Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PLEASE LOOK AT MY "HI JACK THIS" LOG AND MY "COMBOFIX&q

Started by RKC402 , Jan 14 2008 09:38 AM

  • Please log in to reply

#1
RKC402
Posted 14 January 2008 - 09:38 AM

RKC402

    New Member

  • Member
  • Pip
  • 3 posts
PLEASE HELP
IVE BEEN FIGHTING THIS FOR SEVERAL DAYS NOW
AVAST ANTAVIRUS FINDS THE TRATBHO [TJR] BUT CAN NOT DELETE IT
SO I INSTALLED CA ANTI-VIRUS PLUS SAME THING AND IF IT DOSE DELETE THE FILE IT COMES BACK
NOW MY C DRIVE IS MARKED WITH A DELETE X AND I HAVE 4000 + POS.3E7 POS.3E8 AND SO ON FILES
IF I DELETE THEFILES THEY COME BACK AS WELL
WELL HEAR IS MY HI JACK THIS LOG

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:41 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.247.80.29 www22.verizon.com
O1 - Hosts: 199.244.218.42 www.capitalone.com
O1 - Hosts: 66.135.208.101 pages.ebay.com
O1 - Hosts: 205.188.138.25 groups.aol.com
O1 - Hosts: 216.109.118.82 us.rd.yahoo.com
O1 - Hosts: 208.178.227.123 www.paymybill.com
O1 - Hosts: 65.54.150.19 moneycentral.msn.com
O1 - Hosts: 207.46.250.101 go.microsoft.com
O1 - Hosts: 205.188.102.12 www.aol.com
O1 - Hosts: 149.174.32.135 www.compuserve.com
O1 - Hosts: 207.217.125.95 www.earthlink.com
O1 - Hosts: 66.45.29.10 www.broadbandcompass.com
O1 - Hosts: 17.149.156.10 store.apple.com
O1 - Hosts: 217.116.231.72 www.cam4.com
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [RestartNeroSetup] "K:\CDS\Nero\Installation\SetupX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.acehardware-acenet.com
O15 - Trusted Zone: *.acehardware-aceonline.com
O15 - Trusted Zone: *.acehardware-eaglevision.com
O15 - Trusted Zone: *.acehardware-vendors.com
O15 - Trusted Zone: *.aceservices.com
O15 - Trusted Zone: *.acehardware-acenet.com (HKLM)
O15 - Trusted Zone: *.acehardware-aceonline.com (HKLM)
O15 - Trusted Zone: *.acehardware-eaglevision.com (HKLM)
O15 - Trusted Zone: *.acehardware-vendors.com (HKLM)
O15 - Trusted Zone: *.aceservices.com (HKLM)
O16 - DPF: AceIESecuritySettings - http://ww2.acehardwa...itySettings.CAB
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardwa...xpl/AceExpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ww1.acehardwa...t60/fpspr60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175264782406
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardwa...ENET/ACECTL.CAB
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) - http://ww1.acehardwa...Si/McsiMenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1666EDA4-ADE6-491B-83E0-DA076FB36449}: NameServer = 69.43.32.27 66.118.64.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8983 bytes

Edited by RKC402, 14 January 2008 - 04:48 PM.

  • 0

Advertisements

#2
RKC402
Posted 14 January 2008 - 04:44 PM

RKC402

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK SO I RAN COMBOFIX
IT ONLY TOOK ABOUT 3HRS TO RUN
AND HEAR IS MY COMBOFIX LOG

