pos123C.tmp
C:\pos123D.tmp
C:\pos123E.tmp
C:\pos123F.tmp
C:\pos124.tmp
C:\pos1240.tmp
C:\pos1241.tmp
C:\pos1242.tmp
C:\pos1243.tmp
C:\pos1244.tmp
C:\pos1245.tmp
C:\pos1246.tmp
C:\pos1247.tmp
C:\pos1248.tmp
C:\pos1249.tmp
C:\pos124A.tmp
C:\pos124B.tmp
C:\pos124C.tmp
C:\pos124D.tmp
C:\pos124E.tmp
C:\pos124F.tmp
C:\pos125.tmp
C:\pos1250.tmp
C:\pos1251.tmp
C:\pos1252.tmp
C:\pos1253.tmp
C:\pos1254.tmp
C:\pos1255.tmp
C:\pos1256.tmp
C:\pos1257.tmp
C:\pos1258.tmp
C:\pos1259.tmp
C:\pos125A.tmp
C:\pos125B.tmp
C:\pos125C.tmp
C:\pos125D.tmp
C:\pos125E.tmp
C:\pos125F.tmp
C:\pos126.tmp
C:\pos1260.tmp
C:\pos1261.tmp
C:\pos1262.tmp
C:\pos1263.tmp
C:\pos1264.tmp
C:\pos1265.tmp
C:\pos1266.tmp
C:\pos1267.tmp
C:\pos1268.tmp
C:\pos1269.tmp
C:\pos126A.tmp
C:\pos126B.tmp
C:\pos126C.tmp
C:\pos126D.tmp
C:\pos126E.tmp
C:\pos126F.tmp
C:\pos127.tmp
C:\pos1270.tmp
C:\pos1271.tmp
C:\pos1272.tmp
C:\pos1273.tmp
C:\pos1274.tmp
C:\pos1275.tmp
C:\pos1276.tmp
C:\pos1277.tmp
C:\pos1278.tmp
C:\pos1279.tmp
C:\pos127A.tmp
C:\pos127B.tmp
C:\pos127C.tmp
C:\pos127D.tmp
C:\pos127E.tmp
C:\pos127F.tmp
C:\pos128.tmp
C:\pos1280.tmp
C:\pos1281.tmp
C:\pos1282.tmp
C:\pos1283.tmp
C:\pos1284.tmp
C:\pos1285.tmp
C:\pos1286.tmp
C:\pos1287.tmp
C:\pos1288.tmp
C:\pos1289.tmp
C:\pos128A.tmp
C:\pos128B.tmp
C:\pos128C.tmp
C:\pos128D.tmp
C:\pos128E.tmp
C:\pos128F.tmp
C:\pos129.tmp
C:\pos1290.tmp
C:\pos1291.tmp
C:\pos1292.tmp
C:\pos1293.tmp
C:\pos1294.tmp
C:\pos1295.tmp
C:\pos1296.tmp
C:\pos1297.tmp
C:\pos1298.tmp
C:\pos1299.tmp
C:\pos129A.tmp
C:\pos129B.tmp
C:\pos129C.tmp
C:\pos129D.tmp
C:\pos129E.tmp
C:\pos129F.tmp
C:\pos12A.tmp
C:\pos12A0.tmp
C:\pos12A1.tmp
C:\pos12A2.tmp
C:\pos12A3.tmp
C:\pos12A4.tmp
C:\pos12A5.tmp
C:\pos12A6.tmp
C:\pos12A7.tmp
C:\pos12A8.tmp
C:\pos12A9.tmp
C:\pos12AA.tmp
C:\pos12AB.tmp
C:\pos12AC.tmp
C:\pos12AD.tmp
C:\pos12AE.tmp
C:\pos12AF.tmp
C:\pos12B.tmp
C:\pos12B0.tmp
C:\pos12B1.tmp
C:\pos12B2.tmp
C:\pos12B3.tmp
C:\pos12B4.tmp
C:\pos12B5.tmp
C:\pos12B6.tmp
C:\pos12B7.tmp
C:\pos12B8.tmp
C:\pos12B9.tmp
C:\pos12BA.tmp
C:\pos12BB.tmp
C:\pos12BC.tmp
C:\pos12BD.tmp
C:\pos12BE.tmp
C:\pos12BF.tmp
C:\pos12C.tmp
C:\pos12C0.tmp
C:\pos12C1.tmp
C:\pos12C2.tmp
C:\pos12C3.tmp
C:\pos12C4.tmp
C:\pos12C5.tmp
C:\pos12C6.tmp
C:\pos12C7.tmp
C:\pos12C8.tmp
C:\pos12C9.tmp
C:\pos12CA.tmp
C:\pos12CB.tmp
C:\pos12CC.tmp
C:\pos12CD.tmp
C:\pos12CE.tmp
C:\pos12CF.tmp
C:\pos12D.tmp
C:\pos12D0.tmp
C:\pos12D1.tmp
C:\pos12D2.tmp
C:\pos12D3.tmp
C:\pos12D4.tmp
C:\pos12D5.tmp
C:\pos12D6.tmp
C:\pos12D7.tmp
C:\pos12D8.tmp
C:\pos12D9.tmp
C:\pos12DA.tmp
C:\pos12DB.tmp
C:\pos12DC.tmp
C:\pos12DD.tmp
C:\pos12DE.tmp
C:\pos12DF.tmp
C:\pos12E.tmp
C:\pos12E0.tmp
C:\pos12E1.tmp
C:\pos12E2.tmp
C:\pos12E3.tmp
C:\pos12E4.tmp
C:\pos12E5.tmp
C:\pos12E6.tmp
C:\pos12E7.tmp
C:\pos12E8.tmp
C:\pos12E9.tmp
C:\pos12EA.tmp
C:\pos12EB.tmp
C:\pos12EC.tmp
C:\pos12ED.tmp
C:\pos12EE.tmp
C:\pos12EF.tmp
C:\pos12F.tmp
C:\pos12F0.tmp
C:\pos12F1.tmp
C:\pos12F2.tmp
C:\pos12F3.tmp
C:\pos12F4.tmp
C:\pos12F5.tmp
C:\pos12F6.tmp
C:\pos12F7.tmp
C:\pos12F8.tmp
C:\pos12F9.tmp
C:\pos12FA.tmp
C:\pos12FB.tmp
C:\pos12FC.tmp
C:\pos12FD.tmp
C:\pos12FE.tmp
C:\pos12FF.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos1300.tmp
C:\pos1301.tmp
C:\pos1302.tmp
C:\pos1303.tmp
C:\pos1304.tmp
C:\pos1305.tmp
C:\pos1306.tmp
C:\pos1307.tmp
C:\pos1308.tmp
C:\pos1309.tmp
C:\pos130A.tmp
C:\pos130B.tmp
C:\pos130C.tmp
C:\pos130D.tmp
C:\pos130E.tmp
C:\pos130F.tmp
C:\pos131.tmp
C:\pos1310.tmp
C:\pos1311.tmp
C:\pos1312.tmp
C:\pos1313.tmp
C:\pos1314.tmp
C:\pos1315.tmp
C:\pos1316.tmp
C:\pos1317.tmp
C:\pos1318.tmp
C:\pos1319.tmp
C:\pos131A.tmp
C:\pos131B.tmp
C:\pos131C.tmp
C:\pos131D.tmp
C:\pos131E.tmp
C:\pos131F.tmp
C:\pos132.tmp
C:\pos1320.tmp
C:\pos1321.tmp
C:\pos1322.tmp
C:\pos1323.tmp
C:\pos1324.tmp
C:\pos1325.tmp
C:\pos1326.tmp
C:\pos1327.tmp
C:\pos1328.tmp
C:\pos1329.tmp
C:\pos132A.tmp
C:\pos132B.tmp
C:\pos132C.tmp
C:\pos132D.tmp
C:\pos132E.tmp
C:\pos132F.tmp
C:\pos133.tmp
C:\pos1330.tmp
C:\pos1331.tmp
C:\pos1332.tmp
C:\pos1333.tmp
C:\pos1334.tmp
C:\pos1335.tmp
C:\pos1336.tmp
C:\pos1337.tmp
C:\pos1338.tmp
C:\pos1339.tmp
C:\pos133A.tmp
C:\pos133B.tmp
C:\pos133C.tmp
C:\pos133D.tmp
C:\pos133E.tmp
C:\pos133F.tmp
C:\pos134.tmp
C:\pos1340.tmp
C:\pos1341.tmp
C:\pos1342.tmp
C:\pos1343.tmp
C:\pos1344.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos1345.tmp
C:\pos1346.tmp
C:\pos1347.tmp
C:\pos1348.tmp
C:\pos1349.tmp
C:\pos134A.tmp
C:\pos134B.tmp
C:\pos134C.tmp
C:\pos134D.tmp
C:\pos134E.tmp
C:\pos134F.tmp
C:\pos135.tmp
C:\pos1350.tmp
C:\pos1351.tmp
C:\pos1352.tmp
C:\pos1353.tmp
C:\pos1354.tmp
C:\pos1355.tmp
C:\pos1356.tmp
C:\pos1357.tmp
C:\pos1358.tmp
C:\pos1359.tmp
C:\pos135A.tmp
C:\pos135B.tmp
C:\pos135C.tmp
C:\pos135D.tmp
C:\pos135E.tmp
C:\pos135F.tmp
C:\pos136.tmp
C:\pos1360.tmp
C:\pos1361.tmp
C:\pos1362.tmp
C:\pos1363.tmp
C:\pos1364.tmp
C:\pos1365.tmp
C:\pos1366.tmp
C:\pos1367.tmp
C:\pos1368.tmp
C:\pos1369.tmp
C:\pos136A.tmp
C:\pos136B.tmp
C:\pos136C.tmp
C:\pos136D.tmp
C:\pos136E.tmp
C:\pos136F.tmp
C:\pos137.tmp
C:\pos1370.tmp
C:\pos1371.tmp
C:\pos1372.tmp
C:\pos1373.tmp
C:\pos1374.tmp
C:\pos1375.tmp
C:\pos1376.tmp
C:\pos1377.tmp
C:\pos1378.tmp
C:\pos1379.tmp
C:\pos137A.tmp
C:\pos137B.tmp
C:\pos137C.tmp
C:\pos137D.tmp
C:\pos137E.tmp
C:\pos137F.tmp
C:\pos138.tmp
C:\pos1380.tmp
C:\pos1381.tmp
C:\pos1382.tmp
C:\pos1383.tmp
C:\pos1384.tmp
C:\pos1385.tmp
C:\pos1386.tmp
C:\pos1387.tmp
C:\pos1388.tmp
C:\pos1389.tmp
C:\pos138A.tmp
C:\pos138B.tmp
C:\pos138C.tmp
C:\pos138D.tmp
C:\pos138E.tmp
C:\pos138F.tmp
C:\pos139.tmp
C:\pos1390.tmp
C:\pos1391.tmp
C:\pos1392.tmp
C:\pos1393.tmp
C:\pos1394.tmp
C:\pos1395.tmp
C:\pos1396.tmp
C:\pos1397.tmp
C:\pos1398.tmp
C:\pos1399.tmp
C:\pos139A.tmp
C:\pos139B.tmp
C:\pos139C.tmp
C:\pos139D.tmp
C:\pos139E.tmp
C:\pos139F.tmp
C:\pos13A.tmp
C:\pos13A0.tmp
C:\pos13A1.tmp
C:\pos13A2.tmp
C:\pos13A3.tmp
C:\pos13A4.tmp
C:\pos13A5.tmp
C:\pos13A6.tmp
C:\pos13A7.tmp
C:\pos13A8.tmp
C:\pos13A9.tmp
C:\pos13AA.tmp
C:\pos13AB.tmp
C:\pos13AC.tmp
C:\pos13AD.tmp
C:\pos13AE.tmp
C:\pos13AF.tmp
C:\pos13B.tmp
C:\pos13B0.tmp
C:\pos13B1.tmp
C:\pos13B2.tmp
C:\pos13B3.tmp
C:\pos13B4.tmp
C:\pos13B5.tmp
C:\pos13B6.tmp
C:\pos13B7.tmp
C:\pos13B8.tmp
C:\pos13B9.tmp
C:\pos13BA.tmp
C:\pos13BB.tmp
C:\pos13BC.tmp
C:\pos13BD.tmp
C:\pos13BE.tmp
C:\pos13BF.tmp
C:\pos13C.tmp
C:\pos13C0.tmp
C:\pos13C1.tmp
C:\pos13C2.tmp
C:\pos13C3.tmp
C:\pos13C4.tmp
C:\pos13C5.tmp
C:\pos13C6.tmp
C:\pos13C7.tmp
C:\pos13C8.tmp
C:\pos13C9.tmp
C:\pos13CA.tmp
C:\pos13CB.tmp
C:\pos13CC.tmp
C:\pos13CD.tmp
C:\pos13CE.tmp
C:\pos13CF.tmp
C:\pos13D.tmp
C:\pos13D0.tmp
C:\pos13D1.tmp
C:\pos13D2.tmp
C:\pos13D3.tmp
C:\pos13D4.tmp
C:\pos13D5.tmp
C:\pos13D6.tmp
C:\pos13D7.tmp
C:\pos13D8.tmp
C:\pos13D9.tmp
C:\pos13DA.tmp
C:\pos13DB.tmp
C:\pos13DC.tmp
C:\pos13DD.tmp
C:\pos13DE.tmp
C:\pos13DF.tmp
C:\pos13E.tmp
C:\pos13E0.tmp
C:\pos13E1.tmp
C:\pos13E2.tmp
C:\pos13E3.tmp
C:\pos13E4.tmp
C:\pos13E5.tmp
C:\pos13E6.tmp
C:\pos13E7.tmp
C:\pos13E8.tmp
C:\pos13E9.tmp
C:\pos13EA.tmp
C:\pos13EB.tmp
C:\pos13EC.tmp
C:\pos13ED.tmp
C:\pos13EE.tmp
C:\pos13EF.tmp
C:\pos13F.tmp
C:\pos13F0.tmp
C:\pos13F1.tmp
C:\pos13F2.tmp
C:\pos13F3.tmp
C:\pos13F4.tmp
C:\pos13F5.tmp
C:\pos13F6.tmp
C:\pos13F7.tmp
C:\pos13F8.tmp
C:\pos13F9.tmp
C:\pos13FA.tmp
C:\pos13FB.tmp
C:\pos13FC.tmp
C:\pos13FD.tmp
C:\pos13FE.tmp
C:\pos13FF.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos1400.tmp
C:\pos1401.tmp
C:\pos1402.tmp
C:\pos1403.tmp
C:\pos1404.tmp
C:\pos1405.tmp
C:\pos1406.tmp
C:\pos1407.tmp
C:\pos1408.tmp
C:\pos1409.tmp
C:\pos140A.tmp
C:\pos140B.tmp
C:\pos140C.tmp
C:\pos140D.tmp
C:\pos140E.tmp
C:\pos140F.tmp
C:\pos141.tmp
C:\pos1410.tmp
C:\pos1411.tmp
C:\pos1412.tmp
C:\pos1413.tmp
C:\pos1414.tmp
C:\pos1415.tmp
C:\pos1416.tmp
C:\pos1417.tmp
C:\pos1418.tmp
C:\pos1419.tmp
C:\pos141A.tmp
C:\pos141B.tmp
C:\pos141C.tmp
C:\pos141D.tmp
C:\pos141E.tmp
C:\pos141F.tmp
C:\pos142.tmp
C:\pos1420.tmp
C:\pos1421.tmp
C:\pos1422.tmp
C:\pos1423.tmp
C:\pos1424.tmp
C:\pos1425.tmp
C:\pos1426.tmp
C:\pos1427.tmp
C:\pos1428.tmp
C:\pos1429.tmp
C:\pos142A.tmp
C:\pos142B.tmp
C:\pos142C.tmp
C:\pos142D.tmp
C:\pos142E.tmp
C:\pos142F.tmp
C:\pos143.tmp
C:\pos1430.tmp
C:\pos1431.tmp
C:\pos1432.tmp
C:\pos1433.tmp
C:\pos1434.tmp
C:\pos1435.tmp
C:\pos1436.tmp
C:\pos1437.tmp
C:\pos1438.tmp
C:\pos1439.tmp
C:\pos143A.tmp
C:\pos143B.tmp
C:\pos143C.tmp
C:\pos143D.tmp
C:\pos143E.tmp
C:\pos143F.tmp
C:\pos144.tmp
C:\pos1440.tmp
C:\pos1441.tmp
C:\pos1442.tmp
C:\pos1443.tmp
C:\pos1444.tmp
C:\pos1445.tmp
C:\pos1446.tmp
C:\pos1447.tmp
C:\pos1448.tmp
C:\pos1449.tmp
C:\pos144A.tmp
C:\pos144B.tmp
C:\pos144C.tmp
C:\pos144D.tmp
C:\pos144E.tmp
C:\pos144F.tmp
C:\pos145.tmp
C:\pos1450.tmp
C:\pos1451.tmp
C:\pos1452.tmp
C:\pos1453.tmp
C:\pos1454.tmp
C:\pos1455.tmp
C:\pos1456.tmp
C:\pos1457.tmp
C:\pos1458.tmp
C:\pos1459.tmp
C:\pos145A.tmp
C:\pos145B.tmp
C:\pos145C.tmp
C:\pos145D.tmp
C:\pos145E.tmp
C:\pos145F.tmp
C:\pos146.tmp
C:\pos1460.tmp
C:\pos1461.tmp
C:\pos1462.tmp
C:\pos1463.tmp
C:\pos1464.tmp
C:\pos1465.tmp
C:\pos1466.tmp
C:\pos1467.tmp
C:\pos1468.tmp
C:\pos1469.tmp
C:\pos146A.tmp
C:\pos146B.tmp
C:\pos146C.tmp
C:\pos146D.tmp
C:\pos146E.tmp
C:\pos146F.tmp
C:\pos147.tmp
C:\pos1470.tmp
C:\pos1471.tmp
C:\pos1472.tmp
C:\pos1473.tmp
C:\pos1474.tmp
C:\pos1475.tmp
C:\pos1476.tmp
C:\pos1477.tmp
C:\pos1478.tmp
C:\pos1479.tmp
C:\pos147A.tmp
C:\pos147B.tmp
C:\pos147C.tmp
C:\pos147D.tmp
C:\pos147E.tmp
C:\pos147F.tmp
C:\pos148.tmp
C:\pos1480.tmp
C:\pos1481.tmp
C:\pos1482.tmp
C:\pos1483.tmp
C:\pos1484.tmp
C:\pos1485.tmp
C:\pos1486.tmp
C:\pos1487.tmp
C:\pos1488.tmp
C:\pos1489.tmp
C:\pos148A.tmp
C:\pos148B.tmp
C:\pos148C.tmp
C:\pos148D.tmp
C:\pos148E.tmp
C:\pos148F.tmp
C:\pos149.tmp
C:\pos1490.tmp
C:\pos1491.tmp
C:\pos1492.tmp
C:\pos1493.tmp
C:\pos1494.tmp
C:\pos1495.tmp
C:\pos1496.tmp
C:\pos1497.tmp
C:\pos1498.tmp
C:\pos1499.tmp
C:\pos149A.tmp
C:\pos149B.tmp
C:\pos149C.tmp
C:\pos149D.tmp
C:\pos149E.tmp
C:\pos149F.tmp
C:\pos14A.tmp
C:\pos14A0.tmp
C:\pos14A1.tmp
C:\pos14A2.tmp
C:\pos14A3.tmp
C:\pos14A4.tmp
C:\pos14A5.tmp
C:\pos14A6.tmp
C:\pos14A7.tmp
C:\pos14A8.tmp
C:\pos14A9.tmp
C:\pos14AA.tmp
C:\pos14AB.tmp
C:\pos14AC.tmp
C:\pos14AD.tmp
C:\pos14AE.tmp
C:\pos14AF.tmp
C:\pos14B.tmp
C:\pos14B0.tmp
C:\pos14B1.tmp
C:\pos14B2.tmp
C:\pos14B3.tmp
C:\pos14B4.tmp
C:\pos14B5.tmp
C:\pos14B6.tmp
C:\pos14B7.tmp
C:\pos14B8.tmp
C:\pos14B9.tmp
C:\pos14BA.tmp
C:\pos14BB.tmp
C:\pos14BC.tmp
C:\pos14BD.tmp
C:\pos14BE.tmp
C:\pos14BF.tmp
C:\pos14C.tmp
C:\pos14C0.tmp
C:\pos14C1.tmp
C:\pos14C2.tmp
C:\pos14C3.tmp
C:\pos14C4.tmp
C:\pos14C5.tmp
C:\pos14C6.tmp
C:\pos14C7.tmp
C:\pos14C8.tmp
C:\pos14C9.tmp
C:\pos14CA.tmp
C:\pos14CB.tmp
C:\pos14CC.tmp
C:\pos14CD.tmp
C:\pos14CE.tmp
C:\pos14CF.tmp
C:\pos14D.tmp
C:\pos14D0.tmp
C:\pos14D1.tmp
C:\pos14D2.tmp
C:\pos14D3.tmp
C:\pos14D4.tmp
C:\pos14D5.tmp
C:\pos14D6.tmp
C:\pos14D7.tmp
C:\pos14D8.tmp
C:\pos14D9.tmp
C:\pos14DA.tmp
C:\pos14DB.tmp
C:\pos14DC.tmp
C:\pos14DD.tmp
C:\pos14DE.tmp
C:\pos14DF.tmp
C:\pos14E.tmp
C:\pos14E0.tmp
C:\pos14E1.tmp
C:\pos14E2.tmp
C:\pos14E3.tmp
C:\pos14E4.tmp
C:\pos14E5.tmp
C:\pos14E6.tmp
C:\pos14E7.tmp
C:\pos14E8.tmp
C:\pos14E9.tmp
C:\pos14EA.tmp
C:\pos14EB.tmp
C:\pos14EC.tmp
C:\pos14ED.tmp
C:\pos14EE.tmp
C:\pos14EF.tmp
C:\pos14F.tmp
C:\pos14F0.tmp
C:\pos14F1.tmp
C:\pos14F2.tmp
C:\pos14F3.tmp
C:\pos14F4.tmp
C:\pos14F5.tmp
C:\pos14F6.tmp
C:\pos14F7.tmp
C:\pos14F8.tmp
C:\pos14F9.tmp
C:\pos14FA.tmp
C:\pos14FB.tmp
C:\pos14FC.tmp
C:\pos14FD.tmp
C:\pos14FE.tmp
C:\pos14FF.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos1500.tmp
C:\pos1501.tmp
C:\pos1502.tmp
C:\pos1503.tmp
C:\pos1504.tmp
C:\pos1505.tmp
C:\pos1506.tmp
C:\pos1507.tmp
C:\pos1508.tmp
C:\pos1509.tmp
C:\pos150A.tmp
C:\pos150B.tmp
C:\pos150C.tmp
C:\pos150D.tmp
C:\pos150E.tmp
C:\pos150F.tmp
C:\pos151.tmp
C:\pos1510.tmp
C:\pos1511.tmp
C:\pos1512.tmp
C:\pos1513.tmp
C:\pos1514.tmp
C:\pos1515.tmp
C:\pos1516.tmp
C:\pos1517.tmp
C:\pos1518.tmp
C:\pos1519.tmp
C:\pos151A.tmp
C:\pos151B.tmp
C:\pos151C.tmp
C:\pos151D.tmp
C:\pos151E.tmp
C:\pos151F.tmp
C:\pos152.tmp
C:\pos1520.tmp
C:\pos1521.tmp
C:\pos1522.tmp
C:\pos1523.tmp
C:\pos1524.tmp
C:\pos1525.tmp
C:\pos1526.tmp
C:\pos1527.tmp
C:\pos1528.tmp
C:\pos1529.tmp
C:\pos152A.tmp
C:\pos152B.tmp
C:\pos152C.tmp
C:\pos152D.tmp
C:\pos152E.tmp
C:\pos152F.tmp
C:\pos153.tmp
C:\pos1530.tmp
C:\pos1531.tmp
C:\pos1532.tmp
C:\pos1533.tmp
C:\pos1534.tmp
C:\pos1535.tmp
C:\pos1536.tmp
C:\pos1537.tmp
C:\pos1538.tmp
C:\pos1539.tmp
C:\pos153A.tmp
C:\pos153B.tmp
C:\pos153C.tmp
C:\pos153D.tmp
C:\pos153E.tmp
C:\pos153F.tmp
C:\pos154.tmp
C:\pos1540.tmp
C:\pos1541.tmp
C:\pos1542.tmp
C:\pos1543.tmp
C:\pos1544.tmp
C:\pos1545.tmp
C:\pos1546.tmp
C:\pos1547.tmp
C:\pos1548.tmp
C:\pos1549.tmp
C:\pos154A.tmp
C:\pos154B.tmp
C:\pos154C.tmp
C:\pos154D.tmp
C:\pos154E.tmp
C:\pos154F.tmp
C:\pos155.tmp
C:\pos1550.tmp
C:\pos1551.tmp
C:\pos1552.tmp
C:\pos1553.tmp
C:\pos1554.tmp
C:\pos1555.tmp
C:\pos1556.tmp
C:\pos1557.tmp
C:\pos1558.tmp
C:\pos1559.tmp
C:\pos155A.tmp
C:\pos155B.tmp
C:\pos155C.tmp
C:\pos155D.tmp
C:\pos155E.tmp
C:\pos155F.tmp
C:\pos156.tmp
C:\pos1560.tmp
C:\pos1561.tmp
C:\pos1562.tmp
C:\pos1563.tmp
C:\pos1564.tmp
C:\pos1565.tmp
C:\pos1566.tmp
C:\pos1567.tmp
C:\pos1568.tmp
C:\pos1569.tmp
C:\pos156A.tmp
C:\pos156B.tmp
C:\pos156C.tmp
C:\pos156D.tmp
C:\pos156E.tmp
C:\pos156F.tmp
C:\pos157.tmp
C:\pos1570.tmp
C:\pos1571.tmp
C:\pos1572.tmp
C:\pos1573.tmp
C:\pos1574.tmp
C:\pos1575.tmp
C:\pos1576.tmp
C:\pos1577.tmp
C:\pos1578.tmp
C:\pos1579.tmp
C:\pos157A.tmp
C:\pos157B.tmp
C:\pos157C.tmp
C:\pos157D.tmp
C:\pos157E.tmp
C:\pos157F.tmp
C:\pos158.tmp
C:\pos1580.tmp
C:\pos1581.tmp
C:\pos1582.tmp
C:\pos1583.tmp
C:\pos1584.tmp
C:\pos1585.tmp
C:\pos1586.tmp
C:\pos1587.tmp
C:\pos1588.tmp
C:\pos1589.tmp
C:\pos158A.tmp
C:\pos158B.tmp
C:\pos158C.tmp
C:\pos158D.tmp
C:\pos158E.tmp
C:\pos158F.tmp
C:\pos159.tmp
C:\pos1590.tmp
C:\pos1591.tmp
C:\pos1592.tmp
C:\pos1593.tmp
C:\pos1594.tmp
C:\pos1595.tmp
C:\pos1596.tmp
C:\pos1597.tmp
C:\pos1598.tmp
C:\pos1599.tmp
C:\pos159A.tmp
C:\pos159B.tmp
C:\pos159C.tmp
C:\pos159D.tmp
C:\pos159E.tmp
C:\pos159F.tmp
C:\pos15A.tmp
C:\pos15A0.tmp
C:\pos15A1.tmp
C:\pos15A2.tmp
C:\pos15A3.tmp
C:\pos15A4.tmp
C:\pos15A5.tmp
C:\pos15A6.tmp
C:\pos15A7.tmp
C:\pos15A8.tmp
C:\pos15A9.tmp
C:\pos15AA.tmp
C:\pos15AB.tmp
C:\pos15AC.tmp
C:\pos15AD.tmp
C:\pos15AE.tmp
C:\pos15AF.tmp
C:\pos15B.tmp
C:\pos15B0.tmp
C:\pos15B1.tmp
C:\pos15B2.tmp
C:\pos15B3.tmp
C:\pos15B4.tmp
C:\pos15B5.tmp
C:\pos15B6.tmp
C:\pos15B7.tmp
C:\pos15B8.tmp
C:\pos15B9.tmp
C:\pos15BA.tmp
C:\pos15BB.tmp
C:\pos15BC.tmp
C:\pos15BD.tmp
C:\pos15BE.tmp
C:\pos15BF.tmp
C:\pos15C.tmp
C:\pos15C0.tmp
C:\pos15C1.tmp
C:\pos15C2.tmp
C:\pos15C3.tmp
C:\pos15C4.tmp
C:\pos15C5.tmp
C:\pos15C6.tmp
C:\pos15C7.tmp
C:\pos15C8.tmp
C:\pos15C9.tmp
C:\pos15CA.tmp
C:\pos15CB.tmp
C:\pos15CC.tmp
C:\pos15CD.tmp
C:\pos15CE.tmp
C:\pos15CF.tmp
C:\pos15D.tmp
C:\pos15D0.tmp
C:\pos15D1.tmp
C:\pos15D2.tmp
C:\pos15D3.tmp
C:\pos15D4.tmp
C:\pos15D5.tmp
C:\pos15D6.tmp
C:\pos15D7.tmp
C:\pos15D8.tmp
C:\pos15D9.tmp
C:\pos15DA.tmp
C:\pos15DB.tmp
C:\pos15DC.tmp
C:\pos15DD.tmp
C:\pos15DE.tmp
C:\pos15DF.tmp
C:\pos15E.tmp
C:\pos15E0.tmp
C:\pos15E1.tmp
C:\pos15E2.tmp
C:\pos15E3.tmp
C:\pos15E4.tmp
C:\pos15E5.tmp
C:\pos15E6.tmp
C:\pos15E7.tmp
C:\pos15E8.tmp
C:\pos15E9.tmp
C:\pos15EA.tmp
C:\pos15EB.tmp
C:\pos15EC.tmp
C:\pos15ED.tmp
C:\pos15EE.tmp
C:\pos15EF.tmp
C:\pos15F.tmp
C:\pos15F0.tmp
C:\pos15F1.tmp
C:\pos15F2.tmp
C:\pos15F3.tmp
C:\pos15F4.tmp
C:\pos15F5.tmp
C:\pos15F6.tmp
C:\pos15F7.tmp
C:\pos15F8.tmp
C:\pos15F9.tmp
C:\pos15FA.tmp
C:\pos15FB.tmp
C:\pos15FC.tmp
C:\pos15FD.tmp
C:\pos15FE.tmp
C:\pos15FF.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos1600.tmp
C:\pos1601.tmp
C:\pos1602.tmp
C:\pos1603.tmp
C:\pos1604.tmp
C:\pos1605.tmp
C:\pos1606.tmp
C:\pos1607.tmp
C:\pos1608.tmp
C:\pos1609.tmp
C:\pos160A.tmp
C:\pos160B.tmp
C:\pos160C.tmp
C:\pos160D.tmp
C:\pos160E.tmp
C:\pos160F.tmp
C:\pos161.tmp
C:\pos1610.tmp
C:\pos1611.tmp
C:\pos1612.tmp
C:\pos1613.tmp
C:\pos1614.tmp
C:\pos1615.tmp
C:\pos1616.tmp
C:\pos1617.tmp
C:\pos1618.tmp
C:\pos1619.tmp
C:\pos161A.tmp
C:\pos161B.tmp
C:\pos161C.tmp
C:\pos161D.tmp
C:\pos161E.tmp
C:\pos161F.tmp
C:\pos162.tmp
C:\pos1620.tmp
C:\pos1621.tmp
C:\pos1622.tmp
C:\pos1623.tmp
C:\pos1624.tmp
C:\pos1625.tmp
C:\pos1626.tmp
C:\pos1627.tmp
C:\pos1628.tmp
C:\pos1629.tmp
C:\pos162A.tmp
C:\pos162B.tmp
C:\pos162C.tmp
C:\pos162D.tmp
C:\pos162E.tmp
C:\pos162F.tmp
C:\pos163.tmp
C:\pos1630.tmp
C:\pos1631.tmp
C:\pos1632.tmp
C:\pos1633.tmp
C:\pos1634.tmp
C:\pos1635.tmp
C:\pos1636.tmp
C:\pos1637.tmp
C:\pos1638.tmp
C:\pos1639.tmp
C:\pos163A.tmp
C:\pos163B.tmp
C:\pos163C.tmp
C:\pos163D.tmp
C:\pos163E.tmp
C:\pos163F.tmp
C:\pos164.tmp
C:\pos1640.tmp
C:\pos1641.tmp
C:\pos1642.tmp
C:\pos1643.tmp
C:\pos1644.tmp
C:\pos1645.tmp
C:\pos1646.tmp
C:\pos1647.tmp
C:\pos1648.tmp
C:\pos1649.tmp
C:\pos164A.tmp
C:\pos164B.tmp
C:\pos164C.tmp
C:\pos164D.tmp
C:\pos164E.tmp
C:\pos164F.tmp
C:\pos165.tmp
C:\pos1650.tmp
C:\pos1651.tmp
C:\pos1652.tmp
C:\pos1653.tmp
C:\pos1654.tmp
C:\pos1655.tmp
C:\pos1656.tmp
C:\pos1657.tmp
C:\pos1658.tmp
C:\pos1659.tmp
C:\pos165A.tmp
C:\pos165B.tmp
C:\pos165C.tmp
C:\pos165D.tmp
C:\pos165E.tmp
C:\pos165F.tmp
C:\pos166.tmp
C:\pos1660.tmp
C:\pos1661.tmp
C:\pos1662.tmp
C:\pos1663.tmp
C:\pos1664.tmp
C:\pos1665.tmp
C:\pos1666.tmp
C:\pos1667.tmp
C:\pos1668.tmp
C:\pos1669.tmp
C:\pos166A.tmp
C:\pos166B.tmp
C:\pos166C.tmp
C:\pos166D.tmp
C:\pos166E.tmp
C:\pos166F.tmp
C:\pos167.tmp
C:\pos1670.tmp
C:\pos1671.tmp
C:\pos1672.tmp
C:\pos1673.tmp
C:\pos1674.tmp
C:\pos1675.tmp
C:\pos1676.tmp
C:\pos1677.tmp
C:\pos1678.tmp
C:\pos1679.tmp
C:\pos167A.tmp
C:\pos167B.tmp
C:\pos167C.tmp
C:\pos167D.tmp
C:\pos167E.tmp
C:\pos167F.tmp
C:\pos168.tmp
C:\pos1680.tmp
C:\pos1681.tmp
C:\pos1682.tmp
C:\pos1683.tmp
C:\pos1684.tmp
C:\pos1685.tmp
C:\pos1686.tmp
C:\pos1687.tmp
C:\pos1688.tmp
C:\pos1689.tmp
C:\pos168A.tmp
C:\pos168B.tmp
C:\pos168C.tmp
C:\pos168D.tmp
C:\pos168E.tmp
C:\pos168F.tmp
C:\pos169.tmp
C:\pos1690.tmp
C:\pos1691.tmp
C:\pos1692.tmp
C:\pos1693.tmp
C:\pos1694.tmp
C:\pos1695.tmp
C:\pos1696.tmp
C:\pos1697.tmp
C:\pos1698.tmp
C:\pos1699.tmp
C:\pos169A.tmp
C:\pos169B.tmp
C:\pos169C.tmp
C:\pos169D.tmp
C:\pos169E.tmp
C:\pos169F.tmp
C:\pos16A.tmp
C:\pos16A0.tmp
C:\pos16A1.tmp
C:\pos16A2.tmp
C:\pos16A3.tmp
C:\pos16A4.tmp
C:\pos16A5.tmp
C:\pos16A6.tmp
C:\pos16A7.tmp
C:\pos16A8.tmp
C:\pos16A9.tmp
C:\pos16AA.tmp
C:\pos16AB.tmp
C:\pos16AC.tmp
C:\pos16AD.tmp
C:\pos16AE.tmp
C:\pos16AF.tmp
C:\pos16B.tmp
C:\pos16B0.tmp
C:\pos16B1.tmp
C:\pos16B2.tmp
C:\pos16B3.tmp
C:\pos16B4.tmp
C:\pos16B5.tmp
C:\pos16B6.tmp
C:\pos16B7.tmp
C:\pos16B8.tmp
C:\pos16B9.tmp
C:\pos16BA.tmp
C:\pos16BB.tmp
C:\pos16BC.tmp
C:\pos16BD.tmp
C:\pos16BE.tmp
C:\pos16BF.tmp
C:\pos16C.tmp
C:\pos16C0.tmp
C:\pos16C1.tmp
C:\pos16C2.tmp
C:\pos16C3.tmp
C:\pos16C4.tmp
C:\pos16C5.tmp
C:\pos16C6.tmp
C:\pos16C7.tmp
C:\pos16C8.tmp
C:\pos16C9.tmp
C:\pos16CA.tmp
C:\pos16CB.tmp
C:\pos16CC.tmp
C:\pos16CD.tmp
C:\pos16CE.tmp
C:\pos16CF.tmp
C:\pos16D.tmp
C:\pos16D0.tmp
C:\pos16D1.tmp
C:\pos16D2.tmp
C:\pos16D3.tmp
C:\pos16D4.tmp
C:\pos16D5.tmp
C:\pos16D6.tmp
C:\pos16D7.tmp
C:\pos16D8.tmp
C:\pos16D9.tmp
C:\pos16DA.tmp
C:\pos16DB.tmp
C:\pos16DC.tmp
C:\pos16DD.tmp
C:\pos16DE.tmp
C:\pos16DF.tmp
C:\pos16E.tmp
C:\pos16E0.tmp
C:\pos16E1.tmp
C:\pos16E2.tmp
C:\pos16E3.tmp
C:\pos16E4.tmp
C:\pos16E5.tmp
C:\pos16E6.tmp
C:\pos16E7.tmp
C:\pos16E8.tmp
C:\pos16E9.tmp
C:\pos16EA.tmp
C:\pos16EB.tmp
C:\pos16EC.tmp
C:\pos16ED.tmp
C:\pos16EE.tmp
C:\pos16EF.tmp
C:\pos16F.tmp
C:\pos16F0.tmp
C:\pos16F1.tmp
C:\pos16F2.tmp
C:\pos16F3.tmp
C:\pos16F4.tmp
C:\pos16F5.tmp
C:\pos16F6.tmp
C:\pos16F7.tmp
C:\pos16F8.tmp
C:\pos16F9.tmp
C:\pos16FA.tmp
C:\pos16FB.tmp
C:\pos16FC.tmp
C:\pos16FD.tmp
C:\pos16FE.tmp
C:\pos16FF.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos1700.tmp
C:\pos1701.tmp
C:\pos1702.tmp
C:\pos1703.tmp
C:\pos1704.tmp
C:\pos1705.tmp
C:\pos1706.tmp
C:\pos1707.tmp
C:\pos1708.tmp
C:\pos1709.tmp
C:\pos170A.tmp
C:\pos170B.tmp
C:\pos170C.tmp
C:\pos170D.tmp
C:\pos170E.tmp
C:\pos170F.tmp
C:\pos171.tmp
C:\pos1710.tmp
C:\pos1711.tmp
C:\pos1712.tmp
C:\pos1713.tmp
C:\pos1714.tmp
C:\pos1715.tmp
C:\pos1716.tmp
C:\pos1717.tmp
C:\pos1718.tmp
C:\pos1719.tmp
C:\pos171A.tmp
C:\pos171B.tmp
C:\pos171C.tmp
C:\pos171D.tmp
C:\pos171E.tmp
C:\pos171F.tmp
C:\pos172.tmp
C:\pos1720.tmp
C:\pos1721.tmp
C:\pos1722.tmp
C:\pos1723.tmp
C:\pos1724.tmp
C:\pos1725.tmp
C:\pos1726.tmp
C:\pos1727.tmp
C:\pos1728.tmp
C:\pos1729.tmp
C:\pos172A.tmp
C:\pos172B.tmp
C:\pos172C.tmp
C:\pos172D.tmp
C:\pos172E.tmp
C:\pos172F.tmp
C:\pos173.tmp
C:\pos1730.tmp
C:\pos1731.tmp
C:\pos1732.tmp
C:\pos1733.tmp
C:\pos1734.tmp
C:\pos1735.tmp
C:\pos1736.tmp
C:\pos1737.tmp
C:\pos1738.tmp
C:\pos1739.tmp
C:\pos173A.tmp
C:\pos173B.tmp
C:\pos173C.tmp
C:\pos173D.tmp
C:\pos173E.tmp
C:\pos173F.tmp
C:\pos174.tmp
C:\pos1740.tmp
C:\pos1741.tmp
C:\pos1742.tmp
C:\pos1743.tmp
C:\pos1744.tmp
C:\pos1745.tmp
C:\pos1746.tmp
C:\pos1747.tmp
C:\pos1748.tmp
C:\pos1749.tmp
C:\pos174A.tmp
C:\pos174B.tmp
C:\pos174C.tmp
C:\pos174D.tmp
C:\pos174E.tmp
C:\pos174F.tmp
C:\pos175.tmp
C:\pos1750.tmp
C:\pos1751.tmp
C:\pos1752.tmp
C:\pos1753.tmp
C:\pos1754.tmp
C:\pos1755.tmp
C:\pos1756.tmp
C:\pos1757.tmp
C:\pos1758.tmp
C:\pos1759.tmp
C:\pos175A.tmp
C:\pos175B.tmp
C:\pos175C.tmp
C:\pos175D.tmp
C:\pos175E.tmp
C:\pos175F.tmp
C:\pos176.tmp
C:\pos1760.tmp
C:\pos1761.tmp
C:\pos1762.tmp
C:\pos1763.tmp
C:\pos1764.tmp
C:\pos1765.tmp
C:\pos1766.tmp
C:\pos1767.tmp
C:\pos1768.tmp
C:\pos1769.tmp
C:\pos176A.tmp
C:\pos176B.tmp
C:\pos176C.tmp
C:\pos176D.tmp
C:\pos176E.tmp
C:\pos176F.tmp
C:\pos177.tmp
C:\pos1770.tmp
C:\pos1771.tmp
C:\pos1772.tmp
C:\pos1773.tmp
C:\pos1774.tmp
C:\pos1775.tmp
C:\pos1776.tmp
C:\pos1777.tmp
C:\pos1778.tmp
C:\pos1779.tmp
C:\pos177A.tmp
C:\pos177B.tmp
C:\pos177C.tmp
C:\pos177D.tmp
C:\pos177E.tmp
C:\pos177F.tmp
C:\pos178.tmp
C:\pos1780.tmp
C:\pos1781.tmp
C:\pos1782.tmp
C:\pos1783.tmp
C:\pos1784.tmp
C:\pos1785.tmp
C:\pos1786.tmp
C:\pos1787.tmp
C:\pos1788.tmp
C:\pos1789.tmp
C:\pos178A.tmp
C:\pos178B.tmp
C:\pos178C.tmp
C:\pos178D.tmp
C:\pos178E.tmp
C:\pos178F.tmp
C:\pos179.tmp
C:\pos1790.tmp
C:\pos1791.tmp
C:\pos1792.tmp
C:\pos1793.tmp
C:\pos1794.tmp
C:\pos1795.tmp
C:\pos1796.tmp
C:\pos1797.tmp
C:\pos1798.tmp
C:\pos1799.tmp
C:\pos179A.tmp
C:\pos179B.tmp
C:\pos179C.tmp
C:\pos179D.tmp
C:\pos179E.tmp
C:\pos179F.tmp
C:\pos17A.tmp
C:\pos17A0.tmp
C:\pos17A1.tmp
C:\pos17A2.tmp
C:\pos17A3.tmp
C:\pos17A4.tmp
C:\pos17A5.tmp
C:\pos17A6.tmp
C:\pos17A7.tmp
C:\pos17A8.tmp
C:\pos17A9.tmp
C:\pos17AA.tmp
C:\pos17AB.tmp
C:\pos17AC.tmp
C:\pos17AD.tmp
C:\pos17AE.tmp
C:\pos17AF.tmp
C:\pos17B.tmp
C:\pos17B0.tmp
C:\pos17B1.tmp
C:\pos17B2.tmp
C:\pos17B3.tmp
C:\pos17B4.tmp
C:\pos17B5.tmp
C:\pos17B6.tmp
C:\pos17B7.tmp
C:\pos17B8.tmp
C:\pos17B9.tmp
C:\pos17BA.tmp
C:\pos17BB.tmp
C:\pos17BC.tmp
C:\pos17BD.tmp
C:\pos17BE.tmp
C:\pos17BF.tmp
C:\pos17C.tmp
C:\pos17C0.tmp
C:\pos17C1.tmp
C:\pos17C2.tmp
C:\pos17C3.tmp
C:\pos17C4.tmp
C:\pos17C5.tmp
C:\pos17C6.tmp
C:\pos17C7.tmp
C:\pos17C8.tmp
C:\pos17C9.tmp
C:\pos17CA.tmp
C:\pos17CB.tmp
C:\pos17CC.tmp
C:\pos17CD.tmp
C:\pos17CE.tmp
C:\pos17CF.tmp
C:\pos17D.tmp
C:\pos17D0.tmp