ComboFix 08-01-14.4 - Administrator 2008-01-14 14:35:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.618 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos1000.tmp
C:\pos1001.tmp
C:\pos1002.tmp
C:\pos1003.tmp
C:\pos1004.tmp
C:\pos1005.tmp
C:\pos1006.tmp
C:\pos1007.tmp
C:\pos1008.tmp
C:\pos1009.tmp
C:\pos100A.tmp
C:\pos100B.tmp
C:\pos100C.tmp
C:\pos100D.tmp
C:\pos100E.tmp
C:\pos100F.tmp
C:\pos101.tmp
C:\pos1010.tmp
C:\pos1011.tmp
C:\pos1012.tmp
C:\pos1013.tmp
C:\pos1014.tmp
C:\pos1015.tmp
C:\pos1016.tmp
C:\pos1017.tmp
C:\pos1018.tmp
C:\pos1019.tmp
C:\pos101A.tmp
C:\pos101B.tmp
C:\pos101C.tmp
C:\pos101D.tmp
C:\pos101E.tmp
C:\pos101F.tmp
C:\pos102.tmp
C:\pos1020.tmp
C:\pos1021.tmp
C:\pos1022.tmp
C:\pos1023.tmp
C:\pos1024.tmp
C:\pos1025.tmp
C:\pos1026.tmp
C:\pos1027.tmp
C:\pos1028.tmp
C:\pos1029.tmp
C:\pos102A.tmp
C:\pos102B.tmp
C:\pos102C.tmp
C:\pos102D.tmp
C:\pos102E.tmp
C:\pos102F.tmp
C:\pos103.tmp
C:\pos1030.tmp
C:\pos1031.tmp
C:\pos1032.tmp
C:\pos1033.tmp
C:\pos1034.tmp
C:\pos1035.tmp
C:\pos1036.tmp
C:\pos1037.tmp
C:\pos1038.tmp
C:\pos1039.tmp
C:\pos103A.tmp
C:\pos103B.tmp
C:\pos103C.tmp
C:\pos103D.tmp
C:\pos103E.tmp
C:\pos103F.tmp
C:\pos104.tmp
C:\pos1040.tmp
C:\pos1041.tmp
C:\pos1042.tmp
C:\pos1043.tmp
C:\pos1044.tmp
C:\pos1045.tmp
C:\pos1046.tmp
C:\pos1047.tmp
C:\pos1048.tmp
C:\pos1049.tmp
C:\pos104A.tmp
C:\pos104B.tmp
C:\pos104C.tmp
C:\pos104D.tmp
C:\pos104E.tmp
C:\pos104F.tmp
C:\pos105.tmp
C:\pos1050.tmp
C:\pos1051.tmp
C:\pos1052.tmp
C:\pos1053.tmp
C:\pos1054.tmp
C:\pos1055.tmp
C:\pos1056.tmp
C:\pos1057.tmp
C:\pos1058.tmp
C:\pos1059.tmp
C:\pos105A.tmp
C:\pos105B.tmp
C:\pos105C.tmp
C:\pos105D.tmp
C:\pos105E.tmp
C:\pos105F.tmp
C:\pos106.tmp
C:\pos1060.tmp
C:\pos1061.tmp
C:\pos1062.tmp
C:\pos1063.tmp
C:\pos1064.tmp
C:\pos1065.tmp
C:\pos1066.tmp
C:\pos1067.tmp
C:\pos1068.tmp
C:\pos1069.tmp
C:\pos106A.tmp
C:\pos106B.tmp
C:\pos106C.tmp
C:\pos106D.tmp
C:\pos106E.tmp
C:\pos106F.tmp
C:\pos107.tmp
C:\pos1070.tmp
C:\pos1071.tmp
C:\pos1072.tmp
C:\pos1073.tmp
C:\pos1074.tmp
C:\pos1075.tmp
C:\pos1076.tmp
C:\pos1077.tmp
C:\pos1078.tmp
C:\pos1079.tmp
C:\pos107A.tmp
C:\pos107B.tmp
C:\pos107C.tmp
C:\pos107D.tmp
C:\pos107E.tmp
C:\pos107F.tmp
C:\pos108.tmp
C:\pos1080.tmp
C:\pos1081.tmp
C:\pos1082.tmp
C:\pos1083.tmp
C:\pos1084.tmp
C:\pos1085.tmp
C:\pos1086.tmp
C:\pos1087.tmp
C:\pos1088.tmp
C:\pos1089.tmp
C:\pos108A.tmp
C:\pos108B.tmp
C:\pos108C.tmp
C:\pos108D.tmp
C:\pos108E.tmp
C:\pos108F.tmp
C:\pos109.tmp
C:\pos1090.tmp
C:\pos1091.tmp
C:\pos1092.tmp
C:\pos1093.tmp
C:\pos1094.tmp
C:\pos1095.tmp
C:\pos1096.tmp
C:\pos1097.tmp
C:\pos1098.tmp
C:\pos1099.tmp
C:\pos109A.tmp
C:\pos109B.tmp
C:\pos109C.tmp
C:\pos109D.tmp
C:\pos109E.tmp
C:\pos109F.tmp
C:\pos10A.tmp
C:\pos10A0.tmp
C:\pos10A1.tmp
C:\pos10A2.tmp
C:\pos10A3.tmp
C:\pos10A4.tmp
C:\pos10A5.tmp
C:\pos10A6.tmp
C:\pos10A7.tmp
C:\pos10A8.tmp
C:\pos10A9.tmp
C:\pos10AA.tmp
C:\pos10AB.tmp
C:\pos10AC.tmp
C:\pos10AD.tmp
C:\pos10AE.tmp
C:\pos10AF.tmp
C:\pos10B.tmp
C:\pos10B0.tmp
C:\pos10B1.tmp
C:\pos10B2.tmp
C:\pos10B3.tmp
C:\pos10B4.tmp
C:\pos10B5.tmp
C:\pos10B6.tmp
C:\pos10B7.tmp
C:\pos10B8.tmp
C:\pos10B9.tmp
C:\pos10BA.tmp
C:\pos10BB.tmp
C:\pos10BC.tmp
C:\pos10BD.tmp
C:\pos10BE.tmp
C:\pos10BF.tmp
C:\pos10C.tmp
C:\pos10C0.tmp
C:\pos10C1.tmp
C:\pos10C2.tmp
C:\pos10C3.tmp
C:\pos10C4.tmp
C:\pos10C5.tmp
C:\pos10C6.tmp
C:\pos10C7.tmp
C:\pos10C8.tmp
C:\pos10C9.tmp
C:\pos10CA.tmp
C:\pos10CB.tmp
C:\pos10CC.tmp
C:\pos10CD.tmp
C:\pos10CE.tmp
C:\pos10CF.tmp
C:\pos10D.tmp
C:\pos10D0.tmp
C:\pos10D1.tmp
C:\pos10D2.tmp
C:\pos10D3.tmp
C:\pos10D4.tmp
C:\pos10D5.tmp
C:\pos10D6.tmp
C:\pos10D7.tmp
C:\pos10D8.tmp
C:\pos10D9.tmp
C:\pos10DA.tmp
C:\pos10DB.tmp
C:\pos10DC.tmp
C:\pos10DD.tmp
C:\pos10DE.tmp
C:\pos10DF.tmp
C:\pos10E.tmp
C:\pos10E0.tmp
C:\pos10E1.tmp
C:\pos10E2.tmp
C:\pos10E3.tmp
C:\pos10E4.tmp
C:\pos10E5.tmp
C:\pos10E6.tmp
C:\pos10E7.tmp
C:\pos10E8.tmp
C:\pos10E9.tmp
C:\pos10EA.tmp
C:\pos10EB.tmp
C:\pos10EC.tmp
C:\pos10ED.tmp
C:\pos10EE.tmp
C:\pos10EF.tmp
C:\pos10F.tmp
C:\pos10F0.tmp
C:\pos10F1.tmp
C:\pos10F2.tmp
C:\pos10F3.tmp
C:\pos10F4.tmp
C:\pos10F5.tmp
C:\pos10F6.tmp
C:\pos10F7.tmp
C:\pos10F8.tmp
C:\pos10F9.tmp
C:\pos10FA.tmp
C:\pos10FB.tmp
C:\pos10FC.tmp
C:\pos10FD.tmp
C:\pos10FE.tmp
C:\pos10FF.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos1100.tmp
C:\pos1101.tmp
C:\pos1102.tmp
C:\pos1103.tmp
C:\pos1104.tmp
C:\pos1105.tmp
C:\pos1106.tmp
C:\pos1107.tmp
C:\pos1108.tmp
C:\pos1109.tmp
C:\pos110A.tmp
C:\pos110B.tmp
C:\pos110C.tmp
C:\pos110D.tmp
C:\pos110E.tmp
C:\pos110F.tmp
C:\pos111.tmp
C:\pos1110.tmp
C:\pos1111.tmp
C:\pos1112.tmp
C:\pos1113.tmp
C:\pos1114.tmp
C:\pos1115.tmp
C:\pos1116.tmp
C:\pos1117.tmp
C:\pos1118.tmp
C:\pos1119.tmp
C:\pos111A.tmp
C:\pos111B.tmp
C:\pos111C.tmp
C:\pos111D.tmp
C:\pos111E.tmp
C:\pos111F.tmp
C:\pos112.tmp
C:\pos1120.tmp
C:\pos1121.tmp
C:\pos1122.tmp
C:\pos1123.tmp
C:\pos1124.tmp
C:\pos1125.tmp
C:\pos1126.tmp
C:\pos1127.tmp
C:\pos1128.tmp
C:\pos1129.tmp
C:\pos112A.tmp
C:\pos112B.tmp
C:\pos112C.tmp
C:\pos112D.tmp
C:\pos112E.tmp
C:\pos112F.tmp
C:\pos113.tmp
C:\pos1130.tmp
C:\pos1131.tmp
C:\pos1132.tmp
C:\pos1133.tmp
C:\pos1134.tmp
C:\pos1135.tmp
C:\pos1136.tmp
C:\pos1137.tmp
C:\pos1138.tmp
C:\pos1139.tmp
C:\pos113A.tmp
C:\pos113B.tmp
C:\pos113C.tmp
C:\pos113D.tmp
C:\pos113E.tmp
C:\pos113F.tmp
C:\pos114.tmp
C:\pos1140.tmp
C:\pos1141.tmp
C:\pos1142.tmp
C:\pos1143.tmp
C:\pos1144.tmp
C:\pos1145.tmp
C:\pos1146.tmp
C:\pos1147.tmp
C:\pos1148.tmp
C:\pos1149.tmp
C:\pos114A.tmp
C:\pos114B.tmp
C:\pos114C.tmp
C:\pos114D.tmp
C:\pos114E.tmp
C:\pos114F.tmp
C:\pos115.tmp
C:\pos1150.tmp
C:\pos1151.tmp
C:\pos1152.tmp
C:\pos1153.tmp
C:\pos1154.tmp
C:\pos1155.tmp
C:\pos1156.tmp
C:\pos1157.tmp
C:\pos1158.tmp
C:\pos1159.tmp
C:\pos115A.tmp
C:\pos115B.tmp
C:\pos115C.tmp
C:\pos115D.tmp
C:\pos115E.tmp
C:\pos115F.tmp
C:\pos116.tmp
C:\pos1160.tmp
C:\pos1161.tmp
C:\pos1162.tmp
C:\pos1163.tmp
C:\pos1164.tmp
C:\pos1165.tmp
C:\pos1166.tmp
C:\pos1167.tmp
C:\pos1168.tmp
C:\pos1169.tmp
C:\pos116A.tmp
C:\pos116B.tmp
C:\pos116C.tmp
C:\pos116D.tmp
C:\pos116E.tmp
C:\pos116F.tmp
C:\pos117.tmp
C:\pos1170.tmp
C:\pos1171.tmp
C:\pos1172.tmp
C:\pos1173.tmp
C:\pos1174.tmp
C:\pos1175.tmp
C:\pos1176.tmp
C:\pos1177.tmp
C:\pos1178.tmp
C:\pos1179.tmp
C:\pos117A.tmp
C:\pos117B.tmp
C:\pos117C.tmp
C:\pos117D.tmp
C:\pos117E.tmp
C:\pos117F.tmp
C:\pos118.tmp
C:\pos1180.tmp
C:\pos1181.tmp
C:\pos1182.tmp
C:\pos1183.tmp
C:\pos1184.tmp
C:\pos1185.tmp
C:\pos1186.tmp
C:\pos1187.tmp
C:\pos1188.tmp
C:\pos1189.tmp
C:\pos118A.tmp
C:\pos118B.tmp
C:\pos118C.tmp
C:\pos118D.tmp
C:\pos118E.tmp
C:\pos118F.tmp
C:\pos119.tmp
C:\pos1190.tmp
C:\pos1191.tmp
C:\pos1192.tmp
C:\pos1193.tmp
C:\pos1194.tmp
C:\pos1195.tmp
C:\pos1196.tmp
C:\pos1197.tmp
C:\pos1198.tmp
C:\pos1199.tmp
C:\pos119A.tmp
C:\pos119B.tmp
C:\pos119C.tmp
C:\pos119D.tmp
C:\pos119E.tmp
C:\pos119F.tmp
C:\pos11A.tmp
C:\pos11A0.tmp
C:\pos11A1.tmp
C:\pos11A2.tmp
C:\pos11A3.tmp
C:\pos11A4.tmp
C:\pos11A5.tmp
C:\pos11A6.tmp
C:\pos11A7.tmp
C:\pos11A8.tmp
C:\pos11A9.tmp
C:\pos11AA.tmp
C:\pos11AB.tmp
C:\pos11AC.tmp
C:\pos11AD.tmp
C:\pos11AE.tmp
C:\pos11AF.tmp
C:\pos11B.tmp
C:\pos11B0.tmp
C:\pos11B1.tmp
C:\pos11B2.tmp
C:\pos11B3.tmp
C:\pos11B4.tmp
C:\pos11B5.tmp
C:\pos11B6.tmp
C:\pos11B7.tmp
C:\pos11B8.tmp
C:\pos11B9.tmp
C:\pos11BA.tmp
C:\pos11BB.tmp
C:\pos11BC.tmp
C:\pos11BD.tmp
C:\pos11BE.tmp
C:\pos11BF.tmp
C:\pos11C.tmp
C:\pos11C0.tmp
C:\pos11C1.tmp
C:\pos11C2.tmp
C:\pos11C3.tmp
C:\pos11C4.tmp
C:\pos11C5.tmp
C:\pos11C6.tmp
C:\pos11C7.tmp
C:\pos11C8.tmp
C:\pos11C9.tmp
C:\pos11CA.tmp
C:\pos11CB.tmp
C:\pos11CC.tmp
C:\pos11CD.tmp
C:\pos11CE.tmp
C:\pos11CF.tmp
C:\pos11D.tmp
C:\pos11D0.tmp
C:\pos11D1.tmp
C:\pos11D2.tmp
C:\pos11D3.tmp
C:\pos11D4.tmp
C:\pos11D5.tmp
C:\pos11D6.tmp
C:\pos11D7.tmp
C:\pos11D8.tmp
C:\pos11D9.tmp
C:\pos11DA.tmp
C:\pos11DB.tmp
C:\pos11DC.tmp
C:\pos11DD.tmp
C:\pos11DE.tmp
C:\pos11DF.tmp
C:\pos11E.tmp
C:\pos11E0.tmp
C:\pos11E1.tmp
C:\pos11E2.tmp
C:\pos11E3.tmp
C:\pos11E4.tmp
C:\pos11E5.tmp
C:\pos11E6.tmp
C:\pos11E7.tmp
C:\pos11E8.tmp
C:\pos11E9.tmp
C:\pos11EA.tmp
C:\pos11EB.tmp
C:\pos11EC.tmp
C:\pos11ED.tmp
C:\pos11EE.tmp
C:\pos11EF.tmp
C:\pos11F.tmp
C:\pos11F0.tmp
C:\pos11F1.tmp
C:\pos11F2.tmp
C:\pos11F3.tmp
C:\pos11F4.tmp
C:\pos11F5.tmp
C:\pos11F6.tmp
C:\pos11F7.tmp
C:\pos11F8.tmp
C:\pos11F9.tmp
C:\pos11FA.tmp
C:\pos11FB.tmp
C:\pos11FC.tmp
C:\pos11FD.tmp
C:\pos11FE.tmp
C:\pos11FF.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos1200.tmp
C:\pos1201.tmp
C:\pos1202.tmp
C:\pos1203.tmp
C:\pos1204.tmp
C:\pos1205.tmp
C:\pos1206.tmp
C:\pos1207.tmp
C:\pos1208.tmp
C:\pos1209.tmp
C:\pos120A.tmp
C:\pos120B.tmp
C:\pos120C.tmp
C:\pos120D.tmp
C:\pos120E.tmp
C:\pos120F.tmp
C:\pos121.tmp
C:\pos1210.tmp
C:\pos1211.tmp
C:\pos1212.tmp
C:\pos1213.tmp
C:\pos1214.tmp
C:\pos1215.tmp
C:\pos1216.tmp
C:\pos1217.tmp
C:\pos1218.tmp
C:\pos1219.tmp
C:\pos121A.tmp
C:\pos121B.tmp
C:\pos121C.tmp
C:\pos121D.tmp
C:\pos121E.tmp
C:\pos121F.tmp
C:\pos122.tmp
C:\pos1220.tmp
C:\pos1221.tmp
C:\pos1222.tmp
C:\pos1223.tmp
C:\pos1224.tmp
C:\pos1225.tmp
C:\pos1226.tmp
C:\pos1227.tmp
C:\pos1228.tmp
C:\pos1229.tmp
C:\pos122A.tmp
C:\pos122B.tmp
C:\pos122C.tmp
C:\pos122D.tmp
C:\pos122E.tmp
C:\pos122F.tmp
C:\pos123.tmp
C:\pos1230.tmp
C:\pos1231.tmp
C:\pos1232.tmp
C:\pos1233.tmp
C:\pos1234.tmp
C:\pos1235.tmp
C:\pos1236.tmp
C:\pos1237.tmp
C:\pos1238.tmp
C:\pos1239.tmp
C:\pos123A.tmp
C:\pos123B.tmp
C:\pos123C.tmp
C:\pos123D.tmp
C:\pos123E.tmp
C:\pos123F.tmp
C:\pos124.tmp
C:\pos1240.tmp
C:\pos1241.tmp
C:\pos1242.tmp
C:\pos1243.tmp
C:\pos1244.tmp
C:\pos1245.tmp
C:\pos1246.tmp
C:\pos1247.tmp
C:\pos1248.tmp
C:\pos1249.tmp
C:\pos124A.tmp
C:\pos124B.tmp
C:\pos124C.tmp
C:\pos124D.tmp
C:\pos124E.tmp
C:\pos124F.tmp
C:\pos125.tmp
C:\pos1250.tmp
C:\pos1251.tmp
C:\pos1252.tmp
C:\pos1253.tmp
C:\pos1254.tmp
C:\pos1255.tmp
C:\pos1256.tmp
C:\pos1257.tmp
C:\pos1258.tmp
C:\pos1259.tmp
C:\pos125A.tmp
C:\pos125B.tmp
C:\pos125C.tmp
C:\pos125D.tmp
C:\pos125E.tmp
C:\pos125F.tmp
C:\pos126.tmp
C:\pos1260.tmp
C:\pos1261.tmp
C:\pos1262.tmp
C:\pos1263.tmp
C:\pos1264.tmp
C:\pos1265.tmp
C:\pos1266.tmp
C:\pos1267.tmp
C:\pos1268.tmp
C:\pos1269.tmp
C:\pos126A.tmp
C:\pos126B.tmp
C:\pos126C.tmp
C:\pos126D.tmp
C:\pos126E.tmp
C:\pos126F.tmp
C:\pos127.tmp
C:\pos1270.tmp
C:\pos1271.tmp
C:\pos1272.tmp
C:\pos1273.tmp
C:\pos1274.tmp
C:\pos1275.tmp
C:\pos1276.tmp
C:\pos1277.tmp
C:\pos1278.tmp
C:\pos1279.tmp
C:\pos127A.tmp
C:\pos127B.tmp
C:\pos127C.tmp
C:\pos127D.tmp
C:\pos127E.tmp
C:\pos127F.tmp
C:\pos128.tmp
C:\pos1280.tmp
C:\pos1281.tmp
C:\pos1282.tmp
C:\pos1283.tmp
C:\pos1284.tmp
C:\pos1285.tmp
C:\pos1286.tmp
C:\pos1287.tmp
C:\pos1288.tmp
C:\pos1289.tmp
C:\pos128A.tmp
C:\pos128B.tmp
C:\pos128C.tmp
C:\pos128D.tmp
C:\pos128E.tmp
C:\pos128F.tmp
C:\pos129.tmp
C:\pos1290.tmp
C:\pos1291.tmp
C:\pos1292.tmp
C:\pos1293.tmp
C:\pos1294.tmp
C:\pos1295.tmp
C:\pos1296.tmp
C:\pos1297.tmp
C:\pos1298.tmp
C:\pos1299.tmp
C:\pos129A.tmp
C:\pos129B.tmp
C:\pos129C.tmp
C:\pos129D.tmp
C:\pos129E.tmp
C:\pos129F.tmp
C:\pos12A.tmp
C:\pos12A0.tmp
C:\pos12A1.tmp
C:\pos12A2.tmp
C:\pos12A3.tmp
C:\pos12A4.tmp
C:\pos12A5.tmp
C:\pos12A6.tmp
C:\pos12A7.tmp
C:\pos12A8.tmp
C:\pos12A9.tmp
C:\pos12AA.tmp
C:\pos12AB.tmp
C:\pos12AC.tmp
C:\pos12AD.tmp
C:\pos12AE.tmp
C:\pos12AF.tmp
C:\pos12B.tmp
C:\pos12B0.tmp
C:\pos12B1.tmp
C:\pos12B2.tmp
C:\pos12B3.tmp
C:\pos12B4.tmp
C:\pos12B5.tmp
C:\pos12B6.tmp
C:\pos12B7.tmp
C:\pos12B8.tmp
C:\pos12B9.tmp
C:\pos12BA.tmp
C:\pos12BB.tmp
C:\pos12BC.tmp
C:\pos12BD.tmp
C:\pos12BE.tmp
C:\pos12BF.tmp
C:\pos12C.tmp
C:\pos12C0.tmp
C:\pos12C1.tmp
C:\pos12C2.tmp
C:\pos12C3.tmp
C:\pos12C4.tmp
C:\pos12C5.tmp
C:\pos12C6.tmp
C:\pos12C7.tmp
C:\pos12C8.tmp
C:\pos12C9.tmp
C:\pos12CA.tmp
C:\pos12CB.tmp
C:\pos12CC.tmp
C:\pos12CD.tmp
C:\pos12CE.tmp
C:\pos12CF.tmp
C:\pos12D.tmp
C:\pos12D0.tmp
C:\pos12D1.tmp
C:\pos12D2.tmp
C:\pos12D3.tmp
C:\pos12D4.tmp
C:\pos12D5.tmp
C:\pos12D6.tmp
C:\pos12D7.tmp
C:\pos12D8.tmp
C:\pos12D9.tmp
C:\pos12DA.tmp
C:\pos12DB.tmp
C:\pos12DC.tmp
C:\pos12DD.tmp
C:\pos12DE.tmp
C:\pos12DF.tmp
C:\pos12E.tmp
C:\pos12E0.tmp
C:\pos12E1.tmp
C:\pos12E2.tmp
C:\pos12E3.tmp
C:\pos12E4.tmp
C:\pos12E5.tmp
C:\pos12E6.tmp
C:\pos12E7.tmp
C:\pos12E8.tmp
C:\pos12E9.tmp
C:\pos12EA.tmp
C:\pos12EB.tmp
C:\pos12EC.tmp
C:\pos12ED.tmp
C:\pos12EE.tmp
C:\pos12EF.tmp
C:\pos12F.tmp
C:\pos12F0.tmp
C:\pos12F1.tmp
C:\pos12F2.tmp
C:\pos12F3.tmp
C:\pos12F4.tmp
C:\pos12F5.tmp
C:\pos12F6.tmp
C:\pos12F7.tmp
C:\pos12F8.tmp
C:\pos12F9.tmp
C:\pos12FA.tmp
C:\pos12FB.tmp
C:\pos12FC.tmp
C:\pos12FD.tmp
C:\pos12FE.tmp
C:\pos12FF.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos1300.tmp
C:\pos1301.tmp
C:\pos1302.tmp
C:\pos1303.tmp
C:\pos1304.tmp
C:\pos1305.tmp
C:\pos1306.tmp
C:\pos1307.tmp
C:\pos1308.tmp
C:\pos1309.tmp
C:\pos130A.tmp
C:\pos130B.tmp
C:\pos130C.tmp
C:\pos130D.tmp
C:\pos130E.tmp
C:\pos130F.tmp
C:\pos131.tmp
C:\pos1310.tmp
C:\pos1311.tmp
C:\pos1312.tmp
C:\pos1313.tmp
C:\pos1314.tmp
C:\pos1315.tmp
C:\pos1316.tmp
C:\pos1317.tmp
C:\pos1318.tmp
C:\pos1319.tmp
C:\pos131A.tmp
C:\pos131B.tmp
C:\pos131C.tmp
C:\pos131D.tmp
C:\pos131E.tmp
C:\pos131F.tmp
C:\pos132.tmp
C:\pos1320.tmp
C:\pos1321.tmp
C:\pos1322.tmp
C:\pos1323.tmp
C:\pos1324.tmp
C:\pos1325.tmp
C:\pos1326.tmp
C:\pos1327.tmp
C:\pos1328.tmp
C:\pos1329.tmp
C:\pos132A.tmp
C:\pos132B.tmp
C:\pos132C.tmp
C:\pos132D.tmp
C:\pos132E.tmp
C:\pos132F.tmp
C:\pos133.tmp
C:\pos1330.tmp
C:\pos1331.tmp
C:\pos1332.tmp
C:\pos1333.tmp
C:\pos1334.tmp
C:\pos1335.tmp
C:\pos1336.tmp
C:\pos1337.tmp
C:\pos1338.tmp
C:\pos1339.tmp
C:\pos133A.tmp
C:\pos133B.tmp
C:\pos133C.tmp
C:\pos133D.tmp
C:\pos133E.tmp
C:\pos133F.tmp
C:\pos134.tmp
C:\pos1340.tmp
C:\pos1341.tmp
C:\pos1342.tmp
C:\pos1343.tmp
C:\pos1344.tmp
C:\pos1345.tmp
C:\pos1346.tmp
C:\pos1347.tmp
C:\pos1348.tmp
C:\pos1349.tmp
C:\pos134A.tmp
C:\pos134B.tmp
C:\pos134C.tmp
C:\pos134D.tmp
C:\pos134E.tmp
C:\pos134F.tmp
C:\pos135.tmp
C:\pos1350.tmp
C:\pos1351.tmp
C:\pos1352.tmp
C:\pos1353.tmp
C:\pos1354.tmp
C:\pos1355.tmp
C:\pos1356.tmp
C:\pos1357.tmp
C:\pos1358.tmp
C:\pos1359.tmp
C:\pos135A.tmp
C:\pos135B.tmp
C:\pos135C.tmp
C:\pos135D.tmp
C:\pos135E.tmp
C:\pos135F.tmp
C:\pos136.tmp
C:\pos1360.tmp
C:\pos1361.tmp
C:\pos1362.tmp
C:\pos1363.tmp
C:\pos1364.tmp
C:\pos1365.tmp
C:\pos1366.tmp
C:\pos1367.tmp
C:\pos1368.tmp
C:\pos1369.tmp
C:\pos136A.tmp
C:\pos136B.tmp
C:\pos136C.tmp
C:\pos136D.tmp
C:\pos136E.tmp
C:\pos136F.tmp
C:\pos137.tmp
C:\pos1370.tmp
C:\pos1371.tmp
C:\pos1372.tmp
C:\pos1373.tmp
C:\pos1374.tmp
C:\pos1375.tmp
C:\pos1376.tmp
C:\pos1377.tmp
C:\pos1378.tmp
C:\pos1379.tmp
C:\pos137A.tmp
C:\pos137B.tmp
C:\pos137C.tmp
C:\pos137D.tmp
C:\pos137E.tmp
C:\pos137F.tmp
C:\pos138.tmp
C:\pos1380.tmp
C:\pos1381.tmp
C:\pos1382.tmp
C:\pos1383.tmp
C:\pos1384.tmp
C:\pos1385.tmp
C:\pos1386.tmp
C:\pos1387.tmp
C:\pos1388.tmp
C:\pos1389.tmp
C:\pos138A.tmp
C:\pos138B.tmp
C:\pos138C.tmp
C:\pos138D.tmp
C:\pos138E.tmp
C:\pos138F.tmp
C:\pos139.tmp
C:\pos1390.tmp
C:\pos1391.tmp
C:\pos1392.tmp
C:\pos1393.tmp
C:\pos1394.tmp
C:\pos1395.tmp
C:\pos1396.tmp
C:\pos1397.tmp
C:\pos1398.tmp
C:\pos1399.tmp
C:\pos139A.tmp
C:\pos139B.tmp
C:\pos139C.tmp
C:\pos139D.tmp
C:\pos139E.tmp
C:\pos139F.tmp
C:\pos13A.tmp
C:\pos13A0.tmp
C:\pos13A1.tmp
C:\pos13A2.tmp
C:\pos13A3.tmp
C:\pos13A4.tmp
C:\pos13A5.tmp
C:\pos13A6.tmp
C:\pos13A7.tmp
C:\pos13A8.tmp
C:\pos13A9.tmp
C:\pos13AA.tmp
C:\pos13AB.tmp
C:\pos13AC.tmp
C:\pos13AD.tmp
C:\pos13AE.tmp
C:\pos13AF.tmp
C:\pos13B.tmp
C:\pos13B0.tmp
C:\pos13B1.tmp
C:\pos13B2.tmp
C:\pos13B3.tmp
C:\pos13B4.tmp
C:\pos13B5.tmp
C:\pos13B6.tmp
C:\pos13B7.tmp
C:\pos13B8.tmp
C:\pos13B9.tmp
C:\pos13BA.tmp
C:\pos13BB.tmp
C:\pos13BC.tmp
C:\pos13BD.tmp
C:\pos13BE.tmp
C:\pos13BF.tmp
C:\pos13C.tmp
C:\pos13C0.tmp
C:\pos13C1.tmp
C:\pos13C2.tmp
C:\pos13C3.tmp
C:\pos13C4.tmp
C:\pos13C5.tmp
C:\pos13C6.tmp
C:\pos13C7.tmp
C:\pos13C8.tmp
C:\pos13C9.tmp
C:\pos13CA.tmp
C:\pos13CB.tmp
C:\pos13CC.tmp