C:\pos17D1.tmp
C:\pos17D2.tmp
C:\pos17D3.tmp
C:\pos17D4.tmp
C:\pos17D5.tmp
C:\pos17D6.tmp
C:\pos17D7.tmp
C:\pos17D8.tmp
C:\pos17D9.tmp
C:\pos17DA.tmp
C:\pos17DB.tmp
C:\pos17DC.tmp
C:\pos17DD.tmp
C:\pos17DE.tmp
C:\pos17DF.tmp
C:\pos17E.tmp
C:\pos17E0.tmp
C:\pos17E1.tmp
C:\pos17E2.tmp
C:\pos17E3.tmp
C:\pos17E4.tmp
C:\pos17E5.tmp
C:\pos17E6.tmp
C:\pos17E7.tmp
C:\pos17E8.tmp
C:\pos17E9.tmp
C:\pos17EA.tmp
C:\pos17EB.tmp
C:\pos17EC.tmp
C:\pos17ED.tmp
C:\pos17EE.tmp
C:\pos17EF.tmp
C:\pos17F.tmp
C:\pos17F0.tmp
C:\pos17F1.tmp
C:\pos17F2.tmp
C:\pos17F3.tmp
C:\pos17F4.tmp
C:\pos17F5.tmp
C:\pos17F6.tmp
C:\pos17F7.tmp
C:\pos17F8.tmp
C:\pos17F9.tmp
C:\pos17FA.tmp
C:\pos17FB.tmp
C:\pos17FC.tmp
C:\pos17FD.tmp
C:\pos17FE.tmp
C:\pos17FF.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos1800.tmp
C:\pos1801.tmp
C:\pos1802.tmp
C:\pos1803.tmp
C:\pos1804.tmp
C:\pos1805.tmp
C:\pos1806.tmp
C:\pos1807.tmp
C:\pos1808.tmp
C:\pos1809.tmp
C:\pos180A.tmp
C:\pos180B.tmp
C:\pos180C.tmp
C:\pos180D.tmp
C:\pos180E.tmp
C:\pos180F.tmp
C:\pos181.tmp
C:\pos1810.tmp
C:\pos1811.tmp
C:\pos1812.tmp
C:\pos1813.tmp
C:\pos1814.tmp
C:\pos1815.tmp
C:\pos1816.tmp
C:\pos1817.tmp
C:\pos1818.tmp
C:\pos1819.tmp
C:\pos181A.tmp
C:\pos181B.tmp
C:\pos181C.tmp
C:\pos181D.tmp
C:\pos181E.tmp
C:\pos181F.tmp
C:\pos182.tmp
C:\pos1820.tmp
C:\pos1821.tmp
C:\pos1822.tmp
C:\pos1823.tmp
C:\pos1824.tmp
C:\pos1825.tmp
C:\pos1826.tmp
C:\pos1827.tmp
C:\pos1828.tmp
C:\pos1829.tmp
C:\pos182A.tmp
C:\pos182B.tmp
C:\pos182C.tmp
C:\pos182D.tmp
C:\pos182E.tmp
C:\pos182F.tmp
C:\pos183.tmp
C:\pos1830.tmp
C:\pos1831.tmp
C:\pos1832.tmp
C:\pos1833.tmp
C:\pos1834.tmp
C:\pos1835.tmp
C:\pos1836.tmp
C:\pos1837.tmp
C:\pos1838.tmp
C:\pos1839.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos183A.tmp
C:\pos183B.tmp
C:\pos183C.tmp
C:\pos183D.tmp
C:\pos183E.tmp
C:\pos183F.tmp
C:\pos184.tmp
C:\pos1840.tmp
C:\pos1841.tmp
C:\pos1842.tmp
C:\pos1843.tmp
C:\pos1844.tmp
C:\pos1845.tmp
C:\pos1846.tmp
C:\pos1847.tmp
C:\pos1848.tmp
C:\pos1849.tmp
C:\pos184A.tmp
C:\pos184B.tmp
C:\pos184C.tmp
C:\pos184D.tmp
C:\pos184E.tmp
C:\pos184F.tmp
C:\pos185.tmp
C:\pos1850.tmp
C:\pos1851.tmp
C:\pos1852.tmp
C:\pos1853.tmp
C:\pos1854.tmp
C:\pos1855.tmp
C:\pos1856.tmp
C:\pos1857.tmp
C:\pos1858.tmp
C:\pos1859.tmp
C:\pos185A.tmp
C:\pos185B.tmp
C:\pos185C.tmp
C:\pos185D.tmp
C:\pos185E.tmp
C:\pos185F.tmp
C:\pos186.tmp
C:\pos1860.tmp
C:\pos1861.tmp
C:\pos1862.tmp
C:\pos1863.tmp
C:\pos1864.tmp
C:\pos1865.tmp
C:\pos1866.tmp
C:\pos1867.tmp
C:\pos1868.tmp
C:\pos1869.tmp
C:\pos186A.tmp
C:\pos186B.tmp
C:\pos186C.tmp
C:\pos186D.tmp
C:\pos186E.tmp
C:\pos186F.tmp
C:\pos187.tmp
C:\pos1870.tmp
C:\pos1871.tmp
C:\pos1872.tmp
C:\pos1873.tmp
C:\pos1874.tmp
C:\pos1875.tmp
C:\pos1876.tmp
C:\pos1877.tmp
C:\pos1878.tmp
C:\pos1879.tmp
C:\pos187A.tmp
C:\pos187B.tmp
C:\pos187C.tmp
C:\pos187D.tmp
C:\pos187E.tmp
C:\pos187F.tmp
C:\pos188.tmp
C:\pos1880.tmp
C:\pos1881.tmp
C:\pos1882.tmp
C:\pos1883.tmp
C:\pos1884.tmp
C:\pos1885.tmp
C:\pos1886.tmp
C:\pos1887.tmp
C:\pos1888.tmp
C:\pos1889.tmp
C:\pos188A.tmp
C:\pos188B.tmp
C:\pos188C.tmp
C:\pos188D.tmp
C:\pos188E.tmp
C:\pos188F.tmp
C:\pos189.tmp
C:\pos1890.tmp
C:\pos1891.tmp
C:\pos1892.tmp
C:\pos1893.tmp
C:\pos1894.tmp
C:\pos1895.tmp
C:\pos1896.tmp
C:\pos1897.tmp
C:\pos1898.tmp
C:\pos1899.tmp
C:\pos189A.tmp
C:\pos189B.tmp
C:\pos189C.tmp
C:\pos189D.tmp
C:\pos189E.tmp
C:\pos189F.tmp
C:\pos18A.tmp
C:\pos18A0.tmp
C:\pos18A1.tmp
C:\pos18A2.tmp
C:\pos18A3.tmp
C:\pos18A4.tmp
C:\pos18A5.tmp
C:\pos18A6.tmp
C:\pos18A7.tmp
C:\pos18A8.tmp
C:\pos18A9.tmp
C:\pos18AA.tmp
C:\pos18AB.tmp
C:\pos18AC.tmp
C:\pos18AD.tmp
C:\pos18AE.tmp
C:\pos18AF.tmp
C:\pos18B.tmp
C:\pos18B0.tmp
C:\pos18B1.tmp
C:\pos18B2.tmp
C:\pos18B3.tmp
C:\pos18B4.tmp
C:\pos18B5.tmp
C:\pos18B6.tmp
C:\pos18B7.tmp
C:\pos18B8.tmp
C:\pos18B9.tmp
C:\pos18BA.tmp
C:\pos18BB.tmp
C:\pos18BC.tmp
C:\pos18BD.tmp
C:\pos18BE.tmp
C:\pos18BF.tmp
C:\pos18C.tmp
C:\pos18C0.tmp
C:\pos18C1.tmp
C:\pos18C2.tmp
C:\pos18C3.tmp
C:\pos18C4.tmp
C:\pos18C5.tmp
C:\pos18C6.tmp
C:\pos18C7.tmp
C:\pos18C8.tmp
C:\pos18C9.tmp
C:\pos18CA.tmp
C:\pos18CB.tmp
C:\pos18CC.tmp
C:\pos18CD.tmp
C:\pos18CE.tmp
C:\pos18CF.tmp
C:\pos18D.tmp
C:\pos18D0.tmp
C:\pos18D1.tmp
C:\pos18D2.tmp
C:\pos18D3.tmp
C:\pos18D4.tmp
C:\pos18D5.tmp
C:\pos18D6.tmp
C:\pos18D7.tmp
C:\pos18D8.tmp
C:\pos18D9.tmp
C:\pos18DA.tmp
C:\pos18DB.tmp
C:\pos18DC.tmp
C:\pos18DD.tmp
C:\pos18DE.tmp
C:\pos18DF.tmp
C:\pos18E.tmp
C:\pos18E0.tmp
C:\pos18E1.tmp
C:\pos18E2.tmp
C:\pos18E3.tmp
C:\pos18E4.tmp
C:\pos18E5.tmp
C:\pos18E6.tmp
C:\pos18E7.tmp
C:\pos18E8.tmp
C:\pos18E9.tmp
C:\pos18EA.tmp
C:\pos18EB.tmp
C:\pos18EC.tmp
C:\pos18ED.tmp
C:\pos18EE.tmp
C:\pos18EF.tmp
C:\pos18F.tmp
C:\pos18F0.tmp
C:\pos18F1.tmp
C:\pos18F2.tmp
C:\pos18F3.tmp
C:\pos18F4.tmp
C:\pos18F5.tmp
C:\pos18F6.tmp
C:\pos18F7.tmp
C:\pos18F8.tmp
C:\pos18F9.tmp
C:\pos18FA.tmp
C:\pos18FB.tmp
C:\pos18FC.tmp
C:\pos18FD.tmp
C:\pos18FE.tmp
C:\pos18FF.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos1900.tmp
C:\pos1901.tmp
C:\pos1902.tmp
C:\pos1903.tmp
C:\pos1904.tmp
C:\pos1905.tmp
C:\pos1906.tmp
C:\pos1907.tmp
C:\pos1908.tmp
C:\pos1909.tmp
C:\pos190A.tmp
C:\pos190B.tmp
C:\pos190C.tmp
C:\pos190D.tmp
C:\pos190E.tmp
C:\pos190F.tmp
C:\pos191.tmp
C:\pos1910.tmp
C:\pos1911.tmp
C:\pos1912.tmp
C:\pos1913.tmp
C:\pos1914.tmp
C:\pos1915.tmp
C:\pos1916.tmp
C:\pos1917.tmp
C:\pos1918.tmp
C:\pos1919.tmp
C:\pos191A.tmp
C:\pos191B.tmp
C:\pos191C.tmp
C:\pos191D.tmp
C:\pos191E.tmp
C:\pos191F.tmp
C:\pos192.tmp
C:\pos1920.tmp
C:\pos1921.tmp
C:\pos1922.tmp
C:\pos1923.tmp
C:\pos1924.tmp
C:\pos1925.tmp
C:\pos1926.tmp
C:\pos1927.tmp
C:\pos1928.tmp
C:\pos1929.tmp
C:\pos192A.tmp
C:\pos192B.tmp
C:\pos192C.tmp
C:\pos192D.tmp
C:\pos192E.tmp
C:\pos192F.tmp
C:\pos193.tmp
C:\pos1930.tmp
C:\pos1931.tmp
C:\pos1932.tmp
C:\pos1933.tmp
C:\pos1934.tmp
C:\pos1935.tmp
C:\pos1936.tmp
C:\pos1937.tmp
C:\pos1938.tmp
C:\pos1939.tmp
C:\pos193A.tmp
C:\pos193B.tmp
C:\pos193C.tmp
C:\pos193D.tmp
C:\pos193E.tmp
C:\pos193F.tmp
C:\pos194.tmp
C:\pos1940.tmp
C:\pos1941.tmp
C:\pos1942.tmp
C:\pos1943.tmp
C:\pos1944.tmp
C:\pos1945.tmp
C:\pos1946.tmp
C:\pos1947.tmp
C:\pos1948.tmp
C:\pos1949.tmp
C:\pos194A.tmp
C:\pos194B.tmp
C:\pos194C.tmp
C:\pos194D.tmp
C:\pos194E.tmp
C:\pos194F.tmp
C:\pos195.tmp
C:\pos1950.tmp
C:\pos1951.tmp
C:\pos1952.tmp
C:\pos1953.tmp
C:\pos1954.tmp
C:\pos1955.tmp
C:\pos1956.tmp
C:\pos1957.tmp
C:\pos1958.tmp
C:\pos1959.tmp
C:\pos195A.tmp
C:\pos195B.tmp
C:\pos195C.tmp
C:\pos195D.tmp
C:\pos195E.tmp
C:\pos195F.tmp
C:\pos196.tmp
C:\pos1960.tmp
C:\pos1961.tmp
C:\pos1962.tmp
C:\pos1963.tmp
C:\pos1964.tmp
C:\pos1965.tmp
C:\pos1966.tmp
C:\pos1967.tmp
C:\pos1968.tmp
C:\pos1969.tmp
C:\pos196A.tmp
C:\pos196B.tmp
C:\pos196C.tmp
C:\pos196D.tmp
C:\pos196E.tmp
C:\pos196F.tmp
C:\pos197.tmp
C:\pos1970.tmp
C:\pos1971.tmp
C:\pos1972.tmp
C:\pos1973.tmp
C:\pos1974.tmp
C:\pos1975.tmp
C:\pos1976.tmp
C:\pos1977.tmp
C:\pos1978.tmp
C:\pos1979.tmp
C:\pos197A.tmp
C:\pos197B.tmp
C:\pos197C.tmp
C:\pos197D.tmp
C:\pos197E.tmp
C:\pos197F.tmp
C:\pos198.tmp
C:\pos1980.tmp
C:\pos1981.tmp
C:\pos1982.tmp
C:\pos1983.tmp
C:\pos1984.tmp
C:\pos1985.tmp
C:\pos1986.tmp
C:\pos1987.tmp
C:\pos1988.tmp
C:\pos1989.tmp
C:\pos198A.tmp
C:\pos198B.tmp
C:\pos198C.tmp
C:\pos198D.tmp
C:\pos198E.tmp
C:\pos198F.tmp
C:\pos199.tmp
C:\pos1990.tmp
C:\pos1991.tmp
C:\pos1992.tmp
C:\pos1993.tmp
C:\pos1994.tmp
C:\pos1995.tmp
C:\pos1996.tmp
C:\pos1997.tmp
C:\pos1998.tmp
C:\pos1999.tmp
C:\pos199A.tmp
C:\pos199B.tmp
C:\pos199C.tmp
C:\pos199D.tmp
C:\pos199E.tmp
C:\pos199F.tmp
C:\pos19A.tmp
C:\pos19A0.tmp
C:\pos19A1.tmp
C:\pos19A2.tmp
C:\pos19A3.tmp
C:\pos19A4.tmp
C:\pos19A5.tmp
C:\pos19A6.tmp
C:\pos19A7.tmp
C:\pos19A8.tmp
C:\pos19A9.tmp
C:\pos19AA.tmp
C:\pos19AB.tmp
C:\pos19AC.tmp
C:\pos19AD.tmp
C:\pos19AE.tmp
C:\pos19AF.tmp
C:\pos19B.tmp
C:\pos19B0.tmp
C:\pos19B1.tmp
C:\pos19B2.tmp
C:\pos19B3.tmp
C:\pos19B4.tmp
C:\pos19B5.tmp
C:\pos19B6.tmp
C:\pos19B7.tmp
C:\pos19B8.tmp
C:\pos19B9.tmp
C:\pos19BA.tmp
C:\pos19BB.tmp
C:\pos19BC.tmp
C:\pos19BD.tmp
C:\pos19BE.tmp
C:\pos19BF.tmp
C:\pos19C.tmp
C:\pos19C0.tmp
C:\pos19C1.tmp
C:\pos19C2.tmp
C:\pos19C3.tmp
C:\pos19C4.tmp
C:\pos19C5.tmp
C:\pos19C6.tmp
C:\pos19C7.tmp
C:\pos19C8.tmp
C:\pos19C9.tmp
C:\pos19CA.tmp
C:\pos19CB.tmp
C:\pos19CC.tmp
C:\pos19CD.tmp
C:\pos19CE.tmp
C:\pos19CF.tmp
C:\pos19D.tmp
C:\pos19D0.tmp
C:\pos19D1.tmp
C:\pos19D2.tmp
C:\pos19D3.tmp
C:\pos19D4.tmp
C:\pos19D5.tmp
C:\pos19D6.tmp
C:\pos19D7.tmp
C:\pos19D8.tmp
C:\pos19D9.tmp
C:\pos19DA.tmp
C:\pos19DB.tmp
C:\pos19DC.tmp
C:\pos19DD.tmp
C:\pos19DE.tmp
C:\pos19DF.tmp
C:\pos19E.tmp
C:\pos19E0.tmp
C:\pos19E1.tmp
C:\pos19E2.tmp
C:\pos19E3.tmp
C:\pos19E4.tmp
C:\pos19E5.tmp
C:\pos19E6.tmp
C:\pos19E7.tmp
C:\pos19E8.tmp
C:\pos19E9.tmp
C:\pos19EA.tmp
C:\pos19EB.tmp
C:\pos19EC.tmp
C:\pos19ED.tmp
C:\pos19EE.tmp
C:\pos19EF.tmp
C:\pos19F.tmp
C:\pos19F0.tmp
C:\pos19F1.tmp
C:\pos19F2.tmp
C:\pos19F3.tmp
C:\pos19F4.tmp
C:\pos19F5.tmp
C:\pos19F6.tmp
C:\pos19F7.tmp
C:\pos19F8.tmp
C:\pos19F9.tmp
C:\pos19FA.tmp
C:\pos19FB.tmp
C:\pos19FC.tmp
C:\pos19FD.tmp
C:\pos19FE.tmp
C:\pos19FF.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A00.tmp
C:\pos1A01.tmp
C:\pos1A02.tmp
C:\pos1A03.tmp
C:\pos1A04.tmp
C:\pos1A05.tmp
C:\pos1A06.tmp
C:\pos1A07.tmp
C:\pos1A08.tmp
C:\pos1A09.tmp
C:\pos1A0A.tmp
C:\pos1A0B.tmp
C:\pos1A0C.tmp
C:\pos1A0D.tmp
C:\pos1A0E.tmp
C:\pos1A0F.tmp
C:\pos1A1.tmp
C:\pos1A10.tmp
C:\pos1A11.tmp
C:\pos1A12.tmp
C:\pos1A13.tmp
C:\pos1A14.tmp
C:\pos1A15.tmp
C:\pos1A16.tmp
C:\pos1A17.tmp
C:\pos1A18.tmp
C:\pos1A19.tmp
C:\pos1A1A.tmp
C:\pos1A1B.tmp
C:\pos1A1C.tmp
C:\pos1A1D.tmp
C:\pos1A1E.tmp
C:\pos1A1F.tmp
C:\pos1A2.tmp
C:\pos1A20.tmp
C:\pos1A21.tmp
C:\pos1A22.tmp
C:\pos1A23.tmp
C:\pos1A24.tmp
C:\pos1A25.tmp
C:\pos1A26.tmp
C:\pos1A27.tmp
C:\pos1A28.tmp
C:\pos1A29.tmp
C:\pos1A2A.tmp
C:\pos1A2B.tmp
C:\pos1A2C.tmp
C:\pos1A2D.tmp
C:\pos1A2E.tmp
C:\pos1A2F.tmp
C:\pos1A3.tmp
C:\pos1A30.tmp
C:\pos1A31.tmp
C:\pos1A32.tmp
C:\pos1A33.tmp
C:\pos1A34.tmp
C:\pos1A35.tmp
C:\pos1A36.tmp
C:\pos1A37.tmp
C:\pos1A38.tmp
C:\pos1A39.tmp
C:\pos1A3A.tmp
C:\pos1A3B.tmp
C:\pos1A3C.tmp
C:\pos1A3D.tmp
C:\pos1A3E.tmp
C:\pos1A3F.tmp
C:\pos1A4.tmp
C:\pos1A40.tmp
C:\pos1A41.tmp
C:\pos1A42.tmp
C:\pos1A43.tmp
C:\pos1A44.tmp
C:\pos1A45.tmp
C:\pos1A46.tmp
C:\pos1A47.tmp
C:\pos1A48.tmp
C:\pos1A49.tmp
C:\pos1A4A.tmp
C:\pos1A4B.tmp
C:\pos1A4C.tmp
C:\pos1A4D.tmp
C:\pos1A4E.tmp
C:\pos1A4F.tmp
C:\pos1A5.tmp
C:\pos1A50.tmp
C:\pos1A51.tmp
C:\pos1A52.tmp
C:\pos1A53.tmp
C:\pos1A54.tmp
C:\pos1A55.tmp
C:\pos1A56.tmp
C:\pos1A57.tmp
C:\pos1A58.tmp
C:\pos1A59.tmp
C:\pos1A5A.tmp
C:\pos1A5B.tmp
C:\pos1A5C.tmp
C:\pos1A5D.tmp
C:\pos1A5E.tmp
C:\pos1A5F.tmp
C:\pos1A6.tmp
C:\pos1A60.tmp
C:\pos1A61.tmp
C:\pos1A62.tmp
C:\pos1A63.tmp
C:\pos1A64.tmp
C:\pos1A65.tmp
C:\pos1A66.tmp
C:\pos1A67.tmp
C:\pos1A68.tmp
C:\pos1A69.tmp
C:\pos1A6A.tmp
C:\pos1A6B.tmp
C:\pos1A6C.tmp
C:\pos1A6D.tmp
C:\pos1A6E.tmp
C:\pos1A6F.tmp
C:\pos1A7.tmp
C:\pos1A70.tmp
C:\pos1A71.tmp
C:\pos1A72.tmp
C:\pos1A73.tmp
C:\pos1A74.tmp
C:\pos1A75.tmp
C:\pos1A76.tmp
C:\pos1A77.tmp
C:\pos1A78.tmp
C:\pos1A79.tmp
C:\pos1A7A.tmp
C:\pos1A7B.tmp
C:\pos1A7C.tmp
C:\pos1A7D.tmp
C:\pos1A7E.tmp
C:\pos1A7F.tmp
C:\pos1A8.tmp
C:\pos1A80.tmp
C:\pos1A81.tmp
C:\pos1A82.tmp
C:\pos1A83.tmp
C:\pos1A84.tmp
C:\pos1A85.tmp
C:\pos1A86.tmp
C:\pos1A87.tmp
C:\pos1A88.tmp
C:\pos1A89.tmp
C:\pos1A8A.tmp
C:\pos1A8B.tmp
C:\pos1A8C.tmp
C:\pos1A8D.tmp
C:\pos1A8E.tmp
C:\pos1A8F.tmp
C:\pos1A9.tmp
C:\pos1A90.tmp
C:\pos1A91.tmp
C:\pos1A92.tmp
C:\pos1A93.tmp
C:\pos1A94.tmp
C:\pos1A95.tmp
C:\pos1A96.tmp
C:\pos1A97.tmp
C:\pos1A98.tmp
C:\pos1A99.tmp
C:\pos1A9A.tmp
C:\pos1A9B.tmp
C:\pos1A9C.tmp
C:\pos1A9D.tmp
C:\pos1A9E.tmp
C:\pos1A9F.tmp
C:\pos1AA.tmp
C:\pos1AA0.tmp
C:\pos1AA1.tmp
C:\pos1AA2.tmp
C:\pos1AA3.tmp
C:\pos1AA4.tmp
C:\pos1AA5.tmp
C:\pos1AA6.tmp
C:\pos1AA7.tmp
C:\pos1AA8.tmp
C:\pos1AA9.tmp
C:\pos1AAA.tmp
C:\pos1AAB.tmp
C:\pos1AAC.tmp
C:\pos1AAD.tmp
C:\pos1AAE.tmp
C:\pos1AAF.tmp
C:\pos1AB.tmp
C:\pos1AB0.tmp
C:\pos1AB1.tmp
C:\pos1AB2.tmp
C:\pos1AB3.tmp
C:\pos1AB4.tmp
C:\pos1AB5.tmp
C:\pos1AB6.tmp
C:\pos1AB7.tmp
C:\pos1AB8.tmp
C:\pos1AB9.tmp
C:\pos1ABA.tmp
C:\pos1ABB.tmp
C:\pos1ABC.tmp
C:\pos1ABD.tmp
C:\pos1ABE.tmp
C:\pos1ABF.tmp
C:\pos1AC.tmp
C:\pos1AC0.tmp
C:\pos1AC1.tmp
C:\pos1AC2.tmp
C:\pos1AC3.tmp
C:\pos1AC4.tmp
C:\pos1AC5.tmp
C:\pos1AC6.tmp
C:\pos1AC7.tmp
C:\pos1AC8.tmp
C:\pos1AC9.tmp
C:\pos1ACA.tmp
C:\pos1ACB.tmp
C:\pos1ACC.tmp
C:\pos1ACD.tmp
C:\pos1ACE.tmp
C:\pos1ACF.tmp
C:\pos1AD.tmp
C:\pos1AD0.tmp
C:\pos1AD1.tmp
C:\pos1AD2.tmp
C:\pos1AD3.tmp
C:\pos1AD4.tmp
C:\pos1AD5.tmp
C:\pos1AD6.tmp
C:\pos1AD7.tmp
C:\pos1AD8.tmp
C:\pos1AD9.tmp
C:\pos1ADA.tmp
C:\pos1ADB.tmp
C:\pos1ADC.tmp
C:\pos1ADD.tmp
C:\pos1ADE.tmp
C:\pos1ADF.tmp
C:\pos1AE.tmp
C:\pos1AE0.tmp
C:\pos1AE1.tmp
C:\pos1AE2.tmp
C:\pos1AE3.tmp
C:\pos1AE4.tmp
C:\pos1AE5.tmp
C:\pos1AE6.tmp
C:\pos1AE7.tmp
C:\pos1AE8.tmp
C:\pos1AE9.tmp
C:\pos1AEA.tmp
C:\pos1AEB.tmp
C:\pos1AEC.tmp
C:\pos1AED.tmp
C:\pos1AEE.tmp
C:\pos1AEF.tmp
C:\pos1AF.tmp
C:\pos1AF0.tmp
C:\pos1AF1.tmp
C:\pos1AF2.tmp
C:\pos1AF3.tmp
C:\pos1AF4.tmp
C:\pos1AF5.tmp
C:\pos1AF6.tmp
C:\pos1AF7.tmp
C:\pos1AF8.tmp
C:\pos1AF9.tmp
C:\pos1AFA.tmp
C:\pos1AFB.tmp
C:\pos1AFC.tmp
C:\pos1AFD.tmp
C:\pos1AFE.tmp
C:\pos1AFF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B00.tmp
C:\pos1B01.tmp
C:\pos1B02.tmp
C:\pos1B03.tmp
C:\pos1B04.tmp
C:\pos1B05.tmp
C:\pos1B06.tmp
C:\pos1B07.tmp
C:\pos1B08.tmp
C:\pos1B09.tmp
C:\pos1B0A.tmp
C:\pos1B0B.tmp
C:\pos1B0C.tmp
C:\pos1B0D.tmp
C:\pos1B0E.tmp
C:\pos1B0F.tmp
C:\pos1B1.tmp
C:\pos1B10.tmp
C:\pos1B11.tmp
C:\pos1B12.tmp
C:\pos1B13.tmp
C:\pos1B14.tmp
C:\pos1B15.tmp
C:\pos1B16.tmp
C:\pos1B17.tmp
C:\pos1B18.tmp
C:\pos1B19.tmp
C:\pos1B1A.tmp
C:\pos1B1B.tmp
C:\pos1B1C.tmp
C:\pos1B1D.tmp
C:\pos1B1E.tmp
C:\pos1B1F.tmp
C:\pos1B2.tmp
C:\pos1B20.tmp
C:\pos1B21.tmp
C:\pos1B22.tmp
C:\pos1B23.tmp
C:\pos1B24.tmp
C:\pos1B25.tmp
C:\pos1B26.tmp
C:\pos1B27.tmp
C:\pos1B28.tmp
C:\pos1B29.tmp
C:\pos1B2A.tmp
C:\pos1B2B.tmp
C:\pos1B2C.tmp
C:\pos1B2D.tmp
C:\pos1B2E.tmp
C:\pos1B2F.tmp
C:\pos1B3.tmp
C:\pos1B30.tmp
C:\pos1B31.tmp
C:\pos1B32.tmp
C:\pos1B33.tmp
C:\pos1B34.tmp
C:\pos1B35.tmp
C:\pos1B36.tmp
C:\pos1B37.tmp
C:\pos1B38.tmp
C:\pos1B39.tmp
C:\pos1B3A.tmp
C:\pos1B3B.tmp
C:\pos1B3C.tmp
C:\pos1B3D.tmp
C:\pos1B3E.tmp
C:\pos1B3F.tmp
C:\pos1B4.tmp
C:\pos1B40.tmp
C:\pos1B41.tmp
C:\pos1B42.tmp
C:\pos1B43.tmp
C:\pos1B44.tmp
C:\pos1B45.tmp
C:\pos1B46.tmp
C:\pos1B47.tmp
C:\pos1B48.tmp
C:\pos1B49.tmp
C:\pos1B4A.tmp
C:\pos1B4B.tmp
C:\pos1B4C.tmp
C:\pos1B4D.tmp
C:\pos1B4E.tmp
C:\pos1B4F.tmp
C:\pos1B5.tmp
C:\pos1B50.tmp
C:\pos1B51.tmp
C:\pos1B52.tmp
C:\pos1B53.tmp
C:\pos1B54.tmp
C:\pos1B55.tmp
C:\pos1B56.tmp
C:\pos1B57.tmp
C:\pos1B58.tmp
C:\pos1B59.tmp
C:\pos1B5A.tmp
C:\pos1B5B.tmp
C:\pos1B5C.tmp
C:\pos1B5D.tmp
C:\pos1B5E.tmp
C:\pos1B5F.tmp
C:\pos1B6.tmp
C:\pos1B60.tmp
C:\pos1B61.tmp
C:\pos1B62.tmp
C:\pos1B63.tmp
C:\pos1B64.tmp
C:\pos1B65.tmp
C:\pos1B66.tmp
C:\pos1B67.tmp
C:\pos1B68.tmp
C:\pos1B69.tmp
C:\pos1B6A.tmp
C:\pos1B6B.tmp
C:\pos1B6C.tmp
C:\pos1B6D.tmp
C:\pos1B6E.tmp
C:\pos1B6F.tmp
C:\pos1B7.tmp
C:\pos1B70.tmp
C:\pos1B71.tmp
C:\pos1B72.tmp
C:\pos1B73.tmp
C:\pos1B74.tmp
C:\pos1B75.tmp
C:\pos1B76.tmp
C:\pos1B77.tmp
C:\pos1B78.tmp
C:\pos1B79.tmp
C:\pos1B7A.tmp
C:\pos1B7B.tmp
C:\pos1B7C.tmp
C:\pos1B7D.tmp
C:\pos1B7E.tmp
C:\pos1B7F.tmp
C:\pos1B8.tmp
C:\pos1B80.tmp
C:\pos1B81.tmp
C:\pos1B82.tmp
C:\pos1B83.tmp
C:\pos1B84.tmp
C:\pos1B85.tmp
C:\pos1B86.tmp
C:\pos1B87.tmp
C:\pos1B88.tmp
C:\pos1B89.tmp
C:\pos1B8A.tmp
C:\pos1B8B.tmp
C:\pos1B8C.tmp
C:\pos1B8D.tmp
C:\pos1B8E.tmp
C:\pos1B8F.tmp
C:\pos1B9.tmp
C:\pos1B90.tmp
C:\pos1B91.tmp
C:\pos1B92.tmp
C:\pos1B93.tmp
C:\pos1B94.tmp
C:\pos1B95.tmp
C:\pos1B96.tmp
C:\pos1B97.tmp
C:\pos1B98.tmp
C:\pos1B99.tmp
C:\pos1B9A.tmp
C:\pos1B9B.tmp
C:\pos1B9C.tmp
C:\pos1B9D.tmp
C:\pos1B9E.tmp
C:\pos1B9F.tmp
C:\pos1BA.tmp
C:\pos1BA0.tmp
C:\pos1BA1.tmp
C:\pos1BA2.tmp
C:\pos1BA3.tmp
C:\pos1BA4.tmp
C:\pos1BA5.tmp
C:\pos1BA6.tmp
C:\pos1BA7.tmp
C:\pos1BA8.tmp
C:\pos1BA9.tmp
C:\pos1BAA.tmp
C:\pos1BAB.tmp
C:\pos1BAC.tmp
C:\pos1BAD.tmp
C:\pos1BAE.tmp
C:\pos1BAF.tmp
C:\pos1BB.tmp
C:\pos1BB0.tmp
C:\pos1BB1.tmp
C:\pos1BB2.tmp
C:\pos1BB3.tmp
C:\pos1BB4.tmp
C:\pos1BB5.tmp
C:\pos1BB6.tmp
C:\pos1BB7.tmp
C:\pos1BB8.tmp
C:\pos1BB9.tmp
C:\pos1BBA.tmp
C:\pos1BBB.tmp
C:\pos1BBC.tmp
C:\pos1BBD.tmp
C:\pos1BBE.tmp
C:\pos1BBF.tmp
C:\pos1BC.tmp
C:\pos1BC0.tmp
C:\pos1BC1.tmp
C:\pos1BC2.tmp
C:\pos1BC3.tmp
C:\pos1BC4.tmp
C:\pos1BC5.tmp
C:\pos1BC6.tmp
C:\pos1BC7.tmp
C:\pos1BC8.tmp
C:\pos1BC9.tmp
C:\pos1BCA.tmp
C:\pos1BCB.tmp
C:\pos1BCC.tmp
C:\pos1BCD.tmp
C:\pos1BCE.tmp
C:\pos1BCF.tmp
C:\pos1BD.tmp
C:\pos1BD0.tmp
C:\pos1BD1.tmp
C:\pos1BD2.tmp
C:\pos1BD3.tmp
C:\pos1BD4.tmp
C:\pos1BD5.tmp
C:\pos1BD6.tmp
C:\pos1BD7.tmp
C:\pos1BD8.tmp
C:\pos1BD9.tmp
C:\pos1BDA.tmp
C:\pos1BDB.tmp
C:\pos1BDC.tmp
C:\pos1BDD.tmp
C:\pos1BDE.tmp
C:\pos1BDF.tmp
C:\pos1BE.tmp
C:\pos1BE0.tmp
C:\pos1BE1.tmp
C:\pos1BE2.tmp
C:\pos1BE3.tmp
C:\pos1BE4.tmp
C:\pos1BE5.tmp
C:\pos1BE6.tmp
C:\pos1BE7.tmp
C:\pos1BE8.tmp
C:\pos1BE9.tmp
C:\pos1BEA.tmp
C:\pos1BEB.tmp
C:\pos1BEC.tmp
C:\pos1BED.tmp
C:\pos1BEE.tmp
C:\pos1BEF.tmp
C:\pos1BF.tmp
C:\pos1BF0.tmp
C:\pos1BF1.tmp
C:\pos1BF2.tmp
C:\pos1BF3.tmp
C:\pos1BF4.tmp
C:\pos1BF5.tmp
C:\pos1BF6.tmp
C:\pos1BF7.tmp
C:\pos1BF8.tmp
C:\pos1BF9.tmp
C:\pos1BFA.tmp
C:\pos1BFB.tmp
C:\pos1BFC.tmp
C:\pos1BFD.tmp
C:\pos1BFE.tmp
C:\pos1BFF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C00.tmp
C:\pos1C01.tmp
C:\pos1C02.tmp
C:\pos1C03.tmp
C:\pos1C04.tmp
C:\pos1C05.tmp
C:\pos1C06.tmp
C:\pos1C07.tmp
C:\pos1C08.tmp
C:\pos1C09.tmp
C:\pos1C0A.tmp
C:\pos1C0B.tmp
C:\pos1C0C.tmp
C:\pos1C0D.tmp
C:\pos1C0E.tmp
C:\pos1C0F.tmp
C:\pos1C1.tmp
C:\pos1C10.tmp
C:\pos1C11.tmp
C:\pos1C12.tmp
C:\pos1C13.tmp
C:\pos1C14.tmp
C:\pos1C15.tmp
C:\pos1C16.tmp
C:\pos1C17.tmp
C:\pos1C18.tmp
C:\pos1C19.tmp
C:\pos1C1A.tmp
C:\pos1C1B.tmp
C:\pos1C1C.tmp
C:\pos1C1D.tmp
C:\pos1C1E.tmp
C:\pos1C1F.tmp
C:\pos1C2.tmp
C:\pos1C20.tmp
C:\pos1C21.tmp
C:\pos1C22.tmp
C:\pos1C23.tmp
C:\pos1C24.tmp
C:\pos1C25.tmp
C:\pos1C26.tmp
C:\pos1C27.tmp
C:\pos1C28.tmp
C:\pos1C29.tmp
C:\pos1C2A.tmp
C:\pos1C2B.tmp
C:\pos1C2C.tmp
C:\pos1C2D.tmp
C:\pos1C2E.tmp
C:\pos1C2F.tmp
C:\pos1C3.tmp
C:\pos1C30.tmp
C:\pos1C31.tmp
C:\pos1C32.tmp
C:\pos1C33.tmp
C:\pos1C34.tmp
C:\pos1C35.tmp
C:\pos1C36.tmp
C:\pos1C37.tmp
C:\pos1C38.tmp
C:\pos1C39.tmp
C:\pos1C3A.tmp
C:\pos1C3B.tmp
C:\pos1C3C.tmp
C:\pos1C3D.tmp
C:\pos1C3E.tmp
C:\pos1C3F.tmp
C:\pos1C4.tmp
C:\pos1C40.tmp
C:\pos1C41.tmp
C:\pos1C42.tmp
C:\pos1C43.tmp
C:\pos1C44.tmp
C:\pos1C45.tmp
C:\pos1C46.tmp
C:\pos1C47.tmp
C:\pos1C48.tmp
C:\pos1C49.tmp
C:\pos1C4A.tmp
C:\pos1C4B.tmp
C:\pos1C4C.tmp
C:\pos1C4D.tmp
C:\pos1C4E.tmp
C:\pos1C4F.tmp
C:\pos1C5.tmp
C:\pos1C50.tmp
C:\pos1C51.tmp
C:\pos1C52.tmp
C:\pos1C53.tmp
C:\pos1C54.tmp
C:\pos1C55.tmp
C:\pos1C56.tmp
C:\pos1C57.tmp
C:\pos1C58.tmp
C:\pos1C59.tmp
C:\pos1C5A.tmp
C:\pos1C5B.tmp
C:\pos1C5C.tmp
C:\pos1C5D.tmp
C:\pos1C5E.tmp
C:\pos1C5F.tmp
C:\pos1C6.tmp
C:\pos1C60.tmp
C:\pos1C61.tmp
C:\pos1C62.tmp
C:\pos1C63.tmp
C:\pos1C64.tmp
C:\pos1C65.tmp
C:\pos1C66.tmp
C:\pos1C67.tmp
C:\pos1C68.tmp
C:\pos1C69.tmp
C:\pos1C6A.tmp
C:\pos1C6B.tmp
C:\pos1C6C.tmp
C:\pos1C6D.tmp
C:\pos1C6E.tmp
C:\pos1C6F.tmp
C:\pos1C7.tmp
C:\pos1C70.tmp
C:\pos1C71.tmp
C:\pos1C72.tmp
C:\pos1C73.tmp
C:\pos1C74.tmp
C:\pos1C75.tmp
C:\pos1C76.tmp
C:\pos1C77.tmp
C:\pos1C78.tmp
C:\pos1C79.tmp
C:\pos1C7A.tmp
C:\pos1C7B.tmp
C:\pos1C7C.tmp
C:\pos1C7D.tmp
C:\pos1C7E.tmp
C:\pos1C7F.tmp
C:\pos1C8.tmp
C:\pos1C80.tmp
C:\pos1C81.tmp
C:\pos1C82.tmp
C:\pos1C83.tmp
C:\pos1C84.tmp
C:\pos1C85.tmp
C:\pos1C86.tmp
C:\pos1C87.tmp
C:\pos1C88.tmp
C:\pos1C89.tmp
C:\pos1C8A.tmp
C:\pos1C8B.tmp
C:\pos1C8C.tmp
C:\pos1C8D.tmp
C:\pos1C8E.tmp
C:\pos1C8F.tmp
C:\pos1C9.tmp
C:\pos1C90.tmp
C:\pos1C91.tmp
C:\pos1C92.tmp
C:\pos1C93.tmp
C:\pos1C94.tmp
C:\pos1C95.tmp
C:\pos1C96.tmp
C:\pos1C97.tmp
C:\pos1C98.tmp
C:\pos1C99.tmp
C:\pos1C9A.tmp
C:\pos1C9B.tmp
C:\pos1C9C.tmp
C:\pos1C9D.tmp
C:\pos1C9E.tmp
C:\pos1C9F.tmp
C:\pos1CA.tmp
C:\pos1CA0.tmp
C:\pos1CA1.tmp
C:\pos1CA2.tmp
C:\pos1CA3.tmp
C:\pos1CA4.tmp
C:\pos1CA5.tmp
C:\pos1CA6.tmp
C:\pos1CA7.tmp
C:\pos1CA8.tmp
C:\pos1CA9.tmp
C:\pos1CAA.tmp
C:\pos1CAB.tmp
C:\pos1CAC.tmp
C:\pos1CAD.tmp
C:\pos1CAE.tmp
C:\pos1CAF.tmp
C:\pos1CB.tmp
C:\pos1CB0.tmp
C:\pos1CB1.tmp
C:\pos1CB2.tmp
C:\pos1CB3.tmp
C:\pos1CB4.tmp
C:\pos1CB5.tmp
C:\pos1CB6.tmp
C:\pos1CB7.tmp
C:\pos1CB8.tmp
C:\pos1CB9.tmp
C:\pos1CBA.tmp
C:\pos1CBB.tmp
C:\pos1CBC.tmp
C:\pos1CBD.tmp
C:\pos1CBE.tmp
C:\pos1CBF.tmp
C:\pos1CC.tmp
C:\pos1CC0.tmp
C:\pos1CC1.tmp
C:\pos1CC2.tmp
C:\pos1CC3.tmp
C:\pos1CC4.tmp
C:\pos1CC5.tmp
C:\pos1CC6.tmp
C:\pos1CC7.tmp
C:\pos1CC8.tmp
C:\pos1CC9.tmp
C:\pos1CCA.tmp
C:\pos1CCB.tmp
C:\pos1CCC.tmp
C:\pos1CCD.tmp
C:\pos1CCE.tmp
C:\pos1CCF.tmp
C:\pos1CD.tmp
C:\pos1CD0.tmp
C:\pos1CD1.tmp
C:\pos1CD2.tmp
C:\pos1CD3.tmp
C:\pos1CD4.tmp
C:\pos1CD5.tmp
C:\pos1CD6.tmp
C:\pos1CD7.tmp
C:\pos1CD8.tmp
C:\pos1CD9.tmp
C:\pos1CDA.tmp
C:\pos1CDB.tmp
C:\pos1CDC.tmp
C:\pos1CDD.tmp
C:\pos1CDE.tmp
C:\pos1CDF.tmp
C:\pos1CE.tmp
C:\pos1CE0.tmp
C:\pos1CE1.tmp
C:\pos1CE2.tmp
C:\pos1CE3.tmp
C:\pos1CE4.tmp
C:\pos1CE5.tmp
C:\pos1CE6.tmp
C:\pos1CE7.tmp
C:\pos1CE8.tmp
C:\pos1CE9.tmp
C:\pos1CEA.tmp
C:\pos1CEB.tmp
C:\pos1CEC.tmp
C:\pos1CED.tmp
C:\pos1CEE.tmp
C:\pos1CEF.tmp
C:\pos1CF.tmp
C:\pos1CF0.tmp
C:\pos1CF1.tmp
C:\pos1CF2.tmp
C:\pos1CF3.tmp
C:\pos1CF4.tmp
C:\pos1CF5.tmp
C:\pos1CF6.tmp
C:\pos1CF7.tmp
C:\pos1CF8.tmp
C:\pos1CF9.tmp
C:\pos1CFA.tmp
C:\pos1CFB.tmp
C:\pos1CFC.tmp
C:\pos1CFD.tmp
C:\pos1CFE.tmp
C:\pos1CFF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D00.tmp
C:\pos1D01.tmp
C:\pos1D02.tmp
C:\pos1D03.tmp
C:\pos1D04.tmp
C:\pos1D05.tmp
C:\pos1D06.tmp
C:\pos1D07.tmp
C:\pos1D08.tmp
C:\pos1D09.tmp
C:\pos1D0A.tmp
C:\pos1D0B.tmp
C:\pos1D0C.tmp
C:\pos1D0D.tmp
C:\pos1D0E.tmp
C:\pos1D0F.tmp
C:\pos1D1.tmp
C:\pos1D10.tmp
C:\pos1D11.tmp
C:\pos1D12.tmp
C:\pos1D13.tmp
C:\pos1D14.tmp
C:\pos1D15.tmp
C:\pos1D16.tmp
C:\pos1D17.tmp
C:\pos1D18.tmp
C:\pos1D19.tmp
C:\pos1D1A.tmp
C:\pos1D1B.tmp
C:\pos1D1C.tmp
C:\pos1D1D.tmp
C:\pos1D1E.tmp
C:\pos1D1F.tmp
C:\pos1D2.tmp
C:\pos1D20.tmp
C:\pos1D21.tmp
C:\pos1D22.tmp
C:\pos1D23.tmp
C:\pos1D24.tmp
C:\pos1D25.tmp
C:\pos1D26.tmp
C:\pos1D27.tmp
C:\pos1D28.tmp
C:\pos1D29.tmp
C:\pos1D2A.tmp
C:\pos1D2B.tmp
C:\pos1D2C.tmp
C:\pos1D2D.tmp
C:\pos1D2E.tmp
C:\pos1D2F.tmp
C:\pos1D3.tmp
C:\pos1D30.tmp
C:\pos1D31.tmp
C:\pos1D32.tmp
C:\pos1D33.tmp
C:\pos1D34.tmp
C:\pos1D35.tmp
C:\pos1D36.tmp
C:\pos1D37.tmp
C:\pos1D38.tmp
C:\pos1D39.tmp
C:\pos1D3A.tmp
C:\pos1D3B.tmp
C:\pos1D3C.tmp
C:\pos1D3D.tmp
C:\pos1D3E.tmp
C:\pos1D3F.tmp
C:\pos1D4.tmp
C:\pos1D40.tmp
C:\pos1D41.tmp
C:\pos1D42.tmp
C:\pos1D43.tmp
C:\pos1D44.tmp
C:\pos1D45.tmp
C:\pos1D46.tmp
C:\pos1D47.tmp
C:\pos1D48.tmp
C:\pos1D49.tmp
C:\pos1D4A.tmp
C:\pos1D4B.tmp
C:\pos1D4C.tmp
C:\pos1D4D.tmp
C:\pos1D4E.tmp
C:\pos1D4F.tmp
C:\pos1D5.tmp
C:\pos1D50.tmp
C:\pos1D51.tmp
C:\pos1D52.tmp
C:\pos1D53.tmp
C:\pos1D54.tmp
C:\pos1D55.tmp
C:\pos1D56.tmp
C:\pos1D57.tmp
C:\pos1D58.tmp
C:\pos1D59.tmp
C:\pos1D5A.tmp
C:\pos1D5B.tmp
C:\pos1D5C.tmp
C:\pos1D5D.tmp
C:\pos1D5E.tmp
C:\pos1D5F.tmp
C:\pos1D6.tmp
C:\pos1D60.tmp
C:\pos1D61.tmp
C:\pos1D62.tmp
C:\pos1D63.tmp
C:\pos1D64.tmp
C:\pos1D65.tmp
C:\pos1D66.tmp