C:\pos13CD.tmp
C:\pos13CE.tmp
C:\pos13CF.tmp
C:\pos13D.tmp
C:\pos13D0.tmp
C:\pos13D1.tmp
C:\pos13D2.tmp
C:\pos13D3.tmp
C:\pos13D4.tmp
C:\pos13D5.tmp
C:\pos13D6.tmp
C:\pos13D7.tmp
C:\pos13D8.tmp
C:\pos13D9.tmp
C:\pos13DA.tmp
C:\pos13DB.tmp
C:\pos13DC.tmp
C:\pos13DD.tmp
C:\pos13DE.tmp
C:\pos13DF.tmp
C:\pos13E.tmp
C:\pos13E0.tmp
C:\pos13E1.tmp
C:\pos13E2.tmp
C:\pos13E3.tmp
C:\pos13E4.tmp
C:\pos13E5.tmp
C:\pos13E6.tmp
C:\pos13E7.tmp
C:\pos13E8.tmp
C:\pos13E9.tmp
C:\pos13EA.tmp
C:\pos13EB.tmp
C:\pos13EC.tmp
C:\pos13ED.tmp
C:\pos13EE.tmp
C:\pos13EF.tmp
C:\pos13F.tmp
C:\pos13F0.tmp
C:\pos13F1.tmp
C:\pos13F2.tmp
C:\pos13F3.tmp
C:\pos13F4.tmp
C:\pos13F5.tmp
C:\pos13F6.tmp
C:\pos13F7.tmp
C:\pos13F8.tmp
C:\pos13F9.tmp
C:\pos13FA.tmp
C:\pos13FB.tmp
C:\pos13FC.tmp
C:\pos13FD.tmp
C:\pos13FE.tmp
C:\pos13FF.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos1400.tmp
C:\pos1401.tmp
C:\pos1402.tmp
C:\pos1403.tmp
C:\pos1404.tmp
C:\pos1405.tmp
C:\pos1406.tmp
C:\pos1407.tmp
C:\pos1408.tmp
C:\pos1409.tmp
C:\pos140A.tmp
C:\pos140B.tmp
C:\pos140C.tmp
C:\pos140D.tmp
C:\pos140E.tmp
C:\pos140F.tmp
C:\pos141.tmp
C:\pos1410.tmp
C:\pos1411.tmp
C:\pos1412.tmp
C:\pos1413.tmp
C:\pos1414.tmp
C:\pos1415.tmp
C:\pos1416.tmp
C:\pos1417.tmp
C:\pos1418.tmp
C:\pos1419.tmp
C:\pos141A.tmp
C:\pos141B.tmp
C:\pos141C.tmp
C:\pos141D.tmp
C:\pos141E.tmp
C:\pos141F.tmp
C:\pos142.tmp
C:\pos1420.tmp
C:\pos1421.tmp
C:\pos1422.tmp
C:\pos1423.tmp
C:\pos1424.tmp
C:\pos1425.tmp
C:\pos1426.tmp
C:\pos1427.tmp
C:\pos1428.tmp
C:\pos1429.tmp
C:\pos142A.tmp
C:\pos142B.tmp
C:\pos142C.tmp
C:\pos142D.tmp
C:\pos142E.tmp
C:\pos142F.tmp
C:\pos143.tmp
C:\pos1430.tmp
C:\pos1431.tmp
C:\pos1432.tmp
C:\pos1433.tmp
C:\pos1434.tmp
C:\pos1435.tmp
C:\pos1436.tmp
C:\pos1437.tmp
C:\pos1438.tmp
C:\pos1439.tmp
C:\pos143A.tmp
C:\pos143B.tmp
C:\pos143C.tmp
C:\pos143D.tmp
C:\pos143E.tmp
C:\pos143F.tmp
C:\pos144.tmp
C:\pos1440.tmp
C:\pos1441.tmp
C:\pos1442.tmp
C:\pos1443.tmp
C:\pos1444.tmp
C:\pos1445.tmp
C:\pos1446.tmp
C:\pos1447.tmp
C:\pos1448.tmp
C:\pos1449.tmp
C:\pos144A.tmp
C:\pos144B.tmp
C:\pos144C.tmp
C:\pos144D.tmp
C:\pos144E.tmp
C:\pos144F.tmp
C:\pos145.tmp
C:\pos1450.tmp
C:\pos1451.tmp
C:\pos1452.tmp
C:\pos1453.tmp
C:\pos1454.tmp
C:\pos1455.tmp
C:\pos1456.tmp
C:\pos1457.tmp
C:\pos1458.tmp
C:\pos1459.tmp
C:\pos145A.tmp
C:\pos145B.tmp
C:\pos145C.tmp
C:\pos145D.tmp
C:\pos145E.tmp
C:\pos145F.tmp
C:\pos146.tmp
C:\pos1460.tmp
C:\pos1461.tmp
C:\pos1462.tmp
C:\pos1463.tmp
C:\pos1464.tmp
C:\pos1465.tmp
C:\pos1466.tmp
C:\pos1467.tmp
C:\pos1468.tmp
C:\pos1469.tmp
C:\pos146A.tmp
C:\pos146B.tmp
C:\pos146C.tmp
C:\pos146D.tmp
C:\pos146E.tmp
C:\pos146F.tmp
C:\pos147.tmp
C:\pos1470.tmp
C:\pos1471.tmp
C:\pos1472.tmp
C:\pos1473.tmp
C:\pos1474.tmp
C:\pos1475.tmp
C:\pos1476.tmp
C:\pos1477.tmp
C:\pos1478.tmp
C:\pos1479.tmp
C:\pos147A.tmp
C:\pos147B.tmp
C:\pos147C.tmp
C:\pos147D.tmp
C:\pos147E.tmp
C:\pos147F.tmp
C:\pos148.tmp
C:\pos1480.tmp
C:\pos1481.tmp
C:\pos1482.tmp
C:\pos1483.tmp
C:\pos1484.tmp
C:\pos1485.tmp
C:\pos1486.tmp
C:\pos1487.tmp
C:\pos1488.tmp
C:\pos1489.tmp
C:\pos148A.tmp
C:\pos148B.tmp
C:\pos148C.tmp
C:\pos148D.tmp
C:\pos148E.tmp
C:\pos148F.tmp
C:\pos149.tmp
C:\pos1490.tmp
C:\pos1491.tmp
C:\pos1492.tmp
C:\pos1493.tmp
C:\pos1494.tmp
C:\pos1495.tmp
C:\pos1496.tmp
C:\pos1497.tmp
C:\pos1498.tmp
C:\pos1499.tmp
C:\pos149A.tmp
C:\pos149B.tmp
C:\pos149C.tmp
C:\pos149D.tmp
C:\pos149E.tmp
C:\pos149F.tmp
C:\pos14A.tmp
C:\pos14A0.tmp
C:\pos14A1.tmp
C:\pos14A2.tmp
C:\pos14A3.tmp
C:\pos14A4.tmp
C:\pos14A5.tmp
C:\pos14A6.tmp
C:\pos14A7.tmp
C:\pos14A8.tmp
C:\pos14A9.tmp
C:\pos14AA.tmp
C:\pos14AB.tmp
C:\pos14AC.tmp
C:\pos14AD.tmp
C:\pos14AE.tmp
C:\pos14AF.tmp
C:\pos14B.tmp
C:\pos14B0.tmp
C:\pos14B1.tmp
C:\pos14B2.tmp
C:\pos14B3.tmp
C:\pos14B4.tmp
C:\pos14B5.tmp
C:\pos14B6.tmp
C:\pos14B7.tmp
C:\pos14B8.tmp
C:\pos14B9.tmp
C:\pos14BA.tmp
C:\pos14BB.tmp
C:\pos14BC.tmp
C:\pos14BD.tmp
C:\pos14BE.tmp
C:\pos14BF.tmp
C:\pos14C.tmp
C:\pos14C0.tmp
C:\pos14C1.tmp
C:\pos14C2.tmp
C:\pos14C3.tmp
C:\pos14C4.tmp
C:\pos14C5.tmp
C:\pos14C6.tmp
C:\pos14C7.tmp
C:\pos14C8.tmp
C:\pos14C9.tmp
C:\pos14CA.tmp
C:\pos14CB.tmp
C:\pos14CC.tmp
C:\pos14CD.tmp
C:\pos14CE.tmp
C:\pos14CF.tmp
C:\pos14D.tmp
C:\pos14D0.tmp
C:\pos14D1.tmp
C:\pos14D2.tmp
C:\pos14D3.tmp
C:\pos14D4.tmp
C:\pos14D5.tmp
C:\pos14D6.tmp
C:\pos14D7.tmp
C:\pos14D8.tmp
C:\pos14D9.tmp
C:\pos14DA.tmp
C:\pos14DB.tmp
C:\pos14DC.tmp
C:\pos14DD.tmp
C:\pos14DE.tmp
C:\pos14DF.tmp
C:\pos14E.tmp
C:\pos14E0.tmp
C:\pos14E1.tmp
C:\pos14E2.tmp
C:\pos14E3.tmp
C:\pos14E4.tmp
C:\pos14E5.tmp
C:\pos14E6.tmp
C:\pos14E7.tmp
C:\pos14E8.tmp
C:\pos14E9.tmp
C:\pos14EA.tmp
C:\pos14EB.tmp
C:\pos14EC.tmp
C:\pos14ED.tmp
C:\pos14EE.tmp
C:\pos14EF.tmp
C:\pos14F.tmp
C:\pos14F0.tmp
C:\pos14F1.tmp
C:\pos14F2.tmp
C:\pos14F3.tmp
C:\pos14F4.tmp
C:\pos14F5.tmp
C:\pos14F6.tmp
C:\pos14F7.tmp
C:\pos14F8.tmp
C:\pos14F9.tmp
C:\pos14FA.tmp
C:\pos14FB.tmp
C:\pos14FC.tmp
C:\pos14FD.tmp
C:\pos14FE.tmp
C:\pos14FF.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos1500.tmp
C:\pos1501.tmp
C:\pos1502.tmp
C:\pos1503.tmp
C:\pos1504.tmp
C:\pos1505.tmp
C:\pos1506.tmp
C:\pos1507.tmp
C:\pos1508.tmp
C:\pos1509.tmp
C:\pos150A.tmp
C:\pos150B.tmp
C:\pos150C.tmp
C:\pos150D.tmp
C:\pos150E.tmp
C:\pos150F.tmp
C:\pos151.tmp
C:\pos1510.tmp
C:\pos1511.tmp
C:\pos1512.tmp
C:\pos1513.tmp
C:\pos1514.tmp
C:\pos1515.tmp
C:\pos1516.tmp
C:\pos1517.tmp
C:\pos1518.tmp
C:\pos1519.tmp
C:\pos151A.tmp
C:\pos151B.tmp
C:\pos151C.tmp
C:\pos151D.tmp
C:\pos151E.tmp
C:\pos151F.tmp
C:\pos152.tmp
C:\pos1520.tmp
C:\pos1521.tmp
C:\pos1522.tmp
C:\pos1523.tmp
C:\pos1524.tmp
C:\pos1525.tmp
C:\pos1526.tmp
C:\pos1527.tmp
C:\pos1528.tmp
C:\pos1529.tmp
C:\pos152A.tmp
C:\pos152B.tmp
C:\pos152C.tmp
C:\pos152D.tmp
C:\pos152E.tmp
C:\pos152F.tmp
C:\pos153.tmp
C:\pos1530.tmp
C:\pos1531.tmp
C:\pos1532.tmp
C:\pos1533.tmp
C:\pos1534.tmp
C:\pos1535.tmp
C:\pos1536.tmp
C:\pos1537.tmp
C:\pos1538.tmp
C:\pos1539.tmp
C:\pos153A.tmp
C:\pos153B.tmp
C:\pos153C.tmp
C:\pos153D.tmp
C:\pos153E.tmp
C:\pos153F.tmp
C:\pos154.tmp
C:\pos1540.tmp
C:\pos1541.tmp
C:\pos1542.tmp
C:\pos1543.tmp
C:\pos1544.tmp
C:\pos1545.tmp
C:\pos1546.tmp
C:\pos1547.tmp
C:\pos1548.tmp
C:\pos1549.tmp
C:\pos154A.tmp
C:\pos154B.tmp
C:\pos154C.tmp
C:\pos154D.tmp
C:\pos154E.tmp
C:\pos154F.tmp
C:\pos155.tmp
C:\pos1550.tmp
C:\pos1551.tmp
C:\pos1552.tmp
C:\pos1553.tmp
C:\pos1554.tmp
C:\pos1555.tmp
C:\pos1556.tmp
C:\pos1557.tmp
C:\pos1558.tmp
C:\pos1559.tmp
C:\pos155A.tmp
C:\pos155B.tmp
C:\pos155C.tmp
C:\pos155D.tmp
C:\pos155E.tmp
C:\pos155F.tmp
C:\pos156.tmp
C:\pos1560.tmp
C:\pos1561.tmp
C:\pos1562.tmp
C:\pos1563.tmp
C:\pos1564.tmp
C:\pos1565.tmp
C:\pos1566.tmp
C:\pos1567.tmp
C:\pos1568.tmp
C:\pos1569.tmp
C:\pos156A.tmp
C:\pos156B.tmp
C:\pos156C.tmp
C:\pos156D.tmp
C:\pos156E.tmp
C:\pos156F.tmp
C:\pos157.tmp
C:\pos1570.tmp
C:\pos1571.tmp
C:\pos1572.tmp
C:\pos1573.tmp
C:\pos1574.tmp
C:\pos1575.tmp
C:\pos1576.tmp
C:\pos1577.tmp
C:\pos1578.tmp
C:\pos1579.tmp
C:\pos157A.tmp
C:\pos157B.tmp
C:\pos157C.tmp
C:\pos157D.tmp
C:\pos157E.tmp
C:\pos157F.tmp
C:\pos158.tmp
C:\pos1580.tmp
C:\pos1581.tmp
C:\pos1582.tmp
C:\pos1583.tmp
C:\pos1584.tmp
C:\pos1585.tmp
C:\pos1586.tmp
C:\pos1587.tmp
C:\pos1588.tmp
C:\pos1589.tmp
C:\pos158A.tmp
C:\pos158B.tmp
C:\pos158C.tmp
C:\pos158D.tmp
C:\pos158E.tmp
C:\pos158F.tmp
C:\pos159.tmp
C:\pos1590.tmp
C:\pos1591.tmp
C:\pos1592.tmp
C:\pos1593.tmp
C:\pos1594.tmp
C:\pos1595.tmp
C:\pos1596.tmp
C:\pos1597.tmp
C:\pos1598.tmp
C:\pos1599.tmp
C:\pos159A.tmp
C:\pos159B.tmp
C:\pos159C.tmp
C:\pos159D.tmp
C:\pos159E.tmp
C:\pos159F.tmp
C:\pos15A.tmp
C:\pos15A0.tmp
C:\pos15A1.tmp
C:\pos15A2.tmp
C:\pos15A3.tmp
C:\pos15A4.tmp
C:\pos15A5.tmp
C:\pos15A6.tmp
C:\pos15A7.tmp
C:\pos15A8.tmp
C:\pos15A9.tmp
C:\pos15AA.tmp
C:\pos15AB.tmp
C:\pos15AC.tmp
C:\pos15AD.tmp
C:\pos15AE.tmp
C:\pos15AF.tmp
C:\pos15B.tmp
C:\pos15B0.tmp
C:\pos15B1.tmp
C:\pos15B2.tmp
C:\pos15B3.tmp
C:\pos15B4.tmp
C:\pos15B5.tmp
C:\pos15B6.tmp
C:\pos15B7.tmp
C:\pos15B8.tmp
C:\pos15B9.tmp
C:\pos15BA.tmp
C:\pos15BB.tmp
C:\pos15BC.tmp
C:\pos15BD.tmp
C:\pos15BE.tmp
C:\pos15BF.tmp
C:\pos15C.tmp
C:\pos15C0.tmp
C:\pos15C1.tmp
C:\pos15C2.tmp
C:\pos15C3.tmp
C:\pos15C4.tmp
C:\pos15C5.tmp
C:\pos15C6.tmp
C:\pos15C7.tmp
C:\pos15C8.tmp
C:\pos15C9.tmp
C:\pos15CA.tmp
C:\pos15CB.tmp
C:\pos15CC.tmp
C:\pos15CD.tmp
C:\pos15CE.tmp
C:\pos15CF.tmp
C:\pos15D.tmp
C:\pos15D0.tmp
C:\pos15D1.tmp
C:\pos15D2.tmp
C:\pos15D3.tmp
C:\pos15D4.tmp
C:\pos15D5.tmp
C:\pos15D6.tmp
C:\pos15D7.tmp
C:\pos15D8.tmp
C:\pos15D9.tmp
C:\pos15DA.tmp
C:\pos15DB.tmp
C:\pos15DC.tmp
C:\pos15DD.tmp
C:\pos15DE.tmp
C:\pos15DF.tmp
C:\pos15E.tmp
C:\pos15E0.tmp
C:\pos15E1.tmp
C:\pos15E2.tmp
C:\pos15E3.tmp
C:\pos15E4.tmp
C:\pos15E5.tmp
C:\pos15E6.tmp
C:\pos15E7.tmp
C:\pos15E8.tmp
C:\pos15E9.tmp
C:\pos15EA.tmp
C:\pos15EB.tmp
C:\pos15EC.tmp
C:\pos15ED.tmp
C:\pos15EE.tmp
C:\pos15EF.tmp
C:\pos15F.tmp
C:\pos15F0.tmp
C:\pos15F1.tmp
C:\pos15F2.tmp
C:\pos15F3.tmp
C:\pos15F4.tmp
C:\pos15F5.tmp
C:\pos15F6.tmp
C:\pos15F7.tmp
C:\pos15F8.tmp
C:\pos15F9.tmp
C:\pos15FA.tmp
C:\pos15FB.tmp
C:\pos15FC.tmp
C:\pos15FD.tmp
C:\pos15FE.tmp
C:\pos15FF.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos1600.tmp
C:\pos1601.tmp
C:\pos1602.tmp
C:\pos1603.tmp
C:\pos1604.tmp
C:\pos1605.tmp
C:\pos1606.tmp
C:\pos1607.tmp
C:\pos1608.tmp
C:\pos1609.tmp
C:\pos160A.tmp
C:\pos160B.tmp
C:\pos160C.tmp
C:\pos160D.tmp
C:\pos160E.tmp
C:\pos160F.tmp
C:\pos161.tmp
C:\pos1610.tmp
C:\pos1611.tmp
C:\pos1612.tmp
C:\pos1613.tmp
C:\pos1614.tmp
C:\pos1615.tmp
C:\pos1616.tmp
C:\pos1617.tmp
C:\pos1618.tmp
C:\pos1619.tmp
C:\pos161A.tmp
C:\pos161B.tmp
C:\pos161C.tmp
C:\pos161D.tmp
C:\pos161E.tmp
C:\pos161F.tmp
C:\pos162.tmp
C:\pos1620.tmp
C:\pos1621.tmp
C:\pos1622.tmp
C:\pos1623.tmp
C:\pos1624.tmp
C:\pos1625.tmp
C:\pos1626.tmp
C:\pos1627.tmp
C:\pos1628.tmp
C:\pos1629.tmp
C:\pos162A.tmp
C:\pos162B.tmp
C:\pos162C.tmp
C:\pos162D.tmp
C:\pos162E.tmp
C:\pos162F.tmp
C:\pos163.tmp
C:\pos1630.tmp
C:\pos1631.tmp
C:\pos1632.tmp
C:\pos1633.tmp
C:\pos1634.tmp
C:\pos1635.tmp
C:\pos1636.tmp
C:\pos1637.tmp
C:\pos1638.tmp
C:\pos1639.tmp
C:\pos163A.tmp
C:\pos163B.tmp
C:\pos163C.tmp
C:\pos163D.tmp
C:\pos163E.tmp
C:\pos163F.tmp
C:\pos164.tmp
C:\pos1640.tmp
C:\pos1641.tmp
C:\pos1642.tmp
C:\pos1643.tmp
C:\pos1644.tmp
C:\pos1645.tmp
C:\pos1646.tmp
C:\pos1647.tmp
C:\pos1648.tmp
C:\pos1649.tmp
C:\pos164A.tmp
C:\pos164B.tmp
C:\pos164C.tmp
C:\pos164D.tmp
C:\pos164E.tmp
C:\pos164F.tmp
C:\pos165.tmp
C:\pos1650.tmp
C:\pos1651.tmp
C:\pos1652.tmp
C:\pos1653.tmp
C:\pos1654.tmp
C:\pos1655.tmp
C:\pos1656.tmp
C:\pos1657.tmp
C:\pos1658.tmp
C:\pos1659.tmp
C:\pos165A.tmp
C:\pos165B.tmp
C:\pos165C.tmp
C:\pos165D.tmp
C:\pos165E.tmp
C:\pos165F.tmp
C:\pos166.tmp
C:\pos1660.tmp
C:\pos1661.tmp
C:\pos1662.tmp
C:\pos1663.tmp
C:\pos1664.tmp
C:\pos1665.tmp
C:\pos1666.tmp
C:\pos1667.tmp
C:\pos1668.tmp
C:\pos1669.tmp
C:\pos166A.tmp
C:\pos166B.tmp
C:\pos166C.tmp
C:\pos166D.tmp
C:\pos166E.tmp
C:\pos166F.tmp
C:\pos167.tmp
C:\pos1670.tmp
C:\pos1671.tmp
C:\pos1672.tmp
C:\pos1673.tmp
C:\pos1674.tmp
C:\pos1675.tmp
C:\pos1676.tmp
C:\pos1677.tmp
C:\pos1678.tmp
C:\pos1679.tmp
C:\pos167A.tmp
C:\pos167B.tmp
C:\pos167C.tmp
C:\pos167D.tmp
C:\pos167E.tmp
C:\pos167F.tmp
C:\pos168.tmp
C:\pos1680.tmp
C:\pos1681.tmp
C:\pos1682.tmp
C:\pos1683.tmp
C:\pos1684.tmp
C:\pos1685.tmp
C:\pos1686.tmp
C:\pos1687.tmp
C:\pos1688.tmp
C:\pos1689.tmp
C:\pos168A.tmp
C:\pos168B.tmp
C:\pos168C.tmp
C:\pos168D.tmp
C:\pos168E.tmp
C:\pos168F.tmp
C:\pos169.tmp
C:\pos1690.tmp
C:\pos1691.tmp
C:\pos1692.tmp
C:\pos1693.tmp
C:\pos1694.tmp
C:\pos1695.tmp
C:\pos1696.tmp
C:\pos1697.tmp
C:\pos1698.tmp
C:\pos1699.tmp
C:\pos169A.tmp
C:\pos169B.tmp
C:\pos169C.tmp
C:\pos169D.tmp
C:\pos169E.tmp
C:\pos169F.tmp
C:\pos16A.tmp
C:\pos16A0.tmp
C:\pos16A1.tmp
C:\pos16A2.tmp
C:\pos16A3.tmp
C:\pos16A4.tmp
C:\pos16A5.tmp
C:\pos16A6.tmp
C:\pos16A7.tmp
C:\pos16A8.tmp
C:\pos16A9.tmp
C:\pos16AA.tmp
C:\pos16AB.tmp
C:\pos16AC.tmp
C:\pos16AD.tmp
C:\pos16AE.tmp
C:\pos16AF.tmp
C:\pos16B.tmp
C:\pos16B0.tmp
C:\pos16B1.tmp
C:\pos16B2.tmp
C:\pos16B3.tmp
C:\pos16B4.tmp
C:\pos16B5.tmp
C:\pos16B6.tmp
C:\pos16B7.tmp
C:\pos16B8.tmp
C:\pos16B9.tmp
C:\pos16BA.tmp
C:\pos16BB.tmp
C:\pos16BC.tmp
C:\pos16BD.tmp
C:\pos16BE.tmp
C:\pos16BF.tmp
C:\pos16C.tmp
C:\pos16C0.tmp
C:\pos16C1.tmp
C:\pos16C2.tmp
C:\pos16C3.tmp
C:\pos16C4.tmp
C:\pos16C5.tmp
C:\pos16C6.tmp
C:\pos16C7.tmp
C:\pos16C8.tmp
C:\pos16C9.tmp
C:\pos16CA.tmp
C:\pos16CB.tmp
C:\pos16CC.tmp
C:\pos16CD.tmp
C:\pos16CE.tmp
C:\pos16CF.tmp
C:\pos16D.tmp
C:\pos16D0.tmp
C:\pos16D1.tmp
C:\pos16D2.tmp
C:\pos16D3.tmp
C:\pos16D4.tmp
C:\pos16D5.tmp
C:\pos16D6.tmp
C:\pos16D7.tmp
C:\pos16D8.tmp
C:\pos16D9.tmp
C:\pos16DA.tmp
C:\pos16DB.tmp
C:\pos16DC.tmp
C:\pos16DD.tmp
C:\pos16DE.tmp
C:\pos16DF.tmp
C:\pos16E.tmp
C:\pos16E0.tmp
C:\pos16E1.tmp
C:\pos16E2.tmp
C:\pos16E3.tmp
C:\pos16E4.tmp
C:\pos16E5.tmp
C:\pos16E6.tmp
C:\pos16E7.tmp
C:\pos16E8.tmp
C:\pos16E9.tmp
C:\pos16EA.tmp
C:\pos16EB.tmp
C:\pos16EC.tmp
C:\pos16ED.tmp
C:\pos16EE.tmp
C:\pos16EF.tmp
C:\pos16F.tmp
C:\pos16F0.tmp
C:\pos16F1.tmp
C:\pos16F2.tmp
C:\pos16F3.tmp
C:\pos16F4.tmp
C:\pos16F5.tmp
C:\pos16F6.tmp
C:\pos16F7.tmp
C:\pos16F8.tmp
C:\pos16F9.tmp
C:\pos16FA.tmp
C:\pos16FB.tmp
C:\pos16FC.tmp
C:\pos16FD.tmp
C:\pos16FE.tmp
C:\pos16FF.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos1700.tmp
C:\pos1701.tmp
C:\pos1702.tmp
C:\pos1703.tmp
C:\pos1704.tmp
C:\pos1705.tmp
C:\pos1706.tmp
C:\pos1707.tmp
C:\pos1708.tmp
C:\pos1709.tmp
C:\pos170A.tmp
C:\pos170B.tmp
C:\pos170C.tmp
C:\pos170D.tmp
C:\pos170E.tmp
C:\pos170F.tmp
C:\pos171.tmp
C:\pos1710.tmp
C:\pos1711.tmp
C:\pos1712.tmp
C:\pos1713.tmp
C:\pos1714.tmp
C:\pos1715.tmp
C:\pos1716.tmp
C:\pos1717.tmp
C:\pos1718.tmp
C:\pos1719.tmp
C:\pos171A.tmp
C:\pos171B.tmp
C:\pos171C.tmp
C:\pos171D.tmp
C:\pos171E.tmp
C:\pos171F.tmp
C:\pos172.tmp
C:\pos1720.tmp
C:\pos1721.tmp
C:\pos1722.tmp
C:\pos1723.tmp
C:\pos1724.tmp
C:\pos1725.tmp
C:\pos1726.tmp
C:\pos1727.tmp
C:\pos1728.tmp
C:\pos1729.tmp
C:\pos172A.tmp
C:\pos172B.tmp
C:\pos172C.tmp
C:\pos172D.tmp
C:\pos172E.tmp
C:\pos172F.tmp
C:\pos173.tmp
C:\pos1730.tmp
C:\pos1731.tmp
C:\pos1732.tmp
C:\pos1733.tmp
C:\pos1734.tmp
C:\pos1735.tmp
C:\pos1736.tmp
C:\pos1737.tmp
C:\pos1738.tmp
C:\pos1739.tmp
C:\pos173A.tmp
C:\pos173B.tmp
C:\pos173C.tmp
C:\pos173D.tmp
C:\pos173E.tmp
C:\pos173F.tmp
C:\pos174.tmp
C:\pos1740.tmp
C:\pos1741.tmp
C:\pos1742.tmp
C:\pos1743.tmp
C:\pos1744.tmp
C:\pos1745.tmp
C:\pos1746.tmp
C:\pos1747.tmp
C:\pos1748.tmp
C:\pos1749.tmp
C:\pos174A.tmp
C:\pos174B.tmp
C:\pos174C.tmp
C:\pos174D.tmp
C:\pos174E.tmp
C:\pos174F.tmp
C:\pos175.tmp
C:\pos1750.tmp
C:\pos1751.tmp
C:\pos1752.tmp
C:\pos1753.tmp
C:\pos1754.tmp
C:\pos1755.tmp
C:\pos1756.tmp
C:\pos1757.tmp
C:\pos1758.tmp
C:\pos1759.tmp
C:\pos175A.tmp
C:\pos175B.tmp
C:\pos175C.tmp
C:\pos175D.tmp
C:\pos175E.tmp
C:\pos175F.tmp
C:\pos176.tmp
C:\pos1760.tmp
C:\pos1761.tmp
C:\pos1762.tmp
C:\pos1763.tmp
C:\pos1764.tmp
C:\pos1765.tmp
C:\pos1766.tmp
C:\pos1767.tmp
C:\pos1768.tmp
C:\pos1769.tmp
C:\pos176A.tmp
C:\pos176B.tmp
C:\pos176C.tmp
C:\pos176D.tmp
C:\pos176E.tmp
C:\pos176F.tmp
C:\pos177.tmp
C:\pos1770.tmp
C:\pos1771.tmp
C:\pos1772.tmp
C:\pos1773.tmp
C:\pos1774.tmp
C:\pos1775.tmp
C:\pos1776.tmp
C:\pos1777.tmp
C:\pos1778.tmp
C:\pos1779.tmp
C:\pos177A.tmp
C:\pos177B.tmp
C:\pos177C.tmp
C:\pos177D.tmp
C:\pos177E.tmp
C:\pos177F.tmp
C:\pos178.tmp
C:\pos1780.tmp
C:\pos1781.tmp
C:\pos1782.tmp
C:\pos1783.tmp
C:\pos1784.tmp
C:\pos1785.tmp
C:\pos1786.tmp
C:\pos1787.tmp
C:\pos1788.tmp
C:\pos1789.tmp
C:\pos178A.tmp
C:\pos178B.tmp
C:\pos178C.tmp
C:\pos178D.tmp
C:\pos178E.tmp
C:\pos178F.tmp
C:\pos179.tmp
C:\pos1790.tmp
C:\pos1791.tmp
C:\pos1792.tmp
C:\pos1793.tmp
C:\pos1794.tmp
C:\pos1795.tmp
C:\pos1796.tmp
C:\pos1797.tmp
C:\pos1798.tmp
C:\pos1799.tmp
C:\pos179A.tmp
C:\pos179B.tmp
C:\pos179C.tmp
C:\pos179D.tmp
C:\pos179E.tmp
C:\pos179F.tmp
C:\pos17A.tmp
C:\pos17A0.tmp