C:\pos1D67.tmp
C:\pos1D68.tmp
C:\pos1D69.tmp
C:\pos1D6A.tmp
C:\pos1D6B.tmp
C:\pos1D6C.tmp
C:\pos1D6D.tmp
C:\pos1D6E.tmp
C:\pos1D6F.tmp
C:\pos1D7.tmp
C:\pos1D70.tmp
C:\pos1D71.tmp
C:\pos1D72.tmp
C:\pos1D73.tmp
C:\pos1D74.tmp
C:\pos1D75.tmp
C:\pos1D76.tmp
C:\pos1D77.tmp
C:\pos1D78.tmp
C:\pos1D79.tmp
C:\pos1D7A.tmp
C:\pos1D7B.tmp
C:\pos1D7C.tmp
C:\pos1D7D.tmp
C:\pos1D7E.tmp
C:\pos1D7F.tmp
C:\pos1D8.tmp
C:\pos1D80.tmp
C:\pos1D81.tmp
C:\pos1D82.tmp
C:\pos1D83.tmp
C:\pos1D84.tmp
C:\pos1D85.tmp
C:\pos1D86.tmp
C:\pos1D87.tmp
C:\pos1D88.tmp
C:\pos1D89.tmp
C:\pos1D8A.tmp
C:\pos1D8B.tmp
C:\pos1D8C.tmp
C:\pos1D8D.tmp
C:\pos1D8E.tmp
C:\pos1D8F.tmp
C:\pos1D9.tmp
C:\pos1D90.tmp
C:\pos1D91.tmp
C:\pos1D92.tmp
C:\pos1D93.tmp
C:\pos1D94.tmp
C:\pos1D95.tmp
C:\pos1D96.tmp
C:\pos1D97.tmp
C:\pos1D98.tmp
C:\pos1D99.tmp
C:\pos1D9A.tmp
C:\pos1D9B.tmp
C:\pos1D9C.tmp
C:\pos1D9D.tmp
C:\pos1D9E.tmp
C:\pos1D9F.tmp
C:\pos1DA.tmp
C:\pos1DA0.tmp
C:\pos1DA1.tmp
C:\pos1DA2.tmp
C:\pos1DA3.tmp
C:\pos1DA4.tmp
C:\pos1DA5.tmp
C:\pos1DA6.tmp
C:\pos1DA7.tmp
C:\pos1DA8.tmp
C:\pos1DA9.tmp
C:\pos1DAA.tmp
C:\pos1DAB.tmp
C:\pos1DAC.tmp
C:\pos1DAD.tmp
C:\pos1DAE.tmp
C:\pos1DAF.tmp
C:\pos1DB.tmp
C:\pos1DB0.tmp
C:\pos1DB1.tmp
C:\pos1DB2.tmp
C:\pos1DB3.tmp
C:\pos1DB4.tmp
C:\pos1DB5.tmp
C:\pos1DB6.tmp
C:\pos1DB7.tmp
C:\pos1DB8.tmp
C:\pos1DB9.tmp
C:\pos1DBA.tmp
C:\pos1DBB.tmp
C:\pos1DBC.tmp
C:\pos1DBD.tmp
C:\pos1DBE.tmp
C:\pos1DBF.tmp
C:\pos1DC.tmp
C:\pos1DC0.tmp
C:\pos1DC1.tmp
C:\pos1DC2.tmp
C:\pos1DC3.tmp
C:\pos1DC4.tmp
C:\pos1DC5.tmp
C:\pos1DC6.tmp
C:\pos1DC7.tmp
C:\pos1DC8.tmp
C:\pos1DC9.tmp
C:\pos1DCA.tmp
C:\pos1DCB.tmp
C:\pos1DCC.tmp
C:\pos1DCD.tmp
C:\pos1DCE.tmp
C:\pos1DCF.tmp
C:\pos1DD.tmp
C:\pos1DD0.tmp
C:\pos1DD1.tmp
C:\pos1DD2.tmp
C:\pos1DD3.tmp
C:\pos1DD4.tmp
C:\pos1DD5.tmp
C:\pos1DD6.tmp
C:\pos1DD7.tmp
C:\pos1DD8.tmp
C:\pos1DD9.tmp
C:\pos1DDA.tmp
C:\pos1DDB.tmp
C:\pos1DDC.tmp
C:\pos1DDD.tmp
C:\pos1DDE.tmp
C:\pos1DDF.tmp
C:\pos1DE.tmp
C:\pos1DE0.tmp
C:\pos1DE1.tmp
C:\pos1DE2.tmp
C:\pos1DE3.tmp
C:\pos1DE4.tmp
C:\pos1DE5.tmp
C:\pos1DE6.tmp
C:\pos1DE7.tmp
C:\pos1DE8.tmp
C:\pos1DE9.tmp
C:\pos1DEA.tmp
C:\pos1DEB.tmp
C:\pos1DEC.tmp
C:\pos1DED.tmp
C:\pos1DEE.tmp
C:\pos1DEF.tmp
C:\pos1DF.tmp
C:\pos1DF0.tmp
C:\pos1DF1.tmp
C:\pos1DF2.tmp
C:\pos1DF3.tmp
C:\pos1DF4.tmp
C:\pos1DF5.tmp
C:\pos1DF6.tmp
C:\pos1DF7.tmp
C:\pos1DF8.tmp
C:\pos1DF9.tmp
C:\pos1DFA.tmp
C:\pos1DFB.tmp
C:\pos1DFC.tmp
C:\pos1DFD.tmp
C:\pos1DFE.tmp
C:\pos1DFF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E00.tmp
C:\pos1E01.tmp
C:\pos1E02.tmp
C:\pos1E03.tmp
C:\pos1E04.tmp
C:\pos1E05.tmp
C:\pos1E06.tmp
C:\pos1E07.tmp
C:\pos1E08.tmp
C:\pos1E09.tmp
C:\pos1E0A.tmp
C:\pos1E0B.tmp
C:\pos1E0C.tmp
C:\pos1E0D.tmp
C:\pos1E0E.tmp
C:\pos1E0F.tmp
C:\pos1E1.tmp
C:\pos1E10.tmp
C:\pos1E11.tmp
C:\pos1E12.tmp
C:\pos1E13.tmp
C:\pos1E14.tmp
C:\pos1E15.tmp
C:\pos1E16.tmp
C:\pos1E17.tmp
C:\pos1E18.tmp
C:\pos1E19.tmp
C:\pos1E1A.tmp
C:\pos1E1B.tmp
C:\pos1E1C.tmp
C:\pos1E1D.tmp
C:\pos1E1E.tmp
C:\pos1E1F.tmp
C:\pos1E2.tmp
C:\pos1E20.tmp
C:\pos1E21.tmp
C:\pos1E22.tmp
C:\pos1E23.tmp
C:\pos1E24.tmp
C:\pos1E25.tmp
C:\pos1E26.tmp
C:\pos1E27.tmp
C:\pos1E28.tmp
C:\pos1E29.tmp
C:\pos1E2A.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos1E2B.tmp
C:\pos1E2C.tmp
C:\pos1E2D.tmp
C:\pos1E2E.tmp
C:\pos1E2F.tmp
C:\pos1E3.tmp
C:\pos1E30.tmp
C:\pos1E31.tmp
C:\pos1E32.tmp
C:\pos1E33.tmp
C:\pos1E34.tmp
C:\pos1E35.tmp
C:\pos1E36.tmp
C:\pos1E37.tmp
C:\pos1E38.tmp
C:\pos1E39.tmp
C:\pos1E3A.tmp
C:\pos1E3B.tmp
C:\pos1E3C.tmp
C:\pos1E3D.tmp
C:\pos1E3E.tmp
C:\pos1E3F.tmp
C:\pos1E4.tmp
C:\pos1E40.tmp
C:\pos1E41.tmp
C:\pos1E42.tmp
C:\pos1E43.tmp
C:\pos1E44.tmp
C:\pos1E45.tmp
C:\pos1E46.tmp
C:\pos1E47.tmp
C:\pos1E48.tmp
C:\pos1E49.tmp
C:\pos1E4A.tmp
C:\pos1E4B.tmp
C:\pos1E4C.tmp
C:\pos1E4D.tmp
C:\pos1E4E.tmp
C:\pos1E4F.tmp
C:\pos1E5.tmp
C:\pos1E50.tmp
C:\pos1E51.tmp
C:\pos1E52.tmp
C:\pos1E53.tmp
C:\pos1E54.tmp
C:\pos1E55.tmp
C:\pos1E56.tmp
C:\pos1E57.tmp
C:\pos1E58.tmp
C:\pos1E59.tmp
C:\pos1E5A.tmp
C:\pos1E5B.tmp
C:\pos1E5C.tmp
C:\pos1E5D.tmp
C:\pos1E5E.tmp
C:\pos1E5F.tmp
C:\pos1E6.tmp
C:\pos1E60.tmp
C:\pos1E61.tmp
C:\pos1E62.tmp
C:\pos1E63.tmp
C:\pos1E64.tmp
C:\pos1E65.tmp
C:\pos1E66.tmp
C:\pos1E67.tmp
C:\pos1E68.tmp
C:\pos1E69.tmp
C:\pos1E6A.tmp
C:\pos1E6B.tmp
C:\pos1E6C.tmp
C:\pos1E6D.tmp
C:\pos1E6E.tmp
C:\pos1E6F.tmp
C:\pos1E7.tmp
C:\pos1E70.tmp
C:\pos1E71.tmp
C:\pos1E72.tmp
C:\pos1E73.tmp
C:\pos1E74.tmp
C:\pos1E75.tmp
C:\pos1E76.tmp
C:\pos1E77.tmp
C:\pos1E78.tmp
C:\pos1E79.tmp
C:\pos1E7A.tmp
C:\pos1E7B.tmp
C:\pos1E7C.tmp
C:\pos1E7D.tmp
C:\pos1E7E.tmp
C:\pos1E7F.tmp
C:\pos1E8.tmp
C:\pos1E80.tmp
C:\pos1E81.tmp
C:\pos1E82.tmp
C:\pos1E83.tmp
C:\pos1E84.tmp
C:\pos1E85.tmp
C:\pos1E86.tmp
C:\pos1E87.tmp
C:\pos1E88.tmp
C:\pos1E89.tmp
C:\pos1E8A.tmp
C:\pos1E8B.tmp
C:\pos1E8C.tmp
C:\pos1E8D.tmp
C:\pos1E8E.tmp
C:\pos1E8F.tmp
C:\pos1E9.tmp
C:\pos1E90.tmp
C:\pos1E91.tmp
C:\pos1E92.tmp
C:\pos1E93.tmp
C:\pos1E94.tmp
C:\pos1E95.tmp
C:\pos1E96.tmp
C:\pos1E97.tmp
C:\pos1E98.tmp
C:\pos1E99.tmp
C:\pos1E9A.tmp
C:\pos1E9B.tmp
C:\pos1E9C.tmp
C:\pos1E9D.tmp
C:\pos1E9E.tmp
C:\pos1E9F.tmp
C:\pos1EA.tmp
C:\pos1EA0.tmp
C:\pos1EA1.tmp
C:\pos1EA2.tmp
C:\pos1EA3.tmp
C:\pos1EA4.tmp
C:\pos1EA5.tmp
C:\pos1EA6.tmp
C:\pos1EA7.tmp
C:\pos1EA8.tmp
C:\pos1EA9.tmp
C:\pos1EAA.tmp
C:\pos1EAB.tmp
C:\pos1EAC.tmp
C:\pos1EAD.tmp
C:\pos1EAE.tmp
C:\pos1EAF.tmp
C:\pos1EB.tmp
C:\pos1EB0.tmp
C:\pos1EB1.tmp
C:\pos1EB2.tmp
C:\pos1EB3.tmp
C:\pos1EB4.tmp
C:\pos1EB5.tmp
C:\pos1EB6.tmp
C:\pos1EB7.tmp
C:\pos1EB8.tmp
C:\pos1EB9.tmp
C:\pos1EBA.tmp
C:\pos1EBB.tmp
C:\pos1EBC.tmp
C:\pos1EBD.tmp
C:\pos1EBE.tmp
C:\pos1EBF.tmp
C:\pos1EC.tmp
C:\pos1EC0.tmp
C:\pos1EC1.tmp
C:\pos1EC2.tmp
C:\pos1EC3.tmp
C:\pos1EC4.tmp
C:\pos1EC5.tmp
C:\pos1EC6.tmp
C:\pos1EC7.tmp
C:\pos1EC8.tmp
C:\pos1EC9.tmp
C:\pos1ECA.tmp
C:\pos1ECB.tmp
C:\pos1ECC.tmp
C:\pos1ECD.tmp
C:\pos1ECE.tmp
C:\pos1ECF.tmp
C:\pos1ED.tmp
C:\pos1ED0.tmp
C:\pos1ED1.tmp
C:\pos1ED2.tmp
C:\pos1ED3.tmp
C:\pos1ED4.tmp
C:\pos1ED5.tmp
C:\pos1ED6.tmp
C:\pos1ED7.tmp
C:\pos1ED8.tmp
C:\pos1ED9.tmp
C:\pos1EDA.tmp
C:\pos1EDB.tmp
C:\pos1EDC.tmp
C:\pos1EDD.tmp
C:\pos1EDE.tmp
C:\pos1EDF.tmp
C:\pos1EE.tmp
C:\pos1EE0.tmp
C:\pos1EE1.tmp
C:\pos1EE2.tmp
C:\pos1EE3.tmp
C:\pos1EE4.tmp
C:\pos1EE5.tmp
C:\pos1EE6.tmp
C:\pos1EE7.tmp
C:\pos1EE8.tmp
C:\pos1EE9.tmp
C:\pos1EEA.tmp
C:\pos1EEB.tmp
C:\pos1EEC.tmp
C:\pos1EED.tmp
C:\pos1EEE.tmp
C:\pos1EEF.tmp
C:\pos1EF.tmp
C:\pos1EF0.tmp
C:\pos1EF1.tmp
C:\pos1EF2.tmp
C:\pos1EF3.tmp
C:\pos1EF4.tmp
C:\pos1EF5.tmp
C:\pos1EF6.tmp
C:\pos1EF7.tmp
C:\pos1EF8.tmp
C:\pos1EF9.tmp
C:\pos1EFA.tmp
C:\pos1EFB.tmp
C:\pos1EFC.tmp
C:\pos1EFD.tmp
C:\pos1EFE.tmp
C:\pos1EFF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F00.tmp
C:\pos1F01.tmp
C:\pos1F02.tmp
C:\pos1F03.tmp
C:\pos1F04.tmp
C:\pos1F05.tmp
C:\pos1F06.tmp
C:\pos1F07.tmp
C:\pos1F08.tmp
C:\pos1F09.tmp
C:\pos1F0A.tmp
C:\pos1F0B.tmp
C:\pos1F0C.tmp
C:\pos1F0D.tmp
C:\pos1F0E.tmp
C:\pos1F0F.tmp
C:\pos1F1.tmp
C:\pos1F10.tmp
C:\pos1F11.tmp
C:\pos1F12.tmp
C:\pos1F13.tmp
C:\pos1F14.tmp
C:\pos1F15.tmp
C:\pos1F16.tmp
C:\pos1F17.tmp
C:\pos1F18.tmp
C:\pos1F19.tmp
C:\pos1F1A.tmp
C:\pos1F1B.tmp
C:\pos1F1C.tmp
C:\pos1F1D.tmp
C:\pos1F1E.tmp
C:\pos1F1F.tmp
C:\pos1F2.tmp
C:\pos1F20.tmp
C:\pos1F21.tmp
C:\pos1F22.tmp
C:\pos1F23.tmp
C:\pos1F24.tmp
C:\pos1F25.tmp
C:\pos1F26.tmp
C:\pos1F27.tmp
C:\pos1F28.tmp
C:\pos1F29.tmp
C:\pos1F2A.tmp
C:\pos1F2B.tmp
C:\pos1F2C.tmp
C:\pos1F2D.tmp
C:\pos1F2E.tmp
C:\pos1F2F.tmp
C:\pos1F3.tmp
C:\pos1F30.tmp
C:\pos1F31.tmp
C:\pos1F32.tmp
C:\pos1F33.tmp
C:\pos1F34.tmp
C:\pos1F35.tmp
C:\pos1F36.tmp
C:\pos1F37.tmp
C:\pos1F38.tmp
C:\pos1F39.tmp
C:\pos1F3A.tmp
C:\pos1F3B.tmp
C:\pos1F3C.tmp
C:\pos1F3D.tmp
C:\pos1F3E.tmp
C:\pos1F3F.tmp
C:\pos1F4.tmp
C:\pos1F40.tmp
C:\pos1F41.tmp
C:\pos1F42.tmp
C:\pos1F43.tmp
C:\pos1F44.tmp
C:\pos1F45.tmp
C:\pos1F46.tmp
C:\pos1F47.tmp
C:\pos1F48.tmp
C:\pos1F49.tmp
C:\pos1F4A.tmp
C:\pos1F4B.tmp
C:\pos1F4C.tmp
C:\pos1F4D.tmp
C:\pos1F4E.tmp
C:\pos1F4F.tmp
C:\pos1F5.tmp
C:\pos1F50.tmp
C:\pos1F51.tmp
C:\pos1F52.tmp
C:\pos1F53.tmp
C:\pos1F54.tmp
C:\pos1F55.tmp
C:\pos1F56.tmp
C:\pos1F57.tmp
C:\pos1F58.tmp
C:\pos1F59.tmp
C:\pos1F5A.tmp
C:\pos1F5B.tmp
C:\pos1F5C.tmp
C:\pos1F5D.tmp
C:\pos1F5E.tmp
C:\pos1F5F.tmp
C:\pos1F6.tmp
C:\pos1F60.tmp
C:\pos1F61.tmp
C:\pos1F62.tmp
C:\pos1F63.tmp
C:\pos1F64.tmp
C:\pos1F65.tmp
C:\pos1F66.tmp
C:\pos1F67.tmp
C:\pos1F68.tmp
C:\pos1F69.tmp
C:\pos1F6A.tmp
C:\pos1F6B.tmp
C:\pos1F6C.tmp
C:\pos1F6D.tmp
C:\pos1F6E.tmp
C:\pos1F6F.tmp
C:\pos1F7.tmp
C:\pos1F70.tmp
C:\pos1F71.tmp
C:\pos1F72.tmp
C:\pos1F73.tmp
C:\pos1F74.tmp
C:\pos1F75.tmp
C:\pos1F76.tmp
C:\pos1F77.tmp
C:\pos1F78.tmp
C:\pos1F79.tmp
C:\pos1F7A.tmp
C:\pos1F7B.tmp
C:\pos1F7C.tmp
C:\pos1F7D.tmp
C:\pos1F7E.tmp
C:\pos1F7F.tmp
C:\pos1F8.tmp
C:\pos1F80.tmp
C:\pos1F81.tmp
C:\pos1F82.tmp
C:\pos1F83.tmp
C:\pos1F84.tmp
C:\pos1F85.tmp
C:\pos1F86.tmp
C:\pos1F87.tmp
C:\pos1F88.tmp
C:\pos1F89.tmp
C:\pos1F8A.tmp
C:\pos1F8B.tmp
C:\pos1F8C.tmp
C:\pos1F8D.tmp
C:\pos1F8E.tmp
C:\pos1F8F.tmp
C:\pos1F9.tmp
C:\pos1F90.tmp
C:\pos1F91.tmp
C:\pos1F92.tmp
C:\pos1F93.tmp
C:\pos1F94.tmp
C:\pos1F95.tmp
C:\pos1F96.tmp
C:\pos1F97.tmp
C:\pos1F98.tmp
C:\pos1F99.tmp
C:\pos1F9A.tmp
C:\pos1F9B.tmp
C:\pos1F9C.tmp
C:\pos1F9D.tmp
C:\pos1F9E.tmp
C:\pos1F9F.tmp
C:\pos1FA.tmp
C:\pos1FA0.tmp
C:\pos1FA1.tmp
C:\pos1FA2.tmp
C:\pos1FA3.tmp
C:\pos1FA4.tmp
C:\pos1FA5.tmp
C:\pos1FA6.tmp
C:\pos1FA7.tmp
C:\pos1FA8.tmp
C:\pos1FA9.tmp
C:\pos1FAA.tmp
C:\pos1FAB.tmp
C:\pos1FAC.tmp
C:\pos1FAD.tmp
C:\pos1FAE.tmp
C:\pos1FAF.tmp
C:\pos1FB.tmp
C:\pos1FB0.tmp
C:\pos1FB1.tmp
C:\pos1FB2.tmp
C:\pos1FB3.tmp
C:\pos1FB4.tmp
C:\pos1FB5.tmp
C:\pos1FB6.tmp
C:\pos1FB7.tmp
C:\pos1FB8.tmp
C:\pos1FB9.tmp
C:\pos1FBA.tmp
C:\pos1FBB.tmp
C:\pos1FBC.tmp
C:\pos1FBD.tmp
C:\pos1FBE.tmp
C:\pos1FBF.tmp
C:\pos1FC.tmp
C:\pos1FC0.tmp
C:\pos1FC1.tmp
C:\pos1FC2.tmp
C:\pos1FC3.tmp
C:\pos1FC4.tmp
C:\pos1FC5.tmp
C:\pos1FC6.tmp
C:\pos1FC7.tmp
C:\pos1FC8.tmp
C:\pos1FC9.tmp
C:\pos1FCA.tmp
C:\pos1FCB.tmp
C:\pos1FCC.tmp
C:\pos1FCD.tmp
C:\pos1FCE.tmp
C:\pos1FCF.tmp
C:\pos1FD.tmp
C:\pos1FD0.tmp
C:\pos1FD1.tmp
C:\pos1FD2.tmp
C:\pos1FD3.tmp
C:\pos1FD4.tmp
C:\pos1FD5.tmp
C:\pos1FD6.tmp
C:\pos1FD7.tmp
C:\pos1FD8.tmp
C:\pos1FD9.tmp
C:\pos1FDA.tmp
C:\pos1FDB.tmp
C:\pos1FDC.tmp
C:\pos1FDD.tmp
C:\pos1FDE.tmp
C:\pos1FDF.tmp
C:\pos1FE.tmp
C:\pos1FE0.tmp
C:\pos1FE1.tmp
C:\pos1FE2.tmp
C:\pos1FE3.tmp
C:\pos1FE4.tmp
C:\pos1FE5.tmp
C:\pos1FE6.tmp
C:\pos1FE7.tmp
C:\pos1FE8.tmp
C:\pos1FE9.tmp
C:\pos1FEA.tmp
C:\pos1FEB.tmp
C:\pos1FEC.tmp
C:\pos1FED.tmp
C:\pos1FEE.tmp
C:\pos1FEF.tmp
C:\pos1FF.tmp
C:\pos1FF0.tmp
C:\pos1FF1.tmp
C:\pos1FF2.tmp
C:\pos1FF3.tmp
C:\pos1FF4.tmp
C:\pos1FF5.tmp
C:\pos1FF6.tmp
C:\pos1FF7.tmp
C:\pos1FF8.tmp
C:\pos1FF9.tmp
C:\pos1FFA.tmp
C:\pos1FFB.tmp
C:\pos1FFC.tmp
C:\pos1FFD.tmp
C:\pos1FFE.tmp
C:\pos1FFF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos2000.tmp
C:\pos2001.tmp
C:\pos2002.tmp
C:\pos2003.tmp
C:\pos2004.tmp
C:\pos2005.tmp
C:\pos2006.tmp
C:\pos2007.tmp
C:\pos2008.tmp
C:\pos2009.tmp
C:\pos200A.tmp
C:\pos200B.tmp
C:\pos200C.tmp
C:\pos200D.tmp
C:\pos200E.tmp
C:\pos200F.tmp
C:\pos201.tmp
C:\pos2010.tmp
C:\pos2011.tmp
C:\pos2012.tmp
C:\pos2013.tmp
C:\pos2014.tmp
C:\pos2015.tmp
C:\pos2016.tmp
C:\pos2017.tmp
C:\pos2018.tmp
C:\pos2019.tmp
C:\pos201A.tmp
C:\pos201B.tmp
C:\pos201C.tmp
C:\pos201D.tmp
C:\pos201E.tmp
C:\pos201F.tmp
C:\pos202.tmp
C:\pos2020.tmp
C:\pos2021.tmp
C:\pos2022.tmp
C:\pos2023.tmp
C:\pos2024.tmp
C:\pos2025.tmp
C:\pos2026.tmp
C:\pos2027.tmp
C:\pos2028.tmp
C:\pos2029.tmp
C:\pos202A.tmp
C:\pos202B.tmp
C:\pos202C.tmp
C:\pos202D.tmp
C:\pos202E.tmp
C:\pos202F.tmp
C:\pos203.tmp
C:\pos2030.tmp
C:\pos2031.tmp
C:\pos2032.tmp
C:\pos2033.tmp
C:\pos2034.tmp
C:\pos2035.tmp
C:\pos2036.tmp
C:\pos2037.tmp
C:\pos2038.tmp
C:\pos2039.tmp
C:\pos203A.tmp
C:\pos203B.tmp
C:\pos203C.tmp
C:\pos203D.tmp
C:\pos203E.tmp
C:\pos203F.tmp
C:\pos204.tmp
C:\pos2040.tmp
C:\pos2041.tmp
C:\pos2042.tmp
C:\pos2043.tmp
C:\pos2044.tmp
C:\pos2045.tmp
C:\pos2046.tmp
C:\pos2047.tmp
C:\pos2048.tmp
C:\pos2049.tmp
C:\pos204A.tmp
C:\pos204B.tmp
C:\pos204C.tmp
C:\pos204D.tmp
C:\pos204E.tmp
C:\pos204F.tmp
C:\pos205.tmp
C:\pos2050.tmp
C:\pos2051.tmp
C:\pos2052.tmp
C:\pos2053.tmp
C:\pos2054.tmp
C:\pos2055.tmp
C:\pos2056.tmp
C:\pos2057.tmp
C:\pos2058.tmp
C:\pos2059.tmp
C:\pos205A.tmp
C:\pos205B.tmp
C:\pos205C.tmp
C:\pos205D.tmp
C:\pos205E.tmp
C:\pos205F.tmp
C:\pos206.tmp
C:\pos2060.tmp
C:\pos2061.tmp
C:\pos2062.tmp
C:\pos2063.tmp
C:\pos2064.tmp
C:\pos2065.tmp
C:\pos2066.tmp
C:\pos2067.tmp
C:\pos2068.tmp
C:\pos2069.tmp
C:\pos206A.tmp
C:\pos206B.tmp
C:\pos206C.tmp
C:\pos206D.tmp
C:\pos206E.tmp
C:\pos206F.tmp
C:\pos207.tmp
C:\pos2070.tmp
C:\pos2071.tmp
C:\pos2072.tmp
C:\pos2073.tmp
C:\pos2074.tmp
C:\pos2075.tmp
C:\pos2076.tmp
C:\pos2077.tmp
C:\pos2078.tmp
C:\pos2079.tmp
C:\pos207A.tmp
C:\pos207B.tmp
C:\pos207C.tmp
C:\pos207D.tmp
C:\pos207E.tmp
C:\pos207F.tmp
C:\pos208.tmp
C:\pos2080.tmp
C:\pos2081.tmp
C:\pos2082.tmp
C:\pos2083.tmp
C:\pos2084.tmp
C:\pos2085.tmp
C:\pos2086.tmp
C:\pos2087.tmp
C:\pos2088.tmp
C:\pos2089.tmp
C:\pos208A.tmp
C:\pos208B.tmp
C:\pos208C.tmp
C:\pos208D.tmp
C:\pos208E.tmp
C:\pos208F.tmp
C:\pos209.tmp
C:\pos2090.tmp
C:\pos2091.tmp
C:\pos2092.tmp
C:\pos2093.tmp
C:\pos2094.tmp
C:\pos2095.tmp
C:\pos2096.tmp
C:\pos2097.tmp
C:\pos2098.tmp
C:\pos2099.tmp
C:\pos209A.tmp
C:\pos209B.tmp
C:\pos209C.tmp
C:\pos209D.tmp
C:\pos209E.tmp
C:\pos209F.tmp
C:\pos20A.tmp
C:\pos20A0.tmp
C:\pos20A1.tmp
C:\pos20A2.tmp
C:\pos20A3.tmp
C:\pos20A4.tmp
C:\pos20A5.tmp
C:\pos20A6.tmp
C:\pos20A7.tmp
C:\pos20A8.tmp
C:\pos20A9.tmp
C:\pos20AA.tmp
C:\pos20AB.tmp
C:\pos20AC.tmp
C:\pos20AD.tmp
C:\pos20AE.tmp
C:\pos20AF.tmp
C:\pos20B.tmp
C:\pos20B0.tmp
C:\pos20B1.tmp
C:\pos20B2.tmp
C:\pos20B3.tmp
C:\pos20B4.tmp
C:\pos20B5.tmp
C:\pos20B6.tmp
C:\pos20B7.tmp
C:\pos20B8.tmp
C:\pos20B9.tmp
C:\pos20BA.tmp
C:\pos20BB.tmp
C:\pos20BC.tmp
C:\pos20BD.tmp
C:\pos20BE.tmp
C:\pos20BF.tmp
C:\pos20C.tmp
C:\pos20C0.tmp
C:\pos20C1.tmp
C:\pos20C2.tmp
C:\pos20C3.tmp
C:\pos20C4.tmp
C:\pos20C5.tmp
C:\pos20C6.tmp
C:\pos20C7.tmp
C:\pos20C8.tmp
C:\pos20C9.tmp
C:\pos20CA.tmp
C:\pos20CB.tmp
C:\pos20CC.tmp
C:\pos20CD.tmp
C:\pos20CE.tmp
C:\pos20CF.tmp
C:\pos20D.tmp
C:\pos20D0.tmp
C:\pos20D1.tmp
C:\pos20D2.tmp
C:\pos20D3.tmp
C:\pos20D4.tmp
C:\pos20D5.tmp
C:\pos20D6.tmp
C:\pos20D7.tmp
C:\pos20D8.tmp
C:\pos20D9.tmp
C:\pos20DA.tmp
C:\pos20DB.tmp
C:\pos20DC.tmp
C:\pos20DD.tmp
C:\pos20DE.tmp
C:\pos20DF.tmp
C:\pos20E.tmp
C:\pos20E0.tmp
C:\pos20E1.tmp
C:\pos20E2.tmp
C:\pos20E3.tmp
C:\pos20E4.tmp
C:\pos20E5.tmp
C:\pos20E6.tmp
C:\pos20E7.tmp
C:\pos20E8.tmp
C:\pos20E9.tmp
C:\pos20EA.tmp
C:\pos20EB.tmp
C:\pos20EC.tmp
C:\pos20ED.tmp
C:\pos20EE.tmp
C:\pos20EF.tmp
C:\pos20F.tmp
C:\pos20F0.tmp
C:\pos20F1.tmp
C:\pos20F2.tmp
C:\pos20F3.tmp
C:\pos20F4.tmp
C:\pos20F5.tmp
C:\pos20F6.tmp
C:\pos20F7.tmp
C:\pos20F8.tmp
C:\pos20F9.tmp
C:\pos20FA.tmp
C:\pos20FB.tmp
C:\pos20FC.tmp
C:\pos20FD.tmp
C:\pos20FE.tmp
C:\pos20FF.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos2100.tmp
C:\pos2101.tmp
C:\pos2102.tmp
C:\pos2103.tmp
C:\pos2104.tmp
C:\pos2105.tmp
C:\pos2106.tmp
C:\pos2107.tmp
C:\pos2108.tmp
C:\pos2109.tmp
C:\pos210A.tmp
C:\pos210B.tmp
C:\pos210C.tmp
C:\pos210D.tmp
C:\pos210E.tmp
C:\pos210F.tmp
C:\pos211.tmp
C:\pos2110.tmp
C:\pos2111.tmp
C:\pos2112.tmp
C:\pos2113.tmp
C:\pos2114.tmp
C:\pos2115.tmp
C:\pos2116.tmp
C:\pos2117.tmp
C:\pos2118.tmp
C:\pos2119.tmp
C:\pos211A.tmp
C:\pos211B.tmp
C:\pos211C.tmp
C:\pos211D.tmp
C:\pos211E.tmp
C:\pos211F.tmp
C:\pos212.tmp
C:\pos2120.tmp
C:\pos2121.tmp
C:\pos2122.tmp
C:\pos2123.tmp
C:\pos2124.tmp
C:\pos2125.tmp
C:\pos2126.tmp
C:\pos2127.tmp
C:\pos2128.tmp
C:\pos2129.tmp
C:\pos212A.tmp
C:\pos212B.tmp
C:\pos212C.tmp
C:\pos212D.tmp
C:\pos212E.tmp
C:\pos212F.tmp
C:\pos213.tmp
C:\pos2130.tmp
C:\pos2131.tmp
C:\pos2132.tmp
C:\pos2133.tmp
C:\pos2134.tmp
C:\pos2135.tmp
C:\pos2136.tmp
C:\pos2137.tmp
C:\pos2138.tmp
C:\pos2139.tmp
C:\pos213A.tmp
C:\pos213B.tmp
C:\pos213C.tmp
C:\pos213D.tmp
C:\pos213E.tmp
C:\pos213F.tmp
C:\pos214.tmp
C:\pos2140.tmp
C:\pos2141.tmp
C:\pos2142.tmp
C:\pos2143.tmp
C:\pos2144.tmp
C:\pos2145.tmp
C:\pos2146.tmp
C:\pos2147.tmp
C:\pos2148.tmp
C:\pos2149.tmp
C:\pos214A.tmp
C:\pos214B.tmp
C:\pos214C.tmp
C:\pos214D.tmp
C:\pos214E.tmp
C:\pos214F.tmp
C:\pos215.tmp
C:\pos2150.tmp
C:\pos2151.tmp
C:\pos2152.tmp
C:\pos2153.tmp
C:\pos2154.tmp
C:\pos2155.tmp
C:\pos2156.tmp
C:\pos2157.tmp
C:\pos2158.tmp
C:\pos2159.tmp
C:\pos215A.tmp
C:\pos215B.tmp
C:\pos215C.tmp
C:\pos215D.tmp
C:\pos215E.tmp
C:\pos215F.tmp
C:\pos216.tmp
C:\pos2160.tmp
C:\pos2161.tmp
C:\pos2162.tmp
C:\pos2163.tmp
C:\pos2164.tmp
C:\pos2165.tmp
C:\pos2166.tmp
C:\pos2167.tmp
C:\pos2168.tmp
C:\pos2169.tmp
C:\pos216A.tmp
C:\pos216B.tmp
C:\pos216C.tmp
C:\pos216D.tmp
C:\pos216E.tmp
C:\pos216F.tmp
C:\pos217.tmp
C:\pos2170.tmp
C:\pos2171.tmp
C:\pos2172.tmp
C:\pos2173.tmp
C:\pos2174.tmp
C:\pos2175.tmp
C:\pos2176.tmp
C:\pos2177.tmp
C:\pos2178.tmp
C:\pos2179.tmp
C:\pos217A.tmp
C:\pos217B.tmp
C:\pos217C.tmp
C:\pos217D.tmp
C:\pos217E.tmp
C:\pos217F.tmp
C:\pos218.tmp
C:\pos2180.tmp
C:\pos2181.tmp
C:\pos2182.tmp
C:\pos2183.tmp
C:\pos2184.tmp
C:\pos2185.tmp
C:\pos2186.tmp
C:\pos2187.tmp
C:\pos2188.tmp
C:\pos2189.tmp
C:\pos218A.tmp
C:\pos218B.tmp
C:\pos218C.tmp
C:\pos218D.tmp
C:\pos218E.tmp
C:\pos218F.tmp
C:\pos219.tmp
C:\pos2190.tmp
C:\pos2191.tmp
C:\pos2192.tmp
C:\pos2193.tmp
C:\pos2194.tmp
C:\pos2195.tmp
C:\pos2196.tmp
C:\pos2197.tmp
C:\pos2198.tmp
C:\pos2199.tmp
C:\pos219A.tmp
C:\pos219B.tmp
C:\pos219C.tmp
C:\pos219D.tmp
C:\pos219E.tmp
C:\pos219F.tmp
C:\pos21A.tmp
C:\pos21A0.tmp
C:\pos21A1.tmp
C:\pos21A2.tmp
C:\pos21A3.tmp
C:\pos21A4.tmp
C:\pos21A5.tmp
C:\pos21A6.tmp
C:\pos21A7.tmp
C:\pos21A8.tmp
C:\pos21A9.tmp
C:\pos21AA.tmp
C:\pos21AB.tmp
C:\pos21AC.tmp
C:\pos21AD.tmp
C:\pos21AE.tmp
C:\pos21AF.tmp
C:\pos21B.tmp
C:\pos21B0.tmp
C:\pos21B1.tmp
C:\pos21B2.tmp
C:\pos21B3.tmp
C:\pos21B4.tmp
C:\pos21B5.tmp
C:\pos21B6.tmp
C:\pos21B7.tmp
C:\pos21B8.tmp
C:\pos21B9.tmp
C:\pos21BA.tmp
C:\pos21BB.tmp
C:\pos21BC.tmp
C:\pos21BD.tmp
C:\pos21BE.tmp
C:\pos21BF.tmp
C:\pos21C.tmp
C:\pos21C0.tmp
C:\pos21C1.tmp
C:\pos21C2.tmp
C:\pos21C3.tmp
C:\pos21C4.tmp
C:\pos21C5.tmp
C:\pos21C6.tmp
C:\pos21C7.tmp
C:\pos21C8.tmp
C:\pos21C9.tmp
C:\pos21CA.tmp
C:\pos21CB.tmp
C:\pos21CC.tmp
C:\pos21CD.tmp
C:\pos21CE.tmp
C:\pos21CF.tmp
C:\pos21D.tmp
C:\pos21D0.tmp
C:\pos21D1.tmp
C:\pos21D2.tmp
C:\pos21D3.tmp
C:\pos21D4.tmp
C:\pos21D5.tmp
C:\pos21D6.tmp
C:\pos21D7.tmp
C:\pos21D8.tmp
C:\pos21D9.tmp
C:\pos21DA.tmp
C:\pos21DB.tmp
C:\pos21DC.tmp
C:\pos21DD.tmp
C:\pos21DE.tmp
C:\pos21DF.tmp
C:\pos21E.tmp
C:\pos21E0.tmp
C:\pos21E1.tmp
C:\pos21E2.tmp
C:\pos21E3.tmp
C:\pos21E4.tmp
C:\pos21E5.tmp
C:\pos21E6.tmp
C:\pos21E7.tmp
C:\pos21E8.tmp
C:\pos21E9.tmp
C:\pos21EA.tmp
C:\pos21EB.tmp
C:\pos21EC.tmp
C:\pos21ED.tmp
C:\pos21EE.tmp
C:\pos21EF.tmp
C:\pos21F.tmp
C:\pos21F0.tmp
C:\pos21F1.tmp
C:\pos21F2.tmp
C:\pos21F3.tmp
C:\pos21F4.tmp
C:\pos21F5.tmp
C:\pos21F6.tmp
C:\pos21F7.tmp
C:\pos21F8.tmp
C:\pos21F9.tmp
C:\pos21FA.tmp
C:\pos21FB.tmp
C:\pos21FC.tmp
C:\pos21FD.tmp
C:\pos21FE.tmp
C:\pos21FF.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos2200.tmp
C:\pos2201.tmp
C:\pos2202.tmp
C:\pos2203.tmp
C:\pos2204.tmp
C:\pos2205.tmp
C:\pos2206.tmp
C:\pos2207.tmp
C:\pos2208.tmp
C:\pos2209.tmp
C:\pos220A.tmp
C:\pos220B.tmp
C:\pos220C.tmp
C:\pos220D.tmp
C:\pos220E.tmp
C:\pos220F.tmp
C:\pos221.tmp
C:\pos2210.tmp
C:\pos2211.tmp
C:\pos2212.tmp
C:\pos2213.tmp
C:\pos2214.tmp
C:\pos2215.tmp
C:\pos2216.tmp
C:\pos2217.tmp
C:\pos2218.tmp
C:\pos2219.tmp
C:\pos221A.tmp
C:\pos221B.tmp
C:\pos221C.tmp
C:\pos221D.tmp
C:\pos221E.tmp
C:\pos221F.tmp
C:\pos222.tmp
C:\pos2220.tmp
C:\pos2221.tmp
C:\pos2222.tmp
C:\pos2223.tmp
C:\pos2224.tmp
C:\pos2225.tmp
C:\pos2226.tmp
C:\pos2227.tmp
C:\pos2228.tmp
C:\pos2229.tmp
C:\pos222A.tmp
C:\pos222B.tmp
C:\pos222C.tmp
C:\pos222D.tmp
C:\pos222E.tmp
C:\pos222F.tmp
C:\pos223.tmp
C:\pos2230.tmp
C:\pos2231.tmp
C:\pos2232.tmp
C:\pos2233.tmp
C:\pos2234.tmp
C:\pos2235.tmp
C:\pos2236.tmp
C:\pos2237.tmp
C:\pos2238.tmp
C:\pos2239.tmp
C:\pos223A.tmp
C:\pos223B.tmp
C:\pos223C.tmp
C:\pos223D.tmp
C:\pos223E.tmp
C:\pos223F.tmp
C:\pos224.tmp
C:\pos2240.tmp
C:\pos2241.tmp
C:\pos2242.tmp
C:\pos2243.tmp
C:\pos2244.tmp
C:\pos2245.tmp
C:\pos2246.tmp
C:\pos2247.tmp
C:\pos2248.tmp
C:\pos2249.tmp
C:\pos224A.tmp
C:\pos224B.tmp
C:\pos224C.tmp
C:\pos224D.tmp
C:\pos224E.tmp
C:\pos224F.tmp
C:\pos225.tmp
C:\pos2250.tmp
C:\pos2251.tmp
C:\pos2252.tmp
C:\pos2253.tmp
C:\pos2254.tmp
C:\pos2255.tmp
C:\pos2256.tmp
C:\pos2257.tmp
C:\pos2258.tmp
C:\pos2259.tmp
C:\pos225A.tmp
C:\pos225B.tmp
C:\pos225C.tmp
C:\pos225D.tmp
C:\pos225E.tmp
C:\pos225F.tmp
C:\pos226.tmp
C:\pos2260.tmp
C:\pos2261.tmp
C:\pos2262.tmp
C:\pos2263.tmp
C:\pos2264.tmp
C:\pos2265.tmp
C:\pos2266.tmp
C:\pos2267.tmp
C:\pos2268.tmp
C:\pos2269.tmp
C:\pos226A.tmp
C:\pos226B.tmp
C:\pos226C.tmp
C:\pos226D.tmp
C:\pos226E.tmp
C:\pos226F.tmp
C:\pos227.tmp
C:\pos2270.tmp
C:\pos2271.tmp
C:\pos2272.tmp
C:\pos2273.tmp
C:\pos2274.tmp
C:\pos2275.tmp
C:\pos2276.tmp
C:\pos2277.tmp
C:\pos2278.tmp
C:\pos2279.tmp
C:\pos227A.tmp
C:\pos227B.tmp
C:\pos227C.tmp
C:\pos227D.tmp
C:\pos227E.tmp
C:\pos227F.tmp
C:\pos228.tmp
C:\pos2280.tmp
C:\pos2281.tmp
C:\pos2282.tmp
C:\pos2283.tmp
C:\pos2284.tmp
C:\pos2285.tmp
C:\pos2286.tmp
C:\pos2287.tmp
C:\pos2288.tmp
C:\pos2289.tmp
C:\pos228A.tmp
C:\pos228B.tmp
C:\pos228C.tmp
C:\pos228D.tmp
C:\pos228E.tmp
C:\pos228F.tmp
C:\pos229.tmp
C:\pos2290.tmp
C:\pos2291.tmp
C:\pos2292.tmp
C:\pos2293.tmp
C:\pos2294.tmp
C:\pos2295.tmp
C:\pos2296.tmp
C:\pos2297.tmp
C:\pos2298.tmp
C:\pos2299.tmp
C:\pos229A.tmp
C:\pos229B.tmp
C:\pos229C.tmp
C:\pos229D.tmp
C:\pos229E.tmp
C:\pos229F.tmp
C:\pos22A.tmp
C:\pos22A0.tmp
C:\pos22A1.tmp
C:\pos22A2.tmp
C:\pos22A3.tmp
C:\pos22A4.tmp
C:\pos22A5.tmp
C:\pos22A6.tmp
C:\pos22A7.tmp
C:\pos22A8.tmp
C:\pos22A9.tmp
C:\pos22AA.tmp
C:\pos22AB.tmp
C:\pos22AC.tmp
C:\pos22AD.tmp
C:\pos22AE.tmp
C:\pos22AF.tmp
C:\pos22B.tmp
C:\pos22B0.tmp
C:\pos22B1.tmp
C:\pos22B2.tmp
C:\pos22B3.tmp
C:\pos22B4.tmp
C:\pos22B5.tmp
C:\pos22B6.tmp
C:\pos22B7.tmp
C:\pos22B8.tmp
C:\pos22B9.tmp
C:\pos22BA.tmp
C:\pos22BB.tmp
C:\pos22BC.tmp
C:\pos22BD.tmp
C:\pos22BE.tmp
C:\pos22BF.tmp
C:\pos22C.tmp
C:\pos22C0.tmp
C:\pos22C1.tmp
C:\pos22C2.tmp
C:\pos22C3.tmp
C:\pos22C4.tmp
C:\pos22C5.tmp
C:\pos22C6.tmp
C:\pos22C7.tmp
C:\pos22C8.tmp
C:\pos22C9.tmp
C:\pos22CA.tmp
C:\pos22CB.tmp
C:\pos22CC.tmp
C:\pos22CD.tmp
C:\pos22CE.tmp
C:\pos22CF.tmp
C:\pos22D.tmp
C:\pos22D0.tmp
C:\pos22D1.tmp
C:\pos22D2.tmp
C:\pos22D3.tmp
C:\pos22D4.tmp
C:\pos22D5.tmp
C:\pos22D6.tmp
C:\pos22D7.tmp
C:\pos22D8.tmp
C:\pos22D9.tmp
C:\pos22DA.tmp
C:\pos22DB.tmp
C:\pos22DC.tmp
C:\pos22DD.tmp
C:\pos22DE.tmp
C:\pos22DF.tmp
C:\pos22E.tmp
C:\pos22E0.tmp
C:\pos22E1.tmp
C:\pos22E2.tmp
C:\pos22E3.tmp
C:\pos22E4.tmp
C:\pos22E5.tmp
C:\pos22E6.tmp
C:\pos22E7.tmp
C:\pos22E8.tmp
C:\pos22E9.tmp
C:\pos22EA.tmp
C:\pos22EB.tmp
C:\pos22EC.tmp
C:\pos22ED.tmp
C:\pos22EE.tmp
C:\pos22EF.tmp
C:\pos22F.tmp
C:\pos22F0.tmp
C:\pos22F1.tmp
C:\pos22F2.tmp
C:\pos22F3.tmp
C:\pos22F4.tmp
C:\pos22F5.tmp
C:\pos22F6.tmp
C:\pos22F7.tmp
C:\pos22F8.tmp
C:\pos22F9.tmp
C:\pos22FA.tmp
C:\pos22FB.tmp
C:\pos22FC.tmp