C:\pos17A1.tmp
C:\pos17A2.tmp
C:\pos17A3.tmp
C:\pos17A4.tmp
C:\pos17A5.tmp
C:\pos17A6.tmp
C:\pos17A7.tmp
C:\pos17A8.tmp
C:\pos17A9.tmp
C:\pos17AA.tmp
C:\pos17AB.tmp
C:\pos17AC.tmp
C:\pos17AD.tmp
C:\pos17AE.tmp
C:\pos17AF.tmp
C:\pos17B.tmp
C:\pos17B0.tmp
C:\pos17B1.tmp
C:\pos17B2.tmp
C:\pos17B3.tmp
C:\pos17B4.tmp
C:\pos17B5.tmp
C:\pos17B6.tmp
C:\pos17B7.tmp
C:\pos17B8.tmp
C:\pos17B9.tmp
C:\pos17BA.tmp
C:\pos17BB.tmp
C:\pos17BC.tmp
C:\pos17BD.tmp
C:\pos17BE.tmp
C:\pos17BF.tmp
C:\pos17C.tmp
C:\pos17C0.tmp
C:\pos17C1.tmp
C:\pos17C2.tmp
C:\pos17C3.tmp
C:\pos17C4.tmp
C:\pos17C5.tmp
C:\pos17C6.tmp
C:\pos17C7.tmp
C:\pos17C8.tmp
C:\pos17C9.tmp
C:\pos17CA.tmp
C:\pos17CB.tmp
C:\pos17CC.tmp
C:\pos17CD.tmp
C:\pos17CE.tmp
C:\pos17CF.tmp
C:\pos17D.tmp
C:\pos17D0.tmp
C:\pos17D1.tmp
C:\pos17D2.tmp
C:\pos17D3.tmp
C:\pos17D4.tmp
C:\pos17D5.tmp
C:\pos17D6.tmp
C:\pos17D7.tmp
C:\pos17D8.tmp
C:\pos17D9.tmp
C:\pos17DA.tmp
C:\pos17DB.tmp
C:\pos17DC.tmp
C:\pos17DD.tmp
C:\pos17DE.tmp
C:\pos17DF.tmp
C:\pos17E.tmp
C:\pos17E0.tmp
C:\pos17E1.tmp
C:\pos17E2.tmp
C:\pos17E3.tmp
C:\pos17E4.tmp
C:\pos17E5.tmp
C:\pos17E6.tmp
C:\pos17E7.tmp
C:\pos17E8.tmp
C:\pos17E9.tmp
C:\pos17EA.tmp
C:\pos17EB.tmp
C:\pos17EC.tmp
C:\pos17ED.tmp
C:\pos17EE.tmp
C:\pos17EF.tmp
C:\pos17F.tmp
C:\pos17F0.tmp
C:\pos17F1.tmp
C:\pos17F2.tmp
C:\pos17F3.tmp
C:\pos17F4.tmp
C:\pos17F5.tmp
C:\pos17F6.tmp
C:\pos17F7.tmp
C:\pos17F8.tmp
C:\pos17F9.tmp
C:\pos17FA.tmp
C:\pos17FB.tmp
C:\pos17FC.tmp
C:\pos17FD.tmp
C:\pos17FE.tmp
C:\pos17FF.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos1800.tmp
C:\pos1801.tmp
C:\pos1802.tmp
C:\pos1803.tmp
C:\pos1804.tmp
C:\pos1805.tmp
C:\pos1806.tmp
C:\pos1807.tmp
C:\pos1808.tmp
C:\pos1809.tmp
C:\pos180A.tmp
C:\pos180B.tmp
C:\pos180C.tmp
C:\pos180D.tmp
C:\pos180E.tmp
C:\pos180F.tmp
C:\pos181.tmp
C:\pos1810.tmp
C:\pos1811.tmp
C:\pos1812.tmp
C:\pos1813.tmp
C:\pos1814.tmp
C:\pos1815.tmp
C:\pos1816.tmp
C:\pos1817.tmp
C:\pos1818.tmp
C:\pos1819.tmp
C:\pos181A.tmp
C:\pos181B.tmp
C:\pos181C.tmp
C:\pos181D.tmp
C:\pos181E.tmp
C:\pos181F.tmp
C:\pos182.tmp
C:\pos1820.tmp
C:\pos1821.tmp
C:\pos1822.tmp
C:\pos1823.tmp
C:\pos1824.tmp
C:\pos1825.tmp
C:\pos1826.tmp
C:\pos1827.tmp
C:\pos1828.tmp
C:\pos1829.tmp
C:\pos182A.tmp
C:\pos182B.tmp
C:\pos182C.tmp
C:\pos182D.tmp
C:\pos182E.tmp
C:\pos182F.tmp
C:\pos183.tmp
C:\pos1830.tmp
C:\pos1831.tmp
C:\pos1832.tmp
C:\pos1833.tmp
C:\pos1834.tmp
C:\pos1835.tmp
C:\pos1836.tmp
C:\pos1837.tmp
C:\pos1838.tmp
C:\pos1839.tmp
C:\pos183A.tmp
C:\pos183B.tmp
C:\pos183C.tmp
C:\pos183D.tmp
C:\pos183E.tmp
C:\pos183F.tmp
C:\pos184.tmp
C:\pos1840.tmp
C:\pos1841.tmp
C:\pos1842.tmp
C:\pos1843.tmp
C:\pos1844.tmp
C:\pos1845.tmp
C:\pos1846.tmp
C:\pos1847.tmp
C:\pos1848.tmp
C:\pos1849.tmp
C:\pos184A.tmp
C:\pos184B.tmp
C:\pos184C.tmp
C:\pos184D.tmp
C:\pos184E.tmp
C:\pos184F.tmp
C:\pos185.tmp
C:\pos1850.tmp
C:\pos1851.tmp
C:\pos1852.tmp
C:\pos1853.tmp
C:\pos1854.tmp
C:\pos1855.tmp
C:\pos1856.tmp
C:\pos1857.tmp
C:\pos1858.tmp
C:\pos1859.tmp
C:\pos185A.tmp
C:\pos185B.tmp
C:\pos185C.tmp
C:\pos185D.tmp
C:\pos185E.tmp
C:\pos185F.tmp
C:\pos186.tmp
C:\pos1860.tmp
C:\pos1861.tmp
C:\pos1862.tmp
C:\pos1863.tmp
C:\pos1864.tmp
C:\pos1865.tmp
C:\pos1866.tmp
C:\pos1867.tmp
C:\pos1868.tmp
C:\pos1869.tmp
C:\pos186A.tmp
C:\pos186B.tmp
C:\pos186C.tmp
C:\pos186D.tmp
C:\pos186E.tmp
C:\pos186F.tmp
C:\pos187.tmp
C:\pos1870.tmp
C:\pos1871.tmp
C:\pos1872.tmp
C:\pos1873.tmp
C:\pos1874.tmp
C:\pos1875.tmp
C:\pos1876.tmp
C:\pos1877.tmp
C:\pos1878.tmp
C:\pos1879.tmp
C:\pos187A.tmp
C:\pos187B.tmp
C:\pos187C.tmp
C:\pos187D.tmp
C:\pos187E.tmp
C:\pos187F.tmp
C:\pos188.tmp
C:\pos1880.tmp
C:\pos1881.tmp
C:\pos1882.tmp
C:\pos1883.tmp
C:\pos1884.tmp
C:\pos1885.tmp
C:\pos1886.tmp
C:\pos1887.tmp
C:\pos1888.tmp
C:\pos1889.tmp
C:\pos188A.tmp
C:\pos188B.tmp
C:\pos188C.tmp
C:\pos188D.tmp
C:\pos188E.tmp
C:\pos188F.tmp
C:\pos189.tmp
C:\pos1890.tmp
C:\pos1891.tmp
C:\pos1892.tmp
C:\pos1893.tmp
C:\pos1894.tmp
C:\pos1895.tmp
C:\pos1896.tmp
C:\pos1897.tmp
C:\pos1898.tmp
C:\pos1899.tmp
C:\pos189A.tmp
C:\pos189B.tmp
C:\pos189C.tmp
C:\pos189D.tmp
C:\pos189E.tmp
C:\pos189F.tmp
C:\pos18A.tmp
C:\pos18A0.tmp
C:\pos18A1.tmp
C:\pos18A2.tmp
C:\pos18A3.tmp
C:\pos18A4.tmp
C:\pos18A5.tmp
C:\pos18A6.tmp
C:\pos18A7.tmp
C:\pos18A8.tmp
C:\pos18A9.tmp
C:\pos18AA.tmp
C:\pos18AB.tmp
C:\pos18AC.tmp
C:\pos18AD.tmp
C:\pos18AE.tmp
C:\pos18AF.tmp
C:\pos18B.tmp
C:\pos18B0.tmp
C:\pos18B1.tmp
C:\pos18B2.tmp
C:\pos18B3.tmp
C:\pos18B4.tmp
C:\pos18B5.tmp
C:\pos18B6.tmp
C:\pos18B7.tmp
C:\pos18B8.tmp
C:\pos18B9.tmp
C:\pos18BA.tmp
C:\pos18BB.tmp
C:\pos18BC.tmp
C:\pos18BD.tmp
C:\pos18BE.tmp
C:\pos18BF.tmp
C:\pos18C.tmp
C:\pos18C0.tmp
C:\pos18C1.tmp
C:\pos18C2.tmp
C:\pos18C3.tmp
C:\pos18C4.tmp
C:\pos18C5.tmp
C:\pos18C6.tmp
C:\pos18C7.tmp
C:\pos18C8.tmp
C:\pos18C9.tmp
C:\pos18CA.tmp
C:\pos18CB.tmp
C:\pos18CC.tmp
C:\pos18CD.tmp
C:\pos18CE.tmp
C:\pos18CF.tmp
C:\pos18D.tmp
C:\pos18D0.tmp
C:\pos18D1.tmp
C:\pos18D2.tmp
C:\pos18D3.tmp
C:\pos18D4.tmp
C:\pos18D5.tmp
C:\pos18D6.tmp
C:\pos18D7.tmp
C:\pos18D8.tmp
C:\pos18D9.tmp
C:\pos18DA.tmp
C:\pos18DB.tmp
C:\pos18DC.tmp
C:\pos18DD.tmp
C:\pos18DE.tmp
C:\pos18DF.tmp
C:\pos18E.tmp
C:\pos18E0.tmp
C:\pos18E1.tmp
C:\pos18E2.tmp
C:\pos18E3.tmp
C:\pos18E4.tmp
C:\pos18E5.tmp
C:\pos18E6.tmp
C:\pos18E7.tmp
C:\pos18E8.tmp
C:\pos18E9.tmp
C:\pos18EA.tmp
C:\pos18EB.tmp
C:\pos18EC.tmp
C:\pos18ED.tmp
C:\pos18EE.tmp
C:\pos18EF.tmp
C:\pos18F.tmp
C:\pos18F0.tmp
C:\pos18F1.tmp
C:\pos18F2.tmp
C:\pos18F3.tmp
C:\pos18F4.tmp
C:\pos18F5.tmp
C:\pos18F6.tmp
C:\pos18F7.tmp
C:\pos18F8.tmp
C:\pos18F9.tmp
C:\pos18FA.tmp
C:\pos18FB.tmp
C:\pos18FC.tmp
C:\pos18FD.tmp
C:\pos18FE.tmp
C:\pos18FF.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos1900.tmp
C:\pos1901.tmp
C:\pos1902.tmp
C:\pos1903.tmp
C:\pos1904.tmp
C:\pos1905.tmp
C:\pos1906.tmp
C:\pos1907.tmp
C:\pos1908.tmp
C:\pos1909.tmp
C:\pos190A.tmp
C:\pos190B.tmp
C:\pos190C.tmp
C:\pos190D.tmp
C:\pos190E.tmp
C:\pos190F.tmp
C:\pos191.tmp
C:\pos1910.tmp
C:\pos1911.tmp
C:\pos1912.tmp
C:\pos1913.tmp
C:\pos1914.tmp
C:\pos1915.tmp
C:\pos1916.tmp
C:\pos1917.tmp
C:\pos1918.tmp
C:\pos1919.tmp
C:\pos191A.tmp
C:\pos191B.tmp
C:\pos191C.tmp
C:\pos191D.tmp
C:\pos191E.tmp
C:\pos191F.tmp
C:\pos192.tmp
C:\pos1920.tmp
C:\pos1921.tmp
C:\pos1922.tmp
C:\pos1923.tmp
C:\pos1924.tmp
C:\pos1925.tmp
C:\pos1926.tmp
C:\pos1927.tmp
C:\pos1928.tmp
C:\pos1929.tmp
C:\pos192A.tmp
C:\pos192B.tmp
C:\pos192C.tmp
C:\pos192D.tmp
C:\pos192E.tmp
C:\pos192F.tmp
C:\pos193.tmp
C:\pos1930.tmp
C:\pos1931.tmp
C:\pos1932.tmp
C:\pos1933.tmp
C:\pos1934.tmp
C:\pos1935.tmp
C:\pos1936.tmp
C:\pos1937.tmp
C:\pos1938.tmp
C:\pos1939.tmp
C:\pos193A.tmp
C:\pos193B.tmp
C:\pos193C.tmp
C:\pos193D.tmp
C:\pos193E.tmp
C:\pos193F.tmp
C:\pos194.tmp
C:\pos1940.tmp
C:\pos1941.tmp
C:\pos1942.tmp
C:\pos1943.tmp
C:\pos1944.tmp
C:\pos1945.tmp
C:\pos1946.tmp
C:\pos1947.tmp
C:\pos1948.tmp
C:\pos1949.tmp
C:\pos194A.tmp
C:\pos194B.tmp
C:\pos194C.tmp
C:\pos194D.tmp
C:\pos194E.tmp
C:\pos194F.tmp
C:\pos195.tmp
C:\pos1950.tmp
C:\pos1951.tmp
C:\pos1952.tmp
C:\pos1953.tmp
C:\pos1954.tmp
C:\pos1955.tmp
C:\pos1956.tmp
C:\pos1957.tmp
C:\pos1958.tmp
C:\pos1959.tmp
C:\pos195A.tmp
C:\pos195B.tmp
C:\pos195C.tmp
C:\pos195D.tmp
C:\pos195E.tmp
C:\pos195F.tmp
C:\pos196.tmp
C:\pos1960.tmp
C:\pos1961.tmp
C:\pos1962.tmp
C:\pos1963.tmp
C:\pos1964.tmp
C:\pos1965.tmp
C:\pos1966.tmp
C:\pos1967.tmp
C:\pos1968.tmp
C:\pos1969.tmp
C:\pos196A.tmp
C:\pos196B.tmp
C:\pos196C.tmp
C:\pos196D.tmp
C:\pos196E.tmp
C:\pos196F.tmp
C:\pos197.tmp
C:\pos1970.tmp
C:\pos1971.tmp
C:\pos1972.tmp
C:\pos1973.tmp
C:\pos1974.tmp
C:\pos1975.tmp
C:\pos1976.tmp
C:\pos1977.tmp
C:\pos1978.tmp
C:\pos1979.tmp
C:\pos197A.tmp
C:\pos197B.tmp
C:\pos197C.tmp
C:\pos197D.tmp
C:\pos197E.tmp
C:\pos197F.tmp
C:\pos198.tmp
C:\pos1980.tmp
C:\pos1981.tmp
C:\pos1982.tmp
C:\pos1983.tmp
C:\pos1984.tmp
C:\pos1985.tmp
C:\pos1986.tmp
C:\pos1987.tmp
C:\pos1988.tmp
C:\pos1989.tmp
C:\pos198A.tmp
C:
  • 0