C:\pos22FD.tmp
C:\pos22FE.tmp
C:\pos22FF.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos2300.tmp
C:\pos2301.tmp
C:\pos2302.tmp
C:\pos2303.tmp
C:\pos2304.tmp
C:\pos2305.tmp
C:\pos2306.tmp
C:\pos2307.tmp
C:\pos2308.tmp
C:\pos2309.tmp
C:\pos230A.tmp
C:\pos230B.tmp
C:\pos230C.tmp
C:\pos230D.tmp
C:\pos230E.tmp
C:\pos230F.tmp
C:\pos231.tmp
C:\pos2310.tmp
C:\pos2311.tmp
C:\pos2312.tmp
C:\pos2313.tmp
C:\pos2314.tmp
C:\pos2315.tmp
C:\pos2316.tmp
C:\pos2317.tmp
C:\pos2318.tmp
C:\pos2319.tmp
C:\pos231A.tmp
C:\pos231B.tmp
C:\pos231C.tmp
C:\pos231D.tmp
C:\pos231E.tmp
C:\pos231F.tmp
C:\pos232.tmp
C:\pos2320.tmp
C:\pos2321.tmp
C:\pos2322.tmp
C:\pos2323.tmp
C:\pos2324.tmp
C:\pos2325.tmp
C:\pos2326.tmp
C:\pos2327.tmp
C:\pos2328.tmp
C:\pos2329.tmp
C:\pos232A.tmp
C:\pos232B.tmp
C:\pos232C.tmp
C:\pos232D.tmp
C:\pos232E.tmp
C:\pos232F.tmp
C:\pos233.tmp
C:\pos2330.tmp
C:\pos2331.tmp
C:\pos2332.tmp
C:\pos2333.tmp
C:\pos2334.tmp
C:\pos2335.tmp
C:\pos2336.tmp
C:\pos2337.tmp
C:\pos2338.tmp
C:\pos2339.tmp
C:\pos233A.tmp
C:\pos233B.tmp
C:\pos233C.tmp
C:\pos233D.tmp
C:\pos233E.tmp
C:\pos233F.tmp
C:\pos234.tmp
C:\pos2340.tmp
C:\pos2341.tmp
C:\pos2342.tmp
C:\pos2343.tmp
C:\pos2344.tmp
C:\pos2345.tmp
C:\pos2346.tmp
C:\pos2347.tmp
C:\pos2348.tmp
C:\pos2349.tmp
C:\pos234A.tmp
C:\pos234B.tmp
C:\pos234C.tmp
C:\pos234D.tmp
C:\pos234E.tmp
C:\pos234F.tmp
C:\pos235.tmp
C:\pos2350.tmp
C:\pos2351.tmp
C:\pos2352.tmp
C:\pos2353.tmp
C:\pos2354.tmp
C:\pos2355.tmp
C:\pos2356.tmp
C:\pos2357.tmp
C:\pos2358.tmp
C:\pos2359.tmp
C:\pos235A.tmp
C:\pos235B.tmp
C:\pos235C.tmp
C:\pos235D.tmp
C:\pos235E.tmp
C:\pos235F.tmp
C:\pos236.tmp
C:\pos2360.tmp
C:\pos2361.tmp
C:\pos2362.tmp
C:\pos2363.tmp
C:\pos2364.tmp
C:\pos2365.tmp
C:\pos2366.tmp
C:\pos2367.tmp
C:\pos2368.tmp
C:\pos2369.tmp
C:\pos236A.tmp
C:\pos236B.tmp
C:\pos236C.tmp
C:\pos236D.tmp
C:\pos236E.tmp
C:\pos236F.tmp
C:\pos237.tmp
C:\pos2370.tmp
C:\pos2371.tmp
C:\pos2372.tmp
C:\pos2373.tmp
C:\pos2374.tmp
C:\pos2375.tmp
C:\pos2376.tmp
C:\pos2377.tmp
C:\pos2378.tmp
C:\pos2379.tmp
C:\pos237A.tmp
C:\pos237B.tmp
C:\pos237C.tmp
C:\pos237D.tmp
C:\pos237E.tmp
C:\pos237F.tmp
C:\pos238.tmp
C:\pos2380.tmp
C:\pos2381.tmp
C:\pos2382.tmp
C:\pos2383.tmp
C:\pos2384.tmp
C:\pos2385.tmp
C:\pos2386.tmp
C:\pos2387.tmp
C:\pos2388.tmp
C:\pos2389.tmp
C:\pos238A.tmp
C:\pos238B.tmp
C:\pos238C.tmp
C:\pos238D.tmp
C:\pos238E.tmp
C:\pos238F.tmp
C:\pos239.tmp
C:\pos2390.tmp
C:\pos2391.tmp
C:\pos2392.tmp
C:\pos2393.tmp
C:\pos2394.tmp
C:\pos2395.tmp
C:\pos2396.tmp
C:\pos2397.tmp
C:\pos2398.tmp
C:\pos2399.tmp
C:\pos239A.tmp
C:\pos239B.tmp
C:\pos239C.tmp
C:\pos239D.tmp
C:\pos239E.tmp
C:\pos239F.tmp
C:\pos23A.tmp
C:\pos23A0.tmp
C:\pos23A1.tmp
C:\pos23A2.tmp
C:\pos23A3.tmp
C:\pos23A4.tmp
C:\pos23A5.tmp
C:\pos23A6.tmp
C:\pos23A7.tmp
C:\pos23A8.tmp
C:\pos23A9.tmp
C:\pos23AA.tmp
C:\pos23AB.tmp
C:\pos23AC.tmp
C:\pos23AD.tmp
C:\pos23AE.tmp
C:\pos23AF.tmp
C:\pos23B.tmp
C:\pos23B0.tmp
C:\pos23B1.tmp
C:\pos23B2.tmp
C:\pos23B3.tmp
C:\pos23B4.tmp
C:\pos23B5.tmp
C:\pos23B6.tmp
C:\pos23B7.tmp
C:\pos23B8.tmp
C:\pos23B9.tmp
C:\pos23BA.tmp
C:\pos23BB.tmp
C:\pos23BC.tmp
C:\pos23BD.tmp
C:\pos23BE.tmp
C:\pos23BF.tmp
C:\pos23C.tmp
C:\pos23C0.tmp
C:\pos23C1.tmp
C:\pos23C2.tmp
C:\pos23C3.tmp
C:\pos23C4.tmp
C:\pos23C5.tmp
C:\pos23C6.tmp
C:\pos23C7.tmp
C:\pos23C8.tmp
C:\pos23C9.tmp
C:\pos23CA.tmp
C:\pos23CB.tmp
C:\pos23CC.tmp
C:\pos23CD.tmp
C:\pos23CE.tmp
C:\pos23CF.tmp
C:\pos23D.tmp
C:\pos23D0.tmp
C:\pos23D1.tmp
C:\pos23D2.tmp
C:\pos23D3.tmp
C:\pos23D4.tmp
C:\pos23D5.tmp
C:\pos23D6.tmp
C:\pos23D7.tmp
C:\pos23D8.tmp
C:\pos23D9.tmp
C:\pos23DA.tmp
C:\pos23DB.tmp
C:\pos23DC.tmp
C:\pos23DD.tmp
C:\pos23DE.tmp
C:\pos23DF.tmp
C:\pos23E.tmp
C:\pos23E0.tmp
C:\pos23E1.tmp
C:\pos23E2.tmp
C:\pos23E3.tmp
C:\pos23E4.tmp
C:\pos23E5.tmp
C:\pos23E6.tmp
C:\pos23E7.tmp
C:\pos23E8.tmp
C:\pos23E9.tmp
C:\pos23EA.tmp
C:\pos23EB.tmp
C:\pos23EC.tmp
C:\pos23ED.tmp
C:\pos23EE.tmp
C:\pos23EF.tmp
C:\pos23F.tmp
C:\pos23F0.tmp
C:\pos23F1.tmp
C:\pos23F2.tmp
C:\pos23F3.tmp
C:\pos23F4.tmp
C:\pos23F5.tmp
C:\pos23F6.tmp
C:\pos23F7.tmp
C:\pos23F8.tmp
C:\pos23F9.tmp
C:\pos23FA.tmp
C:\pos23FB.tmp
C:\pos23FC.tmp
C:\pos23FD.tmp
C:\pos23FE.tmp
C:\pos23FF.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos2400.tmp
C:\pos2401.tmp
C:\pos2402.tmp
C:\pos2403.tmp
C:\pos2404.tmp
C:\pos2405.tmp
C:\pos2406.tmp
C:\pos2407.tmp
C:\pos2408.tmp
C:\pos2409.tmp
C:\pos240A.tmp
C:\pos240B.tmp
C:\pos240C.tmp
C:\pos240D.tmp
C:\pos240E.tmp
C:\pos240F.tmp
C:\pos241.tmp
C:\pos2410.tmp
C:\pos2411.tmp
C:\pos2412.tmp
C:\pos2413.tmp
C:\pos2414.tmp
C:\pos2415.tmp
C:\pos2416.tmp
C:\pos2417.tmp
C:\pos2418.tmp
C:\pos2419.tmp
C:\pos241A.tmp
C:\pos241B.tmp
C:\pos241C.tmp
C:\pos241D.tmp
C:\pos241E.tmp
C:\pos241F.tmp
C:\pos242.tmp
C:\pos2420.tmp
C:\pos2421.tmp
C:\pos2422.tmp
C:\pos2423.tmp
C:\pos2424.tmp
C:\pos2425.tmp
C:\pos2426.tmp
C:\pos2427.tmp
C:\pos2428.tmp
C:\pos2429.tmp
C:\pos242A.tmp
C:\pos242B.tmp
C:\pos242C.tmp
C:\pos242D.tmp
C:\pos242E.tmp
C:\pos242F.tmp
C:\pos243.tmp
C:\pos2430.tmp
C:\pos2431.tmp
C:\pos2432.tmp
C:\pos2433.tmp
C:\pos2434.tmp
C:\pos2435.tmp
C:\pos2436.tmp
C:\pos2437.tmp
C:\pos2438.tmp
C:\pos2439.tmp
C:\pos243A.tmp
C:\pos243B.tmp
C:\pos243C.tmp
C:\pos243D.tmp
C:\pos243E.tmp
C:\pos243F.tmp
C:\pos244.tmp
C:\pos2440.tmp
C:\pos2441.tmp
C:\pos2442.tmp
C:\pos2443.tmp
C:\pos2444.tmp
C:\pos2445.tmp
C:\pos2446.tmp
C:\pos2447.tmp
C:\pos2448.tmp
C:\pos2449.tmp
C:\pos244A.tmp
C:\pos244B.tmp
C:\pos244C.tmp
C:\pos244D.tmp
C:\pos244E.tmp
C:\pos244F.tmp
C:\pos245.tmp
C:\pos2450.tmp
C:\pos2451.tmp
C:\pos2452.tmp
C:\pos2453.tmp
C:\pos2454.tmp
C:\pos2455.tmp
C:\pos2456.tmp
C:\pos2457.tmp
C:\pos2458.tmp
C:\pos2459.tmp
C:\pos245A.tmp
C:\pos245B.tmp
C:\pos245C.tmp
C:\pos245D.tmp
C:\pos245E.tmp
C:\pos245F.tmp
C:\pos246.tmp
C:\pos2460.tmp
C:\pos2461.tmp
C:\pos2462.tmp
C:\pos2463.tmp
C:\pos2464.tmp
C:\pos2465.tmp
C:\pos2466.tmp
C:\pos2467.tmp
C:\pos2468.tmp
C:\pos2469.tmp
C:\pos246A.tmp
C:\pos246B.tmp
C:\pos246C.tmp
C:\pos246D.tmp
C:\pos246E.tmp
C:\pos246F.tmp
C:\pos247.tmp
C:\pos2470.tmp
C:\pos2471.tmp
C:\pos2472.tmp
C:\pos2473.tmp
C:\pos2474.tmp
C:\pos2475.tmp
C:\pos2476.tmp
C:\pos2477.tmp
C:\pos2478.tmp
C:\pos2479.tmp
C:\pos247A.tmp
C:\pos247B.tmp
C:\pos247C.tmp
C:\pos247D.tmp
C:\pos247E.tmp
C:\pos247F.tmp
C:\pos248.tmp
C:\pos2480.tmp
C:\pos2481.tmp
C:\pos2482.tmp
C:\pos2483.tmp
C:\pos2484.tmp
C:\pos2485.tmp
C:\pos2486.tmp
C:\pos2487.tmp
C:\pos2488.tmp
C:\pos2489.tmp
C:\pos248A.tmp
C:\pos248B.tmp
C:\pos248C.tmp
C:\pos248D.tmp
C:\pos248E.tmp
C:\pos248F.tmp
C:\pos249.tmp
C:\pos2490.tmp
C:\pos2491.tmp
C:\pos2492.tmp
C:\pos2493.tmp
C:\pos2494.tmp
C:\pos2495.tmp
C:\pos2496.tmp
C:\pos2497.tmp
C:\pos2498.tmp
C:\pos2499.tmp
C:\pos249A.tmp
C:\pos249B.tmp
C:\pos249C.tmp
C:\pos249D.tmp
C:\pos249E.tmp
C:\pos249F.tmp
C:\pos24A.tmp
C:\pos24A0.tmp
C:\pos24A1.tmp
C:\pos24A2.tmp
C:\pos24A3.tmp
C:\pos24A4.tmp
C:\pos24A5.tmp
C:\pos24A6.tmp
C:\pos24A7.tmp
C:\pos24A8.tmp
C:\pos24A9.tmp
C:\pos24AA.tmp
C:\pos24AB.tmp
C:\pos24AC.tmp
C:\pos24AD.tmp
C:\pos24AE.tmp
C:\pos24AF.tmp
C:\pos24B.tmp
C:\pos24B0.tmp
C:\pos24B1.tmp
C:\pos24B2.tmp
C:\pos24B3.tmp
C:\pos24B4.tmp
C:\pos24B5.tmp
C:\pos24B6.tmp
C:\pos24B7.tmp
C:\pos24B8.tmp
C:\pos24B9.tmp
C:\pos24BA.tmp
C:\pos24BB.tmp
C:\pos24BC.tmp
C:\pos24BD.tmp
C:\pos24BE.tmp
C:\pos24BF.tmp
C:\pos24C.tmp
C:\pos24C0.tmp
C:\pos24C1.tmp
C:\pos24C2.tmp
C:\pos24C3.tmp
C:\pos24C4.tmp
C:\pos24C5.tmp
C:\pos24C6.tmp
C:\pos24C7.tmp
C:\pos24C8.tmp
C:\pos24C9.tmp
C:\pos24CA.tmp
C:\pos24CB.tmp
C:\pos24CC.tmp
C:\pos24CD.tmp
C:\pos24CE.tmp
C:\pos24CF.tmp
C:\pos24D.tmp
C:\pos24D0.tmp
C:\pos24D1.tmp
C:\pos24D2.tmp
C:\pos24D3.tmp
C:\pos24D4.tmp
C:\pos24D5.tmp
C:\pos24D6.tmp
C:\pos24D7.tmp
C:\pos24D8.tmp
C:\pos24D9.tmp
C:\pos24DA.tmp
C:\pos24DB.tmp
C:\pos24DC.tmp
C:\pos24DD.tmp
C:\pos24DE.tmp
C:\pos24DF.tmp
C:\pos24E.tmp
C:\pos24E0.tmp
C:\pos24E1.tmp
C:\pos24E2.tmp
C:\pos24E3.tmp
C:\pos24E4.tmp
C:\pos24E5.tmp
C:\pos24E6.tmp
C:\pos24E7.tmp
C:\pos24E8.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos24E9.tmp
C:\pos24EA.tmp
C:\pos24EB.tmp
C:\pos24EC.tmp
C:\pos24ED.tmp
C:\pos24EE.tmp
C:\pos24EF.tmp
C:\pos24F.tmp
C:\pos24F0.tmp
C:\pos24F1.tmp
C:\pos24F2.tmp
C:\pos24F3.tmp
C:\pos24F4.tmp
C:\pos24F5.tmp
C:\pos24F6.tmp
C:\pos24F7.tmp
C:\pos24F8.tmp
C:\pos24F9.tmp
C:\pos24FA.tmp
C:\pos24FB.tmp
C:\pos24FC.tmp
C:\pos24FD.tmp
C:\pos24FE.tmp
C:\pos24FF.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos2500.tmp
C:\pos2501.tmp
C:\pos2502.tmp
C:\pos2503.tmp
C:\pos2504.tmp
C:\pos2505.tmp
C:\pos2506.tmp
C:\pos2507.tmp
C:\pos2508.tmp
C:\pos2509.tmp
C:\pos250A.tmp
C:\pos250B.tmp
C:\pos250C.tmp
C:\pos250D.tmp
C:\pos250E.tmp
C:\pos250F.tmp
C:\pos251.tmp
C:\pos2510.tmp
C:\pos2511.tmp
C:\pos2512.tmp
C:\pos2513.tmp
C:\pos2514.tmp
C:\pos2515.tmp
C:\pos2516.tmp
C:\pos2517.tmp
C:\pos2518.tmp
C:\pos2519.tmp
C:\pos251A.tmp
C:\pos251B.tmp
C:\pos251C.tmp
C:\pos251D.tmp
C:\pos251E.tmp
C:\pos251F.tmp
C:\pos252.tmp
C:\pos2520.tmp
C:\pos2521.tmp
C:\pos2522.tmp
C:\pos2523.tmp
C:\pos2524.tmp
C:\pos2525.tmp
C:\pos2526.tmp
C:\pos2527.tmp
C:\pos2528.tmp
C:\pos2529.tmp
C:\pos252A.tmp
C:\pos252B.tmp
C:\pos252C.tmp
C:\pos252D.tmp
C:\pos252E.tmp
C:\pos252F.tmp
C:\pos253.tmp
C:\pos2530.tmp
C:\pos2531.tmp
C:\pos2532.tmp
C:\pos2533.tmp
C:\pos2534.tmp
C:\pos2535.tmp
C:\pos2536.tmp
C:\pos2537.tmp
C:\pos2538.tmp
C:\pos2539.tmp
C:\pos253A.tmp
C:\pos253B.tmp
C:\pos253C.tmp
C:\pos253D.tmp
C:\pos253E.tmp
C:\pos253F.tmp
C:\pos254.tmp
C:\pos2540.tmp
C:\pos2541.tmp
C:\pos2542.tmp
C:\pos2543.tmp
C:\pos2544.tmp
C:\pos2545.tmp
C:\pos2546.tmp
C:\pos2547.tmp
C:\pos2548.tmp
C:\pos2549.tmp
C:\pos254A.tmp
C:\pos254B.tmp
C:\pos254C.tmp
C:\pos254D.tmp
C:\pos254E.tmp
C:\pos254F.tmp
C:\pos255.tmp
C:\pos2550.tmp
C:\pos2551.tmp
C:\pos2552.tmp
C:\pos2553.tmp
C:\pos2554.tmp
C:\pos2555.tmp
C:\pos2556.tmp
C:\pos2557.tmp
C:\pos2558.tmp
C:\pos2559.tmp
C:\pos255A.tmp
C:\pos255B.tmp
C:\pos255C.tmp
C:\pos255D.tmp
C:\pos255E.tmp
C:\pos255F.tmp
C:\pos256.tmp
C:\pos2560.tmp
C:\pos2561.tmp
C:\pos2562.tmp
C:\pos2563.tmp
C:\pos2564.tmp
C:\pos2565.tmp
C:\pos2566.tmp
C:\pos2567.tmp
C:\pos2568.tmp
C:\pos2569.tmp
C:\pos256A.tmp
C:\pos256B.tmp
C:\pos256C.tmp
C:\pos256D.tmp
C:\pos256E.tmp
C:\pos256F.tmp
C:\pos257.tmp
C:\pos2570.tmp
C:\pos2571.tmp
C:\pos2572.tmp
C:\pos2573.tmp
C:\pos2574.tmp
C:\pos2575.tmp
C:\pos2576.tmp
C:\pos2577.tmp
C:\pos2578.tmp
C:\pos2579.tmp
C:\pos257A.tmp
C:\pos257B.tmp
C:\pos257C.tmp
C:\pos257D.tmp
C:\pos257E.tmp
C:\pos257F.tmp
C:\pos258.tmp
C:\pos2580.tmp
C:\pos2581.tmp
C:\pos2582.tmp
C:\pos2583.tmp
C:\pos2584.tmp
C:\pos2585.tmp
C:\pos2586.tmp
C:\pos2587.tmp
C:\pos2588.tmp
C:\pos2589.tmp
C:\pos258A.tmp
C:\pos258B.tmp
C:\pos258C.tmp
C:\pos258D.tmp
C:\pos258E.tmp
C:\pos258F.tmp
C:\pos259.tmp
C:\pos2590.tmp
C:\pos2591.tmp
C:\pos2592.tmp
C:\pos2593.tmp
C:\pos2594.tmp
C:\pos2595.tmp
C:\pos2596.tmp
C:\pos2597.tmp
C:\pos2598.tmp
C:\pos2599.tmp
C:\pos259A.tmp
C:\pos259B.tmp
C:\pos259C.tmp
C:\pos259D.tmp
C:\pos259E.tmp
C:\pos259F.tmp
C:\pos25A.tmp
C:\pos25A0.tmp
C:\pos25A1.tmp
C:\pos25A2.tmp
C:\pos25A3.tmp
C:\pos25A4.tmp
C:\pos25A5.tmp
C:\pos25A6.tmp
C:\pos25A7.tmp
C:\pos25A8.tmp
C:\pos25A9.tmp
C:\pos25AA.tmp
C:\pos25AB.tmp
C:\pos25AC.tmp
C:\pos25AD.tmp
C:\pos25AE.tmp
C:\pos25AF.tmp
C:\pos25B.tmp
C:\pos25B0.tmp
C:\pos25B1.tmp
C:\pos25B2.tmp
C:\pos25B3.tmp
C:\pos25B4.tmp
C:\pos25B5.tmp
C:\pos25B6.tmp
C:\pos25B7.tmp
C:\pos25B8.tmp
C:\pos25B9.tmp
C:\pos25BA.tmp
C:\pos25BB.tmp
C:\pos25BC.tmp
C:\pos25BD.tmp
C:\pos25BE.tmp
C:\pos25BF.tmp
C:\pos25C.tmp
C:\pos25C0.tmp
C:\pos25C1.tmp
C:\pos25C2.tmp
C:\pos25C3.tmp
C:\pos25C4.tmp
C:\pos25C5.tmp
C:\pos25C6.tmp
C:\pos25C7.tmp
C:\pos25C8.tmp
C:\pos25C9.tmp
C:\pos25CA.tmp
C:\pos25CB.tmp
C:\pos25CC.tmp
C:\pos25CD.tmp
C:\pos25CE.tmp
C:\pos25CF.tmp
C:\pos25D.tmp
C:\pos25D0.tmp
C:\pos25D1.tmp
C:\pos25D2.tmp
C:\pos25D3.tmp
C:\pos25D4.tmp
C:\pos25D5.tmp
C:\pos25D6.tmp
C:\pos25D7.tmp
C:\pos25D8.tmp
C:\pos25D9.tmp
C:\pos25DA.tmp
C:\pos25DB.tmp
C:\pos25DC.tmp
C:\pos25DD.tmp
C:\pos25DE.tmp
C:\pos25DF.tmp
C:\pos25E.tmp
C:\pos25E0.tmp
C:\pos25E1.tmp
C:\pos25E2.tmp
C:\pos25E3.tmp
C:\pos25E4.tmp
C:\pos25E5.tmp
C:\pos25E6.tmp
C:\pos25E7.tmp
C:\pos25E8.tmp
C:\pos25E9.tmp
C:\pos25EA.tmp
C:\pos25EB.tmp
C:\pos25EC.tmp
C:\pos25ED.tmp
C:\pos25EE.tmp
C:\pos25EF.tmp
C:\pos25F.tmp
C:\pos25F0.tmp
C:\pos25F1.tmp
C:\pos25F2.tmp
C:\pos25F3.tmp
C:\pos25F4.tmp
C:\pos25F5.tmp
C:\pos25F6.tmp
C:\pos25F7.tmp
C:\pos25F8.tmp
C:\pos25F9.tmp
C:\pos25FA.tmp
C:\pos25FB.tmp
C:\pos25FC.tmp
C:\pos25FD.tmp
C:\pos25FE.tmp
C:\pos25FF.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos2600.tmp
C:\pos2601.tmp
C:\pos2602.tmp
C:\pos2603.tmp
C:\pos2604.tmp
C:\pos2605.tmp
C:\pos2606.tmp
C:\pos2607.tmp
C:\pos2608.tmp
C:\pos2609.tmp
C:\pos260A.tmp
C:\pos260B.tmp
C:\pos260C.tmp
C:\pos260D.tmp
C:\pos260E.tmp
C:\pos260F.tmp
C:\pos261.tmp
C:\pos2610.tmp
C:\pos2611.tmp
C:\pos2612.tmp
C:\pos2613.tmp
C:\pos2614.tmp
C:\pos2615.tmp
C:\pos2616.tmp
C:\pos2617.tmp
C:\pos2618.tmp
C:\pos2619.tmp
C:\pos261A.tmp
C:\pos261B.tmp
C:\pos261C.tmp
C:\pos261D.tmp
C:\pos261E.tmp
C:\pos261F.tmp
C:\pos262.tmp
C:\pos2620.tmp
C:\pos2621.tmp
C:\pos2622.tmp
C:\pos2623.tmp
C:\pos2624.tmp
C:\pos2625.tmp
C:\pos2626.tmp
C:\pos2627.tmp
C:\pos2628.tmp
C:\pos2629.tmp
C:\pos262A.tmp
C:\pos262B.tmp
C:\pos262C.tmp
C:\pos262D.tmp
C:\pos262E.tmp
C:\pos262F.tmp
C:\pos263.tmp
C:\pos2630.tmp
C:\pos2631.tmp
C:\pos2632.tmp
C:\pos2633.tmp
C:\pos2634.tmp
C:\pos2635.tmp
C:\pos2636.tmp
C:\pos2637.tmp
C:\pos2638.tmp
C:\pos2639.tmp
C:\pos263A.tmp
C:\pos263B.tmp
C:\pos263C.tmp
C:\pos263D.tmp
C:\pos263E.tmp
C:\pos263F.tmp
C:\pos264.tmp
C:\pos2640.tmp
C:\pos2641.tmp
C:\pos2642.tmp
C:\pos2643.tmp
C:\pos2644.tmp
C:\pos2645.tmp
C:\pos2646.tmp
C:\pos2647.tmp
C:\pos2648.tmp
C:\pos2649.tmp
C:\pos264A.tmp
C:\pos264B.tmp
C:\pos264C.tmp
C:\pos264D.tmp
C:\pos264E.tmp
C:\pos264F.tmp
C:\pos265.tmp
C:\pos2650.tmp
C:\pos2651.tmp
C:\pos2652.tmp
C:\pos2653.tmp
C:\pos2654.tmp
C:\pos2655.tmp
C:\pos2656.tmp
C:\pos2657.tmp
C:\pos2658.tmp
C:\pos2659.tmp
C:\pos265A.tmp
C:\pos265B.tmp
C:\pos265C.tmp
C:\pos265D.tmp
C:\pos265E.tmp
C:\pos265F.tmp
C:\pos266.tmp
C:\pos2660.tmp
C:\pos2661.tmp
C:\pos2662.tmp
C:\pos2663.tmp
C:\pos2664.tmp
C:\pos2665.tmp
C:\pos2666.tmp
C:\pos2667.tmp
C:\pos2668.tmp
C:\pos2669.tmp
C:\pos266A.tmp
C:\pos266B.tmp
C:\pos266C.tmp
C:\pos266D.tmp
C:\pos266E.tmp
C:\pos266F.tmp
C:\pos267.tmp
C:\pos2670.tmp
C:\pos2671.tmp
C:\pos2672.tmp
C:\pos2673.tmp
C:\pos2674.tmp
C:\pos2675.tmp
C:\pos2676.tmp
C:\pos2677.tmp
C:\pos2678.tmp
C:\pos2679.tmp
C:\pos267A.tmp
C:\pos267B.tmp
C:\pos267C.tmp
C:\pos267D.tmp
C:\pos267E.tmp
C:\pos267F.tmp
C:\pos268.tmp
C:\pos2680.tmp
C:\pos2681.tmp
C:\pos2682.tmp
C:\pos2683.tmp
C:\pos2684.tmp
C:\pos2685.tmp
C:\pos2686.tmp
C:\pos2687.tmp
C:\pos2688.tmp
C:\pos2689.tmp
C:\pos268A.tmp
C:\pos268B.tmp
C:\pos268C.tmp
C:\pos268D.tmp
C:\pos268E.tmp
C:\pos268F.tmp
C:\pos269.tmp
C:\pos2690.tmp
C:\pos2691.tmp
C:\pos2692.tmp
C:\pos2693.tmp
C:\pos2694.tmp
C:\pos2695.tmp
C:\pos2696.tmp
C:\pos2697.tmp
C:\pos2698.tmp
C:\pos2699.tmp
C:\pos269A.tmp
C:\pos269B.tmp
C:\pos269C.tmp
C:\pos269D.tmp
C:\pos269E.tmp
C:\pos269F.tmp
C:\pos26A.tmp
C:\pos26A0.tmp
C:\pos26A1.tmp
C:\pos26A2.tmp
C:\pos26A3.tmp
C:\pos26A4.tmp
C:\pos26A5.tmp
C:\pos26A6.tmp
C:\pos26A7.tmp
C:\pos26A8.tmp
C:\pos26A9.tmp
C:\pos26AA.tmp
C:\pos26AB.tmp
C:\pos26AC.tmp
C:\pos26AD.tmp
C:\pos26AE.tmp
C:\pos26AF.tmp
C:\pos26B.tmp
C:\pos26B0.tmp
C:\pos26B1.tmp
C:\pos26B2.tmp
C:\pos26B3.tmp
C:\pos26B4.tmp
C:\pos26B5.tmp
C:\pos26B6.tmp
C:\pos26B7.tmp
C:\pos26B8.tmp
C:\pos26B9.tmp
C:\pos26BA.tmp
C:\pos26BB.tmp
C:\pos26BC.tmp
C:\pos26BD.tmp
C:\pos26BE.tmp
C:\pos26BF.tmp
C:\pos26C.tmp
C:\pos26C0.tmp
C:\pos26C1.tmp
C:\pos26C2.tmp
C:\pos26C3.tmp
C:\pos26C4.tmp
C:\pos26C5.tmp
C:\pos26C6.tmp
C:\pos26C7.tmp
C:\pos26C8.tmp
C:\pos26C9.tmp
C:\pos26CA.tmp
C:\pos26CB.tmp
C:\pos26CC.tmp
C:\pos26CD.tmp
C:\pos26CE.tmp
C:\pos26CF.tmp
C:\pos26D.tmp
C:\pos26D0.tmp
C:\pos26D1.tmp
C:\pos26D2.tmp
C:\pos26D3.tmp
C:\pos26D4.tmp
C:\pos26D5.tmp
C:\pos26D6.tmp
C:\pos26D7.tmp
C:\pos26D8.tmp
C:\pos26D9.tmp
C:\pos26DA.tmp
C:\pos26DB.tmp
C:\pos26DC.tmp
C:\pos26DD.tmp
C:\pos26DE.tmp
C:\pos26DF.tmp
C:\pos26E.tmp
C:\pos26E0.tmp
C:\pos26E1.tmp
C:\pos26E2.tmp
C:\pos26E3.tmp
C:\pos26E4.tmp
C:\pos26E5.tmp
C:\pos26E6.tmp
C:\pos26E7.tmp
C:\pos26E8.tmp
C:\pos26E9.tmp
C:\pos26EA.tmp
C:\pos26EB.tmp
C:\pos26EC.tmp
C:\pos26ED.tmp
C:\pos26EE.tmp
C:\pos26EF.tmp
C:\pos26F.tmp
C:\pos26F0.tmp
C:\pos26F1.tmp
C:\pos26F2.tmp
C:\pos26F3.tmp
C:\pos26F4.tmp
C:\pos26F5.tmp
C:\pos26F6.tmp
C:\pos26F7.tmp
C:\pos26F8.tmp
C:\pos26F9.tmp
C:\pos26FA.tmp
C:\pos26FB.tmp
C:\pos26FC.tmp
C:\pos26FD.tmp
C:\pos26FE.tmp
C:\pos26FF.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos2700.tmp
C:\pos2701.tmp
C:\pos2702.tmp
C:\pos2703.tmp
C:\pos2704.tmp
C:\pos2705.tmp
C:\pos2706.tmp
C:\pos2707.tmp
C:\pos2708.tmp
C:\pos2709.tmp
C:\pos270A.tmp
C:\pos270B.tmp
C:\pos270C.tmp
C:\pos270D.tmp
C:\pos270E.tmp
C:\pos270F.tmp
C:\pos271.tmp
C:\pos2710.tmp
C:\pos2711.tmp
C:\pos2712.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7E5.tmp
C:\pos7E6.tmp
C:\pos7E7.tmp
C:\pos7E8.tmp
C:\pos7E9.tmp
C:\pos7EA.tmp
C:\pos7EB.tmp
C:\pos7EC.tmp
C:\pos7ED.tmp
C:\pos7EE.tmp
C:\pos7EF.tmp
C:\pos7F.tmp
C:\pos7F0.tmp
C:\pos7F1.tmp
C:\pos7F2.tmp
C:\pos7F3.tmp
C:\pos7F4.tmp
C:\pos7F5.tmp
C:\pos7F6.tmp
C:\pos7F7.tmp
C:\pos7F8.tmp
C:\pos7F9.tmp
C:\pos7FA.tmp
C:\pos7FB.tmp
C:\pos7FC.tmp
C:\pos7FD.tmp
C:\pos7FE.tmp
C:\pos7FF.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos839.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos94.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos95.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos96.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos97.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos98.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos99.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos99D.tmp
C:\pos99E.tmp
C:\pos99F.tmp
C:\pos9A.tmp
C:\pos9A0.tmp
C:\pos9A1.tmp
C:\pos9A2.tmp
C:\pos9A3.tmp
C:\pos9A4.tmp
C:\pos9A5.tmp
C:\pos9A6.tmp
C:\pos9A7.tmp
C:\pos9A8.tmp
C:\pos9A9.tmp
C:\pos9AA.tmp
C:\pos9AB.tmp
C:\pos9AC.tmp
C:\pos9AD.tmp
C:\pos9AE.tmp
C:\pos9AF.tmp
C:\pos9B.tmp
C:\pos9B0.tmp
C:\pos9B1.tmp
C:\pos9B2.tmp
C:\pos9B3.tmp
C:\pos9B4.tmp
C:\pos9B5.tmp
C:\pos9B6.tmp
C:\pos9B7.tmp
C:\pos9B8.tmp
C:\pos9B9.tmp
C:\pos9BA.tmp
C:\pos9BB.tmp
C:\pos9BC.tmp
C:\pos9BD.tmp
C:\pos9BE.tmp
C:\pos9BF.tmp
C:\pos9C.tmp
C:\pos9C0.tmp
C:\pos9C1.tmp
C:\pos9C2.tmp
C:\pos9C3.tmp
C:\pos9C4.tmp
C:\pos9C5.tmp
C:\pos9C6.tmp
C:\pos9C7.tmp
C:\pos9C8.tmp
C:\pos9C9.tmp
C:\pos9CA.tmp
C:\pos9CB.tmp
C:\pos9CC.tmp
C:\pos9CD.tmp
C:\pos9CE.tmp
C:\pos9CF.tmp
C:\pos9D.tmp
C:\pos9D0.tmp
C:\pos9D1.tmp
C:\pos9D2.tmp
C:\pos9D3.tmp
C:\pos9D4.tmp
C:\pos9D5.tmp
C:\pos9D6.tmp
C:\pos9D7.tmp
C:\pos9D8.tmp
C:\pos9D9.tmp
C:\pos9DA.tmp
C:\pos9DB.tmp
C:\pos9DC.tmp
C:\pos9DD.tmp
C:\pos9DE.tmp
C:\pos9DF.tmp
C:\pos9E.tmp
C:\pos9E0.tmp
C:\pos9E1.tmp
C:\pos9E2.tmp
C:\pos9E3.tmp
C:\pos9E4.tmp
C:\pos9E5.tmp
C:\pos9E6.tmp
C:\pos9E7.tmp
C:\pos9E8.tmp
C:\pos9E9.tmp
C:\pos9EA.tmp
C:\pos9EB.tmp
C:\pos9EC.tmp
C:\pos9ED.tmp
C:\pos9EE.tmp
C:\pos9EF.tmp
C:\pos9F.tmp
C:\pos9F0.tmp
C:\pos9F1.tmp
C:\pos9F2.tmp
C:\pos9F3.tmp
C:\pos9F4.tmp
C:\pos9F5.tmp
C:\pos9F6.tmp
C:\pos9F7.tmp
C:\pos9F8.tmp
C:\pos9F9.tmp
C:\pos9FA.tmp
C:\pos9FB.tmp
C:\pos9FC.tmp
C:\pos9FD.tmp
C:\pos9FE.tmp
C:\pos9FF.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA00.tmp
C:\posA01.tmp
C:\posA02.tmp
C:\posA03.tmp
C:\posA04.tmp
C:\posA05.tmp
C:\posA06.tmp
C:\posA07.tmp
C:\posA08.tmp
C:\posA09.tmp
C:\posA0A.tmp
C:\posA0B.tmp
C:\posA0C.tmp
C:\posA0D.tmp
C:\posA0E.tmp
C:\posA0F.tmp
C:\posA1.tmp
C:\posA10.tmp
C:\posA11.tmp
C:\posA12.tmp
C:\posA13.tmp
C:\posA14.tmp
C:\posA15.tmp
C:\posA16.tmp
C:\posA17.tmp
C:\posA18.tmp
C:\posA19.tmp
C:\posA1A.tmp
C:\posA1B.tmp
C:\posA1C.tmp
C:\posA1D.tmp
C:\posA1E.tmp
C:\posA1F.tmp
C:\posA2.tmp
C:\posA20.tmp
C:\posA21.tmp
C:\posA22.tmp
C:\posA23.tmp
C:\posA24.tmp
C:\posA25.tmp
C:\posA26.tmp
C:\posA27.tmp
C:\posA28.tmp
C:\posA29.tmp
C:\posA2A.tmp
C:\posA2B.tmp
C:\posA2C.tmp
C:\posA2D.tmp
C:\posA2E.tmp
C:\posA2F.tmp
C:\posA3.tmp
C:\posA30.tmp
C:\posA31.tmp
C:\posA32.tmp
C:\posA33.tmp
C:\posA34.tmp
C:\posA35.tmp
C:\posA36.tmp
C:\posA37.tmp
C:\posA38.tmp
C:\posA39.tmp
C:\posA3A.tmp
C:\posA3B.tmp
C:\posA3C.tmp
C:\posA3D.tmp
C:\posA3E.tmp
C:\posA3F.tmp
C:\posA4.tmp
C:\posA40.tmp
C:\posA41.tmp
C:\posA42.tmp
C:\posA43.tmp
C:\posA44.tmp
C:\posA45.tmp
C:\posA46.tmp
C:\posA47.tmp
C:\posA48.tmp
C:\posA49.tmp
C:\posA4A.tmp
C:\posA4B.tmp
C:\posA4C.tmp
C:\posA4D.tmp
C:\posA4E.tmp
C:\posA4F.tmp
C:\posA5.tmp
C:\posA50.tmp
C:\posA51.tmp
C:\posA52.tmp
C:\posA53.tmp
C:\posA54.tmp
C:\posA55.tmp
C:\posA56.tmp
C:\posA57.tmp
C:\posA58.tmp
C:\posA59.tmp
C:\posA5A.tmp
C:\posA5B.tmp
C:\posA5C.tmp
C:\posA5D.tmp
C:\posA5E.tmp
C:\posA5F.tmp
C:\posA6.tmp
C:\posA60.tmp
C:\posA61.tmp
C:\posA62.tmp
C:\posA63.tmp
C:\posA64.tmp
C:\posA65.tmp
C:\posA66.tmp
C:\posA67.tmp
C:\posA68.tmp
C:\posA69.tmp
C:\posA6A.tmp
C:\posA6B.tmp
C:\posA6C.tmp
C:\posA6D.tmp
C:\posA6E.tmp
C:\posA6F.tmp
C:\posA7.tmp
C:\posA70.tmp
C:\posA71.tmp
C:\posA72.tmp
C:\posA73.tmp
C:\posA74.tmp
C:\posA75.tmp
C:\posA76.tmp
C:\posA77.tmp
C:\posA78.tmp
C:\posA79.tmp
C:\posA7A.tmp
C:\posA7B.tmp
C:\posA7C.tmp
C:\posA7D.tmp
C:\posA7E.tmp
C:\posA7F.tmp
C:\posA8.tmp
C:\posA80.tmp
C:\posA81.tmp
C:\posA82.tmp
C:\posA83.tmp
C:\posA84.tmp
C:\posA85.tmp
C:\posA86.tmp
C:\posA87.tmp
C:\posA88.tmp
C:\posA89.tmp
C:\posA8A.tmp
C:\posA8B.tmp
C:\posA8C.tmp
C:\posA8D.tmp
C:\posA8E.tmp
C:\posA8F.tmp
C:\posA9.tmp
C:\posA90.tmp
C:\posA91.tmp
C:\posA92.tmp
C:\posA93.tmp
C:\posA94.tmp
C:\posA95.tmp
C:\posA96.tmp
C:\posA97.tmp
C:\posA98.tmp
C:\posA99.tmp
C:\posA9A.tmp
C:\posA9B.tmp
C:\posA9C.tmp
C:\posA9D.tmp
C:\posA9E.tmp
C:\posA9F.tmp
C:\posAA.tmp
C:\posAA0.tmp
C:\posAA1.tmp
C:\posAA2.tmp
C:\posAA3.tmp
C:\posAA4.tmp
C:\posAA5.tmp
C:\posAA6.tmp
C:\posAA7.tmp
C:\posAA8.tmp
C:\posAA9.tmp
C:\posAAA.tmp
C:\posAAB.tmp
C:\posAAC.tmp
C:\posAAD.tmp
C:\posAAE.tmp
C:\posAAF.tmp
C:\posAB.tmp
C:\posAB0.tmp
C:\posAB1.tmp
C:\posAB2.tmp
C:\posAB3.tmp
C:\posAB4.tmp
C:\posAB5.tmp
C:\posAB6.tmp
C:\posAB7.tmp
C:\posAB8.tmp
C:\posAB9.tmp
C:\posABA.tmp
C:\posABB.tmp
C:\posABC.tmp
C:\posABD.tmp
C:\posABE.tmp
C:\posABF.tmp
C:\posAC.tmp
C:\posAC0.tmp
C:\posAC1.tmp
C:\posAC2.tmp
C:\posAC3.tmp
C:\posAC4.tmp
C:\posAC5.tmp
C:\posAC6.tmp
C:\posAC7.tmp
C:\posAC8.tmp
C:\posAC9.tmp
C:\posACA.tmp
C:\posACB.tmp
C:\posACC.tmp
C:\posACD.tmp
C:\posACE.tmp
C:\posACF.tmp
C:\posAD.tmp
C:\posAD0.tmp
C:\posAD1.tmp
C:\posAD2.tmp
C:\posAD3.tmp
C:\posAD4.tmp
C:\posAD5.tmp
C:\posAD6.tmp
C:\posAD7.tmp
C:\posAD8.tmp
C:\posAD9.tmp
C:\posADA.tmp
C:\posADB.tmp
C:\posADC.tmp
C:\posADD.tmp
C:\posADE.tmp
C:\posADF.tmp
C:\posAE.tmp
C:\posAE0.tmp
C:\posAE1.tmp
C:\posAE2.tmp
C:\posAE3.tmp
C:\posAE4.tmp
C:\posAE5.tmp
C:\posAE6.tmp
C:\posAE7.tmp
C:\posAE8.tmp
C:\posAE9.tmp
C:\posAEA.tmp
C:\posAEB.tmp
C:\posAEC.tmp
C:\posAED.tmp
C:\posAEE.tmp
C:\posAEF.tmp
C:\posAF.tmp
C:\posAF0.tmp
C:\posAF1.tmp
C:\posAF2.tmp
C:\posAF3.tmp
C:\posAF4.tmp
C:\posAF5.tmp
C:\posAF6.tmp
C:\posAF7.tmp
C:\posAF8.tmp
C:\posAF9.tmp


----------



## thawilso (Sep 25, 2007)

C:\posAFA.tmp
C:\posAFB.tmp
C:\posAFC.tmp
C:\posAFD.tmp
C:\posAFE.tmp
C:\posAFF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB00.tmp
C:\posB01.tmp
C:\posB02.tmp
C:\posB03.tmp
C:\posB04.tmp
C:\posB05.tmp
C:\posB06.tmp
C:\posB07.tmp
C:\posB08.tmp
C:\posB09.tmp
C:\posB0A.tmp
C:\posB0B.tmp
C:\posB0C.tmp
C:\posB0D.tmp
C:\posB0E.tmp
C:\posB0F.tmp
C:\posB1.tmp
C:\posB10.tmp
C:\posB11.tmp
C:\posB12.tmp
C:\posB13.tmp
C:\posB14.tmp
C:\posB15.tmp
C:\posB16.tmp
C:\posB17.tmp
C:\posB18.tmp
C:\posB19.tmp
C:\posB1A.tmp
C:\posB1B.tmp
C:\posB1C.tmp
C:\posB1D.tmp
C:\posB1E.tmp
C:\posB1F.tmp
C:\posB2.tmp
C:\posB20.tmp
C:\posB21.tmp
C:\posB22.tmp
C:\posB23.tmp
C:\posB24.tmp
C:\posB25.tmp
C:\posB26.tmp
C:\posB27.tmp
C:\posB28.tmp
C:\posB29.tmp
C:\posB2A.tmp
C:\posB2B.tmp
C:\posB2C.tmp
C:\posB2D.tmp
C:\posB2E.tmp
C:\posB2F.tmp
C:\posB3.tmp
C:\posB30.tmp
C:\posB31.tmp
C:\posB32.tmp
C:\posB33.tmp
C:\posB34.tmp
C:\posB35.tmp
C:\posB36.tmp
C:\posB37.tmp
C:\posB38.tmp
C:\posB39.tmp
C:\posB3A.tmp
C:\posB3B.tmp
C:\posB3C.tmp
C:\posB3D.tmp
C:\posB3E.tmp
C:\posB3F.tmp
C:\posB4.tmp
C:\posB40.tmp
C:\posB41.tmp
C:\posB42.tmp
C:\posB43.tmp
C:\posB44.tmp
C:\posB45.tmp
C:\posB46.tmp
C:\posB47.tmp
C:\posB48.tmp
C:\posB49.tmp
C:\posB4A.tmp
C:\posB4B.tmp
C:\posB4C.tmp
C:\posB4D.tmp
C:\posB4E.tmp
C:\posB4F.tmp
C:\posB5.tmp
C:\posB50.tmp
C:\posB51.tmp
C:\posB52.tmp
C:\posB53.tmp
C:\posB54.tmp
C:\posB55.tmp
C:\posB56.tmp
C:\posB57.tmp
C:\posB58.tmp
C:\posB59.tmp
C:\posB5A.tmp
C:\posB5B.tmp
C:\posB5C.tmp
C:\posB5D.tmp
C:\posB5E.tmp
C:\posB5F.tmp
C:\posB6.tmp
C:\posB60.tmp
C:\posB61.tmp
C:\posB62.tmp
C:\posB63.tmp
C:\posB64.tmp
C:\posB65.tmp
C:\posB66.tmp
C:\posB67.tmp
C:\posB68.tmp
C:\posB69.tmp
C:\posB6A.tmp
C:\posB6B.tmp
C:\posB6C.tmp
C:\posB6D.tmp
C:\posB6E.tmp
C:\posB6F.tmp
C:\posB7.tmp
C:\posB70.tmp
C:\posB71.tmp
C:\posB72.tmp
C:\posB73.tmp
C:\posB74.tmp
C:\posB75.tmp
C:\posB76.tmp
C:\posB77.tmp
C:\posB78.tmp
C:\posB79.tmp
C:\posB7A.tmp
C:\posB7B.tmp
C:\posB7C.tmp
C:\posB7D.tmp
C:\posB7E.tmp
C:\posB7F.tmp
C:\posB8.tmp
C:\posB80.tmp
C:\posB81.tmp
C:\posB82.tmp
C:\posB83.tmp
C:\posB84.tmp
C:\posB85.tmp
C:\posB86.tmp
C:\posB87.tmp
C:\posB88.tmp
C:\posB89.tmp
C:\posB8A.tmp
C:\posB8B.tmp
C:\posB8C.tmp
C:\posB8D.tmp
C:\posB8E.tmp
C:\posB8F.tmp
C:\posB9.tmp
C:\posB90.tmp
C:\posB91.tmp
C:\posB92.tmp
C:\posB93.tmp
C:\posB94.tmp
C:\posB95.tmp
C:\posB96.tmp
C:\posB97.tmp
C:\posB98.tmp
C:\posB99.tmp
C:\posB9A.tmp
C:\posB9B.tmp
C:\posB9C.tmp
C:\posB9D.tmp
C:\posB9E.tmp
C:\posB9F.tmp
C:\posBA.tmp
C:\posBA0.tmp
C:\posBA1.tmp
C:\posBA2.tmp
C:\posBA3.tmp
C:\posBA4.tmp
C:\posBA5.tmp
C:\posBA6.tmp
C:\posBA7.tmp
C:\posBA8.tmp
C:\posBA9.tmp
C:\posBAA.tmp
C:\posBAB.tmp
C:\posBAC.tmp
C:\posBAD.tmp
C:\posBAE.tmp
C:\posBAF.tmp
C:\posBB.tmp
C:\posBB0.tmp
C:\posBB1.tmp
C:\posBB2.tmp
C:\posBB3.tmp
C:\posBB4.tmp
C:\posBB5.tmp
C:\posBB6.tmp
C:\posBB7.tmp
C:\posBB8.tmp
C:\posBB9.tmp
C:\posBBA.tmp
C:\posBBB.tmp
C:\posBBC.tmp
C:\posBBD.tmp
C:\posBBE.tmp
C:\posBBF.tmp
C:\posBC.tmp
C:\posBC0.tmp
C:\posBC1.tmp
C:\posBC2.tmp
C:\posBC3.tmp
C:\posBC4.tmp
C:\posBC5.tmp
C:\posBC6.tmp
C:\posBC7.tmp
C:\posBC8.tmp
C:\posBC9.tmp
C:\posBCA.tmp
C:\posBCB.tmp
C:\posBCC.tmp
C:\posBCD.tmp
C:\posBCE.tmp
C:\posBCF.tmp
C:\posBD.tmp
C:\posBD0.tmp
C:\posBD1.tmp
C:\posBD2.tmp
C:\posBD3.tmp
C:\posBD4.tmp
C:\posBD5.tmp
C:\posBD6.tmp
C:\posBD7.tmp
C:\posBD8.tmp
C:\posBD9.tmp
C:\posBDA.tmp
C:\posBDB.tmp
C:\posBDC.tmp
C:\posBDD.tmp
C:\posBDE.tmp
C:\posBDF.tmp
C:\posBE.tmp
C:\posBE0.tmp
C:\posBE1.tmp
C:\posBE2.tmp
C:\posBE3.tmp
C:\posBE4.tmp
C:\posBE5.tmp
C:\posBE6.tmp
C:\posBE7.tmp
C:\posBE8.tmp
C:\posBE9.tmp
C:\posBEA.tmp
C:\posBEB.tmp
C:\posBEC.tmp
C:\posBED.tmp
C:\posBEE.tmp
C:\posBEF.tmp
C:\posBF.tmp
C:\posBF0.tmp
C:\posBF1.tmp
C:\posBF2.tmp
C:\posBF3.tmp
C:\posBF4.tmp
C:\posBF5.tmp
C:\posBF6.tmp
C:\posBF7.tmp
C:\posBF8.tmp
C:\posBF9.tmp
C:\posBFA.tmp
C:\posBFB.tmp
C:\posBFC.tmp
C:\posBFD.tmp
C:\posBFE.tmp
C:\posBFF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC00.tmp
C:\posC01.tmp
C:\posC02.tmp
C:\posC03.tmp
C:\posC04.tmp
C:\posC05.tmp
C:\posC06.tmp
C:\posC07.tmp
C:\posC08.tmp
C:\posC09.tmp
C:\posC0A.tmp
C:\posC0B.tmp
C:\posC0C.tmp
C:\posC0D.tmp
C:\posC0E.tmp
C:\posC0F.tmp
C:\posC1.tmp
C:\posC10.tmp
C:\posC11.tmp
C:\posC12.tmp
C:\posC13.tmp
C:\posC14.tmp
C:\posC15.tmp
C:\posC16.tmp
C:\posC17.tmp
C:\posC18.tmp
C:\posC19.tmp
C:\posC1A.tmp
C:\posC1B.tmp
C:\posC1C.tmp
C:\posC1D.tmp
C:\posC1E.tmp
C:\posC1F.tmp
C:\posC2.tmp
C:\posC20.tmp
C:\posC21.tmp
C:\posC22.tmp
C:\posC23.tmp
C:\posC24.tmp
C:\posC25.tmp
C:\posC26.tmp
C:\posC27.tmp
C:\posC28.tmp
C:\posC29.tmp
C:\posC2A.tmp
C:\posC2B.tmp
C:\posC2C.tmp
C:\posC2D.tmp
C:\posC2E.tmp
C:\posC2F.tmp
C:\posC3.tmp
C:\posC30.tmp
C:\posC31.tmp
C:\posC32.tmp
C:\posC33.tmp
C:\posC34.tmp
C:\posC35.tmp
C:\posC36.tmp
C:\posC37.tmp
C:\posC38.tmp
C:\posC39.tmp
C:\posC3A.tmp
C:\posC3B.tmp
C:\posC3C.tmp
C:\posC3D.tmp
C:\posC3E.tmp
C:\posC3F.tmp
C:\posC4.tmp
C:\posC40.tmp
C:\posC41.tmp
C:\posC42.tmp
C:\posC43.tmp
C:\posC44.tmp
C:\posC45.tmp
C:\posC46.tmp
C:\posC47.tmp
C:\posC48.tmp
C:\posC49.tmp
C:\posC4A.tmp
C:\posC4B.tmp
C:\posC4C.tmp
C:\posC4D.tmp
C:\posC4E.tmp
C:\posC4F.tmp
C:\posC5.tmp
C:\posC50.tmp
C:\posC51.tmp
C:\posC52.tmp
C:\posC53.tmp
C:\posC54.tmp
C:\posC55.tmp
C:\posC56.tmp
C:\posC57.tmp
C:\posC58.tmp
C:\posC59.tmp
C:\posC5A.tmp
C:\posC5B.tmp
C:\posC5C.tmp
C:\posC5D.tmp
C:\posC5E.tmp
C:\posC5F.tmp
C:\posC6.tmp
C:\posC60.tmp
C:\posC61.tmp
C:\posC62.tmp
C:\posC63.tmp
C:\posC64.tmp
C:\posC65.tmp
C:\posC66.tmp
C:\posC67.tmp
C:\posC68.tmp
C:\posC69.tmp
C:\posC6A.tmp
C:\posC6B.tmp
C:\posC6C.tmp
C:\posC6D.tmp
C:\posC6E.tmp
C:\posC6F.tmp
C:\posC7.tmp
C:\posC70.tmp
C:\posC71.tmp
C:\posC72.tmp
C:\posC73.tmp
C:\posC74.tmp
C:\posC75.tmp
C:\posC76.tmp
C:\posC77.tmp
C:\posC78.tmp
C:\posC79.tmp
C:\posC7A.tmp
C:\posC7B.tmp
C:\posC7C.tmp
C:\posC7D.tmp
C:\posC7E.tmp
C:\posC7F.tmp
C:\posC8.tmp
C:\posC80.tmp
C:\posC81.tmp
C:\posC82.tmp
C:\posC83.tmp
C:\posC84.tmp
C:\posC85.tmp
C:\posC86.tmp
C:\posC87.tmp
C:\posC88.tmp
C:\posC89.tmp
C:\posC8A.tmp
C:\posC8B.tmp
C:\posC8C.tmp
C:\posC8D.tmp
C:\posC8E.tmp
C:\posC8F.tmp
C:\posC9.tmp
C:\posC90.tmp
C:\posC91.tmp
C:\posC92.tmp
C:\posC93.tmp
C:\posC94.tmp
C:\posC95.tmp
C:\posC96.tmp
C:\posC97.tmp
C:\posC98.tmp
C:\posC99.tmp
C:\posC9A.tmp
C:\posC9B.tmp
C:\posC9C.tmp
C:\posC9D.tmp
C:\posC9E.tmp
C:\posC9F.tmp
C:\posCA.tmp
C:\posCA0.tmp
C:\posCA1.tmp
C:\posCA2.tmp
C:\posCA3.tmp
C:\posCA4.tmp
C:\posCA5.tmp
C:\posCA6.tmp
C:\posCA7.tmp
C:\posCA8.tmp
C:\posCA9.tmp
C:\posCAA.tmp
C:\posCAB.tmp
C:\posCAC.tmp
C:\posCAD.tmp
C:\posCAE.tmp
C:\posCAF.tmp
C:\posCB.tmp
C:\posCB0.tmp
C:\posCB1.tmp
C:\posCB2.tmp
C:\posCB3.tmp
C:\posCB4.tmp
C:\posCB5.tmp
C:\posCB6.tmp
C:\posCB7.tmp
C:\posCB8.tmp
C:\posCB9.tmp
C:\posCBA.tmp
C:\posCBB.tmp
C:\posCBC.tmp
C:\posCBD.tmp
C:\posCBE.tmp
C:\posCBF.tmp
C:\posCC.tmp
C:\posCC0.tmp
C:\posCC1.tmp
C:\posCC2.tmp
C:\posCC3.tmp
C:\posCC4.tmp
C:\posCC5.tmp
C:\posCC6.tmp
C:\posCC7.tmp
C:\posCC8.tmp
C:\posCC9.tmp
C:\posCCA.tmp
C:\posCCB.tmp
C:\posCCC.tmp
C:\posCCD.tmp
C:\posCCE.tmp
C:\posCCF.tmp
C:\posCD.tmp
C:\posCD0.tmp
C:\posCD1.tmp
C:\posCD2.tmp
C:\posCD3.tmp
C:\posCD4.tmp
C:\posCD5.tmp
C:\posCD6.tmp
C:\posCD7.tmp
C:\posCD8.tmp
C:\posCD9.tmp
C:\posCDA.tmp
C:\posCDB.tmp
C:\posCDC.tmp
C:\posCDD.tmp
C:\posCDE.tmp
C:\posCDF.tmp
C:\posCE.tmp
C:\posCE0.tmp
C:\posCE1.tmp
C:\posCE2.tmp
C:\posCE3.tmp
C:\posCE4.tmp
C:\posCE5.tmp
C:\posCE6.tmp
C:\posCE7.tmp
C:\posCE8.tmp
C:\posCE9.tmp
C:\posCEA.tmp
C:\posCEB.tmp
C:\posCEC.tmp
C:\posCED.tmp
C:\posCEE.tmp
C:\posCEF.tmp
C:\posCF.tmp
C:\posCF0.tmp
C:\posCF1.tmp
C:\posCF2.tmp
C:\posCF3.tmp
C:\posCF4.tmp
C:\posCF5.tmp
C:\posCF6.tmp
C:\posCF7.tmp
C:\posCF8.tmp
C:\posCF9.tmp
C:\posCFA.tmp
C:\posCFB.tmp
C:\posCFC.tmp
C:\posCFD.tmp
C:\posCFE.tmp
C:\posCFF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp
C:\posD08.tmp
C:\posD09.tmp
C:\posD0A.tmp
C:\posD0B.tmp
C:\posD0C.tmp
C:\posD0D.tmp
C:\posD0E.tmp
C:\posD0F.tmp
C:\posD1.tmp
C:\posD10.tmp
C:\posD11.tmp
C:\posD12.tmp
C:\posD13.tmp
C:\posD14.tmp
C:\posD15.tmp
C:\posD16.tmp
C:\posD17.tmp
C:\posD18.tmp
C:\posD19.tmp
C:\posD1A.tmp
C:\posD1B.tmp
C:\posD1C.tmp
C:\posD1D.tmp
C:\posD1E.tmp
C:\posD1F.tmp
C:\posD2.tmp
C:\posD20.tmp
C:\posD21.tmp
C:\posD22.tmp
C:\posD23.tmp
C:\posD24.tmp
C:\posD25.tmp
C:\posD26.tmp
C:\posD27.tmp
C:\posD28.tmp
C:\posD29.tmp
C:\posD2A.tmp
C:\posD2B.tmp
C:\posD2C.tmp
C:\posD2D.tmp
C:\posD2E.tmp
C:\posD2F.tmp
C:\posD3.tmp
C:\posD30.tmp
C:\posD31.tmp
C:\posD32.tmp
C:\posD33.tmp
C:\posD34.tmp
C:\posD35.tmp
C:\posD36.tmp
C:\posD37.tmp
C:\posD38.tmp
C:\posD39.tmp
C:\posD3A.tmp
C:\posD3B.tmp
C:\posD3C.tmp
C:\posD3D.tmp
C:\posD3E.tmp
C:\posD3F.tmp
C:\posD4.tmp
C:\posD40.tmp
C:\posD41.tmp
C:\posD42.tmp
C:\posD43.tmp
C:\posD44.tmp
C:\posD45.tmp
C:\posD46.tmp
C:\posD47.tmp
C:\posD48.tmp
C:\posD49.tmp
C:\posD4A.tmp
C:\posD4B.tmp
C:\posD4C.tmp
C:\posD4D.tmp
C:\posD4E.tmp
C:\posD4F.tmp
C:\posD5.tmp
C:\posD50.tmp
C:\posD51.tmp
C:\posD52.tmp
C:\posD53.tmp
C:\posD54.tmp
C:\posD55.tmp
C:\posD56.tmp
C:\posD57.tmp
C:\posD58.tmp
C:\posD59.tmp
C:\posD5A.tmp
C:\posD5B.tmp
C:\posD5C.tmp
C:\posD5D.tmp
C:\posD5E.tmp
C:\posD5F.tmp
C:\posD6.tmp
C:\posD60.tmp
C:\posD61.tmp
C:\posD62.tmp
C:\posD63.tmp
C:\posD64.tmp
C:\posD65.tmp
C:\posD66.tmp
C:\posD67.tmp
C:\posD68.tmp
C:\posD69.tmp
C:\posD6A.tmp
C:\posD6B.tmp
C:\posD6C.tmp
C:\posD6D.tmp
C:\posD6E.tmp
C:\posD6F.tmp
C:\posD7.tmp
C:\posD70.tmp
C:\posD71.tmp
C:\posD72.tmp
C:\posD73.tmp
C:\posD74.tmp
C:\posD75.tmp
C:\posD76.tmp
C:\posD77.tmp
C:\posD78.tmp
C:\posD79.tmp
C:\posD7A.tmp
C:\posD7B.tmp
C:\posD7C.tmp
C:\posD7D.tmp
C:\posD7E.tmp
C:\posD7F.tmp
C:\posD8.tmp
C:\posD80.tmp
C:\posD81.tmp
C:\posD82.tmp
C:\posD83.tmp
C:\posD84.tmp
C:\posD85.tmp
C:\posD86.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDB0.tmp
C:\posDB1.tmp
C:\posDB2.tmp
C:\posDB3.tmp
C:\posDB4.tmp
C:\posDB5.tmp
C:\posDB6.tmp
C:\posDB7.tmp
C:\posDB8.tmp
C:\posDB9.tmp
C:\posDBA.tmp
C:\posDBB.tmp
C:\posDBC.tmp
C:\posDBD.tmp
C:\posDBE.tmp
C:\posDBF.tmp
C:\posDC.tmp
C:\posDC0.tmp
C:\posDC1.tmp
C:\posDC2.tmp
C:\posDC3.tmp
C:\posDC4.tmp
C:\posDC5.tmp
C:\posDC6.tmp
C:\posDC7.tmp
C:\posDC8.tmp
C:\posDC9.tmp
C:\posDCA.tmp
C:\posDCB.tmp
C:\posDCC.tmp
C:\posDCD.tmp
C:\posDCE.tmp
C:\posDCF.tmp
C:\posDD.tmp
C:\posDD0.tmp
C:\posDD1.tmp
C:\posDD2.tmp
C:\posDD3.tmp
C:\posDD4.tmp
C:\posDD5.tmp
C:\posDD6.tmp
C:\posDD7.tmp
C:\posDD8.tmp
C:\posDD9.tmp
C:\posDDA.tmp
C:\posDDB.tmp
C:\posDDC.tmp
C:\posDDD.tmp
C:\posDDE.tmp
C:\posDDF.tmp
C:\posDE.tmp
C:\posDE0.tmp
C:\posDE1.tmp
C:\posDE2.tmp
C:\posDE3.tmp
C:\posDE4.tmp
C:\posDE5.tmp
C:\posDE6.tmp
C:\posDE7.tmp
C:\posDE8.tmp
C:\posDE9.tmp
C:\posDEA.tmp
C:\posDEB.tmp
C:\posDEC.tmp
C:\posDED.tmp
C:\posDEE.tmp
C:\posDEF.tmp
C:\posDF.tmp
C:\posDF0.tmp
C:\posDF1.tmp
C:\posDF2.tmp
C:\posDF3.tmp
C:\posDF4.tmp
C:\posDF5.tmp
C:\posDF6.tmp
C:\posDF7.tmp
C:\posDF8.tmp
C:\posDF9.tmp
C:\posDFA.tmp
C:\posDFB.tmp
C:\posDFC.tmp
C:\posDFD.tmp
C:\posDFE.tmp
C:\posDFF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE00.tmp
C:\posE01.tmp
C:\posE02.tmp
C:\posE03.tmp
C:\posE04.tmp
C:\posE05.tmp
C:\posE06.tmp
C:\posE07.tmp
C:\posE08.tmp
C:\posE09.tmp
C:\posE0A.tmp
C:\posE0B.tmp
C:\posE0C.tmp
C:\posE0D.tmp
C:\posE0E.tmp
C:\posE0F.tmp
C:\posE1.tmp
C:\posE10.tmp
C:\posE11.tmp
C:\posE12.tmp
C:\posE13.tmp
C:\posE14.tmp
C:\posE15.tmp
C:\posE16.tmp
C:\posE17.tmp
C:\posE18.tmp
C:\posE19.tmp
C:\posE1A.tmp
C:\posE1B.tmp
C:\posE1C.tmp
C:\posE1D.tmp
C:\posE1E.tmp
C:\posE1F.tmp
C:\posE2.tmp
C:\posE20.tmp
C:\posE21.tmp
C:\posE22.tmp
C:\posE23.tmp
C:\posE24.tmp
C:\posE25.tmp
C:\posE26.tmp
C:\posE27.tmp
C:\posE28.tmp
C:\posE29.tmp
C:\posE2A.tmp
C:\posE2B.tmp
C:\posE2C.tmp
C:\posE2D.tmp
C:\posE2E.tmp
C:\posE2F.tmp
C:\posE3.tmp
C:\posE30.tmp
C:\posE31.tmp
C:\posE32.tmp
C:\posE33.tmp
C:\posE34.tmp
C:\posE35.tmp
C:\posE36.tmp
C:\posE37.tmp
C:\posE38.tmp
C:\posE39.tmp
C:\posE3A.tmp
C:\posE3B.tmp
C:\posE3C.tmp
C:\posE3D.tmp
C:\posE3E.tmp
C:\posE3F.tmp
C:\posE4.tmp
C:\posE40.tmp
C:\posE41.tmp
C:\posE42.tmp
C:\posE43.tmp
C:\posE44.tmp
C:\posE45.tmp
C:\posE46.tmp
C:\posE47.tmp
C:\posE48.tmp
C:\posE49.tmp
C:\posE4A.tmp
C:\posE4B.tmp
C:\posE4C.tmp
C:\posE4D.tmp
C:\posE4E.tmp
C:\posE4F.tmp
C:\posE5.tmp
C:\posE50.tmp
C:\posE51.tmp
C:\posE52.tmp
C:\posE53.tmp
C:\posE54.tmp
C:\posE55.tmp
C:\posE56.tmp
C:\posE57.tmp
C:\posE58.tmp
C:\posE59.tmp
C:\posE5A.tmp
C:\posE5B.tmp
C:\posE5C.tmp
C:\posE5D.tmp
C:\posE5E.tmp
C:\posE5F.tmp
C:\posE6.tmp
C:\posE60.tmp
C:\posE61.tmp
C:\posE62.tmp
C:\posE63.tmp
C:\posE64.tmp
C:\posE65.tmp
C:\posE66.tmp
C:\posE67.tmp
C:\posE68.tmp
C:\posE69.tmp
C:\posE6A.tmp
C:\posE6B.tmp
C:\posE6C.tmp
C:\posE6D.tmp
C:\posE6E.tmp
C:\posE6F.tmp
C:\posE7.tmp
C:\posE70.tmp
C:\posE71.tmp
C:\posE72.tmp
C:\posE73.tmp
C:\posE74.tmp
C:\posE75.tmp
C:\posE76.tmp
C:\posE77.tmp
C:\posE78.tmp
C:\posE79.tmp
C:\posE7A.tmp
C:\posE7B.tmp
C:\posE7C.tmp
C:\posE7D.tmp
C:\posE7E.tmp
C:\posE7F.tmp
C:\posE8.tmp
C:\posE80.tmp
C:\posE81.tmp
C:\posE82.tmp
C:\posE83.tmp
C:\posE84.tmp
C:\posE85.tmp
C:\posE86.tmp
C:\posE87.tmp
C:\posE88.tmp
C:\posE89.tmp
C:\posE8A.tmp
C:\posE8B.tmp
C:\posE8C.tmp
C:\posE8D.tmp
C:\posE8E.tmp
C:\posE8F.tmp
C:\posE9.tmp
C:\posE90.tmp
C:\posE91.tmp
C:\posE92.tmp
C:\posE93.tmp
C:\posE94.tmp
C:\posE95.tmp
C:\posE96.tmp
C:\posE97.tmp
C:\posE98.tmp
C:\posE99.tmp
C:\posE9A.tmp
C:\posE9B.tmp
C:\posE9C.tmp
C:\posE9D.tmp
C:\posE9E.tmp
C:\posE9F.tmp
C:\posEA.tmp
C:\posEA0.tmp
C:\posEA1.tmp
C:\posEA2.tmp
C:\posEA3.tmp
C:\posEA4.tmp
C:\posEA5.tmp
C:\posEA6.tmp
C:\posEA7.tmp
C:\posEA8.tmp
C:\posEA9.tmp
C:\posEAA.tmp
C:\posEAB.tmp
C:\posEAC.tmp
C:\posEAD.tmp
C:\posEAE.tmp
C:\posEAF.tmp
C:\posEB.tmp
C:\posEB0.tmp
C:\posEB1.tmp
C:\posEB2.tmp
C:\posEB3.tmp
C:\posEB4.tmp
C:\posEB5.tmp
C:\posEB6.tmp
C:\posEB7.tmp
C:\posEB8.tmp
C:\posEB9.tmp
C:\posEBA.tmp
C:\posEBB.tmp
C:\posEBC.tmp
C:\posEBD.tmp
C:\posEBE.tmp
C:\posEBF.tmp
C:\posEC.tmp
C:\posEC0.tmp
C:\posEC1.tmp
C:\posEC2.tmp
C:\posEC3.tmp
C:\posEC4.tmp
C:\posEC5.tmp
C:\posEC6.tmp
C:\posEC7.tmp
C:\posEC8.tmp
C:\posEC9.tmp
C:\posECA.tmp
C:\posECB.tmp
C:\posECC.tmp
C:\posECD.tmp
C:\posECE.tmp
C:\posECF.tmp
C:\posED.tmp
C:\posED0.tmp
C:\posED1.tmp
C:\posED2.tmp
C:\posED3.tmp
C:\posED4.tmp
C:\posED5.tmp
C:\posED6.tmp
C:\posED7.tmp
C:\posED8.tmp
C:\posED9.tmp
C:\posEDA.tmp
C:\posEDB.tmp
C:\posEDC.tmp
C:\posEDD.tmp
C:\posEDE.tmp
C:\posEDF.tmp
C:\posEE.tmp
C:\posEE0.tmp
C:\posEE1.tmp
C:\posEE2.tmp
C:\posEE3.tmp
C:\posEE4.tmp
C:\posEE5.tmp
C:\posEE6.tmp
C:\posEE7.tmp
C:\posEE8.tmp
C:\posEE9.tmp
C:\posEEA.tmp
C:\posEEB.tmp
C:\posEEC.tmp
C:\posEED.tmp
C:\posEEE.tmp
C:\posEEF.tmp
C:\posEF.tmp
C:\posEF0.tmp
C:\posEF1.tmp
C:\posEF2.tmp
C:\posEF3.tmp
C:\posEF4.tmp
C:\posEF5.tmp
C:\posEF6.tmp
C:\posEF7.tmp
C:\posEF8.tmp
C:\posEF9.tmp
C:\posEFA.tmp
C:\posEFB.tmp
C:\posEFC.tmp
C:\posEFD.tmp
C:\posEFE.tmp
C:\posEFF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF00.tmp
C:\posF01.tmp
C:\posF02.tmp
C:\posF03.tmp
C:\posF04.tmp
C:\posF05.tmp
C:\posF06.tmp
C:\posF07.tmp
C:\posF08.tmp
C:\posF09.tmp
C:\posF0A.tmp
C:\posF0B.tmp
C:\posF0C.tmp
C:\posF0D.tmp
C:\posF0E.tmp
C:\posF0F.tmp
C:\posF1.tmp
C:\posF10.tmp
C:\posF11.tmp
C:\posF12.tmp
C:\posF13.tmp
C:\posF14.tmp
C:\posF15.tmp
C:\posF16.tmp
C:\posF17.tmp
C:\posF18.tmp
C:\posF19.tmp
C:\posF1A.tmp
C:\posF1B.tmp
C:\posF1C.tmp
C:\posF1D.tmp
C:\posF1E.tmp
C:\posF1F.tmp
C:\posF2.tmp
C:\posF20.tmp
C:\posF21.tmp
C:\posF22.tmp
C:\posF23.tmp
C:\posF24.tmp
C:\posF25.tmp
C:\posF26.tmp
C:\posF27.tmp
C:\posF28.tmp
C:\posF29.tmp
C:\posF2A.tmp
C:\posF2B.tmp
C:\posF2C.tmp
C:\posF2D.tmp
C:\posF2E.tmp
C:\posF2F.tmp
C:\posF3.tmp
C:\posF30.tmp
C:\posF31.tmp
C:\posF32.tmp
C:\posF33.tmp
C:\posF34.tmp
C:\posF35.tmp
C:\posF36.tmp
C:\posF37.tmp
C:\posF38.tmp
C:\posF39.tmp
C:\posF3A.tmp
C:\posF3B.tmp
C:\posF3C.tmp
C:\posF3D.tmp
C:\posF3E.tmp
C:\posF3F.tmp
C:\posF4.tmp
C:\posF40.tmp
C:\posF41.tmp
C:\posF42.tmp
C:\posF43.tmp
C:\posF44.tmp
C:\posF45.tmp
C:\posF46.tmp
C:\posF47.tmp
C:\posF48.tmp
C:\posF49.tmp
C:\posF4A.tmp
C:\posF4B.tmp
C:\posF4C.tmp
C:\posF4D.tmp
C:\posF4E.tmp
C:\posF4F.tmp
C:\posF5.tmp
C:\posF50.tmp
C:\posF51.tmp
C:\posF52.tmp
C:\posF53.tmp
C:\posF54.tmp
C:\posF55.tmp
C:\posF56.tmp
C:\posF57.tmp
C:\posF58.tmp
C:\posF59.tmp
C:\posF5A.tmp
C:\posF5B.tmp
C:\posF5C.tmp
C:\posF5D.tmp
C:\posF5E.tmp
C:\posF5F.tmp
C:\posF6.tmp
C:\posF60.tmp
C:\posF61.tmp
C:\posF62.tmp
C:\posF63.tmp
C:\posF64.tmp
C:\posF65.tmp
C:\posF66.tmp
C:\posF67.tmp
C:\posF68.tmp
C:\posF69.tmp
C:\posF6A.tmp
C:\posF6B.tmp
C:\posF6C.tmp
C:\posF6D.tmp
C:\posF6E.tmp
C:\posF6F.tmp
C:\posF7.tmp
C:\posF70.tmp
C:\posF71.tmp
C:\posF72.tmp
C:\posF73.tmp
C:\posF74.tmp
C:\posF75.tmp
C:\posF76.tmp
C:\posF77.tmp
C:\posF78.tmp
C:\posF79.tmp
C:\posF7A.tmp
C:\posF7B.tmp
C:\posF7C.tmp
C:\posF7D.tmp
C:\posF7E.tmp
C:\posF7F.tmp
C:\posF8.tmp
C:\posF80.tmp
C:\posF81.tmp
C:\posF82.tmp
C:\posF83.tmp
C:\posF84.tmp
C:\posF85.tmp
C:\posF86.tmp
C:\posF87.tmp
C:\posF88.tmp
C:\posF89.tmp
C:\posF8A.tmp
C:\posF8B.tmp
C:\posF8C.tmp
C:\posF8D.tmp
C:\posF8E.tmp
C:\posF8F.tmp
C:\posF9.tmp
C:\posF90.tmp
C:\posF91.tmp
C:\posF92.tmp
C:\posF93.tmp
C:\posF94.tmp
C:\posF95.tmp
C:\posF96.tmp
C:\posF97.tmp
C:\posF98.tmp
C:\posF99.tmp
C:\posF9A.tmp
C:\posF9B.tmp
C:\posF9C.tmp
C:\posF9D.tmp
C:\posF9E.tmp
C:\posF9F.tmp
C:\posFA.tmp
C:\posFA0.tmp
C:\posFA1.tmp
C:\posFA2.tmp
C:\posFA3.tmp
C:\posFA4.tmp
C:\posFA5.tmp
C:\posFA6.tmp
C:\posFA7.tmp
C:\posFA8.tmp
C:\posFA9.tmp
C:\posFAA.tmp
C:\posFAB.tmp
C:\posFAC.tmp
C:\posFAD.tmp
C:\posFAE.tmp
C:\posFAF.tmp
C:\posFB.tmp
C:\posFB0.tmp
C:\posFB1.tmp
C:\posFB2.tmp
C:\posFB3.tmp
C:\posFB4.tmp
C:\posFB5.tmp
C:\posFB6.tmp
C:\posFB7.tmp
C:\posFB8.tmp
C:\posFB9.tmp
C:\posFBA.tmp
C:\posFBB.tmp
C:\posFBC.tmp
C:\posFBD.tmp
C:\posFBE.tmp
C:\posFBF.tmp
C:\posFC.tmp
C:\posFC0.tmp
C:\posFC1.tmp
C:\posFC2.tmp
C:\posFC3.tmp
C:\posFC4.tmp
C:\posFC5.tmp
C:\posFC6.tmp
C:\posFC7.tmp
C:\posFC8.tmp
C:\posFC9.tmp
C:\posFCA.tmp
C:\posFCB.tmp
C:\posFCC.tmp
C:\posFCD.tmp
C:\posFCE.tmp
C:\posFCF.tmp
C:\posFD.tmp
C:\posFD0.tmp
C:\posFD1.tmp
C:\posFD2.tmp
C:\posFD3.tmp
C:\posFD4.tmp
C:\posFD5.tmp
C:\posFD6.tmp
C:\posFD7.tmp
C:\posFD8.tmp
C:\posFD9.tmp
C:\posFDA.tmp
C:\posFDB.tmp
C:\posFDC.tmp
C:\posFDD.tmp
C:\posFDE.tmp
C:\posFDF.tmp
C:\posFE.tmp
C:\posFE0.tmp
C:\posFE1.tmp
C:\posFE2.tmp
C:\posFE3.tmp
C:\posFE4.tmp
C:\posFE5.tmp
C:\posFE6.tmp
C:\posFE7.tmp
C:\posFE8.tmp
C:\posFE9.tmp
C:\posFEA.tmp
C:\posFEB.tmp
C:\posFEC.tmp
C:\posFED.tmp
C:\posFEE.tmp
C:\posFEF.tmp
C:\posFF.tmp
C:\posFF0.tmp
C:\posFF1.tmp
C:\posFF2.tmp
C:\posFF3.tmp
C:\posFF4.tmp
C:\posFF5.tmp
C:\posFF6.tmp
C:\posFF7.tmp
C:\posFF8.tmp
C:\posFF9.tmp
C:\posFFA.tmp
C:\posFFB.tmp
C:\posFFC.tmp
C:\posFFD.tmp
C:\posFFE.tmp
C:\posFFF.tmp
C:\Program Files\Common Files\misc002
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\ack.html
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\Program Files\ISM
C:\Program Files\ISM\BndDrive.dll
C:\Program Files\ISM\BndDrive3.dll
C:\Program Files\ISM\BndDrive7.dll
C:\Program Files\QdrDrive
C:\Program Files\QdrPack
C:\Program Files\QdrPack\QdrPack10.exe
C:\Program Files\Temporary
C:\Program Files\winpop
C:\Program Files\winpop\winpop.exe
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\Temp\bkR11
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\drsmartload.dat
C:\WINDOWS\rau001978.exe
C:\WINDOWS\system32\A1
C:\WINDOWS\system32\A2
C:\WINDOWS\system32\A6
C:\WINDOWS\system32\A7
C:\WINDOWS\system32\aafnyiko.exe
C:\WINDOWS\system32\bbhgeddh.dll
C:\WINDOWS\SYSTEM32\bgjtkxxo.ini
C:\WINDOWS\system32\byovferx.dll
C:\WINDOWS\system32\ckyrtnsd.dll
C:\WINDOWS\system32\crunner
C:\WINDOWS\system32\crunner\cproc.exe.config
C:\WINDOWS\system32\crunner\cupdater.exe.config
C:\WINDOWS\system32\crunner\ICSharpCode.SharpZipLib.dll
C:\WINDOWS\system32\crunner\Version.txt
C:\WINDOWS\system32\cwmmrlge.exe
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\dghswdwe.dll
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drtkpflu.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\dxmqjnxd.dll
C:\WINDOWS\SYSTEM32\dxnjqmxd.ini
C:\WINDOWS\system32\emixuewl.exe
C:\WINDOWS\system32\emnbhlir.exe
C:\WINDOWS\system32\exggawux.dll
C:\WINDOWS\system32\eyvvxjxo.exe
C:\WINDOWS\system32\fbvhbjtr.dll
C:\WINDOWS\system32\fxiwqaif.dll
C:\WINDOWS\system32\gbuhhlrf.exe
C:\WINDOWS\system32\giokxffb.exe
C:\WINDOWS\SYSTEM32\grjcaccx.ini
C:\WINDOWS\system32\grpefray.exe
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\iegohaax.exe
C:\WINDOWS\SYSTEM32\ienbdgcr.ini
C:\WINDOWS\system32\iltgijxv.dll
C:\WINDOWS\system32\ityhaahf.dll
C:\WINDOWS\system32\jjjrniin.dll
C:\WINDOWS\system32\jxwbqoxj.exe
C:\WINDOWS\system32\kpliiqba.exe
C:\WINDOWS\SYSTEM32\kutcaocw.ini
C:\WINDOWS\system32\kyurwatk.exe
C:\WINDOWS\system32\lvoetglu.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\SYSTEM32\mcycqnxu.ini
C:\WINDOWS\system32\mmlwhqhw.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\SYSTEM32\niinrjjj.ini
C:\WINDOWS\SYSTEM32\nkavolss.ini
C:\WINDOWS\SYSTEM32\nnnmp.bak1
C:\WINDOWS\SYSTEM32\nnnmp.bak2
C:\WINDOWS\SYSTEM32\nnnmp.ini
C:\WINDOWS\SYSTEM32\nnnmp.ini2
C:\WINDOWS\SYSTEM32\nnnmp.tmp
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\o02PrEz
C:\WINDOWS\system32\opnkhhf.dll
C:\WINDOWS\system32\ovhxdlxt.exe
C:\WINDOWS\system32\owegdvdw.dll
C:\WINDOWS\system32\oxxktjgb.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pyasekob.exe
C:\WINDOWS\SYSTEM32\qqstv.ini
C:\WINDOWS\SYSTEM32\qqstv.ini2
C:\WINDOWS\system32\rcgdbnei.dll
C:\WINDOWS\system32\rpinwftx.dll
C:\WINDOWS\system32\rrmpsoto.dll
C:\WINDOWS\system32\rrmpsoto.dllbox
C:\WINDOWS\system32\runpregb.dll
C:\WINDOWS\system32\rwqprjvv.dll
C:\WINDOWS\system32\sslovakn.dll
C:\WINDOWS\system32\sydxyhfw.exe
C:\WINDOWS\system32\tdumjwuq.exe
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\tspbmjkw.dll
C:\WINDOWS\system32\uhinshrp.exe
C:\WINDOWS\SYSTEM32\ulfpktrd.ini
C:\WINDOWS\system32\uvhhavpr.exe
C:\WINDOWS\system32\uxnqcycm.dll
C:\WINDOWS\system32\uyfgynic.exe
C:\WINDOWS\system32\vtsqq.dll
C:\WINDOWS\SYSTEM32\vvjrpqwr.ini
C:\WINDOWS\system32\vycaylrx.exe
C:\WINDOWS\system32\wcoactuk.dll
C:\WINDOWS\SYSTEM32\wdvdgewo.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\SYSTEM32\wkjmbpst.ini
C:\WINDOWS\system32\wnstsicom.exe
C:\WINDOWS\system32\xccacjrg.dll
C:\WINDOWS\SYSTEM32\xtfwnipr.ini
C:\WINDOWS\SYSTEM32\yycdd.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\timessquare1.dat
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\wr.txt

.


----------



## thawilso (Sep 25, 2007)

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
-------\DomainService
-------\Net Agent
-------\Windows Overlay Components

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 13:46 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-13 23:32 . 2008-01-13 23:32	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-13 23:32 . 2008-01-13 23:32	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-09 22:37 . 2008-01-11 20:34 d--------	C:\Program Files\Dot1XCfg
2008-01-09 22:16 . 2008-01-09 22:16	3,584	--a------	C:\WINDOWS\SYSTEM32\vtsqq.exe
2007-12-28 20:55 . 2007-12-28 20:55 d--------	C:\Program Files\iTunes
2007-12-28 20:28 . 2008-01-11 20:34 d--------	C:\Program Files\QuickTime
2007-12-28 20:27 . 2007-12-28 20:27 d----c---	C:\WINDOWS\SYSTEM32\DRVSTORE
2007-12-28 20:27 . 2007-10-31 14:09	30,464	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Program Files\Common Files\Apple
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-12 03:10	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-01-12 01:34	---------	d-----w	C:\Program Files\Windows Defender
2008-01-12 01:34	---------	d-----w	C:\Program Files\DAEMON Tools
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 14:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DIGStream
2007-11-30 13:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\AVG7
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E661BFC-45EF-4EE5-8EED-739CE9D77174}]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E}]
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D1F453D2-B56C-737C-1A32-B109F40F1916}
{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}
{4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E}

[HKEY_CLASSES_ROOT\clsid\{d1f453d2-b56c-737c-1a32-b109f40f1916}]
[HKEY_CLASSES_ROOT\funk.BallFord.1]
[HKEY_CLASSES_ROOT\funk.BallFord]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469f-83b8-bd2ae6d9fa2e}]
[HKEY_CLASSES_ROOT\searchessistant.SEARCHESSISTANT Search]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-83b8-bd2ae6d9fa2e}]
[HKEY_CLASSES_ROOT\searchessistant.SEARCHESSISTANT Related]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E}"= C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL [ ]
"{D1F453D2-B56C-737C-1A32-B109F40F1916}"= C:\PROGRA~1\WINDOW~4\Inter bone.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-83b8-bd2ae6d9fa2e}]
[HKEY_CLASSES_ROOT\searchessistant.SEARCHESSISTANT Related]

[HKEY_CLASSES_ROOT\clsid\{d1f453d2-b56c-737c-1a32-b109f40f1916}]
[HKEY_CLASSES_ROOT\funk.BallFord.1]
[HKEY_CLASSES_ROOT\funk.BallFord]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HXIUL.EXE"="C:\Program Files\Alset\HelpExpress\thawilso\HXIUL.EXE" [ ]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"HELPEXP.EXE"="C:\Program Files\Alset\HelpExpress\thawilso\Client\HelpExp.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"AutoUpdater"="C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ ]
"WinTools"="C:\Program Files\Common files\WinTools\WToolsA.exe" [ ]
"couponsandoffers"="C:\Program Files\couponsandoffers\couponsandoffersrun.exe" [ ]
"{D9-9D-DD-D2-ZN}"="C:\windows\system32\modsregj.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"mfif"="C:\PROGRA~1\COMMON~1\mfif\mfifm.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 12:08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnn]
C:\WINDOWS\system32\pmnnn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuturo]
vtuturo.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^thawilso^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
path=C:\Documents and Settings\thawilso\Start Menu\Programs\Startup\Virtual Bouncer.lnk
backup=C:\WINDOWS\pss\Virtual Bouncer.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas Wilson^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thomas Wilson^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-11 20:34 417792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blabber]
C:\Program Files\IUInfoClient\Blabber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperBrwsr]
C:\WINDOWS\dhbrwsr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperUpdate]
C:\WINDOWS\DHUpdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2008-01-11 20:34 370176 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsw.exe]
C:\WINDOWS\emsw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FQQERQ]
C:\WINDOWS\system32\kcnzrop6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
C:\WINDOWS\system32\owegdvdw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]
C:\Program Files\Alset\HelpExpress\thawilso\Client\HelpExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
C:\Program Files\Alset\HelpExpress\thawilso\HXIUL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\liglub]
C:\WINDOWS\acvgeae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
C:\WINDOWS\sysupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP]
C:\Program Files\POP\PopSrv205.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 20:34 654336 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RreN4HW]
C:\WINDOWS\system32\czuehf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAClient]
C:\Program Files\Insight\BBClient\Programs\RegCon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcinstaller]
c:\installer\id53.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysUpd]
C:\WINDOWS\sysupd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
C:\Program Files\TV Media\Tvm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-12 11:03 81 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whSurvey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
C:\Program Files\Common files\WinTools\WToolsA.exe

R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys [2005-08-29 15:31]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S2 MicroService32;Secure MSVS;"C:\WINDOWS\msvcrs.exe" []
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 20:35:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-16 21:00:01 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 20:13:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 20:19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 01:19:11
.
2008-01-16 21:07:31	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:44 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {3E661BFC-45EF-4EE5-8EED-739CE9D77174} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O3 - Toolbar: Htm Active Cool - {D1F453D2-B56C-737C-1A32-B109F40F1916} - C:\PROGRA~1\WINDOW~4\Inter bone.dll (file missing)
O3 - Toolbar: SEARCHESSISTANT Search - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O3 - Toolbar: SEARCHESSISTANT Related - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AutoUpdater] C:\PROGRA~1\AUTOUP~1\AUTOUP~1.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [couponsandoffers] C:\Program Files\couponsandoffers\couponsandoffersrun.exe /cp "C:\Program Files\couponsandoffers\System\Code" Main lp: "C:\Program Files\couponsandoffers"
O4 - HKLM\..\Run: [{D9-9D-DD-D2-ZN}] C:\windows\system32\modsregj.exe CHD003
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [HXIUL.EXE] C:\Program Files\Alset\HelpExpress\thawilso\HXIUL.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\thawilso\Client\HelpExp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [mfif] C:\PROGRA~1\COMMON~1\mfif\mfifm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [mfif] C:\PROGRA~1\COMMON~1\mfif\mfifm.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll (file missing)
O20 - Winlogon Notify: vtuturo - vtuturo.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Secure MSVS (MicroService32) - Unknown owner - C:\WINDOWS\msvcrs.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9895 bytes


----------



## Cookiegal (Aug 27, 2003)

This computer has so many old infections I'm amazed it's still running at all.

Go to Control Panel - Add/Remove programs and remove any of these you find there:

*SEARCHESSISTANT Toolbar (or anything else called SEARCHESSISTANT spelled that way)
WebHancer
WinTools
WinTools for Internet Explorer V2
WinTools Easy Installer*

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\SYSTEM32\vtsqq.exe
C:\WINDOWS\system32\pmnnn.dll
C:\Documents and Settings\thawilso\Start Menu\Programs\Startup\Virtual Bouncer.lnk
C:\WINDOWS\pss\Virtual Bouncer.lnkStartup
C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\TA_Start.lnk
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\Think-Adz.lnk
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\DHUpdt.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\system32\kcnzrop6.exe
C:\WINDOWS\system32\owegdvdw.dll
C:\WINDOWS\sysupd.exe
C:\Program Files\POP\PopSrv205.exe
c:\installer\id53.exe
C:\WINDOWS\msvcrs.exe

Folder::
C:\Program Files\Alset
C:\PROGRAM FILES\AUTOUPDATER
C:\Program Files\Common files\WinTools
C:\Program Files\couponsandoffers
C:\Program Files\TV Media

Driver::
MicroService32

DirLook::
C:\Program Files\Dot1XCfg
C:\Program Files\POP

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3E661BFC-45EF-4EE5-8EED-739CE9D77174}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D1F453D2-B56C-737C-1A32-B109F40F1916}"=-
[-HKEY_CLASSES_ROOT\clsid\{d1f453d2-b56c-737c-1a32-b109f40f1916}]
[-HKEY_CLASSES_ROOT\funk.BallFord.1]
[-HKEY_CLASSES_ROOT\funk.BallFord]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D1F453D2-B56C-737C-1A32-B109F40F1916}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HXIUL.EXE"=-
"HELPEXP.EXE"=-
"QdrModule9"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoUpdater"=-
"WinTools"=-
"couponsandoffers"=- 
"{D9-9D-DD-D2-ZN}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"mfif"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuturo]
[-HKLM\~\startupfolder\C:^Documents and Settings^thawilso^Start Menu^Programs^Startup^Virtual Bouncer.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Thomas Wilson^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^Thomas Wilson^Start Menu^Programs^Startup^Think-Adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperBrwsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DealHelperUpdate]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsw.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FQQERQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HELPEXP.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HXIUL.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mswspl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stcinstaller]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysUpd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Media]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## Cookiegal (Aug 27, 2003)

Also, please do the following:

Go *here* to download AlcanShorty_en.exe. Scroll down to the middle of the page and click on "Download File" and save it to your desktop.

Double click the *alcanShorty.exe* file and follow prompts. 
It will make a folder on desktop called *Alcan Shorty*
Open the Alcan Shorty folder & double click the *run.bat* file to run it.
This will download a file called BFU.exe and a BFU script. 
If your firewall asks for permission to connect to the Internet you must allow it.
A message box will pop up saying "complete". 
Be patient and wait for the message box to appear as it may take some time.
Press OK then BFU.exe will open. 
Select the option to "Show log after script ends"
Execute the script by clicking the *Execute* button.
Note that you should see a progress bar while the script is being executed.
When the script has finished press "copy" and that will make a copy of the report in your clipboard. 
Paste the log into Notepad and save it to your desktop in case it's needed later but don't post it unless requested to.
*Note*: If you have any questions about the use of BFU please read *here*.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from  *here*

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:

 Restart your computer
 After hearing your computer beep once during start-up, but before the Windows icon appears, press F8.
 Instead of Windows loading as normal, a menu should appear
 Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click *aproposfix.exe* and unzip it to the desktop. Open the aproposfix folder on your desktop and run *RunThis.bat*. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post the entire contents of the *log.txt* file in the aproposfix folder.


----------



## thawilso (Sep 25, 2007)

ComboFix 08-01-16.4 - thawilso 2008-01-17 15:39:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.44 [GMT -5:00]
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas Wilson\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\thawilso\Start Menu\Programs\Startup\Virtual Bouncer.lnk
C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\Thomas Wilson\Start Menu\Programs\Startup\Think-Adz.lnk
c:\installer\id53.exe
C:\Program Files\POP\PopSrv205.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\DHUpdt.exe
C:\WINDOWS\emsw.exe
C:\WINDOWS\msvcrs.exe
C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\pss\Virtual Bouncer.lnkStartup
C:\WINDOWS\system32\kcnzrop6.exe
C:\WINDOWS\system32\owegdvdw.dll
C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\SYSTEM32\vtsqq.exe
C:\WINDOWS\sysupd.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pss\TA_Start.lnkStartup
C:\WINDOWS\pss\Think-Adz.lnkStartup
C:\WINDOWS\pss\Virtual Bouncer.lnkStartup
C:\WINDOWS\SYSTEM32\vtsqq.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MICROSERVICE32
-------\MicroService32

((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 13:46 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2008-01-09 22:37 . 2008-01-11 20:34 d--------	C:\Program Files\Dot1XCfg
2007-12-28 20:55 . 2007-12-28 20:55 d--------	C:\Program Files\iTunes
2007-12-28 20:28 . 2008-01-11 20:34 d--------	C:\Program Files\QuickTime
2007-12-28 20:27 . 2007-12-28 20:27 d----c---	C:\WINDOWS\SYSTEM32\DRVSTORE
2007-12-28 20:27 . 2007-10-31 14:09	30,464	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Program Files\Common Files\Apple
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-12 03:10	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-01-12 01:34	---------	d-----w	C:\Program Files\Windows Defender
2008-01-12 01:34	---------	d-----w	C:\Program Files\DAEMON Tools
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 14:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DIGStream
2007-11-30 13:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\AVG7
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Dot1XCfg ----

2008-01-11 20:34	401920	--a------	C:\Program Files\Dot1XCfg\Dot1XCfg.exe

---- Directory of C:\Program Files\POP ----

C:\Program Files\POP\

((((((((((((((((((((((((((((( [email protected]_20.18.30.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 18:47:55	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 20:38:32	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 20:38:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 18:47:56	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 20:38:32	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 20:38:32	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 18:47:57	15,126,528	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-17 20:38:33	15,126,528	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 18:47:57	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 20:38:33	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E}]
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E}"= C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL [ ]

[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-83b8-bd2ae6d9fa2e}]
[HKEY_CLASSES_ROOT\searchessistant.SEARCHESSISTANT Related]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 12:08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-11 20:34 417792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blabber]
C:\Program Files\IUInfoClient\Blabber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2008-01-11 20:34 370176 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\liglub]
C:\WINDOWS\acvgeae.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 20:34 654336 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RreN4HW]
C:\WINDOWS\system32\czuehf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAClient]
C:\Program Files\Insight\BBClient\Programs\RegCon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-12 11:03 81 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
C:\Program Files\webHancer\Programs\whSurvey.exe

R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys [2005-08-29 15:31]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-12 20:35:11 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-17 05:00:15 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 15:51:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 15:56:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 20:56:20
ComboFix2.txt 2008-01-17 01:19:15
.
2008-01-16 21:07:31	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:42 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8443 bytes


----------



## thawilso (Sep 25, 2007)

Also, I've downloaded both the alcanshorty.exe and aproposfix to my desktop, but I had a problem. After I selected the run.bat under the Alcan Shorty folder the screen came up at it started to run, but then it said -

"Download failure: A connection with the server could not be established

Archive: bfu.zip
End-of-central-directory signature not found. Either this file is not a zipfile, or it constitutes one disk of a muli-part archive. In the latter case the central directory or zipfile comment will be found on the last disk(s) of this archive.
unzip: cannot find zipfile directory in bfu.zip, and cannot find bfu.zip.zip, period.

!! BFU.exe is not present !!

Please report this to the helper on the forum
Press any key to continue..."


----------



## thawilso (Sep 25, 2007)

^^^^^
Nevermind, I tried again and got it to work


----------



## thawilso (Sep 25, 2007)

BFU v1.10.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 6:57:29 PM, on 1/17/2008

Option Unload Explorer: Yes
Warning: unknown command 'OptionStatusOn' on line #7
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKLM\software\microsoft\internet explorer\toolbar|{cbcc61fa-0221-4ccc-b409-cee865caca3a} (key not found)
Failed: RegDelValue HKLM\software\microsoft\internet explorer\toolbar|{C004DEC2-2623-438e-9CA2-C9043AB28508} (key not found)
Failed: RegDelValue HKLM\software\microsoft\internet explorer\toolbar|{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} (key not found)
Failed: RegDelValue HKLM\software\microsoft\internet explorer\toolbar|{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FolderDelete C:\WINDOWS\system32\nstlr (folder not found)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FileDelete C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\~DF4FDE.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
Failed: FolderDelete C:\Program Files\PadsysAssistant (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20000 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Ipwindows (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Program Files\folder.js (folder not found)
Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\Web Buying (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Failed: FileMove C:\bintheredunthat\112uninst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\CFSLogin.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\CPUMon.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\Dtools.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\register.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\unstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\A0135403.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\AIMinst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\AIMLang.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\all_files3.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\alsetup.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\alunins.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\ampx.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\atmoUn.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\BitTornado-0.3.2-w32install.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\DivXBundleUninstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\DivXCodecUninstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\DivXPlayerUninstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\instopts.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\iphinst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\muinst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\ocpinst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\runinstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\setup_incred_6.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\SLinst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\SLinstLP.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\tbsetup.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\tbunins.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\toolbar.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\unagi3.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\unagiuninst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\uninst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\uninstall.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\uninstaller.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\vwpt.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\WDInst.exe|C:\bintheredunthat (operation failed)
Failed: FileMove C:\bintheredunthat\winamp503_full.exe|C:\bintheredunthat (operation failed)
Script completed.


----------



## thawilso (Sep 25, 2007)

Log of AproposFix v1.1 

************ 

Running from directory: 
C:\Documents and Settings\Thomas Wilson\Desktop\aproposfix

************ 



Registry entries found: 


************ 

No service found! 

Removing hidden folder: 
No folder found! 

Deleting files: 


Backing up files: 
Done! 

Removing registry entries: 

REGEDIT4 


Done! 

Finished!


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:38 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8510 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to *Start* - *Search* - *All Files and Folders* and under *More advanced search options*. 
Make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders*.

Next click on *My Computer*. Go to *Tools* - *Folder Options*. Click on the View tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types*. Now click *Apply to all folders*. Click *Apply* then *OK*.

Now, go to the following link and upload each of the following files for analysis and let me know what the results are please:

http://virusscan.jotti.org/

*C:\Program Files\Dot1XCfg\Dot1XCfg.exe *


----------



## thawilso (Sep 25, 2007)

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


----------



## Cookiegal (Aug 27, 2003)

Don't worry about it. I found information that tells me it's malicious.

Open Notepad and copy and paste the text in the code box below into it:


```
Folder::
C:\Program Files\Dot1XCfg

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E}"=- 
[-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-83b8-bd2ae6d9fa2e}]
[-HKEY_CLASSES_ROOT\searchessistant.SEARCHESSISTANT Related]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\liglub]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RreN4HW]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## thawilso (Sep 25, 2007)

ComboFix 08-01-16.4 - thawilso 2008-01-21 17:31:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.49 [GMT -5:00]
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas Wilson\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-17 16:40 . 2008-01-17 19:41 d--------	C:\bintheredunthat
2008-01-16 13:46 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-12-28 20:55 . 2007-12-28 20:55 d--------	C:\Program Files\iTunes
2007-12-28 20:28 . 2008-01-11 20:34 d--------	C:\Program Files\QuickTime
2007-12-28 20:27 . 2007-12-28 20:27 d----c---	C:\WINDOWS\SYSTEM32\DRVSTORE
2007-12-28 20:27 . 2007-10-31 14:09	30,464	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Program Files\Common Files\Apple
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 22:20	---------	d-----w	C:\Program Files\DivX
2008-01-17 22:20	---------	d-----w	C:\Program Files\DAEMON Tools
2008-01-17 22:20	---------	d-----w	C:\Program Files\Common Files\AOL
2008-01-17 22:20	---------	d-----w	C:\Program Files\BitTornado
2008-01-17 22:19	---------	d-----w	C:\Program Files\AIM6
2008-01-17 22:19	---------	d-----w	C:\Program Files\AC3Filter
2008-01-17 22:14	---------	d-----w	C:\Program Files\UITS NETCFG
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-12 03:10	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-01-12 01:34	370,176	----a-w	C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 01:34	---------	d-----w	C:\Program Files\Windows Defender
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 14:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DIGStream
2007-11-30 13:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-07 09:26	721,920	----a-w	C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26	721,920	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42	3,590,656	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20	360,064	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43	1,287,680	----a-w	C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43	1,287,680	------w	C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 22:40	227,328	----a-w	C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 22:40	227,328	----a-w	C:\WINDOWS\SYSTEM32\SET2D4.tmp
2007-10-27 22:40	227,328	----a-w	C:\WINDOWS\SYSTEM32\SET1A.tmp
2007-10-27 22:40	227,328	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34	8,460,288	----a-w	C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_20.18.30.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 18:47:55	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 22:30:58	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 22:30:58	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 18:47:56	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 22:30:58	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 22:30:59	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 18:47:57	15,126,528	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-21 22:30:59	14,041,088	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 18:47:57	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 22:30:59	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E}]
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 12:08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-11 20:34 417792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blabber]
C:\Program Files\IUInfoClient\Blabber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2008-01-11 20:34 370176 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 20:34 654336 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAClient]
C:\Program Files\Insight\BBClient\Programs\RegCon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-12 11:03 81 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys [2005-08-29 15:31]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 06:34:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-18 21:00:00 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 17:40:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 17:43:53
ComboFix-quarantined-files.txt 2008-01-21 22:43:51
ComboFix2.txt 2008-01-17 20:56:22
ComboFix3.txt 2008-01-17 01:19:15
.
2008-01-21 21:43:04	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:49 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8486 bytes


----------



## Cookiegal (Aug 27, 2003)

Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## thawilso (Sep 25, 2007)

For some reason nothing happened when I clicked Save list..., so I just typed everything that was in the list

AC3Filter (remove only)
Ad-aware 6 Personal
Ad-aware 6 Plus
Adobe Acrobat 5.0
Adobe Atomosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Avanquest update
AVG Free Edition
BitTornado 0.3.2
CNET Download Manager
DAO
Dell Inkjet Printer J740
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DivX
DivX Player
DJ740EN
DVDSentry
Easy CD Creator 5 Basic
EFTP3
ESPNMotion
FileSpecs extension forAd-aware 6
Get Connected CD
Google Earth
Hijack This 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel (R) Pro Alerting Agent
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-02-07
iTunes
Java 2 Runtime Environment, SE v1.4.2
Linksys Wireless-G USB Network Adapter
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Shockwave Player
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
mobile PhoneTools
Motorola PST
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nielsen//NetRatings
NVIDIA Windows 2000/XP Display Drivers
OMCI
Outerinfo
Paint Shop Pro 7
Palisade Numerical Tools - Book Version
PowerDVD
Quicktime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Securtiy Update for Windows XP (KB890046)
Securtiy Update for Windows XP (KB893066)
Securtiy Update for Windows XP (KB893756)
Securtiy Update for Windows XP (KB896358)
Securtiy Update for Windows XP (KB896422)
Securtiy Update for Windows XP (KB896423)
Securtiy Update for Windows XP (KB896424)
Securtiy Update for Windows XP (KB896428)
Securtiy Update for Windows XP (KB896688)
Securtiy Update for Windows XP (KB899587)
Securtiy Update for Windows XP (KB899589)
Securtiy Update for Windows XP (KB899591)
Securtiy Update for Windows XP (KB900725)
Securtiy Update for Windows XP (KB901017)
Securtiy Update for Windows XP (KB901214)
Securtiy Update for Windows XP (KB902400)
Securtiy Update for Windows XP (KB904706)
Securtiy Update for Windows XP (KB905414)
Securtiy Update for Windows XP (KB905749)
Securtiy Update for Windows XP (KB905915)
Securtiy Update for Windows XP (KB908519)
Securtiy Update for Windows XP (KB908531)
Securtiy Update for Windows XP (KB911280)
Securtiy Update for Windows XP (KB911562)
Securtiy Update for Windows XP (KB911567)
Securtiy Update for Windows XP (KB911927)
Securtiy Update for Windows XP (KB912812)
Securtiy Update for Windows XP (KB912919)
Securtiy Update for Windows XP (KB913446)
Securtiy Update for Windows XP (KB913580)
Securtiy Update for Windows XP (KB914388)
Securtiy Update for Windows XP (KB914389)
Securtiy Update for Windows XP (KB916281)
Securtiy Update for Windows XP (KB917159)
Securtiy Update for Windows XP (KB917344)
Securtiy Update for Windows XP (KB917422)
Securtiy Update for Windows XP (KB917953)
Securtiy Update for Windows XP (KB918118)
Securtiy Update for Windows XP (KB918439)
Securtiy Update for Windows XP (KB918899)
Securtiy Update for Windows XP (KB919007)
Securtiy Update for Windows XP (KB920213)
Securtiy Update for Windows XP (KB920214)
Securtiy Update for Windows XP (KB920670)
Securtiy Update for Windows XP (KB920683)
Securtiy Update for Windows XP (KB920685)
Securtiy Update for Windows XP (KB921398)
Securtiy Update for Windows XP (KB921503)
Securtiy Update for Windows XP (KB921883)
Securtiy Update for Windows XP (KB922616)
Securtiy Update for Windows XP (KB922760)
Securtiy Update for Windows XP (KB922819)
Securtiy Update for Windows XP (KB923191)
Securtiy Update for Windows XP (KB923414)
Securtiy Update for Windows XP (KB923689)
Securtiy Update for Windows XP (KB923694)
Securtiy Update for Windows XP (KB923980)
Securtiy Update for Windows XP (KB924191)
Securtiy Update for Windows XP (KB924270)
Securtiy Update for Windows XP (KB924496)
Securtiy Update for Windows XP (KB924667)
Securtiy Update for Windows XP (KB925454)
Securtiy Update for Windows XP (KB925486)
Securtiy Update for Windows XP (KB925902)
Securtiy Update for Windows XP (KB926255)
Securtiy Update for Windows XP (KB926436)
Securtiy Update for Windows XP (KB927779)
Securtiy Update for Windows XP (KB927802)
Securtiy Update for Windows XP (KB928090)
Securtiy Update for Windows XP (KB928255)
Securtiy Update for Windows XP (KB928843)
Securtiy Update for Windows XP (KB929123)
Securtiy Update for Windows XP (KB930178)
Securtiy Update for Windows XP (KB931261)
Securtiy Update for Windows XP (KB931768)
Securtiy Update for Windows XP (KB931784)
Securtiy Update for Windows XP (KB932168)
Securtiy Update for Windows XP (KB933566)
Securtiy Update for Windows XP (KB933729)
Securtiy Update for Windows XP (KB935839)
Securtiy Update for Windows XP (KB935840)
Securtiy Update for Windows XP (KB936021)
Securtiy Update for Windows XP (KB937894)
Securtiy Update for Windows XP (KB938829)
Securtiy Update for Windows XP (KB941202)
Securtiy Update for Windows XP (KB941568)
Securtiy Update for Windows XP (KB941569)
Securtiy Update for Windows XP (KB941644)
Securtiy Update for Windows XP (KB943460)
Securtiy Update for Windows XP (KB943485)
Securtiy Update for Windows XP (KB944653)
Shockwave
Spybot - Search & Destroy 1.3
Symantec AntiVirus Client
Toolbar888
UITS Network Configuration Tool
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WavePad Uninstall
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows SR 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove:

*Nielsen//NetRatings
Outerinfo
Toolbar888
Viewpoint Manager (Remove Only)
Viewpoint Media Player*

Can you tell me what this task is that is set to run automatically?

C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

*Upgrading Java*: 

Download the latest version of *Java Runtime Environment (JRE) 6 Update 4*.
Scroll down to where it says "* Java Runtime Environment (JRE) 6 Update 4. The Java SE Runtime Environment (JRE) allows end-users to run Java applications (the fourth one in the list).*".
Click the "*Download*" button to the right.
Check the box that says: "*Accept License Agreement*".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to *Start* - *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.


----------



## thawilso (Sep 25, 2007)

I was able to remove everything from the Add/Remove Programs list except Toolbar888. I think it has already been removed, but for some reason whenever I try to remove from the list nothing happens.

As for the task you asked about I couldn't figure out what it is. I went to look at its properties and an alert came up and said "Task Scheduler - General page initalization failed. The specific error is: 0x800706fd: The trust relationship between this workstation and the primary domain failed. An error has occured attemtping to retrieve task account information. You may continue editing the task object, but will be unable to change task account information." After that I was looking through the property tabs and under the security tab it had one of the Group or User Names as "S-1-5-21-1085031214-1292428093-527237240-382858" along with Administrator and System. Next to that it had a face with a question mark.

I also successfully installed Java.

Also, I was reinfected with some of the things that we removed previously, so I ran combofix again and I'll post that log along with a hijackthis log.


----------



## thawilso (Sep 25, 2007)

ComboFix 08-01-16.4 - thawilso 2008-01-24 18:23:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.38 [GMT -5:00]
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Thomas Wilson\My Documents\ICROSO~1.NET
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp


----------



## thawilso (Sep 25, 2007)

C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp


----------



## thawilso (Sep 25, 2007)

C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b104.exe
C:\WINDOWS\b122.exe
C:\WINDOWS\b128.exe
C:\WINDOWS\b138.exe
C:\WINDOWS\b151.exe
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\awtqolk.dll
C:\WINDOWS\SYSTEM32\gjllm.ini
C:\WINDOWS\SYSTEM32\gjllm.ini2
C:\WINDOWS\system32\mljjhed.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qokvrbvd.dll
C:\WINDOWS\system32\szxtjlgv.dll
C:\WINDOWS\system32\szxtjlgv.dllbox
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))
.

2008-01-24 20:43 . 2008-01-24 20:43 d--------	C:\Temp\tn3
2008-01-23 22:16 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-23 22:15 . 2008-01-23 22:15 d--------	C:\Program Files\Common Files\Java
2008-01-23 20:52 . 2008-01-23 20:52	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-23 20:52 . 2008-01-23 20:52	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-22 17:49 . 2008-01-22 17:49	3,584	--a------	C:\WINDOWS\SYSTEM32\mlljg.exe
2008-01-22 17:48 . 2008-01-24 18:33 d--------	C:\Program Files\Dot1XCfg
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\WINDOWS\SYSTEM32\winzs6
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\WINDOWS\SYSTEM32\nui4
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\WINDOWS\SYSTEM32\nGpxx01
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\WINDOWS\SYSTEM32\extz1
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\WINDOWS\SYSTEM32\comm7
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\Temp\gTiis19
2008-01-22 17:43 . 2008-01-22 17:43 d--------	C:\Temp\cXzz9
2008-01-22 17:43 . 2008-01-24 20:43 d--------	C:\Temp
2008-01-22 17:43 . 2008-01-22 17:43	86,016	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVDD.sys
2008-01-22 17:43 . 2008-01-22 17:43	36,864	--a------	C:\WINDOWS\mrofinu572.exe.tmp
2008-01-22 17:43 . 2008-01-24 19:04	932	---------	C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
2008-01-17 16:40 . 2008-01-17 19:41 d--------	C:\bintheredunthat
2008-01-16 13:46 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-12-28 20:55 . 2007-12-28 20:55 d--------	C:\Program Files\iTunes
2007-12-28 20:28 . 2008-01-11 20:34 d--------	C:\Program Files\QuickTime
2007-12-28 20:27 . 2007-12-28 20:27 d----c---	C:\WINDOWS\SYSTEM32\DRVSTORE
2007-12-28 20:27 . 2007-10-31 14:09	30,464	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Program Files\Common Files\Apple
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-24 03:16	---------	d-----w	C:\Program Files\Java
2008-01-24 01:42	---------	d-----w	C:\Program Files\Viewpoint
2008-01-24 01:42	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-17 22:20	---------	d-----w	C:\Program Files\DivX
2008-01-17 22:20	---------	d-----w	C:\Program Files\DAEMON Tools
2008-01-17 22:20	---------	d-----w	C:\Program Files\Common Files\AOL
2008-01-17 22:20	---------	d-----w	C:\Program Files\BitTornado
2008-01-17 22:19	---------	d-----w	C:\Program Files\AIM6
2008-01-17 22:19	---------	d-----w	C:\Program Files\AC3Filter
2008-01-17 22:14	---------	d-----w	C:\Program Files\UITS NETCFG
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-12 03:10	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-01-12 01:34	---------	d-----w	C:\Program Files\Windows Defender
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 14:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DIGStream
2007-11-30 13:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-02 13:43	282,624	----a-w	C:\Program Files\TTC.dll
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_20.18.30.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 18:47:55	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 22:30:58	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 22:30:58	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 18:47:56	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 22:30:58	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 22:30:59	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 18:47:57	15,126,528	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-21 22:30:59	14,041,088	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 18:47:57	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 22:30:59	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2007-11-20 09:41:12	274,432	----a-w	C:\WINDOWS\SYSTEM32\comm7\ewbydllcom6.exe
+ 2008-01-05 21:48:12	126,976	----a-w	C:\WINDOWS\SYSTEM32\extz1\lovstadcom2.exe
- 2003-10-02 04:16:11	24,670	----a-w	C:\WINDOWS\SYSTEM32\java.exe
+ 2007-12-14 05:57:22	135,168	----a-w	C:\WINDOWS\SYSTEM32\java.exe
- 2003-10-02 04:16:11	28,768	----a-w	C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-12-14 05:57:24	135,168	----a-w	C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-12-14 06:59:16	139,264	----a-w	C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-01-19 13:13:12	32,768	----a-w	C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe
+ 2007-08-14 22:22:50	25,105	----a-w	C:\WINDOWS\SYSTEM32\nui4\softidndll3.exe
+ 2007-08-03 01:44:02	169,147	----a-w	C:\WINDOWS\SYSTEM32\winzs6\renamd83122.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E}]
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0799358-5C1A-491D-B196-889F6405428F}]
C:\Program Files\Windows NT\mesovixuC:\WINDOWS\system32\winzs6\renamd83122.exe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"Dot1XCfg"="C:\Program Files\Dot1XCfg\Dot1XCfg.exe" [2008-01-24 18:23 399872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-24 18:24 487424]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 12:08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-11 20:34 417792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blabber]
C:\Program Files\IUInfoClient\Blabber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2008-01-11 20:34 370176 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 20:34 654336 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAClient]
C:\Program Files\Insight\BBClient\Programs\RegCon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-12 11:03 81 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

R1 nmconpid;nmconpid;C:\WINDOWS\system32\drivers\nmconpid.sys [2005-08-29 15:31]
R1 VDMINDVDD;VDMINDVDD;C:\WINDOWS\system32\drivers\VDMINDVDD.sys [2008-01-22 17:43]
R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 06:34:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-18 21:00:00 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 20:43:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-24 20:49:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-25 01:49:18
ComboFix2.txt 2008-01-21 22:43:54
ComboFix3.txt 2008-01-17 20:56:22
ComboFix4.txt 2008-01-17 01:19:15
.
2008-01-24 21:45:09	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:36 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {D0799358-5C1A-491D-B196-889F6405428F} - C:\Program Files\Windows NT\mesovixuC:\WINDOWS\system32\winzs6\renamd83122.exe.dll (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9205 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\SYSTEM32\mlljg.exe
C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVDD.sys
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\Program Files\TTC.dll
C:\WINDOWS\system32\drivers\nmconpid.sys

Folder::
C:\Temp
C:\WINDOWS\SYSTEM32\winzs6
C:\WINDOWS\SYSTEM32\nui4
C:\WINDOWS\SYSTEM32\nGpxx01
C:\WINDOWS\SYSTEM32\extz1
C:\WINDOWS\SYSTEM32\comm7
C:\Temp\gTiis19
C:\Temp\cXzz9
C:\WINDOWS\SYSTEM32\nui4
C:\Program Files\Dot1XCfg

Driver::
VDMINDVDD
nmconpid
MSControlService

DirLook::
C:\Program Files\Windows NT

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0799358-5C1A-491D-B196-889F6405428F}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dot1XCfg"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## thawilso (Sep 25, 2007)

ComboFix 08-01-16.4 - thawilso 2008-01-25 23:56:43.5 - NTFSx86
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas Wilson\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\TTC.dll
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\system32\drivers\nmconpid.sys
C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVDD.sys
C:\WINDOWS\SYSTEM32\mlljg.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Dot1XCfg
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\TTC.dll
C:\Temp
C:\Temp\gTiis19\lTig.log
C:\temp\tn3
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\SYSTEM32\comm7
C:\WINDOWS\SYSTEM32\comm7\ewbydllcom6.exe
C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk
C:\WINDOWS\system32\drivers\nmconpid.sys
C:\WINDOWS\SYSTEM32\DRIVERS\VDMINDVDD.sys
C:\WINDOWS\SYSTEM32\extz1
C:\WINDOWS\SYSTEM32\extz1\lovstadcom2.exe
C:\WINDOWS\SYSTEM32\mlljg.exe
C:\WINDOWS\SYSTEM32\nGpxx01
C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe
C:\WINDOWS\SYSTEM32\nui4
C:\WINDOWS\SYSTEM32\nui4\softidndll3.exe
C:\WINDOWS\SYSTEM32\winzs6
C:\WINDOWS\SYSTEM32\winzs6\renamd83122.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\LEGACY_NMCONPID
-------\LEGACY_VDMINDVDD
-------\MSControlService
-------\nmconpid
-------\VDMINDVDD

((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 )))))))))))))))))))))))))))))))
.

2008-01-23 22:16 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-23 22:15 . 2008-01-23 22:15 d--------	C:\Program Files\Common Files\Java
2008-01-23 20:52 . 2008-01-25 22:13	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-01-23 20:52 . 2008-01-23 20:52	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-17 16:40 . 2008-01-17 19:41 d--------	C:\bintheredunthat
2008-01-16 13:46 . 2000-08-31 08:00	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-12-28 20:55 . 2007-12-28 20:55 d--------	C:\Program Files\iTunes
2007-12-28 20:28 . 2008-01-11 20:34 d--------	C:\Program Files\QuickTime
2007-12-28 20:27 . 2007-12-28 20:27 d----c---	C:\WINDOWS\SYSTEM32\DRVSTORE
2007-12-28 20:27 . 2007-10-31 14:09	30,464	--a------	C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Program Files\Common Files\Apple
2007-12-28 20:26 . 2007-12-28 20:26 d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 03:13	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\Apple Computer
2008-01-24 03:16	---------	d-----w	C:\Program Files\Java
2008-01-24 01:42	---------	d-----w	C:\Program Files\Viewpoint
2008-01-24 01:42	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-17 22:20	---------	d-----w	C:\Program Files\DivX
2008-01-17 22:20	---------	d-----w	C:\Program Files\DAEMON Tools
2008-01-17 22:20	---------	d-----w	C:\Program Files\Common Files\AOL
2008-01-17 22:20	---------	d-----w	C:\Program Files\BitTornado
2008-01-17 22:19	---------	d-----w	C:\Program Files\AIM6
2008-01-17 22:19	---------	d-----w	C:\Program Files\AC3Filter
2008-01-17 22:14	---------	d-----w	C:\Program Files\UITS NETCFG
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-12 03:10	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-01-12 01:34	---------	d-----w	C:\Program Files\Windows Defender
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-08 14:24	---------	d-----w	C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:41	---------	d-----w	C:\Documents and Settings\All Users\Application Data\DIGStream
2007-11-30 13:00	---------	d-----w	C:\Documents and Settings\LocalService\Application Data\AVG7
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Windows NT ----

2004-10-19 17:49	186880	---------	C:\Program Files\Windows NT\Accessories\mswrd6.wpc 
2004-08-04 02:56	539136	--a------	C:\Program Files\Windows NT\dialer.exe 
2004-08-04 02:56	281088	--a------	C:\Program Files\Windows NT\Pinball\pinball.exe 
2004-08-04 02:56	214528	--a------	C:\Program Files\Windows NT\Accessories\wordpad.exe 
2004-08-04 00:59	88576	---------	C:\Program Files\Windows NT\Accessories\write.wpc 
2004-08-04 00:59	279040	---------	C:\Program Files\Windows NT\Accessories\mswrd8.wpc 
2002-08-29 05:00	9770	--a------	C:\Program Files\Windows NT\Pinball\SOUND45.WAV 
2002-08-29 05:00	928700	--a------	C:\Program Files\Windows NT\Pinball\PINBALL.DAT 
2002-08-29 05:00	9194	--a------	C:\Program Files\Windows NT\Pinball\SOUND21.WAV 
2002-08-29 05:00	9022	--a------	C:\Program Files\Windows NT\Pinball\SOUND53.WAV 
2002-08-29 05:00	8932	--a------	C:\Program Files\Windows NT\Pinball\SOUND528.WAV 
2002-08-29 05:00	890	--a------	C:\Program Files\Windows NT\Pinball\SOUND111.WAV 
2002-08-29 05:00	8650	--a------	C:\Program Files\Windows NT\Pinball\SOUND28.WAV 
2002-08-29 05:00	8650	--a------	C:\Program Files\Windows NT\Pinball\SOUND20.WAV 
2002-08-29 05:00	824	--a------	C:\Program Files\Windows NT\Pinball\SOUND112.WAV 
2002-08-29 05:00	8034	--a------	C:\Program Files\Windows NT\Pinball\SOUND13.WAV 
2002-08-29 05:00	7754	--a------	C:\Program Files\Windows NT\Pinball\SOUND108.WAV 
2002-08-29 05:00	7376	--a------	C:\Program Files\Windows NT\Pinball\SOUND22.WAV 
2002-08-29 05:00	7306	--a------	C:\Program Files\Windows NT\Pinball\SOUND26.WAV 
2002-08-29 05:00	6742	--a------	C:\Program Files\Windows NT\Pinball\SOUND999.WAV 
2002-08-29 05:00	55490	--a------	C:\Program Files\Windows NT\Pinball\SOUND1.WAV 
2002-08-29 05:00	5230	--a------	C:\Program Files\Windows NT\Pinball\SOUND19.WAV 
2002-08-29 05:00	47230	--a------	C:\Program Files\Windows NT\Pinball\SOUND827.WAV 
2002-08-29 05:00	4376	--a------	C:\Program Files\Windows NT\Pinball\SOUND6.WAV 
2002-08-29 05:00	4296	--a------	C:\Program Files\Windows NT\Pinball\SOUND12.WAV 
2002-08-29 05:00	3986	--a------	C:\Program Files\Windows NT\Pinball\SOUND18.WAV 
2002-08-29 05:00	3947	--a------	C:\Program Files\Windows NT\Pinball\FONT.DAT 
2002-08-29 05:00	3408	--a------	C:\Program Files\Windows NT\Pinball\SOUND58.WAV 
2002-08-29 05:00	339178	--a------	C:\Program Files\Windows NT\Pinball\TABLE.BMP 
2002-08-29 05:00	33848	--a------	C:\Program Files\Windows NT\Pinball\SOUND36.WAV 
2002-08-29 05:00	3330	--a------	C:\Program Files\Windows NT\Pinball\SOUND49D.WAV 
2002-08-29 05:00	32402	--a------	C:\Program Files\Windows NT\Pinball\SOUND68.WAV 
2002-08-29 05:00	3180	--a------	C:\Program Files\Windows NT\Pinball\SOUND5.WAV 
2002-08-29 05:00	30502	--a------	C:\Program Files\Windows NT\Pinball\SOUND57.WAV 
2002-08-29 05:00	3002	--a------	C:\Program Files\Windows NT\Pinball\SOUND14.WAV 
2002-08-29 05:00	29140	--a------	C:\Program Files\Windows NT\Pinball\SOUND42.WAV 
2002-08-29 05:00	29004	--a------	C:\Program Files\Windows NT\Pinball\SOUND560.WAV 
2002-08-29 05:00	28888	--a------	C:\Program Files\Windows NT\Pinball\PINBALL2.MID 
2002-08-29 05:00	28282	--a------	C:\Program Files\Windows NT\Pinball\SOUND39.WAV 
2002-08-29 05:00	28160	--a------	C:\Program Files\Windows NT\HYPERTRM.EXE 
2002-08-29 05:00	27472	--a------	C:\Program Files\Windows NT\Pinball\SOUND181.WAV 
2002-08-29 05:00	27268	--a------	C:\Program Files\Windows NT\Pinball\SOUND735.WAV 
2002-08-29 05:00	2687	--a------	C:\Program Files\Windows NT\Pinball\WAVEMIX.INF 
2002-08-29 05:00	26442	--a------	C:\Program Files\Windows NT\Pinball\SOUND7.WAV 
2002-08-29 05:00	25704	--a------	C:\Program Files\Windows NT\Pinball\SOUND25.WAV 
2002-08-29 05:00	24192	--a------	C:\Program Files\Windows NT\Pinball\SOUND563.WAV 
2002-08-29 05:00	22858	--a------	C:\Program Files\Windows NT\Pinball\SOUND3.WAV 
2002-08-29 05:00	22796	--a------	C:\Program Files\Windows NT\Pinball\SOUND43.WAV 
2002-08-29 05:00	22570	--a------	C:\Program Files\Windows NT\Pinball\SOUND30.WAV 
2002-08-29 05:00	21890	--a------	C:\Program Files\Windows NT\Pinball\SOUND55.WAV 
2002-08-29 05:00	2102	--a------	C:\Program Files\Windows NT\Pinball\SOUND8.WAV 
2002-08-29 05:00	2090	--a------	C:\Program Files\Windows NT\Pinball\SOUND17.WAV 
2002-08-29 05:00	20712	--a------	C:\Program Files\Windows NT\Pinball\SOUND243.WAV 
2002-08-29 05:00	20242	--a------	C:\Program Files\Windows NT\Pinball\SOUND27.WAV 
2002-08-29 05:00	20098	--a------	C:\Program Files\Windows NT\Pinball\SOUND9.WAV 
2002-08-29 05:00	1968	--a------	C:\Program Files\Windows NT\Pinball\SOUND105.WAV 
2002-08-29 05:00	19498	--a------	C:\Program Files\Windows NT\Pinball\SOUND35.WAV 
2002-08-29 05:00	19282	--a------	C:\Program Files\Windows NT\Pinball\SOUND136.WAV 
2002-08-29 05:00	1876	--a------	C:\Program Files\Windows NT\Pinball\SOUND49.WAV 
2002-08-29 05:00	18250	--a------	C:\Program Files\Windows NT\Pinball\SOUND54.WAV 
2002-08-29 05:00	17676	--a------	C:\Program Files\Windows NT\Pinball\SOUND65.WAV 
2002-08-29 05:00	16626	--a------	C:\Program Files\Windows NT\Pinball\SOUND4.WAV 
2002-08-29 05:00	1520	--a------	C:\Program Files\Windows NT\Pinball\SOUND34.WAV 
2002-08-29 05:00	14600	--a------	C:\Program Files\Windows NT\Pinball\SOUND240.WAV 
2002-08-29 05:00	14592	--a------	C:\Program Files\Windows NT\Pinball\SOUND713.WAV 
2002-08-29 05:00	13312	--a------	C:\Program Files\Windows NT\HTRN_JIS.DLL 
2002-08-29 05:00	13024	--a------	C:\Program Files\Windows NT\Pinball\SOUND38.WAV 
2002-08-29 05:00	1290	--a------	C:\Program Files\Windows NT\Pinball\SOUND131.WAV 
2002-08-29 05:00	1226	--a------	C:\Program Files\Windows NT\Pinball\SOUND104.WAV 
2002-08-29 05:00	12106	--a------	C:\Program Files\Windows NT\Pinball\SOUND24.WAV 
2002-08-29 05:00	12074	--a------	C:\Program Files\Windows NT\Pinball\SOUND50.WAV 
2002-08-29 05:00	108607	--a------	C:\Program Files\Windows NT\Pinball\PINBALL.MID 
2002-08-29 05:00	1046	--a------	C:\Program Files\Windows NT\Pinball\SOUND16.WAV 
2002-08-29 05:00	10364	--a------	C:\Program Files\Windows NT\Pinball\SOUND29.WAV

((((((((((((((((((((((((((((( [email protected]_20.18.30.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 18:47:55	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-26 04:56:06	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-26 04:56:06	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-16 18:47:56	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-26 04:56:06	241,664	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-16 18:47:56	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-26 04:56:06	8,192	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-16 18:47:57	15,126,528	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-26 04:56:06	14,041,088	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-16 18:47:57	16,384	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 04:56:06	151,552	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-26 04:56:07	3,801,088	----a-w	C:\WINDOWS\erdnt\Hiv-backup\Users\00000007\ntuser.dat
- 2003-10-02 04:16:11	24,670	----a-w	C:\WINDOWS\SYSTEM32\java.exe
+ 2007-12-14 05:57:22	135,168	----a-w	C:\WINDOWS\SYSTEM32\java.exe
- 2003-10-02 04:16:11	28,768	----a-w	C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-12-14 05:57:24	135,168	----a-w	C:\WINDOWS\SYSTEM32\javaw.exe
+ 2007-12-14 06:59:16	139,264	----a-w	C:\WINDOWS\SYSTEM32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2008-01-24 18:24 487424]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 12:08 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-01-11 20:34 417792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blabber]
C:\Program Files\IUInfoClient\Blabber.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
--a------ 2008-01-11 20:34 370176 C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 20:34 654336 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAClient]
C:\Program Files\Insight\BBClient\Programs\RegCon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2008-01-12 11:03 81 C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
R2 WUSB54Gv4SVC;WUSB54Gv4SVC;"C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv4.exe" []
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 06:34:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-26 13:00:00 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 08:56:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 9:01:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-26 14:01:05
ComboFix2.txt 2008-01-25 01:49:21
ComboFix3.txt 2008-01-21 22:43:54
ComboFix4.txt 2008-01-17 20:56:22
ComboFix5.txt 2008-01-17 01:19:15
.
2008-01-25 21:01:51	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:13 AM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.winantivirus.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8558 bytes


----------



## Cookiegal (Aug 27, 2003)

Do you recognize this? I can't find any solid information on what it actually is.

*C:\Program Files\IUInfoClient\Blabber.exe*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation. 
An icon will be created on your desktop. Double-click that icon to launch the program. 
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._) 
Under "*Configuration and Preferences*", click the *Preferences* button. 
Click the *Scanning Control* tab. 
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._ 
_Scan for tracking cookies._ 
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen. 
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*. 
On the left, make sure you check *C:\Fixed Drive*. 
On the right, under "*Complete Scan*", choose *Perform Complete Scan*. 
Click "*Next*" to start the scan. Please be patient while it scans your computer. 
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*". 
Make sure everything has a checkmark next to it and click "*Next*". 
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu. 
If asked if you want to reboot, click "*Yes*". 
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._ 
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._ 
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._ 
*Please copy and paste the Scan Log results in your next reply.*

Click *Close* to exit the program.

Run Kaspersky online virus scan *Kaspersky Online Scanner*.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the *"Extended database" *for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

*Note:* You have to use Internet Explorer to do the online scan.

*Post a new HiJackThis log along with the results from the SuperAntispyware and Kaspersky scans*


----------



## thawilso (Sep 25, 2007)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2008 at 07:17 PM

Application Version : 3.9.1008

Core Rules Database Version : 3389
Trace Rules Database Version: 1383

Scan type : Complete Scan
Total Scan Time : 02:40:52

Memory items scanned : 332
Memory threats detected : 0
Registry items scanned : 11983
Registry threats detected : 169
File items scanned : 108051
File threats detected : 510

Kontiki Download Manager Browser Helper Object
HKLM\Software\Classes\CLSID\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\InprocServer32#ThreadingModel
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\ProgID
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\Programmable
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\TypeLib
HKCR\CLSID\{029CA12C-89C1-46A7-A3C7-82F2F98635CB}\VersionIndependentProgID
C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL

Adware.AdSponsor/ISM
HKLM\Software\Classes\CLSID\{12DA1BC4-5384-42fd-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}#AppID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\ProgID
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\TypeLib
HKCR\CLSID\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE3.DLL
HKLM\Software\Classes\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}#AppID
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\InprocServer32#ThreadingModel
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\ProgID
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\TypeLib
HKCR\CLSID\{1B2588F5-45CE-4322-B755-D79944AD1B17}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE6.DLL
HKLM\Software\Classes\CLSID\{1ED6A320-8AF3-4f06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}#AppID
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\InprocServer32#ThreadingModel
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\TypeLib
HKCR\CLSID\{1ED6A320-8AF3-4F06-868A-9BA95585712E}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE7.DLL
HKLM\Software\Classes\CLSID\{8B27CC68-110C-46a9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}#AppID
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\InprocServer32#ThreadingModel
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\TypeLib
HKCR\CLSID\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{8C6D5A56-791E-4fe8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}#AppID
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\InprocServer32#ThreadingModel
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\ProgID
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\TypeLib
HKCR\CLSID\{8C6D5A56-791E-4FE8-9D64-81781FA15D68}\VersionIndependentProgID
HKLM\Software\Classes\CLSID\{9815DA81-2E0C-478c-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}#AppID
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\InprocServer32#ThreadingModel
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\TypeLib
HKCR\CLSID\{9815DA81-2E0C-478C-90E4-06E474E704D0}\VersionIndependentProgID
C:\PROGRAM FILES\ISM\BNDDRIVE.DLL
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{12DA1BC4-5384-42FD-A119-3C99D2D146A2}
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{1B2588F5-45CE-4322-B755-D79944AD1B17}
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{1ED6A320-8AF3-4F06-868A-9BA95585712E}
HKCR\BndDrive.Band
HKCR\BndDrive.Band\CLSID
HKCR\BndDrive.Band\CurVer
HKCR\BndDrive.Band.1
HKCR\BndDrive.Band.1\CLSID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}#AppID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\InprocServer32#ThreadingModel
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\ProgID
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\TypeLib
HKCR\CLSID\{231F6FAB-ECED-4975-9EF2-C0C7BC81927B}\VersionIndependentProgID
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\0\win32
 HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\FLAGS
HKCR\TypeLib\{DCD2F298-BFA3-410F-8C21-B422AF11F363}\1.0\HELPDIR
HKCR\AppId\{1F5E0EA2-ABEA-44c3-95EC-2D1E721FE95E}
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDDRIVE.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\ISM\BNDDRIVE3.DLL.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QDRPACK\QDRPACK10.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135392.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135393.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135394.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{2335EA94-74D6-46B4-BA93-8567DAC6CC9B}
HKLM\Software\Classes\CLSID\{A8B0BDED-64A5-495b-97DA-42C0301E229B}
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\InprocServer32
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\InprocServer32#ThreadingModel
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\ProgID
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\Programmable
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\TypeLib
HKCR\CLSID\{A8B0BDED-64A5-495B-97DA-42C0301E229B}\VersionIndependentProgID
C:\PROGRA~1\TOOLBA~1\TOOLBA~1.DLL
HKCR\CLSID\{2335EA94-74D6-46B4-BA93-8567DAC6CC9B}
HKCR\CLSID\{2335EA94-74D6-46B4-BA93-8567DAC6CC9B}\InprocServer32
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TTC.DLL.VIR

Adware.SearchEssistant
HKLM\Software\Classes\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}
HKCR\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}
HKCR\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}
HKCR\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}\InprocServer32
HKCR\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}\InprocServer32#ThreadingModel
HKCR\CLSID\{4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E}\ProgID
C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
HKCR\searchessistant.SEARCHESSISTANT Helper
HKCR\searchessistant.SEARCHESSISTANT Helper\Clsid
HKCR\searchessistant.SEARCHESSISTANTMenu Button
HKCR\searchessistant.SEARCHESSISTANTMenu Button\Clsid
HKCR\searchessistant.SEARCHESSISTANTToggle Button
HKCR\searchessistant.SEARCHESSISTANTToggle Button\Clsid
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\SEARCHESSISTANT TOOLBAR

Browser Hijacker.Passivecow
HKLM\Software\Classes\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\Implemented Categories
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\InprocServer32
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\InprocServer32#ThreadingModel
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\ProgID
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\Programmable
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\TypeLib
HKCR\CLSID\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}\VERSION
C:\WINDOWS\SYSTEM32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com#*
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\winantivirus.com\www#http

Adware.Tracking Cookie
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected]ificclick[2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][5].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][5].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][5].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt


----------



## thawilso (Sep 25, 2007)

C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][6].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][4].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][4].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][5].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][6].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected]ick[1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][4].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][4].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][2].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][3].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt
C:\Documents and Settings\Thomas Wilson\Cookies\[email protected][1].txt

Adware.180solutions/ZangoSearch
HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}
HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}#rsp

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.MediaMediatickets
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx [  ]

Adware.Toolbar888
HKCR\ToolBand.XBTB04715
HKCR\ToolBand.XBTB04715\CLSID
HKCR\ToolBand.XBTB04715\CurVer
HKCR\ToolBand.XBTB04715.1
HKCR\ToolBand.XBTB04715.1\CLSID
HKCR\XBTB04715.IEToolbar
HKCR\XBTB04715.IEToolbar\CLSID
HKCR\XBTB04715.IEToolbar\CurVer
HKCR\XBTB04715.IEToolbar.1
HKCR\XBTB04715.IEToolbar.1\CLSID
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\XBTB04715
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB04715.XBTB04715Toolbar#UninstallString

Adware.FullContext
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\AXVenore
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\CMFibula
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\PSDream
HKU\.DEFAULT\Software\PadsysAssistant
HKU\S-1-5-21-1753364043-2612028739-2318802240-1005\Software\PadsysAssistant
HKU\S-1-5-18\Software\PadsysAssistant
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\C1C32ED1-941C-4DC8-85A5-840CE5\56C3D491-33AE-4997-9ADD-C5E289
C:\WINDOWS\SYSTEM32\BATTYRUN2.DLL

Adware.AdSponsor
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}\1.0
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}\1.0\0
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}\1.0\0\win32
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}\1.0\FLAGS
HKCR\TypeLib\{1B8B502E-455B-4022-BE27-736D9F808A18}\1.0\HELPDIR

Trojan.Downloader-Gen/112
C:\BINTHEREDUNTHAT\112UNINST.EXE

Trojan.Downloader-Gen
C:\BINTHEREDUNTHAT\A0135403.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TPUNINSTALL.EXE.VIR

Adware.IncrediFind
C:\BINTHEREDUNTHAT\SETUP_INCRED_6.EXE

Adware.Unknown Origin
C:\PROGRAM FILES\COMMON FILES\MFIF\MFIFD\CLASS-BARREL
C:\PROGRAM FILES\COMMON FILES\MFIF\MFIFD\VOCABULARY
C:\WINDOWS\SYSTEM32\JY2Y7.XHO

Trojan.Unknown Origin
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\C1C32ED1-941C-4DC8-85A5-840CE5\4126E5A3-59D3-4CC3-9F97-7612CC
C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\RAU001978.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINZS6\RENAMD83122.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WNSTSICOM.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135325.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135326.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135407.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138865.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138970.EXE
C:\WINDOWS\TEMPF.TXT

Trojan.Downloader-Gen/Suspicious
C:\PROGRAM FILES\MPROCESSOR\MPROCESSOR.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\MPROCESSOR.EXE

Adware.ClickSpring/Yazzle
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1549OINUNINSTALLER.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1552OINUNINSTALLER.EXE.VIR

Trojan.Vundo/Variant-Installer
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\DOT1XCFG\DOT1XCFG.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\WINPOP\WINPOP.EXE.VIR

Adware.SearchClickAds
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\CFG32A.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1350\A0135319.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1350\A0135320.EXE

Trojan.WinAntiSpyware/WinAntiVirus 2006
C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLOADED PROGRAM FILES\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\UWA7P_0001_N91M0809NETINSTALLER.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.2\UWA7P_0001_N91M0809NETINSTALLER.EXE

Trojan.Vundo/Variant-Installer/A
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.VIR

Trojan.Downloader-Gen/MROFIN
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.TMP.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1358\A0136697.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136712.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136724.EXE

Adware.eZula
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AAFNYIKO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CWMMRLGE.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EMIXUEWL.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EMNBHLIR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EYVVXJXO.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GBUHHLRF.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GIOKXFFB.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GRPEFRAY.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IEGOHAAX.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JXWBQOXJ.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KPLIIQBA.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KYURWATK.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LVOETGLU.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MMLWHQHW.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OVHXDLXT.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PYASEKOB.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SYDXYHFW.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TDUMJWUQ.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UHINSHRP.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UVHHAVPR.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UYFGYNIC.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VYCAYLRX.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135330.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135331.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135332.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135333.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135334.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135335.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135336.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135337.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135338.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135339.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135340.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135341.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135342.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135343.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135344.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135345.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135346.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135347.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135348.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135349.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135350.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135351.EXE
C:\WINDOWS\SYSTEM32\ACONCJPU.EXE
C:\WINDOWS\SYSTEM32\BKDWADPK.EXE
C:\WINDOWS\SYSTEM32\DWXFBWNX.EXE
C:\WINDOWS\SYSTEM32\DYSKMDXB.EXE
C:\WINDOWS\SYSTEM32\EETUYGYS.EXE
C:\WINDOWS\SYSTEM32\EFDRKEKX.EXE
C:\WINDOWS\SYSTEM32\EQBEPKFP.EXE
C:\WINDOWS\SYSTEM32\FMOTYLHM.EXE
C:\WINDOWS\SYSTEM32\FYHEKHFB.EXE
C:\WINDOWS\SYSTEM32\GLRITMGT.EXE
C:\WINDOWS\SYSTEM32\GLTQTELL.EXE
C:\WINDOWS\SYSTEM32\HHKXHCFI.EXE
C:\WINDOWS\SYSTEM32\HJAHRUAG.EXE
C:\WINDOWS\SYSTEM32\HLYQBJPW.EXE
C:\WINDOWS\SYSTEM32\ITWHUKRT.EXE
C:\WINDOWS\SYSTEM32\IUDAKEYL.EXE
C:\WINDOWS\SYSTEM32\JGDDTEXD.EXE
C:\WINDOWS\SYSTEM32\JYQTXJUB.EXE
C:\WINDOWS\SYSTEM32\KFOAPQWG.EXE
C:\WINDOWS\SYSTEM32\KGLYMKNL.EXE
C:\WINDOWS\SYSTEM32\LKWTBVVO.EXE
C:\WINDOWS\SYSTEM32\LQHYSOOD.EXE
C:\WINDOWS\SYSTEM32\MCRKNQTQ.EXE
C:\WINDOWS\SYSTEM32\MRBJJSAM.EXE
C:\WINDOWS\SYSTEM32\MUTAFARJ.EXE
C:\WINDOWS\SYSTEM32\MUVKKLUE.EXE
C:\WINDOWS\SYSTEM32\NGPJCTJF.EXE
C:\WINDOWS\SYSTEM32\PEDBCRQK.EXE
C:\WINDOWS\SYSTEM32\PIMGMBEG.EXE
C:\WINDOWS\SYSTEM32\PJXCTXCK.EXE
C:\WINDOWS\SYSTEM32\QVDCXORB.EXE
C:\WINDOWS\SYSTEM32\RCWIFUFO.EXE
C:\WINDOWS\SYSTEM32\ROCKCSAE.EXE
C:\WINDOWS\SYSTEM32\RPHTPOSV.EXE
C:\WINDOWS\SYSTEM32\TJDITJVI.EXE
C:\WINDOWS\SYSTEM32\TKTJKLIW.EXE
C:\WINDOWS\SYSTEM32\TOPTEXTILOOKUP.EXE
C:\WINDOWS\SYSTEM32\UIHDLDEV.EXE
C:\WINDOWS\SYSTEM32\UMYVJTWM.EXE
C:\WINDOWS\SYSTEM32\VJAATEQR.EXE
C:\WINDOWS\SYSTEM32\WCNBNEGT.EXE
C:\WINDOWS\SYSTEM32\XKATGNJM.EXE
C:\WINDOWS\SYSTEM32\YMKGXJFG.EXE
C:\WINDOWS\SYSTEM32\YXCEWDHA.EXE
C:\WINDOWS\SYSTEM32\YYTJQNHD.EXE

Trojan.Downloader-CREW
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BYOVFERX.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CKYRTNSD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EXGGAWUX.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FBVHBJTR.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FXIWQAIF.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ILTGIJXV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\ITYHAAHF.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RUNPREGB.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135353.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135354.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135359.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135360.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135361.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135362.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135363.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135369.DLL

Adware.WebBuying Assistant-Installer
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\COMM7\EWBYDLLCOM6.EXE.VIR

Adware.Vundo Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRTKPFLU.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DXMQJNXD.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JJJRNIIN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MLJJHED.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OWEGDVDW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OXXKTJGB.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCGDBNEI.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RPINWFTX.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RWQPRJVV.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SSLOVAKN.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSPBMJKW.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\UXNQCYCM.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCOACTUK.DLL.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XCCACJRG.DLL.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135357.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135358.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135364.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135365.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135366.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135367.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135368.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135370.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135371.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135372.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135373.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135374.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135375.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138870.DLL

Adware.ZenoSearch
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWDSREGT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113130.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135400.EXE

Adware.Adservs
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NUI4\SOFTIDNDLL3.EXE.VIR

Unclassified.Unknown Origin/System
C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR
C:\WINDOWS\SYSTEM32\BMG3B.EXE

Adware.WhenU
C:\SAVEINSTCM.EXE

Trojan.Downloader-Gen/WinPop
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1339\A0113119.EXE

Trojan.ZenoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113131.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1353\A0136538.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1353\A0136539.EXE

Trojan.Downloader-Gen/Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113137.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135328.EXE

Adware.StarsDoor
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114091.EXE

Adware.Vundo-Variant/C
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135355.DLL

Adware.ClickSpring
C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0137716.DLL

Adware.eXactAdvertising-Installer
C:\WINDOWS\EXTRACT.EXE
C:\WINDOWS\MSBBI.EXE

Trojan.Downloader-MMMIKE
C:\WINDOWS\STUB_MM1.EXE

Trojan.Downloader-NewAds
C:\WINDOWS\SYSTEM32\MHDMMJMP.DLL
C:\WINDOWS\SYSTEM32\POMADFMB.DLL

Adware.SearchAssistant
C:\WINDOWS\SYSTEM32\RA8PV.EXE
C:\WINDOWS\SYSTEM32RA8PV.EXE


----------



## thawilso (Sep 25, 2007)

KASPERSKY ONLINE SCANNER REPORT 
Sunday, January 27, 2008 9:56:12 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534257


Scan Settings 
Scan using the following antivirus database extended 
Scan Archives true 
Scan Mail Bases true 

Scan Target My Computer 
A:\
C:\
D:\
E:\
F:\
G:\ 

Scan Statistics 
Total number of scanned objects 111592 
Number of viruses found 92 
Number of infected objects 376 
Number of suspicious objects 0 
Duration of the scan process 02:36:46 

Infected Object Name Virus Name Last Action 
C:\15C.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped 

C:\15C.tmp NSIS: infected - 1 skipped 

C:\15D.tmp/stream/data0002 Infected: not-a-virusownloader.Win32.Agent.q skipped 

C:\15D.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped 

C:\15D.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped 

C:\15D.tmp NSIS: infected - 3 skipped 

C:\297.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped 

C:\297.tmp NSIS: infected - 1 skipped 

C:\298.tmp/stream/data0002 Infected: not-a-virusownloader.Win32.Agent.q skipped 

C:\298.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped 

C:\298.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.ay skipped 

C:\298.tmp NSIS: infected - 3 skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Setup.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.h skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.a skipped 

C:\bintheredunthat\all_files3.exe/data0002/data299033.zip Infected: Trojan-Downloader.Win32.Turown.a skipped 

C:\bintheredunthat\all_files3.exe/data0002 Infected: Trojan-Downloader.Win32.Turown.a skipped 

C:\bintheredunthat\all_files3.exe/data0003/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped 

C:\bintheredunthat\all_files3.exe/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Connector skipped 

C:\bintheredunthat\all_files3.exe/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped 

C:\bintheredunthat\all_files3.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\bintheredunthat\all_files3.exe/data0005/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\bintheredunthat\all_files3.exe/data0005 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\bintheredunthat\all_files3.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula skipped 

C:\bintheredunthat\all_files3.exe/data0007/data0120 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped 

C:\bintheredunthat\all_files3.exe/data0007 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped 

C:\bintheredunthat\all_files3.exe/data0008 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped 

C:\bintheredunthat\all_files3.exe NSIS: infected - 23 skipped 

C:\de5a09054ac1d09c080725907e3223\$shtdwn$.req Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\common\Eula.txt Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\common\spcustom.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\common\spmsg.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\common\spuninst.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\common\update.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\crypt32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\hh.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\hhctrl.ocx Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\hhsetup.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\html32.cnv Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\itircl.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\itss.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\locator.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\mrxsmb.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\msconv97.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\newdev.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ntdll.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ntkrnlmp.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ntkrnlpa.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ntkrpamp.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ntoskrnl.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\ole32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\raspptp.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\rpcrt4.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\rpcss.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\shell32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\shmedia.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\srrstr.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\srv.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\sysmain.sdb Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\update\KB826939.cat Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\update\update.inf Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\update\update.ver Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\user32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\win32k.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\winsrv.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp1\zipfldr.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\accwiz.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\crypt32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\cryptsvc.dll Object is locked  skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\hh.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\hhctrl.ocx Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\hhsetup.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\html32.cnv Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\itircl.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\itss.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\locator.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\magnify.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\migwiz.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\mrxsmb.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\msconv97.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\narrator.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\newdev.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ntdll.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ntkrnlmp.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ntkrnlpa.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ntkrpamp.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ntoskrnl.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\ole32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\osk.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\pchshell.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\raspptp.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\rpcrt4.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\rpcss.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\shdocvw.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\shell32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\shmedia.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\spmsg.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\spuninst.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\srrstr.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\srv.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\sysmain.sdb Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\eula.txt Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\KB826939.cat Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\spcustom.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\update.exe Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\update.inf Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\update\update.ver Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\urlmon.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\user32.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\win32k.sys Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\winsrv.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\sp2\zipfldr.dll Object is locked skipped 

C:\de5a09054ac1d09c080725907e3223\xpsp1hfm.exe Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\87685bd376446182c4f2912e1ddaf89c_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4dacae57535695cc4a87ad26eca50450_7b71fbce-dff3-42c2-9259-d2367eb8daa9 Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped 

C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped 

C:\Documents and Settings\thawilso\Application Data\Kontiki\cnet\thumbnails\Thumbs.db Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348 NSIS: infected - 6 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028984.exe.bac_a03348 CryptFF.b: infected - 6 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028985.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.PowerSearch.a skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028985.exe.bac_a03348/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028985.exe.bac_a03348 NSIS: infected - 2 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028985.exe.bac_a03348 CryptFF.b: infected - 2 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028986.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028992.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028995.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.EZula skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028996.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.180Solutions skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028997.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.180Solutions skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Setup1.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Files/3.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Files/5.exe Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Files/ieupdate.exe Infected: Trojan-Downloader.Win32.Turown.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.c skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348/data299033.zip Infected: Trojan-Downloader.Win32.Turown.c skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348 ZipSFX: infected - 7 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028998.exe.bac_a03348 CryptFF.b: infected - 7 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0005/data0002 Infected: not-a-virus:AdWare.Win32.PowerSearch.a skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0005/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348/data0005 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348 NSIS: infected - 11 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0028999.exe.bac_a03348 CryptFF.b: infected - 11 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029003.exe.bac_a03348/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029003.exe.bac_a03348/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029003.exe.bac_a03348/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029003.exe.bac_a03348 NSIS: infected - 3 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029003.exe.bac_a03348 CryptFF.b: infected - 3 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029006.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.DealHelper.b skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029009.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.DealHelper.f skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029010.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.DownloadWare.a skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029010.exe.bac_a03348 NSIS: infected - 1 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029010.exe.bac_a03348 CryptFF.b: infected - 1 skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029014.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Dyfuca.bq skipped 

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029017.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.VirtualBouncer.g skipped


----------



## thawilso (Sep 25, 2007)

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0029321.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.F1Organizer.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0031757.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032031.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032135.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032142.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032191.exe.bac_a04024 Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032286.exe.bac_a03348 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032287.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032288.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Small.buy skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032325.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0032331.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033359.exe.bac_a01864 Infected: Trojan-Spy.Win32.Briss.h skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033363.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033364.exe.bac_a01864/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033364.exe.bac_a01864/data0003/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033364.exe.bac_a01864/data0003 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033364.exe.bac_a01864 NSIS: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033364.exe.bac_a01864 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033365.exe.bac_a01864 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033366.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033367.exe.bac_a01864 Infected: Trojan.Win32.StartPage.aw skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033368.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.EZula skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033369.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033370.exe.bac_a01864 Infected: Trojan-Dropper.Win32.Small.ff skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033371.exe.bac_a01864/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033371.exe.bac_a01864 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033371.exe.bac_a01864 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033372.exe.bac_a01864/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033372.exe.bac_a01864 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033372.exe.bac_a01864 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864 RarSFX: infected - 6 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033373.exe.bac_a01864 CryptFF.b: infected - 6 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033374.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033375.exe.bac_a01864 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033376.DLL.bac_a01864 Infected: not-a-virus:AdWare.Win32.MediaPops.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033377.exe.bac_a01864 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033378.exe.bac_a01864/data0137 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033378.exe.bac_a01864 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033378.exe.bac_a01864 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033479.exe.bac_a01864 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0033512.exe.bac_a01864 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\A0034000.dll.bac_a01576 Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\adtech2006.exe.bac_a04024 Infected: Trojan-Clicker.Win32.VB.kc skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\adtech2006[1].exe.bac_a04024 Infected: Trojan-Clicker.Win32.VB.kc skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\AppWrap[1].exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.Zestyfind skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\AppWrap[1].exe.bac_a04024 Infected: not-a-virus:AdWare.Win32.AdURL.c  skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\archive.jar-3e7298f0-45b082f1.zip.bac_a01864/A.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\archive.jar-3e7298f0-45b082f1.zip.bac_a01864/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\archive.jar-3e7298f0-45b082f1.zip.bac_a01864/Beyond.class Infected: Trojan-Downloader.Java.OpenStream.aa skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\archive.jar-3e7298f0-45b082f1.zip.bac_a01864 ZIP: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\archive.jar-3e7298f0-45b082f1.zip.bac_a01864 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-nt15v.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-nt15v.exe.bac_a03348 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-nt15v.exe.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-vnbfkp.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.BookedSpace.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-vnbfkp.exe.bac_a03348 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bs5-vnbfkp.exe.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\bw2.com.bac_a03348 Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\calsdr.exe.bac_a03348 Infected: Trojan-Dropper.Win32.Small.ff skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\contextplus.exe.bac_a04024 Infected: Packed.Win32.NSAnti.r skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\contextplus[1].exe.bac_a04024 Infected: Packed.Win32.NSAnti.r skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\csvas.exe.bac_a01864 Infected: Backdoor.Win32.SdBot.aad skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\csvas.exe.bac_a03344 Infected: Backdoor.Win32.SdBot.aad skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\csvas.exe.bac_a03348 Infected: Backdoor.Win32.SdBot.aad skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drsmartload1.exe.bac_a03348 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drsmartload1.exe.bac_a04024 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drsmartload[1].exe.bac_a03348 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drsmartload[1].exe.bac_a04024 Infected: Trojan-Downloader.Win32.VB.ri skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a01576 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a01752 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a01864 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a03204 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a03344 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\drv2C.tmp.dll.bac_a04024 Infected: not-a-virus:AdWare.Win32.InstallDollar.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\EbatesMoeMoneyMaker.exe.bac_a03348/data0137 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\EbatesMoeMoneyMaker.exe.bac_a03348 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\EbatesMoeMoneyMaker.exe.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\ezsb.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.EZula skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03344/gsim.dll Infected: not-a-virus:AdWare.Win32.404Search.i skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03344 CAB: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03344 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03348/gsim.dll Infected: not-a-virus:AdWare.Win32.404Search.i skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03348 CAB: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.cab.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\gsim.dll.bac_a03348 Infected: not-a-virus:AdWare.Win32.404Search.i skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\icont.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\icont.exe.bac_a04024 Infected: not-a-virus:AdWare.Win32.AdURL.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\igps.exe.bac_a04024 Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\inrh9400.exe.bac_a04024 Infected: Trojan-Downloader.Win32.Small.bke skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\inrh9400[1].exe.bac_a04024 Infected: Trojan-Downloader.Win32.Small.bke skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\installer.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\installer[1].exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\inst_0004.exe.bac_a04024 Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\inst_0004[1].exe.bac_a04024 Infected: Trojan-Downloader.Win32.Small.cam skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\m234t.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\MediaGateway.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\MediaTicketsInstaller.ocx.bac_a03348 Infected: not-a-virus:AdWare.Win32.MediaTickets.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\mg[1].exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinAD.bo skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\mt134.exe.bac_a03348 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\n.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\Patch231.exe.bac_a03348 Infected: Trojan-Dropper.Win32.Agent.r skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\peeimp.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\peeimp.exe.bac_a03348/data0003/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\peeimp.exe.bac_a03348/data0003 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\peeimp.exe.bac_a03348 NSIS: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\peeimp.exe.bac_a03348 CryptFF.b: infected - 3 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\Preloader.dll.bac_a03348 Infected: not-a-virusownloader.Win32.OTXloader skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\ps_install-mt.exe.bac_a03348 Infected: Trojan.Win32.Scapur.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\qlink32.dll.bac_a04024 Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\Setup1.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.IEDriver.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\siae3123.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\SS2.DLL.bac_a03348 Infected: not-a-virus:AdWare.Win32.MediaPops.a skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\thanks[1].exe.bac_a01864 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\thanks[1].exe.bac_a03348 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\timessquare.exe.bac_a01864 Infected: Trojan.Win32.StartPage.aw skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\timessquare.exe.bac_a03348 Infected: Trojan.Win32.StartPage.aw skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\timessquare[1].exe.bac_a01864 Infected: Trojan.Win32.StartPage.aw skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\timessquare[1].exe.bac_a03348 Infected: Trojan.Win32.StartPage.aw skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\tx[1].exe.bac_a01864 Infected: Trojan-Downloader.Win32.Adload.j skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\update_1.exe.bac_a03348/data0002 Infected: not-a-virus:AdWare.Win32.WinFetcher.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\update_1.exe.bac_a03348 NSIS: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\update_1.exe.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348 RarSFX: infected - 6 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\whCC-MOTOR.exe.bac_a03348 CryptFF.b: infected - 6 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03344/WToolsS.exe Infected: Trojan-Downloader.Win32.Wintool.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03344 CAB: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03344 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03348/WToolsS.exe Infected: Trojan-Downloader.Win32.Wintool.c skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03348 CAB: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinTS[1].cab.bac_a03348 CryptFF.b: infected - 1 skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\WinWildApp.exe.bac_a03348 Infected: not-a-virus:AdWare.Win32.WinFetcher.b skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~155070.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~19009.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~616922.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~670312.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~671481.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~741540.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~874969.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~954467.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped


----------



## thawilso (Sep 25, 2007)

C:\Documents and Settings\Thomas Wilson\.housecall\Quarantine\~982950.tmp.bac_a03348 Infected: not-a-virus:AdWare.Win32.Wintol.l skipped 

C:\Documents and Settings\Thomas Wilson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Cookies\INDEX.DAT Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\History\History.IE5\MSHist012008012720080128\index.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\ntuser.dat Object is locked skipped 

C:\Documents and Settings\Thomas Wilson\ntuser.dat.LOG Object is locked skipped 

C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Object is locked skipped 

C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe Object is locked skipped 

C:\Program Files\DAEMON Tools\daemon.exe Object is locked skipped 

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe Object is locked skipped 

C:\Program Files\MProcessor\first.awp Infected: not-a-virus:AdWare.Win32.InstallDollar.c skipped 

C:\Program Files\MProcessor\second.awp Infected: not-a-virus:AdWare.Win32.InstallDollar.b skipped 

C:\Program Files\QuickTime\qttask.exe Object is locked skipped 

C:\Program Files\Real\RealOne Player\realplay.exe Object is locked skipped 

C:\Program Files\Windows Defender\MSASCui.exe Object is locked skipped 

C:\QooBox\Quarantine\C\Program Files\ISM\BndDrive7.dll.vir Infected: not-a-virus:AdWare.Win32.AdBand.f skipped 

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.hvj skipped 

C:\QooBox\Quarantine\C\WINDOWS\b128.exe.vir Infected: Trojan-Downloader.Win32.Agent.ezc skipped 

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped 

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped 

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped 

C:\QooBox\Quarantine\C\WINDOWS\b136.exe.vir NSIS: infected - 3 skipped 

C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped 

C:\QooBox\Quarantine\C\WINDOWS\b151.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\bbhgeddh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ddcyy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\dghswdwe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\mlljg.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cge skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\qokvrbvd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\rrmpsoto.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\szxtjlgv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\vtsqq.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped 

C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\windows.vir Infected: Trojan.Win32.Zapchast.dt skipped 

C:\QooBox\Quarantine\catchme2008-01-16_201329.23.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped 

C:\QooBox\Quarantine\catchme2008-01-16_201329.23.zip/opnkhhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.diu skipped 

C:\QooBox\Quarantine\catchme2008-01-16_201329.23.zip/rrmpsoto.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\catchme2008-01-16_201329.23.zip ZIP: infected - 3 skipped 

C:\QooBox\Quarantine\catchme2008-01-24_204333.85.zip/awtqolk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped 

C:\QooBox\Quarantine\catchme2008-01-24_204333.85.zip/mlljg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped 

C:\QooBox\Quarantine\catchme2008-01-24_204333.85.zip/szxtjlgv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\QooBox\Quarantine\catchme2008-01-24_204333.85.zip ZIP: infected - 3 skipped 

C:\QooBox\Quarantine\catchme2008-01-26_ 85608.53.zip/VDMINDVDD.sys Infected: Rootkit.Win32.Agent.to skipped 

C:\QooBox\Quarantine\catchme2008-01-26_ 85608.53.zip ZIP: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1330\A0112989.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1330\A0112989.exe NSIS: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1339\A0113115.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113133.exe Infected: Trojan-Downloader.Win32.Agent.gwh skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113135.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0113136.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114085.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114087.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114089.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114090.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114092.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114093.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114094.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114095.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114096.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114097.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114098.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114099.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114100.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114101.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0114103.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115078.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115080.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115082.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115083.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115084.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115085.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115086.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115087.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115088.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115089.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115090.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115091.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115092.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115093.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115094.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1340\A0115096.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115110.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115115.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115116.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115119.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115121.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115122.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115123.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115124.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115125.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115126.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115127.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115128.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115130.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115131.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115132.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1341\A0115133.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115146.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115151.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115153.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115155.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115156.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115158.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115159.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115160.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115161.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115162.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115163.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115164.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115165.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115166.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1342\A0115167.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115182.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115187.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115189.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115191.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115192.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115194.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115195.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115196.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115197.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115198.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115199.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115200.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115201.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0115202.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116189.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116191.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116193.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116194.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116195.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116196.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116197.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116198.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116199.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116200.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116201.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116202.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116203.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116228.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116228.exe NSIS: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0116229.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117186.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117188.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117190.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117191.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117192.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117193.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117194.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117200.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117207.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117213.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117214.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117215.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0117216.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118186.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118188.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118190.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118191.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118192.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118193.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118194.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118195.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118196.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118197.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118198.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118200.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1343\A0118201.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119188.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119189.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119191.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119192.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119193.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119194.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119195.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119196.exe Object is locked skipped


----------



## thawilso (Sep 25, 2007)

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119197.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119198.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119199.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119200.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1344\A0119201.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1346\A0120214.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1350\A0135321.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1350\A0135321.exe NSIS: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135327.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135329.exe/stream/data0002 Infected: Trojan-Dropper.Win32.Agent.bfr skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135329.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135329.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135329.exe NSIS: infected - 3 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135352.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135356.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135395.dll Infected: not-a-virus:AdWare.Win32.AdBand.f skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135396.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1351\A0135421.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1352\A0136490.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1357\A0136647.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136710.exe Infected: Trojan.Win32.Scapur.k skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136711.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136711.exe NSIS: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1359\A0136722.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0136732.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0136735.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0136735.exe NSIS: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0136736.exe Infected: Trojan.Win32.Scapur.k skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0137722.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1360\A0137724.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1361\A0137842.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1361\A0137845.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1363\A0138842.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1363\A0138845.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138857.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138858.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138863.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138864.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138866.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138867.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138868.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138869.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138871.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1364\A0138886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138965.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138966.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138968.exe Infected: Trojan-Downloader.Win32.VB.cge skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138969.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138971.dll Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1366\A0138973.exe Object is locked skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139037.dll Infected: not-a-virus:AdWare.Win32.CASClient.n skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval.e skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139040.exe NSIS: infected - 6 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139043.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139044.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139045.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139046.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139047.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139048.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139049.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139050.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139051.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139052.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139053.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139054.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139055.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139056.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139057.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139058.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139059.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139060.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139061.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139062.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139063.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139064.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139065.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139066.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139067.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139068.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139069.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139070.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139071.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139072.exe Infected: Trojan.Win32.Agent.aoy skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139073.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139074.exe  Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139075.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139076.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139077.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139078.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139079.exe Infected: not-a-virus:AdWare.Win32.EZula.bm skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139080.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139081.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139082.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139083.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139084.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139085.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139086.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139087.exe Infected: Trojan.Win32.Agent.bck skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139088.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139088.exe InstallCreator: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139088.exe UPX: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0001.cab/Save.exe Infected: not-a-virus:AdWare.Win32.SaveNow.t skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0001.cab/SaveUninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.af skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0002.cab/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0002.cab/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe/data0002.cab Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139089.exe EmbeddedCAB: infected - 6 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139091.exe/msbb.exe Infected: not-a-virus:AdWare.Win32.180Solutions skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139091.exe CAB: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139091.exe MimarSinan: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139091.exe UPX: infected - 1 skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139092.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139093.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139094.dll Infected: not-a-virus:AdWare.Win32.Agent.e skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139095.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1368\A0139096.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped 

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1369\change.log Object is locked skipped 

C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped 

C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped 

C:\WINDOWS\$NtUninstallQ828026$\wmp.dll Object is locked skipped 

C:\WINDOWS\CSC\00000001 Object is locked skipped 

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped 

C:\WINDOWS\SoftwareDistribution\EventCache\{5FEFF1C1-FD67-4F10-9469-AD46BB286BBE}.bin Object is locked skipped 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped 

C:\WINDOWS\SYSTEM32\atiupdate5.exe Infected: not-a-virus:AdWare.Win32.Adtomi.e skipped 

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped 

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped 

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped 

C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys Object is locked skipped 

C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped 

C:\WINDOWS\SYSTEM32\DRIVERS\sptd4253.sys Object is locked skipped 

C:\WINDOWS\SYSTEM32\DSentry.exe Object is locked skipped 

C:\WINDOWS\SYSTEM32\GS2.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped 

C:\WINDOWS\SYSTEM32\GS2.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped 

C:\WINDOWS\SYSTEM32\GS2.exe NSIS: infected - 2 skipped 

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped 

C:\WINDOWS\SYSTEM32\otpddpea5.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped 

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped 

Scan process completed.


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:20 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8904 bytes


----------



## thawilso (Sep 25, 2007)

I couldn't find the file C:\Program Files\IUInfoClient\Blabber.exe, whenever I typed it in it said the file or path did not exist.


----------



## Cookiegal (Aug 27, 2003)

*Click Here* and download Killbox and save it to your desktop but dont run it yet.

Now, reboot your computer into *Safe Mode*. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight *Safe Mode* then hit enter.

Double-click on Killbox.exe to run it. 

Put a tick by *Standard File Kill*. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

*C:\15C.tmp
C:\15D.tmp
C:\297.tmp
C:\298.tmp
C:\Program Files\MProcessor
C:\WINDOWS\SYSTEM32\atiupdate5.exe
C:\WINDOWS\SYSTEM32\GS2.exe
C:\WINDOWS\SYSTEM32\otpddpea5.dll
*

Click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confirmation to delete the file. 
Click Yes. 
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to *Tools > Delete Temp Files*
In the window that pops up, put a check by *ALL* the options there *except* these three:
XP Prefetch
Recent
History

Now click the *Delete Selected Temp Files* button.
Exit the Killbox.

Boot back to Windows normally and post another HijackThis log please.


----------



## Cookiegal (Aug 27, 2003)

Also, please do this:

Download GMER from: http://gmer.net/index.php

Save it somewhere on your hard drive and unzip it to desktop.

Double click the gmer.exe to run it and select the rootkit tab and press scan. When the scan is done, click *Copy*. This will copy the report to the clipboard. Paste it into Notepad and save it and also paste the log report back here please.


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:08 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8804 bytes


----------



## thawilso (Sep 25, 2007)

GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-01-28 13:08:28
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF9174B3A]
SSDT sptd.sys ZwEnumerateKey [0xF9174C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF9174FF6]
SSDT sptd.sys ZwOpenKey [0xF9174A18]
SSDT sptd.sys ZwQueryKey [0xF91750C0]
SSDT sptd.sys ZwQueryValueKey [0xF9174F58]
SSDT sptd.sys ZwSetValueKey [0xF9175148]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD4253.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F85C34D0 16 Bytes [ 7C, 9C, 61, 51, B2, 2E, 51, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F85C34E1 31 Bytes [ 20, 5C, F8, C4, 88, 92, 21, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F917DDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F919371E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F917E3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F917E2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F917E482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F917E482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F917E3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F917E2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9193032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F917DF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F9192C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F917DE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9170A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9170B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9170AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F91716CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F91715A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9193864] sptd.sys
IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F9182F78] sptd.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F9192C76] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9192C82] sptd.sys
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9193864] sptd.sys
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F9170020] sptd.sys
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F9170020] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 81B140E8

AttachedDevice \FileSystem\Ntfs \Ntfs avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Fastfat \FatCdrom FF509C60
Device \Driver\NetBT \Device\NetBT_Tcpip_{E04A44A7-A94D-44B9-A40D-EA2E6F22B006} FF547CA8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2321A09A-7511-4BB7-86EF-54FE94DA0D64} FF547CA8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 81B5E8C0
Device \Driver\dmio \Device\DmControl\DmConfig 81B5E8C0
Device \Driver\dmio \Device\DmControl\DmPnP 81B5E8C0
Device \Driver\dmio \Device\DmControl\DmInfo 81B5E8C0
Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP FF55AEB0
Device \Driver\00000061 \Device\00000056 sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 81B5EAF8
Device \Driver\USBSTOR \Device\00000071 FF50BA18
Device \Driver\Ftdisk \Device\HarddiskVolume2 81B5EAF8
Device \Driver\USBSTOR \Device\00000072 FF50BA18
Device \FileSystem\Rdbss \Device\FsWrap FF5310E8
Device \Driver\NetBT \Device\NetBt_Wins_Export FF547CA8
Device \Driver\NetBT \Device\NetbiosSmb FF547CA8
Device \Driver\Disk \Device\Harddisk0\DR0 81B5E350
Device \Driver\Disk \Device\Harddisk1\DR3 81B5E350
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 81B5E350
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver FF52EEB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector FF52EEB0
Device \FileSystem\Npfs \Device\NamedPipe FF55A0E8
Device \Driver\Ftdisk \Device\FtControl 81B5EAF8
Device \FileSystem\Msfs \Device\Mailslot FF9052F8
Device \FileSystem\cdudf_xp \Device\CdUdf_XP FF55D4F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 FFA0D278
Device \Driver\dtscsi \Device\Scsi\dtscsi1 FFA0D278
Device \FileSystem\Fastfat \Fat FF509C60

AttachedDevice \FileSystem\Fastfat \Fat avg7rsw.sys (AVG Resident Shield Unload Helper/GRISOFT, s.r.o.)

Device \FileSystem\Cdfs \Cdfs FF507AA8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -1342545646
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -1202904791
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -542380058
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5D 0x33 0x8C 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xBA 0xE6 0xE5 0x22 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xE6 0xFE 0x48 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5E 0xE8 0xB8 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5E 0xE8 0xB8 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x5D 0x33 0x8C 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xBA 0xE6 0xE5 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xE6 0xFE 0x48 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5E 0xE8 0xB8 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5E 0xE8 0xB8 0x88 ...

---- EOF - GMER 1.0.14 ----


----------



## thawilso (Sep 25, 2007)

I was looking for a couple of files on my computer that I had previously saved under my documents, and I noticed everything that had previously been saved there is no longer present. There were two of my .xls files, and then hundreds of pos2A08.tmp, pos2A8.tmp, pos2A8A.tmp, etc. Is there anyway I can get any of those files back, or do you know what may have happened to them?


----------



## Cookiegal (Aug 27, 2003)

Are you trying to view those .xls documents with Excel? If not, then you have to change the "Files of Type" to "All Files" or they won't be visible.

The pos*.tmp files are malicious. Why would you want to recover them?


----------



## thawilso (Sep 25, 2007)

What I am saying is that instead of showing all of the original documents that were in the folder, there are now just the pos*.tmp files. Out of all the original files, only two excel files remained. I don't want to recover the pos*.tmp files as they are the only thing in MyDocuments folder right now, what I wanted to recover were some Word, Excel, and Adobe files that are gone, and I guess have been replaced by thousands of pos*.tmp files.


----------



## Cookiegal (Aug 27, 2003)

Let's see if they've had their attributes changed to hidden.

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".


Then see if you can find those documents.


----------



## thawilso (Sep 25, 2007)

Alright, I see them again. I'm going to send all the pos*.tmp files that are in the folder to the recycling bin. Does that effectively get rid of them, or will they just come right back somehow? Also, what kind of scan or program should I run next, if any?


----------



## Cookiegal (Aug 27, 2003)

That's good. You should make a back up of those documents onto CDs or even better onto an external drive. 

Send those pos*.tmp files to the recycle bin and then empty the recycle bin.

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.

In the *Processes * group click *ALL* 
In the *Win32 Services * group click *ALL* 
In the *Driver Services * group click *ALL* 
In the *Registry * group click *ALL* 
In the *Files Created Within* group click *60 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *Files Modified Within* group select *30 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *File String Search* group click *SELECT ALL*
in the *Additional Scans* sections please press select *ALL* and make sure Non-Microsoft only is *UNCHECKED*.
Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please post the resulting log here as an attachment.


----------



## thawilso (Sep 25, 2007)

Here is my log from Winpfind3u


----------



## Cookiegal (Aug 27, 2003)

Disconnect from the Internet and disable your anti-virus and firewall programs. *Be sure to remember to re-start them before going on-line again.*

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.


```
[Kill Explorer]
[Registry - Additional Scans - All]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> Blabber -> %ProgramFiles%\IUInfoClient\Blabber.exe
YN -> SAClient -> %ProgramFiles%\Insight\BBClient\Programs\RegCon.exe
[File String Scan - All]
NY -> abetterinternet.com , -> %SystemRoot%\fiz10
NY -> abetterinternet.com , -> %SystemRoot%\fiz13
NY -> abetterinternet.com , -> %SystemRoot%\fiz14
NY -> abetterinternet.com , -> %SystemRoot%\fiz17
NY -> abetterinternet.com , -> %SystemRoot%\fiz5
NY -> UPX! , UPX0 , -> %SystemRoot%\Key2.txt
NY -> UPX! , UPX0 , -> %System32%\beegd10.ocx
NY -> SAHAgent , -> %System32%\fiz0
NY -> SAHAgent , -> %System32%\fiz3
NY -> PTech , -> %System32%\kyf.dat
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## thawilso (Sep 25, 2007)

Explorer killed successfully
[Registry - Additional Scans - All]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Blabber deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SAClient deleted successfully.
File not found.
[File String Scan - All]
C:\WINDOWS\fiz10 moved successfully.
C:\WINDOWS\fiz13 moved successfully.
C:\WINDOWS\fiz14 moved successfully.
C:\WINDOWS\fiz17 moved successfully.
C:\WINDOWS\fiz5 moved successfully.
C:\WINDOWS\Key2.txt moved successfully.
C:\WINDOWS\SYSTEM32\beegd10.ocx moved successfully.
C:\WINDOWS\SYSTEM32\fiz0 moved successfully.
C:\WINDOWS\SYSTEM32\fiz3 moved successfully.
C:\WINDOWS\SYSTEM32\kyf.dat moved successfully.
[Empty Temp Folders]
C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Thomas Wilson\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 01-30-2008 19:17:12


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:58, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8792 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll*

You also need to remove the remnants of Norton. Did you try to uninstall it via the Control Panel?

How are things now?


----------



## thawilso (Sep 25, 2007)

I didn't find anything Norton in the Control Panel. Where else might I find it? My computer has definitely running a lot better than previously.


----------



## Cookiegal (Aug 27, 2003)

Run this Norton removal tool for the Norton product you had:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039

Then reboot and post a new HijackThis log please.


----------



## thawilso (Sep 25, 2007)

I'm having trouble removing it. I went to add/remove programs to remove Symantec Antivirus Client, and it said "Are you sure you want to remove Symantec Antivirus Client from your computer." I clicked Yes, and then it said please wait while windows configures symantec antivirus client. After that nothing happens and Symantec Antivirus Client is still in the Add/Remove programs list. When I used the removal tool and followed the instructions it said "The following programs were found on this computer. These must be removed through Add/Remove Programs before Norton Removal Tool can proceed." And it lists Symantec AntiVirus 8


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log and a new HijackThis uninstall list.

For the uninstall list:

Open HijackThis and click on "Config" and then on the "Misc Tools" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22, on 2008-02-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1133682157\ee\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1133682157\ee\aexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133682157\ee\AOLSoftware.exe
O4 - HKLM\..\RunOnce: [Run IPH] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1085031214-1292428093-527237240-382858\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1085031214-1292428093-527237240-382858\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1085031214-1292428093-527237240-382858\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl (User '?')
O4 - HKUS\S-1-5-21-1085031214-1292428093-527237240-382858\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9854 bytes


----------



## thawilso (Sep 25, 2007)

AC3Filter (remove only)
Ad-aware 6 Personal
Ad-aware 6 Plus
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player ActiveX
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
AIM 6
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Avanquest update
AVG Free Edition
BitTornado 0.3.2
CNET Download Manager
DAO
Dell Inkjet Printer J740
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DivX
DivX Player
DJ740EN
DVDSentry
Easy CD Creator 5 Basic
EFTP3
ESPNMotion
FileSpecs extension for Ad-aware 6
Get Connected CD
Google Earth
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel (R) Pro Alerting Agent
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iPod for Windows 2005-02-07
iTunes
Java(TM) 6 Update 4
Kaspersky Online Scanner
Linksys Wireless-G USB Network Adapter
LiveUpdate 1.7 (Symantec Corporation)
Macromedia Shockwave Player
Messenger Control Plugin for Ad-aware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
mobile PhoneTools
Motorola PST
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NVIDIA Windows 2000/XP Display Drivers
OMCI
Paint Shop Pro 7
Palisade Numerical Tools - Book Version
PowerDVD
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Shockwave
Spybot - Search & Destroy 1.3
SUPERAntiSpyware Free Edition
Symantec AntiVirus Client
UITS Network Configuration Tool
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
WavePad Uninstall
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows SR 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver


----------



## Cookiegal (Aug 27, 2003)

Go back into HijackThis uninstall manager and highlight each of these, one at a time.

*Symantec AntiVirus Client
Windows SR 2.0*

Then reboot and post a new HijackThis log please.


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1133682157\ee\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133682157\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 9001 bytes


----------



## Cookiegal (Aug 27, 2003)

Open the Task Manager and end task on this process:

*DefWatch.exe*

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Stop "Norton AntiVirus Server"*

Press enter

Type:

*SC Delete "Norton AntiVirus Server"*

Press Enter

*SC Stop DefWatch*

Press enter

Type:

*SC Delete DefWatch*

Press Enter

Type:

*Exit*

Delete this folder:

C:\Program Files\*Symantec_Client_Security*

Now uninstall and reinstall AVG Free anti-virus as it's missing some of its components.

Then reboot and post a new HijackThis log please.


----------



## thawilso (Sep 25, 2007)

I wasn't able to end the process DefWatch.exe. I highlighted it and hit end process, but a message came up saying Unable to Terminate Process: The operation could not be completed. Access is denied.


----------



## Cookiegal (Aug 27, 2003)

Is there an icon in the system tray for Norton?


----------



## thawilso (Sep 25, 2007)

There is not an icon for Norton in the system tray.


----------



## Cookiegal (Aug 27, 2003)

Try doing the instructions in post no. 71 in safe mode.


----------



## thawilso (Sep 25, 2007)

After I uninstalled AVG, it seems that some of the original infections have made their way back on to my computer.


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:53, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljg.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\tfmghbuy.dll (file missing)
O2 - BHO: (no name) - {F340A7BA-EB3D-4198-9963-4C12CB350E8D} - C:\WINDOWS\system32\mlljg.dll (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [541d9d7d] rundll32.exe "C:\WINDOWS\system32\xucepqdq.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tfmghbuy - tfmghbuy.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8484 bytes


----------



## Cookiegal (Aug 27, 2003)

Please remove any version of ComboFix that you have now and redownload it to get the latest one:

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix and make sure you are disconnected from the Internet *after downloading the program and before scanning*.


*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. They can interfere with ComboFix and remove some of its embedded files which may cause _"unpredictable results"_.
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Download *ComboFix* and save it to your desktop.

***Note: In the event you already have ComboFix, this is a new version that I need you to download. It is important that it is saved directly to your desktop***

Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running ComboFix.

 WARNING: *IF you have not already done so ComboFix will disconnect your machine from the Internet when it starts. *
*Please do not re-connect your machine back to the Internet until ComboFix has completely finished.*
If there is no Internet connection when Combofix has completely finished then restart your computer to restore the connection.

Double-click on *combofix.exe* and follow the prompts. When finished, it will produce a report for you. Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review.

***Note: Do not mouseclick comboFix's window while it's running. That may cause it to stall***


----------



## thawilso (Sep 25, 2007)

ComboFix 08-02.05.3 - thawilso 2008-02-07 20:06:57.7 - NTFSx86
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\gjllm.ini
C:\WINDOWS\SYSTEM32\gjllm.ini2
C:\WINDOWS\SYSTEM32\qdqpecux.ini
C:\WINDOWS\system32\tfmghbuy.dllbox

.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 01:34 . 2008-02-07 12:30 d--------	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-02-07 01:33 . 2008-02-07 01:33 d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 01:33 . 2008-02-07 01:33 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 01:33 . 2008-02-07 01:41 d--------	C:\Documents and Settings\All Users\Application Data\avg7
2008-02-03 13:02 . 2008-02-05 19:55	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-02-03 13:02 . 2008-02-03 13:02	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-31 00:00 . 2008-01-31 00:00 d--------	C:\Program Files\Common Files\xing shared
2008-01-28 12:30 . 2008-01-28 12:47	250	--a------	C:\WINDOWS\gmer.ini
2008-01-27 19:00 . 2008-01-27 19:00 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-27 18:59 . 2008-01-27 18:59 d--------	C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-26 16:29 . 2008-02-07 01:44 d--------	C:\Program Files\SUPERAntiSpyware
2008-01-26 16:29 . 2008-01-26 16:29 d--------	C:\Documents and Settings\Thomas Wilson\Application Data\SUPERAntiSpyware.com
2008-01-26 16:29 . 2008-01-26 16:29 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 16:27 . 2008-01-26 16:27 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 22:16 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-23 22:15 . 2008-01-23 22:15 d--------	C:\Program Files\Common Files\Java
2008-01-17 16:40 . 2008-01-17 19:41 d--------	C:\bintheredunthat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:51	---------	d-----w	C:\Program Files\QuickTime
2008-02-07 18:51	---------	d-----w	C:\Program Files\DAEMON Tools
2008-02-07 07:17	---------	d-----w	C:\Program Files\Windows Defender
2008-02-02 01:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-02-02 01:37	---------	d-----w	C:\Program Files\Common Files\AOL
2008-02-02 01:36	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-31 05:00	---------	d-----w	C:\Program Files\Real
2008-01-31 05:00	---------	d-----w	C:\Program Files\Common Files\Real
2008-01-26 03:13	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\Apple Computer
2008-01-24 03:16	---------	d-----w	C:\Program Files\Java
2008-01-24 01:42	---------	d-----w	C:\Program Files\Viewpoint
2008-01-24 01:42	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-17 22:20	---------	d-----w	C:\Program Files\DivX
2008-01-17 22:20	---------	d-----w	C:\Program Files\BitTornado
2008-01-17 22:19	---------	d-----w	C:\Program Files\AIM6
2008-01-17 22:19	---------	d-----w	C:\Program Files\AC3Filter
2008-01-17 22:14	---------	d-----w	C:\Program Files\UITS NETCFG
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 18:23	---------	d-----w	C:\Program Files\Prevx1
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:55	---------	d-----w	C:\Program Files\iTunes
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 01:26	---------	d-----w	C:\Program Files\Common Files\Apple
2007-12-29 01:26	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

```
<pre>
----a-w           144,784 2008-02-07 06:18:00  C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe
</pre>
```
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F340A7BA-EB3D-4198-9963-4C12CB350E8D}]
C:\WINDOWS\system32\mlljg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"541d9d7d"="C:\WINDOWS\system32\xucepqdq.dll" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 01:38 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 01:33 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfmghbuy]
tfmghbuy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-13 15:36 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
C:\WINDOWS\System32\LSI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 06:34:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-07 21:00:15 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-07 21:13:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-02-07 21:17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 02:17:56
ComboFix2.txt 2008-01-30 03:34:02
ComboFix3.txt 2008-01-26 14:01:08
.
2008-02-07 21:01:33	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21, on 2008-02-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {F340A7BA-EB3D-4198-9963-4C12CB350E8D} - C:\WINDOWS\system32\mlljg.dll (file missing)
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [541d9d7d] rundll32.exe "C:\WINDOWS\system32\xucepqdq.dll",b
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: tfmghbuy - tfmghbuy.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8318 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
RenV::
C:\Program Files\Java\jre1.6.0_04\bin\jusched .exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F340A7BA-EB3D-4198-9963-4C12CB350E8D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"541d9d7d"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tfmghbuy]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSI]
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## thawilso (Sep 25, 2007)

ComboFix 08-02.05.3 - thawilso 2008-02-08 13:56:50.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.34 [GMT -5:00]
Running from: C:\Documents and Settings\Thomas Wilson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thomas Wilson\Desktop\CFScript.txt
* Created a new restore point

*WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!*
.

((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 20:05 . 2004-08-04 02:56	388,608	--a------	C:\kmd.exe
2008-02-07 01:34 . 2008-02-08 08:00 d--------	C:\Documents and Settings\Thomas Wilson\Application Data\AVG7
2008-02-07 01:33 . 2008-02-07 01:33 d--------	C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 01:33 . 2008-02-07 01:33 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-07 01:33 . 2008-02-07 01:41 d--------	C:\Documents and Settings\All Users\Application Data\avg7
2008-02-03 13:02 . 2008-02-05 19:55	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-02-03 13:02 . 2008-02-03 13:02	1,409	--a------	C:\WINDOWS\QTFont.for
2008-01-31 00:00 . 2008-01-31 00:00 d--------	C:\Program Files\Common Files\xing shared
2008-01-28 12:30 . 2008-01-28 12:47	250	--a------	C:\WINDOWS\gmer.ini
2008-01-27 19:00 . 2008-01-27 19:00 d--------	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-27 18:59 . 2008-01-27 18:59 d--------	C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-01-26 16:29 . 2008-02-07 01:44 d--------	C:\Program Files\SUPERAntiSpyware
2008-01-26 16:29 . 2008-01-26 16:29 d--------	C:\Documents and Settings\Thomas Wilson\Application Data\SUPERAntiSpyware.com
2008-01-26 16:29 . 2008-01-26 16:29 d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-26 16:27 . 2008-01-26 16:27 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 22:16 . 2007-12-14 01:59	69,632	--a------	C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-01-23 22:15 . 2008-01-23 22:15 d--------	C:\Program Files\Common Files\Java
2008-01-17 16:40 . 2008-01-17 19:41 d--------	C:\bintheredunthat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 18:51	---------	d-----w	C:\Program Files\QuickTime
2008-02-07 18:51	---------	d-----w	C:\Program Files\DAEMON Tools
2008-02-07 07:17	---------	d-----w	C:\Program Files\Windows Defender
2008-02-02 01:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL
2008-02-02 01:37	---------	d-----w	C:\Program Files\Common Files\AOL
2008-02-02 01:36	---------	d-----w	C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-01-31 05:00	---------	d-----w	C:\Program Files\Real
2008-01-31 05:00	---------	d-----w	C:\Program Files\Common Files\Real
2008-01-26 03:13	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\Apple Computer
2008-01-24 03:16	---------	d-----w	C:\Program Files\Java
2008-01-24 01:42	---------	d-----w	C:\Program Files\Viewpoint
2008-01-24 01:42	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-17 22:20	---------	d-----w	C:\Program Files\DivX
2008-01-17 22:20	---------	d-----w	C:\Program Files\BitTornado
2008-01-17 22:19	---------	d-----w	C:\Program Files\AIM6
2008-01-17 22:19	---------	d-----w	C:\Program Files\AC3Filter
2008-01-17 22:14 ---------	d-----w	C:\Program Files\UITS NETCFG
2008-01-16 18:43	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-16 18:23	---------	d-----w	C:\Program Files\Prevx1
2008-01-12 21:31	---------	d-----w	C:\Program Files\Trend Micro
2008-01-08 02:25	---------	d-----w	C:\Documents and Settings\Thomas Wilson\Application Data\AdobeUM
2007-12-29 01:55	---------	d-----w	C:\Program Files\iTunes
2007-12-29 01:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-29 01:26	---------	d-----w	C:\Program Files\Common Files\Apple
2007-12-29 01:26	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple
2006-02-10 21:30	24,192	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermptxp.sys
2006-02-10 21:30	22,768	----a-w	C:\Documents and Settings\Thomas Wilson\usbsermpt.sys
2004-11-30 19:43	65,448	----a-w	C:\Documents and Settings\Thomas Wilson\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 06:10	63,656	----a-w	C:\Documents and Settings\thawilso\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 02:56 158208]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 01:38 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 01:33 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UITS Network Diagnostic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UITS Network Diagnostic.lnk
backup=C:\WINDOWS\pss\UITS Network Diagnostic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2006-04-13 15:36 50792 C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
C:\WINDOWS\System32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-02-28 19:13 4493312 C:\WINDOWS\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-02-28 19:13 323584 C:\WINDOWS\SYSTEM32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 04:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 04:31]
S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-01-07 17:05]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 06:34:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-08 13:00:00 C:\WINDOWS\Tasks\{9B45195D-7E1F-4E22-A4EB-07C70B048446}_ADS_thawilso.job"
- C:\WINDOWS\system32\MOBSYNC.EXEA /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 14:03:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [56040]
? [2728]
? [10324]
? [11728]
? [11736]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 14:06:35
ComboFix-quarantined-files.txt 2008-02-08 19:06:33
ComboFix2.txt 2008-02-08 02:17:59
ComboFix3.txt 2008-01-30 03:34:02
ComboFix4.txt 2008-01-26 14:01:08
.
2008-02-07 21:01:33	--- E O F ---


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1...taller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 8131 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/1d...APANEL_USA.cab*

Go to Control Panel - Add/Remove programs and remove any of these you see there:

*Viewpoint
Viewpoint Manager
Viewpoint Media Player*

Then delete these folders:

C:\Program Files\*Viewpoint*
C:\Documents and Settings\All Users\Application Data\*Viewpoint*

Go to the following link and follow the instructions to run a repair of AVG Free as the e-mail component is still not installed properly on your computer.

After you've done that, reboot and post a new HijackThis log please.


----------



## thawilso (Sep 25, 2007)

I've done everything except the last step. It says go to the following link for instructions to run a repair of AVG free, but you didn't provide the link.


----------



## Cookiegal (Aug 27, 2003)

Sorry. Here it is. See no. 625:

http://free.grisoft.com/doc/faq/us/frt/0/num/617


----------



## thawilso (Sep 25, 2007)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:36, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab28578.cab
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} - http://www.mtv.com/overdrive/bin/setup.exe
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://D:\content\include\XPPatchInstaller.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129875655765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150951878578
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {8E6AA867-94D4-4B4F-8791-1B048F8C122A} (WebInterface Class) - https://fastsend.com/products/Fsplugin.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28578.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28578.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\Software\..\Telephony: DomainName = ads.iu.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ads.iu.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ads.iu.edu
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 7879 bytes


----------



## Cookiegal (Aug 27, 2003)

The e-mail scanner for AVG is still not showing in the log. Do you have it turned off intentionally? What e-mail client are you using?


----------



## thawilso (Sep 25, 2007)

I don't think I ever did anything to intentionally turn it off. Is there anyway to turn it on if so? Also, I don't use an e-mail client, I use Gmail.


----------



## Cookiegal (Aug 27, 2003)

I believe there is some special configuration necessary when not using Outlook or Outlook Express:

http://forum.grisoft.cz/freeforum/read.php?3,25035,backpage=,sv=

You can delete the ComboFix utility and delete this folder, which is where ComboFix stores deleted files as backups:

C:\*Qoobox*

Here are some final instructions for you.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

Delete Temporary Files:

Go to *Start* - *Run* and type in *cleanmgr* and click OK. 
Let it scan your system for files to remove. 
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. 
Press OK to remove them.


----------



## thawilso (Sep 25, 2007)

Is there any reason why the icon for my hard drive has a red X on it?


----------



## Cookiegal (Aug 27, 2003)

That's a leftover from the infection and we can fix it with a regfix.

I'm attaching a FixDriveIcons.zip file. Save it to your desktop. Unzip it and double-click the FixDriveIcons.reg file and allow it to enter into the registry.


Let me know how that goes please.


----------



## thawilso (Sep 25, 2007)

It worked, thanks for the help


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------