#3
RKC402
Posted 17 January 2008 - 07:48 PM

RKC402

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OK WELL THANKS GUYS IM SURE U HAVE ALOT TO DO
SO I TOOK IT ON MYSELF TO TRY TO CLEAN UP MY MESS
BUT IF U DO GET THE TIME PLEAST TAKE A LOOK AT MY NEW HIJACKTHIS LOG
AND MY NEW COMBO FIX LOG PLEASE LET ME KNOW IF I GOT EVERYTHING

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:41 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 72.247.80.29 www22.verizon.com
O1 - Hosts: 199.244.218.42 www.capitalone.com
O1 - Hosts: 66.135.208.101 pages.ebay.com
O1 - Hosts: 205.188.138.25 groups.aol.com
O1 - Hosts: 216.109.118.82 us.rd.yahoo.com
O1 - Hosts: 208.178.227.123 www.paymybill.com
O1 - Hosts: 65.54.150.19 moneycentral.msn.com
O1 - Hosts: 207.46.250.101 go.microsoft.com
O1 - Hosts: 205.188.102.12 www.aol.com
O1 - Hosts: 149.174.32.135 www.compuserve.com
O1 - Hosts: 207.217.125.95 www.earthlink.com
O1 - Hosts: 66.45.29.10 www.broadbandcompass.com
O1 - Hosts: 17.149.156.10 store.apple.com
O1 - Hosts: 217.116.231.72 www.cam4.com
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.ini"
O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [RestartNeroSetup] "K:\CDS\Nero\Installation\SetupX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.acehardware-acenet.com
O15 - Trusted Zone: *.acehardware-aceonline.com
O15 - Trusted Zone: *.acehardware-eaglevision.com
O15 - Trusted Zone: *.acehardware-vendors.com
O15 - Trusted Zone: *.aceservices.com
O15 - Trusted Zone: *.acehardware-acenet.com (HKLM)
O15 - Trusted Zone: *.acehardware-aceonline.com (HKLM)
O15 - Trusted Zone: *.acehardware-eaglevision.com (HKLM)
O15 - Trusted Zone: *.acehardware-vendors.com (HKLM)
O15 - Trusted Zone: *.aceservices.com (HKLM)
O16 - DPF: AceIESecuritySettings - http://ww2.acehardwa...itySettings.CAB
O16 - DPF: {24B8CB65-C0D2-11D0-A523-444553540000} (AceExplorer Control) - http://ww1.acehardwa...xpl/AceExpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F841C0-AE16-11D5-8817-0050DA6EF5E5} (FarPoint Spread 6.0 (OLEDB)) - http://ww1.acehardwa...t60/fpspr60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1175264782406
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - file://C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ThereInstallHelper.dll
O16 - DPF: {8B486EF6-6B2A-4A1E-BB0D-236CB2DBB8D2} (There Voice Trainer) - file://c:\Program Files\There\ThereClient\ThereVoiceTrainer.dll
O16 - DPF: {8BF1A503-001F-11D0-A296-00A0246497B9} (ACENET Control) - http://ww1.acehardwa...ENET/ACECTL.CAB
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {C903C000-9C6E-419D-A0AC-2E760BBA3764} (MCSiMenuCtl Class) - http://ww1.acehardwa...Si/McsiMenu.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1666EDA4-ADE6-491B-83E0-DA076FB36449}: NameServer = 69.43.32.27 66.118.64.1
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 8983 bytes
















ComboFix 08-01-14.4 - Administrator 2008-01-15 8:39:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.672 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-14 20:19 . 2008-01-14 21:44 <DIR> d-------- C:\WINDOWS\CAVTemp
2008-01-14 20:13 . 2008-01-14 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-14 20:12 . 2008-01-14 20:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 20:12 . 2008-01-14 20:12 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 20:12 . 2008-01-14 20:12 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-01-14 18:31 . 2008-01-14 18:31 <DIR> d-------- C:\VundoFix Backups
2008-01-14 14:32 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 09:56 . 2008-01-14 09:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-12 22:27 . 2007-07-31 12:50 879,784 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-01-12 22:27 . 2007-07-31 12:50 108,312 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-01-12 22:27 . 2008-01-13 20:38 91,400 --a------ C:\WINDOWS\system32\isafprod.dll
2008-01-12 22:27 . 2008-01-13 20:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-01-12 22:27 . 2008-01-13 20:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-01-12 22:27 . 2008-01-13 20:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-01-12 22:27 . 2008-01-13 20:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-01-12 22:15 . 2008-01-13 20:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-12 22:14 . 2008-01-12 22:27 <DIR> d-------- C:\Program Files\CA
2008-01-12 22:14 . 2008-01-12 22:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CA
2008-01-12 22:14 . 2007-07-31 12:50 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-01-12 22:14 . 2007-07-31 12:50 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-01-10 21:00 . 2008-01-10 21:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2008-01-10 20:50 . 2008-01-10 20:50 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-10 20:42 . 2008-01-10 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-10 20:31 . 2008-01-10 20:31 <DIR> d-------- C:\Program Files\TurboTax
2008-01-10 20:29 . 2008-01-10 20:29 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-04 09:39 . 2008-01-14 13:47 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-02 19:09 . 2008-01-02 19:21 150 --a------ C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
2008-01-01 19:55 . 2008-01-01 19:55 <DIR> d-------- C:\Program Files\Groove Games
2008-01-01 19:42 . 2008-01-01 19:42 <DIR> d-------- C:\Program Files\NovaLogic
2008-01-01 03:28 . 2008-01-05 22:21 81,920 --a------ C:\WINDOWS\system32\ps2 .exe
2008-01-01 03:27 . 2008-01-05 12:49 483,328 --a------ C:\WINDOWS\system32\hphmon05 .exe
2008-01-01 03:27 . 2008-01-05 22:21 118,784 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-01 03:27 . 2008-01-05 22:21 52,736 --a------ C:\WINDOWS\system\hpsysdrv .exe
2008-01-01 03:27 . 2008-01-06 00:46 182 --a------ C:\WINDOWS\system\hpsysdrv .DAT
2007-12-31 21:42 . 2008-01-13 22:24 <DIR> d-------- C:\WINDOWS\system32\ardCo01
2007-12-31 21:42 . 2007-12-31 21:42 <DIR> d-------- C:\TEMP\cEeer12
2007-12-31 14:23 . 2007-12-31 14:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-31 14:23 . 2007-12-31 14:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 11:59 . 2007-12-31 11:59 <DIR> d-------- C:\Program Files\EA Games
2007-12-31 11:59 . 2007-12-31 11:59 617 --a------ C:\WINDOWS\eReg.dat
2007-12-27 18:06 . 2007-12-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-12-27 18:06 . 2007-12-27 18:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MinigolfAdventures
2007-12-27 18:02 . 2007-12-27 18:37 <DIR> d-------- C:\Program Files\Samurize
2007-12-27 17:57 . 2007-12-27 19:36 <DIR> d-------- C:\Program Files\Chromadrome 2
2007-12-27 17:56 . 2007-12-27 17:56 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-27 17:55 . 2007-12-27 17:55 <DIR> d-------- C:\Program Files\Sierra Online
2007-12-27 17:55 . 2005-08-11 14:29 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2007-12-27 17:41 . 2007-12-27 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2007-12-27 17:40 . 2007-12-27 17:40 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2007-12-27 17:39 . 2007-12-27 17:39 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-27 17:39 . 2007-12-27 17:39 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2007-12-27 17:38 . 2007-12-27 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Program Files\Logitech
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-27 17:37 . 2007-12-27 17:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2007-12-27 17:04 . 2007-12-27 17:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-12-27 17:04 . 2007-12-27 17:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-12-27 16:59 . 2007-12-27 17:07 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-27 16:57 . 2007-12-27 16:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-12-27 16:55 . 2007-12-27 16:55 <DIR> d-------- C:\Program Files\Nero
2007-12-27 16:55 . 2007-12-27 16:57 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-27 16:55 . 2007-12-27 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-27 16:49 . 2007-12-31 14:21 <DIR> d-------- C:\MyWorks
2007-12-27 16:49 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-27 16:48 . 2007-12-27 16:49 <DIR> d-------- C:\Program Files\CyberLink
2007-12-23 20:23 . 2008-01-02 20:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\U3
2007-12-17 15:13 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-12-17 15:13 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 03:53 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 07:38 --------- d-----w C:\Program Files\TweakDUN
2008-01-06 07:27 --------- d-----w C:\Program Files\Multimedia Card Reader
2008-01-06 07:20 --------- d-----w C:\Program Files\iTunes
2008-01-06 03:16 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\Binaries\MSConfig .exe
2008-01-05 18:07 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-05 17:47 --------- d-----w C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor
2008-01-05 17:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-03 00:15 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 19:14 --------- d-----w C:\Program Files\Apple Software Update
2007-12-31 17:00 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-29 00:30 --------- d-----w C:\Program Files\ArcSoft
2007-12-27 22:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-27 22:38 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-27 21:53 --------- d-----w C:\Program Files\Ahead
2007-12-09 06:58 --------- d-----w C:\Program Files\Common Files\Filseclab
2007-12-09 06:56 --------- d-----w C:\Program Files\Alwil Software
2007-10-22 23:58 1,721,712 ----a-w C:\WINDOWS\system32\InetClnt.dll
.
<pre>
----a-w			53,248 2008-01-06 05:59:27  C:\hp\bin\AUTOTKIT .EXE
----a-w			61,440 2008-01-04 14:24:48  C:\hp\KBD\KBD .EXE
----a-w		   335,872 2008-01-06 05:59:28  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w		   234,760 2008-01-14 01:57:56  C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID .exe
----a-w		   181,512 2008-01-14 01:57:53  C:\Program Files\CA\CA Internet Security Suite\cctray\cctray .exe
----a-w		   155,648 2008-01-04 14:25:51  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w		   135,214 2008-01-04 14:25:15  C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS .EXE
----a-w		   151,597 2008-01-04 14:24:50  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   155,648 2008-01-04 14:25:03  C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w		   110,592 2008-01-04 14:24:49  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w			56,928 2008-01-04 14:25:40  C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
----a-w			54,832 2008-01-04 14:25:45  C:\Program Files\CyberLink\PowerDVD\Language\Language .exe
----a-w		   901,120 2008-01-06 05:59:26  C:\Program Files\Filseclab\xfilter\xfilter .exe
----a-w			90,112 2008-01-04 14:24:42  C:\Program Files\HP\Digital Imaging\Unload\hpqcmon .exe
----a-w		   257,088 2008-01-04 14:25:22  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			24,576 2008-01-04 14:25:12  C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3 .exe
----a-w		   139,264 2008-01-04 14:25:01  C:\Program Files\Multimedia Card Reader\shwicon2k .exe
----a-w		   282,624 2008-01-14 01:57:06  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   282,624 2008-01-14 01:53:05  C:\Program Files\QuickTime\qttask		.exe
----a-w		   282,624 2008-01-13 04:04:28  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   282,624 2008-01-13 03:30:23  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   282,624 2008-01-13 03:17:20  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   282,624 2008-01-12 15:02:59  C:\Program Files\QuickTime\qttask	.exe
----a-w		   729,088 2008-01-06 05:59:24  C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg .exe
----a-w		   720,896 2008-01-04 14:25:25  C:\Program Files\TweakDUN\tweakdun .exe
----a-w		   790,528 2008-01-04 14:26:05  C:\Program Files\TweakDUN\TweakMeter .exe
----a-w			50,176 2008-01-14 03:29:04  C:\WINDOWS\eHome\ehtray .exe
----a-w		   158,208 2008-01-06 03:16:41  C:\WINDOWS\pchealth\helpctr\Binaries\MSConfig .exe
----a-w		   212,992 2008-01-06 10:35:19  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2008-01-06 03:21:24  C:\WINDOWS\system\hpsysdrv .exe
----a-w			15,360 2008-01-14 18:47:21  C:\WINDOWS\system32\ctfmon .exe
----a-w		   118,784 2008-01-06 03:21:24  C:\WINDOWS\system32\hkcmd .exe
----a-w		   483,328 2008-01-05 17:49:56  C:\WINDOWS\system32\hphmon05 .exe
----a-w			81,920 2008-01-06 03:21:24  C:\WINDOWS\system32\ps2 .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DNS7reminder"="C:\Program Files\ScanSoft\NaturallySpeaking8\Program\ereg.exe" [ ]
"XFILTER"="C:\Program Files\Filseclab\xfilter\xfilter.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 03:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 23:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [ ]
"LTMSG"="LTMSG.exe" [2003-07-14 20:52 40960 C:\WINDOWS\ltmsg.exe]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [ ]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"RestartNeroSetup"="K:\CDS\Nero\Installation\SetupX.exe" [ ]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"KBD"="C:\HP\KBD\KBD.EXE" [ ]
"CamMonitor"="c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [ ]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkjjki]
jkkjjki.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Product Registration.lnk]
path=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Product Registration.lnk
backup=C:\WINDOWS\pss\Product Registration.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakDUN]
C:\Program Files\TweakDUN\tweakdun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TweakMeter]
C:\Program Files\TweakDUN\TweakMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54GS]
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"navapsvc"=2 (0x2)
"WUSB54GSSVC"=2 (0x2)
"NBService"=3 (0x3)
"MDM"=2 (0x2)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"RichVideo"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Fax"=3 (0x3)

R0 XPacket;Filseclab Packet Filter;C:\WINDOWS\system32\xpacket.sys [2006-12-23 14:01]
R2 CX23880;Conexant 23880 Video Capture;C:\WINDOWS\system32\drivers\cx88vid.sys [2003-10-14 21:44]
R2 CX88ENC;Conexant 2388x MPEG Encoder;C:\WINDOWS\system32\drivers\cx88enc.sys [2003-10-14 21:44]
R2 CX88XBAR;Conexant 2388x Crossbar Dual Input;C:\WINDOWS\system32\drivers\CX88XBARDUAL.sys [2003-10-14 21:44]
R2 CXTUNE;Conexant 2388x Tuner;C:\WINDOWS\system32\drivers\CX88TUNE.sys [2003-10-14 21:44]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2003-09-04 09:38]
S3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2008-01-13 20:38]
S3 pwlp;pwlp;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pwlp.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 22:33:58 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Administrator at 10 28 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 08:42:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 8:43:41
ComboFix-quarantined-files.txt 2008-01-15 13:43:32
ComboFix2.txt 2008-01-14 22:31:48

Edited by RKC402, 17 January 2008 - 07:51 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP