Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Vundo Infection [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#1
Rachel Chipman

Rachel Chipman

    Member

  • Member
  • PipPip
  • 12 posts
I have a PC that was infected by Vundo. After reading through the post on cleaning this infection (179976), we were able to get the infection cleaned and things are running much better. However, I still have one issue. The icon for the C: drive is now a RED X intead of a disk drive. How can this be corrected?

Any information is appreciated.
Thank you. :)
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here are the log files for Combofix and HiJackThis. In doing the reply, I attached the files. If this isn't correct, please let me know.
As mentioned in my original post, I ran Combofix and HiJackThis after reading a post on this website for resolving the problem. It cleaned up a lot of stuff but the RED X for the C: drive icon still remains.

Thank you.

Attached Files


  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post the ComboFix log here, it is easier to read that way.
  • 0

#5
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's the ComboFix Log.
ComboFix 08-01-16.3 - Rwchipman 2008-01-16 18:16:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.626 [GMT -5:00]
Running from: C:\Documents and Settings\Rwchipman\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos2.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40B.tmp
C:\pos40C.tmp
C:\pos40D.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41B.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos420.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F7.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FC.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos614.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61D.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D0.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7E5.tmp
C:\pos7E6.tmp
C:\pos7E7.tmp
C:\pos7E8.tmp
C:\pos7E9.tmp
C:\pos7EA.tmp
C:\pos7EB.tmp
C:\pos7EC.tmp
C:\pos7ED.tmp
C:\pos7EE.tmp
C:\pos7EF.tmp
C:\pos7F.tmp
C:\pos7F0.tmp
C:\pos7F1.tmp
C:\pos7F2.tmp
C:\pos7F3.tmp
C:\pos7F4.tmp
C:\pos7F5.tmp
C:\pos7F6.tmp
C:\pos7F7.tmp
C:\pos7F8.tmp
C:\pos7F9.tmp
C:\pos7FA.tmp
C:\pos7FB.tmp
C:\pos7FC.tmp
C:\pos7FD.tmp
C:\pos7FE.tmp
C:\pos7FF.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos839.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos94.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos95.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos96.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos97.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos98.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos99.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos99D.tmp
C:\pos99E.tmp
C:\pos99F.tmp
C:\pos9A.tmp
C:\pos9A0.tmp
C:\pos9A1.tmp
C:\pos9A2.tmp
C:\pos9A3.tmp
C:\pos9A4.tmp
C:\pos9A5.tmp
C:\pos9A6.tmp
C:\pos9A7.tmp
C:\pos9A8.tmp
C:\pos9A9.tmp
C:\pos9AA.tmp
C:\pos9AB.tmp
C:\pos9AC.tmp
C:\pos9AD.tmp
C:\pos9AE.tmp
C:\pos9AF.tmp
C:\pos9B.tmp
C:\pos9B0.tmp
C:\pos9B1.tmp
C:\pos9B2.tmp
C:\pos9B3.tmp
C:\pos9B4.tmp
C:\pos9B5.tmp
C:\pos9B6.tmp
C:\pos9B7.tmp
C:\pos9B8.tmp
C:\pos9B9.tmp
C:\pos9BA.tmp
C:\pos9BB.tmp
C:\pos9BC.tmp
C:\pos9BD.tmp
C:\pos9BE.tmp
C:\pos9BF.tmp
C:\pos9C.tmp
C:\pos9C0.tmp
C:\pos9C1.tmp
C:\pos9C2.tmp
C:\pos9C3.tmp
C:\pos9C4.tmp
C:\pos9C5.tmp
C:\pos9C6.tmp
C:\pos9C7.tmp
C:\pos9C8.tmp
C:\pos9C9.tmp
C:\pos9CA.tmp
C:\pos9CB.tmp
C:\pos9CC.tmp
C:\pos9CD.tmp
C:\pos9CE.tmp
C:\pos9CF.tmp
C:\pos9D.tmp
C:\pos9D0.tmp
C:\pos9D1.tmp
C:\pos9D2.tmp
C:\pos9D3.tmp
C:\pos9D4.tmp
C:\pos9D5.tmp
C:\pos9D6.tmp
C:\pos9D7.tmp
C:\pos9D8.tmp
C:\pos9D9.tmp
C:\pos9DA.tmp
C:\pos9DB.tmp
C:\pos9DC.tmp
C:\pos9DD.tmp
C:\pos9DE.tmp
C:\pos9DF.tmp
C:\pos9E.tmp
C:\pos9E0.tmp
C:\pos9E1.tmp
C:\pos9E2.tmp
C:\pos9E3.tmp
C:\pos9E4.tmp
C:\pos9E5.tmp
C:\pos9E6.tmp
C:\pos9E7.tmp
C:\pos9E8.tmp
C:\pos9E9.tmp
C:\pos9EA.tmp
C:\pos9EB.tmp
C:\pos9EC.tmp
C:\pos9ED.tmp
C:\pos9EE.tmp
C:\pos9EF.tmp
C:\pos9F.tmp
C:\pos9F0.tmp
C:\pos9F1.tmp
C:\pos9F2.tmp
C:\pos9F3.tmp
C:\pos9F4.tmp
C:\pos9F5.tmp
C:\pos9F6.tmp
C:\pos9F7.tmp
C:\pos9F8.tmp
C:\pos9F9.tmp
C:\pos9FA.tmp
C:\pos9FB.tmp
C:\pos9FC.tmp
C:\pos9FD.tmp
C:\pos9FE.tmp
C:\pos9FF.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA00.tmp
C:\posA01.tmp
C:\posA02.tmp
C:\posA03.tmp
C:\posA04.tmp
C:\posA05.tmp
C:\posA06.tmp
C:\posA07.tmp
C:\posA08.tmp
C:\posA09.tmp
C:\posA0A.tmp
C:\posA0B.tmp
C:\posA0C.tmp
C:\posA0D.tmp
C:\posA0E.tmp
C:\posA0F.tmp
C:\posA1.tmp
C:\posA10.tmp
C:\posA11.tmp
C:\posA12.tmp
C:\posA13.tmp
C:\posA14.tmp
C:\posA15.tmp
C:\posA16.tmp
C:\posA17.tmp
C:\posA18.tmp
C:\posA19.tmp
C:\posA1A.tmp
C:\posA1B.tmp
C:\posA1C.tmp
C:\posA1D.tmp
C:\posA1E.tmp
C:\posA1F.tmp
C:\posA2.tmp
C:\posA20.tmp
C:\posA21.tmp
C:\posA22.tmp
C:\posA23.tmp
C:\posA24.tmp
C:\posA25.tmp
C:\posA26.tmp
C:\posA27.tmp
C:\posA28.tmp
C:\posA29.tmp
C:\posA2A.tmp
C:\posA2B.tmp
C:\posA2C.tmp
C:\posA2D.tmp
C:\posA2E.tmp
C:\posA2F.tmp
C:\posA3.tmp
C:\posA30.tmp
C:\posA31.tmp
C:\posA32.tmp
C:\posA33.tmp
C:\posA34.tmp
C:\posA35.tmp
C:\posA36.tmp
C:\posA37.tmp
C:\posA38.tmp
C:\posA39.tmp
C:\posA3A.tmp
C:\posA3B.tmp
C:\posA3C.tmp
C:\posA3D.tmp
C:\posA3E.tmp
C:\posA3F.tmp
C:\posA4.tmp
C:\posA40.tmp
C:\posA41.tmp
C:\posA42.tmp
C:\posA43.tmp
C:\posA44.tmp
C:\posA45.tmp
C:\posA46.tmp
C:\posA47.tmp
C:\posA48.tmp
C:\posA49.tmp
C:\posA4A.tmp
C:\posA4B.tmp
C:\posA4C.tmp
C:\posA4D.tmp
C:\posA4E.tmp
C:\posA4F.tmp
C:\posA5.tmp
C:\posA50.tmp
C:\posA51.tmp
C:\posA52.tmp
C:\posA53.tmp
C:\posA54.tmp
C:\posA55.tmp
C:\posA56.tmp
C:\posA57.tmp
C:\posA58.tmp
C:\posA59.tmp
C:\posA5A.tmp
C:\posA5B.tmp
C:\posA5C.tmp
C:\posA5D.tmp
C:\posA5E.tmp
C:\posA5F.tmp
C:\posA6.tmp
C:\posA60.tmp
C:\posA61.tmp
C:\posA62.tmp
C:\posA63.tmp
C:\posA64.tmp
C:\posA65.tmp
C:\posA66.tmp
C:\posA67.tmp
C:\posA68.tmp
C:\posA69.tmp
C:\posA6A.tmp
C:\posA6B.tmp
C:\posA6C.tmp
C:\posA6D.tmp
C:\posA6E.tmp
C:\posA6F.tmp
C:\posA7.tmp
C:\posA70.tmp
C:\posA71.tmp
C:\posA72.tmp
C:\posA73.tmp
C:\posA74.tmp
C:\posA75.tmp
C:\posA76.tmp
C:\posA77.tmp
C:\posA78.tmp
C:\posA79.tmp
C:\posA7A.tmp
C:\posA7B.tmp
C:\posA7C.tmp
C:\posA7D.tmp
C:\posA7E.tmp
C:\posA7F.tmp
C:\posA8.tmp
C:\posA80.tmp
C:\posA81.tmp
C:\posA82.tmp
C:\posA83.tmp
C:\posA84.tmp
C:\posA85.tmp
C:\posA86.tmp
C:\posA87.tmp
C:\posA88.tmp
C:\posA89.tmp
C:\posA8A.tmp
C:\posA8B.tmp
C:\posA8C.tmp
C:\posA8D.tmp
C:\posA8E.tmp
C:\posA8F.tmp
C:\posA9.tmp
C:\posA90.tmp
C:\posA91.tmp
C:\posA92.tmp
C:\posA93.tmp
C:\posA94.tmp
C:\posA95.tmp
C:\posA96.tmp
C:\posA97.tmp
C:\posA98.tmp
C:\posA99.tmp
C:\posA9A.tmp
C:\posA9B.tmp
C:\posA9C.tmp
C:\posA9D.tmp
C:\posA9E.tmp
C:\posA9F.tmp
C:\posAA.tmp
C:\posAA0.tmp
C:\posAA1.tmp
C:\posAA2.tmp
C:\posAA3.tmp
C:\posAA4.tmp
C:\posAA5.tmp
C:\posAA6.tmp
C:\posAA7.tmp
C:\posAA8.tmp
C:\posAA9.tmp
C:\posAAA.tmp
C:\posAAB.tmp
C:\posAAC.tmp
C:\posAAD.tmp
C:\posAAE.tmp
C:\posAAF.tmp
C:\posAB.tmp
C:\posAB0.tmp
C:\posAB1.tmp
C:\posAB2.tmp
C:\posAB3.tmp
C:\posAB4.tmp
C:\posAB5.tmp
C:\posAB6.tmp
C:\posAB7.tmp
C:\posAB8.tmp
C:\posAB9.tmp
C:\posABA.tmp
C:\posABB.tmp
C:\posABC.tmp
C:\posABD.tmp
C:\posABE.tmp
C:\posABF.tmp
C:\posAC.tmp
C:\posAC0.tmp
C:\posAC1.tmp
C:\posAC2.tmp
C:\posAC3.tmp
C:\posAC4.tmp
C:\posAC5.tmp
C:\posAC6.tmp
C:\posAC7.tmp
C:\posAC8.tmp
C:\posAC9.tmp
C:\posACA.tmp
C:\posACB.tmp
C:\posACC.tmp
C:\posACD.tmp
C:\posACE.tmp
C:\posACF.tmp
C:\posAD.tmp
C:\posAD0.tmp
C:\posAD1.tmp
C:\posAD2.tmp
C:\posAD3.tmp
C:\posAD4.tmp
C:\posAD5.tmp
C:\posAD6.tmp
C:\posAD7.tmp
C:\posAD8.tmp
C:\posAD9.tmp
C:\posADA.tmp
C:\posADB.tmp
C:\posADC.tmp
C:\posADD.tmp
C:\posADE.tmp
C:\posADF.tmp
C:\posAE.tmp
C:\posAE0.tmp
C:\posAE1.tmp
C:\posAE2.tmp
C:\posAE3.tmp
C:\posAE4.tmp
C:\posAE5.tmp
C:\posAE6.tmp
C:\posAE7.tmp
C:\posAE8.tmp
C:\posAE9.tmp
C:\posAEA.tmp
C:\posAEB.tmp
C:\posAEC.tmp
C:\posAED.tmp
C:\posAEE.tmp
C:\posAEF.tmp
C:\posAF.tmp
C:\posAF0.tmp
C:\posAF1.tmp
C:\posAF2.tmp
C:\posAF3.tmp
C:\posAF4.tmp
  • 0

#6
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Remainder of the ComboFix log.
C:\posAF5.tmp
C:\posAF6.tmp
C:\posAF7.tmp
C:\posAF8.tmp
C:\posAF9.tmp
C:\posAFA.tmp
C:\posAFB.tmp
C:\posAFC.tmp
C:\posAFD.tmp
C:\posAFE.tmp
C:\posAFF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB00.tmp
C:\posB01.tmp
C:\posB02.tmp
C:\posB03.tmp
C:\posB04.tmp
C:\posB05.tmp
C:\posB06.tmp
C:\posB07.tmp
C:\posB08.tmp
C:\posB09.tmp
C:\posB0A.tmp
C:\posB0B.tmp
C:\posB0C.tmp
C:\posB0D.tmp
C:\posB0E.tmp
C:\posB0F.tmp
C:\posB1.tmp
C:\posB10.tmp
C:\posB11.tmp
C:\posB12.tmp
C:\posB13.tmp
C:\posB14.tmp
C:\posB15.tmp
C:\posB16.tmp
C:\posB17.tmp
C:\posB18.tmp
C:\posB19.tmp
C:\posB1A.tmp
C:\posB1B.tmp
C:\posB1C.tmp
C:\posB1D.tmp
C:\posB1E.tmp
C:\posB1F.tmp
C:\posB2.tmp
C:\posB20.tmp
C:\posB21.tmp
C:\posB22.tmp
C:\posB23.tmp
C:\posB24.tmp
C:\posB25.tmp
C:\posB26.tmp
C:\posB27.tmp
C:\posB28.tmp
C:\posB29.tmp
C:\posB2A.tmp
C:\posB2B.tmp
C:\posB2C.tmp
C:\posB2D.tmp
C:\posB2E.tmp
C:\posB2F.tmp
C:\posB3.tmp
C:\posB30.tmp
C:\posB31.tmp
C:\posB32.tmp
C:\posB33.tmp
C:\posB34.tmp
C:\posB35.tmp
C:\posB36.tmp
C:\posB37.tmp
C:\posB38.tmp
C:\posB39.tmp
C:\posB3A.tmp
C:\posB3B.tmp
C:\posB3C.tmp
C:\posB3D.tmp
C:\posB3E.tmp
C:\posB3F.tmp
C:\posB4.tmp
C:\posB40.tmp
C:\posB41.tmp
C:\posB42.tmp
C:\posB43.tmp
C:\posB44.tmp
C:\posB45.tmp
C:\posB46.tmp
C:\posB47.tmp
C:\posB48.tmp
C:\posB49.tmp
C:\posB4A.tmp
C:\posB4B.tmp
C:\posB4C.tmp
C:\posB4D.tmp
C:\posB4E.tmp
C:\posB4F.tmp
C:\posB5.tmp
C:\posB50.tmp
C:\posB51.tmp
C:\posB52.tmp
C:\posB53.tmp
C:\posB54.tmp
C:\posB55.tmp
C:\posB56.tmp
C:\posB57.tmp
C:\posB58.tmp
C:\posB59.tmp
C:\posB5A.tmp
C:\posB5B.tmp
C:\posB5C.tmp
C:\posB5D.tmp
C:\posB5E.tmp
C:\posB5F.tmp
C:\posB6.tmp
C:\posB60.tmp
C:\posB61.tmp
C:\posB62.tmp
C:\posB63.tmp
C:\posB64.tmp
C:\posB65.tmp
C:\posB66.tmp
C:\posB67.tmp
C:\posB68.tmp
C:\posB69.tmp
C:\posB6A.tmp
C:\posB6B.tmp
C:\posB6C.tmp
C:\posB6D.tmp
C:\posB6E.tmp
C:\posB6F.tmp
C:\posB7.tmp
C:\posB70.tmp
C:\posB71.tmp
C:\posB72.tmp
C:\posB73.tmp
C:\posB74.tmp
C:\posB75.tmp
C:\posB76.tmp
C:\posB77.tmp
C:\posB78.tmp
C:\posB79.tmp
C:\posB7A.tmp
C:\posB7B.tmp
C:\posB7C.tmp
C:\posB7D.tmp
C:\posB7E.tmp
C:\posB7F.tmp
C:\posB8.tmp
C:\posB80.tmp
C:\posB81.tmp
C:\posB82.tmp
C:\posB83.tmp
C:\posB84.tmp
C:\posB85.tmp
C:\posB86.tmp
C:\posB87.tmp
C:\posB88.tmp
C:\posB89.tmp
C:\posB8A.tmp
C:\posB8B.tmp
C:\posB8C.tmp
C:\posB8D.tmp
C:\posB8E.tmp
C:\posB8F.tmp
C:\posB9.tmp
C:\posB90.tmp
C:\posB91.tmp
C:\posB92.tmp
C:\posB93.tmp
C:\posB94.tmp
C:\posB95.tmp
C:\posB96.tmp
C:\posB97.tmp
C:\posB98.tmp
C:\posB99.tmp
C:\posB9A.tmp
C:\posB9B.tmp
C:\posB9C.tmp
C:\posB9D.tmp
C:\posB9E.tmp
C:\posB9F.tmp
C:\posBA.tmp
C:\posBA0.tmp
C:\posBA1.tmp
C:\posBA2.tmp
C:\posBA3.tmp
C:\posBA4.tmp
C:\posBA5.tmp
C:\posBA6.tmp
C:\posBA7.tmp
C:\posBA8.tmp
C:\posBA9.tmp
C:\posBAA.tmp
C:\posBAB.tmp
C:\posBAC.tmp
C:\posBAD.tmp
C:\posBAE.tmp
C:\posBAF.tmp
C:\posBB.tmp
C:\posBB0.tmp
C:\posBB1.tmp
C:\posBB2.tmp
C:\posBB3.tmp
C:\posBB4.tmp
C:\posBB5.tmp
C:\posBB6.tmp
C:\posBB7.tmp
C:\posBB8.tmp
C:\posBB9.tmp
C:\posBBA.tmp
C:\posBBB.tmp
C:\posBBC.tmp
C:\posBBD.tmp
C:\posBBE.tmp
C:\posBBF.tmp
C:\posBC.tmp
C:\posBC0.tmp
C:\posBC1.tmp
C:\posBC2.tmp
C:\posBC3.tmp
C:\posBC4.tmp
C:\posBC5.tmp
C:\posBC6.tmp
C:\posBC7.tmp
C:\posBC8.tmp
C:\posBC9.tmp
C:\posBCA.tmp
C:\posBCB.tmp
C:\posBCC.tmp
C:\posBCD.tmp
C:\posBCE.tmp
C:\posBCF.tmp
C:\posBD.tmp
C:\posBD0.tmp
C:\posBD1.tmp
C:\posBD2.tmp
C:\posBD3.tmp
C:\posBD4.tmp
C:\posBD5.tmp
C:\posBD6.tmp
C:\posBD7.tmp
C:\posBD8.tmp
C:\posBD9.tmp
C:\posBDA.tmp
C:\posBDB.tmp
C:\posBDC.tmp
C:\posBDD.tmp
C:\posBDE.tmp
C:\posBDF.tmp
C:\posBE.tmp
C:\posBE0.tmp
C:\posBE1.tmp
C:\posBE2.tmp
C:\posBE3.tmp
C:\posBE4.tmp
C:\posBE5.tmp
C:\posBE6.tmp
C:\posBE7.tmp
C:\posBE8.tmp
C:\posBE9.tmp
C:\posBEA.tmp
C:\posBEB.tmp
C:\posBEC.tmp
C:\posBED.tmp
C:\posBEE.tmp
C:\posBEF.tmp
C:\posBF.tmp
C:\posBF0.tmp
C:\posBF1.tmp
C:\posBF2.tmp
C:\posBF3.tmp
C:\posBF4.tmp
C:\posBF5.tmp
C:\posBF6.tmp
C:\posBF7.tmp
C:\posBF8.tmp
C:\posBF9.tmp
C:\posBFA.tmp
C:\posBFB.tmp
C:\posBFC.tmp
C:\posBFD.tmp
C:\posBFE.tmp
C:\posBFF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC00.tmp
C:\posC01.tmp
C:\posC02.tmp
C:\posC03.tmp
C:\posC04.tmp
C:\posC05.tmp
C:\posC06.tmp
C:\posC07.tmp
C:\posC08.tmp
C:\posC09.tmp
C:\posC0A.tmp
C:\posC0B.tmp
C:\posC0C.tmp
C:\posC0D.tmp
C:\posC0E.tmp
C:\posC0F.tmp
C:\posC1.tmp
C:\posC10.tmp
C:\posC11.tmp
C:\posC12.tmp
C:\posC13.tmp
C:\posC14.tmp
C:\posC15.tmp
C:\posC16.tmp
C:\posC17.tmp
C:\posC18.tmp
C:\posC19.tmp
C:\posC1A.tmp
C:\posC1B.tmp
C:\posC1C.tmp
C:\posC1D.tmp
C:\posC1E.tmp
C:\posC1F.tmp
C:\posC2.tmp
C:\posC20.tmp
C:\posC21.tmp
C:\posC22.tmp
C:\posC23.tmp
C:\posC24.tmp
C:\posC25.tmp
C:\posC26.tmp
C:\posC27.tmp
C:\posC28.tmp
C:\posC29.tmp
C:\posC2A.tmp
C:\posC2B.tmp
C:\posC2C.tmp
C:\posC2D.tmp
C:\posC2E.tmp
C:\posC2F.tmp
C:\posC3.tmp
C:\posC30.tmp
C:\posC31.tmp
C:\posC32.tmp
C:\posC33.tmp
C:\posC34.tmp
C:\posC35.tmp
C:\posC36.tmp
C:\posC37.tmp
C:\posC38.tmp
C:\posC39.tmp
C:\posC3A.tmp
C:\posC3B.tmp
C:\posC3C.tmp
C:\posC3D.tmp
C:\posC3E.tmp
C:\posC3F.tmp
C:\posC4.tmp
C:\posC40.tmp
C:\posC41.tmp
C:\posC42.tmp
C:\posC43.tmp
C:\posC44.tmp
C:\posC45.tmp
C:\posC46.tmp
C:\posC47.tmp
C:\posC48.tmp
C:\posC49.tmp
C:\posC4A.tmp
C:\posC4B.tmp
C:\posC4C.tmp
C:\posC4D.tmp
C:\posC4E.tmp
C:\posC4F.tmp
C:\posC5.tmp
C:\posC50.tmp
C:\posC51.tmp
C:\posC52.tmp
C:\posC53.tmp
C:\posC54.tmp
C:\posC55.tmp
C:\posC56.tmp
C:\posC57.tmp
C:\posC58.tmp
C:\posC59.tmp
C:\posC5A.tmp
C:\posC5B.tmp
C:\posC5C.tmp
C:\posC5D.tmp
C:\posC5E.tmp
C:\posC5F.tmp
C:\posC6.tmp
C:\posC60.tmp
C:\posC61.tmp
C:\posC62.tmp
C:\posC63.tmp
C:\posC64.tmp
C:\posC65.tmp
C:\posC66.tmp
C:\posC67.tmp
C:\posC68.tmp
C:\posC69.tmp
C:\posC6A.tmp
C:\posC6B.tmp
C:\posC6C.tmp
C:\posC6D.tmp
C:\posC6E.tmp
C:\posC6F.tmp
C:\posC7.tmp
C:\posC70.tmp
C:\posC71.tmp
C:\posC72.tmp
C:\posC73.tmp
C:\posC74.tmp
C:\posC75.tmp
C:\posC76.tmp
C:\posC77.tmp
C:\posC78.tmp
C:\posC79.tmp
C:\posC7A.tmp
C:\posC7B.tmp
C:\posC7C.tmp
C:\posC7D.tmp
C:\posC7E.tmp
C:\posC7F.tmp
C:\posC8.tmp
C:\posC80.tmp
C:\posC81.tmp
C:\posC82.tmp
C:\posC83.tmp
C:\posC84.tmp
C:\posC85.tmp
C:\posC86.tmp
C:\posC87.tmp
C:\posC88.tmp
C:\posC89.tmp
C:\posC8A.tmp
C:\posC8B.tmp
C:\posC8C.tmp
C:\posC8D.tmp
C:\posC8E.tmp
C:\posC8F.tmp
C:\posC9.tmp
C:\posC90.tmp
C:\posC91.tmp
C:\posC92.tmp
C:\posC93.tmp
C:\posC94.tmp
C:\posC95.tmp
C:\posC96.tmp
C:\posC97.tmp
C:\posC98.tmp
C:\posC99.tmp
C:\posC9A.tmp
C:\posC9B.tmp
C:\posC9C.tmp
C:\posC9D.tmp
C:\posC9E.tmp
C:\posC9F.tmp
C:\posCA.tmp
C:\posCA0.tmp
C:\posCA1.tmp
C:\posCA2.tmp
C:\posCA3.tmp
C:\posCA4.tmp
C:\posCA5.tmp
C:\posCA6.tmp
C:\posCA7.tmp
C:\posCA8.tmp
C:\posCA9.tmp
C:\posCAA.tmp
C:\posCAB.tmp
C:\posCAC.tmp
C:\posCAD.tmp
C:\posCAE.tmp
C:\posCAF.tmp
C:\posCB.tmp
C:\posCB0.tmp
C:\posCB1.tmp
C:\posCB2.tmp
C:\posCB3.tmp
C:\posCB4.tmp
C:\posCB5.tmp
C:\posCB6.tmp
C:\posCB7.tmp
C:\posCB8.tmp
C:\posCB9.tmp
C:\posCBA.tmp
C:\posCBB.tmp
C:\posCBC.tmp
C:\posCBD.tmp
C:\posCBE.tmp
C:\posCBF.tmp
C:\posCC.tmp
C:\posCC0.tmp
C:\posCC1.tmp
C:\posCC2.tmp
C:\posCC3.tmp
C:\posCC4.tmp
C:\posCC5.tmp
C:\posCC6.tmp
C:\posCC7.tmp
C:\posCC8.tmp
C:\posCC9.tmp
C:\posCCA.tmp
C:\posCCB.tmp
C:\posCCC.tmp
C:\posCCD.tmp
C:\posCCE.tmp
C:\posCCF.tmp
C:\posCD.tmp
C:\posCD0.tmp
C:\posCD1.tmp
C:\posCD2.tmp
C:\posCD3.tmp
C:\posCD4.tmp
C:\posCD5.tmp
C:\posCD6.tmp
C:\posCD7.tmp
C:\posCD8.tmp
C:\posCD9.tmp
C:\posCDA.tmp
C:\posCDB.tmp
C:\posCDC.tmp
C:\posCDD.tmp
C:\posCDE.tmp
C:\posCDF.tmp
C:\posCE.tmp
C:\posCE0.tmp
C:\posCE1.tmp
C:\posCE2.tmp
C:\posCE3.tmp
C:\posCE4.tmp
C:\posCE5.tmp
C:\posCE6.tmp
C:\posCE7.tmp
C:\posCE8.tmp
C:\posCE9.tmp
C:\posCEA.tmp
C:\posCEB.tmp
C:\posCEC.tmp
C:\posCED.tmp
C:\posCEE.tmp
C:\posCEF.tmp
C:\posCF.tmp
C:\posCF0.tmp
C:\posCF1.tmp
C:\posCF2.tmp
C:\posCF3.tmp
C:\posCF4.tmp
C:\posCF5.tmp
C:\posCF6.tmp
C:\posCF7.tmp
C:\posCF8.tmp
C:\posCF9.tmp
C:\posCFA.tmp
C:\posCFB.tmp
C:\posCFC.tmp
C:\posCFD.tmp
C:\posCFE.tmp
C:\posCFF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD00.tmp
C:\posD01.tmp
C:\posD02.tmp
C:\posD03.tmp
C:\posD04.tmp
C:\posD05.tmp
C:\posD06.tmp
C:\posD07.tmp
C:\posD08.tmp
C:\posD09.tmp
C:\posD0A.tmp
C:\posD0B.tmp
C:\posD0C.tmp
C:\posD0D.tmp
C:\posD0E.tmp
C:\posD0F.tmp
C:\posD1.tmp
C:\posD10.tmp
C:\posD11.tmp
C:\posD12.tmp
C:\posD13.tmp
C:\posD14.tmp
C:\posD15.tmp
C:\posD16.tmp
C:\posD17.tmp
C:\posD18.tmp
C:\posD19.tmp
C:\posD1A.tmp
C:\posD1B.tmp
C:\posD1C.tmp
C:\posD1D.tmp
C:\posD1E.tmp
C:\posD1F.tmp
C:\posD2.tmp
C:\posD20.tmp
C:\posD21.tmp
C:\posD22.tmp
C:\posD23.tmp
C:\posD24.tmp
C:\posD25.tmp
C:\posD26.tmp
C:\posD27.tmp
C:\posD28.tmp
C:\posD29.tmp
C:\posD2A.tmp
C:\posD2B.tmp
C:\posD2C.tmp
C:\posD2D.tmp
C:\posD2E.tmp
C:\posD2F.tmp
C:\posD3.tmp
C:\posD30.tmp
C:\posD31.tmp
C:\posD32.tmp
C:\posD33.tmp
C:\posD34.tmp
C:\posD35.tmp
C:\posD36.tmp
C:\posD37.tmp
C:\posD38.tmp
C:\posD39.tmp
C:\posD3A.tmp
C:\posD3B.tmp
C:\posD3C.tmp
C:\posD3D.tmp
C:\posD3E.tmp
C:\posD3F.tmp
C:\posD4.tmp
C:\posD40.tmp
C:\posD41.tmp
C:\posD42.tmp
C:\posD43.tmp
C:\posD44.tmp
C:\posD45.tmp
C:\posD46.tmp
C:\posD47.tmp
C:\posD48.tmp
C:\posD49.tmp
C:\posD4A.tmp
C:\posD4B.tmp
C:\posD4C.tmp
C:\posD4D.tmp
C:\posD4E.tmp
C:\posD4F.tmp
C:\posD5.tmp
C:\posD50.tmp
C:\posD51.tmp
C:\posD52.tmp
C:\posD53.tmp
C:\posD54.tmp
C:\posD55.tmp
C:\posD56.tmp
C:\posD57.tmp
C:\posD58.tmp
C:\posD59.tmp
C:\posD5A.tmp
C:\posD5B.tmp
C:\posD5C.tmp
C:\posD5D.tmp
C:\posD5E.tmp
C:\posD5F.tmp
C:\posD6.tmp
C:\posD60.tmp
C:\posD61.tmp
C:\posD62.tmp
C:\posD63.tmp
C:\posD64.tmp
C:\posD65.tmp
C:\posD66.tmp
C:\posD67.tmp
C:\posD68.tmp
C:\posD69.tmp
C:\posD6A.tmp
C:\posD6B.tmp
C:\posD6C.tmp
C:\posD6D.tmp
C:\posD6E.tmp
C:\posD6F.tmp
C:\posD7.tmp
C:\posD70.tmp
C:\posD71.tmp
C:\posD72.tmp
C:\posD73.tmp
C:\posD74.tmp
C:\posD75.tmp
C:\posD76.tmp
C:\posD77.tmp
C:\posD78.tmp
C:\posD79.tmp
C:\posD7A.tmp
C:\posD7B.tmp
C:\posD7C.tmp
C:\posD7D.tmp
C:\posD7E.tmp
C:\posD7F.tmp
C:\posD8.tmp
C:\posD80.tmp
C:\posD81.tmp
C:\posD82.tmp
C:\posD83.tmp
C:\posD84.tmp
C:\posD85.tmp
C:\posD86.tmp
C:\posD87.tmp
C:\posD88.tmp
C:\posD89.tmp
C:\posD8A.tmp
C:\posD8B.tmp
C:\posD8C.tmp
C:\posD8D.tmp
C:\posD8E.tmp
C:\posD8F.tmp
C:\posD9.tmp
C:\posD90.tmp
C:\posD91.tmp
C:\posD92.tmp
C:\posD93.tmp
C:\posD94.tmp
C:\posD95.tmp
C:\posD96.tmp
C:\posD97.tmp
C:\posD98.tmp
C:\posD99.tmp
C:\posD9A.tmp
C:\posD9B.tmp
C:\posD9C.tmp
C:\posD9D.tmp
C:\posD9E.tmp
C:\posD9F.tmp
C:\posDA.tmp
C:\posDA0.tmp
C:\posDA1.tmp
C:\posDA2.tmp
C:\posDA3.tmp
C:\posDA4.tmp
C:\posDA5.tmp
C:\posDA6.tmp
C:\posDA7.tmp
C:\posDA8.tmp
C:\posDA9.tmp
C:\posDAA.tmp
C:\posDAB.tmp
C:\posDAC.tmp
C:\posDAD.tmp
C:\posDAE.tmp
C:\posDAF.tmp
C:\posDB.tmp
C:\posDB0.tmp
C:\posDB1.tmp
C:\posDB2.tmp
C:\posDB3.tmp
C:\posDB4.tmp
C:\posDB5.tmp
C:\posDB6.tmp
C:\posDB7.tmp
C:\posDB8.tmp
C:\posDB9.tmp
C:\posDBA.tmp
C:\posDBB.tmp
C:\posDBC.tmp
C:\posDBD.tmp
C:\posDBE.tmp
C:\posDBF.tmp
C:\posDC.tmp
C:\posDC0.tmp
C:\posDC1.tmp
C:\posDC2.tmp
C:\posDC3.tmp
C:\posDC4.tmp
C:\posDC5.tmp
C:\posDC6.tmp
C:\posDC7.tmp
C:\posDC8.tmp
C:\posDC9.tmp
C:\posDCA.tmp
C:\posDCB.tmp
C:\posDCC.tmp
C:\posDCD.tmp
C:\posDCE.tmp
C:\posDCF.tmp
C:\posDD.tmp
C:\posDD0.tmp
C:\posDD1.tmp
C:\posDD2.tmp
C:\posDD3.tmp
C:\posDD4.tmp
C:\posDD5.tmp
C:\posDD6.tmp
C:\posDD7.tmp
C:\posDD8.tmp
C:\posDD9.tmp
C:\posDDA.tmp
C:\posDDB.tmp
C:\posDDC.tmp
C:\posDDD.tmp
C:\posDDE.tmp
C:\posDDF.tmp
C:\posDE.tmp
C:\posDE0.tmp
C:\posDE1.tmp
C:\posDE2.tmp
C:\posDE3.tmp
C:\posDE4.tmp
C:\posDE5.tmp
C:\posDE6.tmp
C:\posDE7.tmp
C:\posDE9.tmp
C:\posDEA.tmp
C:\posDEB.tmp
C:\posDEC.tmp
C:\posDED.tmp
C:\posDEE.tmp
C:\posDEF.tmp
C:\posDF.tmp
C:\posDF0.tmp
C:\posDF1.tmp
C:\posDF2.tmp
C:\posDF3.tmp
C:\posDF4.tmp
C:\posDF5.tmp
C:\posDF6.tmp
C:\posDF7.tmp
C:\posDF8.tmp
C:\posDF9.tmp
C:\posDFA.tmp
C:\posDFB.tmp
C:\posDFC.tmp
C:\posDFD.tmp
C:\posDFE.tmp
C:\posDFF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE01.tmp
C:\posE02.tmp
C:\posE03.tmp
C:\posE04.tmp
C:\posE05.tmp
C:\posE06.tmp
C:\posE07.tmp
C:\posE08.tmp
C:\posE09.tmp
C:\posE0A.tmp
C:\posE0B.tmp
C:\posE0C.tmp
C:\posE0D.tmp
C:\posE0E.tmp
C:\posE0F.tmp
C:\posE1.tmp
C:\posE10.tmp
C:\posE11.tmp
C:\posE12.tmp
C:\posE13.tmp
C:\posE14.tmp
C:\posE15.tmp
C:\posE16.tmp
C:\posE17.tmp
C:\posE18.tmp
C:\posE19.tmp
C:\posE1A.tmp
C:\posE1B.tmp
C:\posE1C.tmp
C:\posE1D.tmp
C:\posE1E.tmp
C:\posE1F.tmp
C:\posE2.tmp
C:\posE20.tmp
C:\posE21.tmp
C:\posE22.tmp
C:\posE23.tmp
C:\posE24.tmp
C:\posE25.tmp
C:\posE26.tmp
C:\posE27.tmp
C:\posE28.tmp
C:\posE29.tmp
C:\posE2A.tmp
C:\posE2B.tmp
C:\posE2C.tmp
C:\posE2D.tmp
C:\posE2E.tmp
C:\posE2F.tmp
C:\posE3.tmp
C:\posE30.tmp
C:\posE31.tmp
C:\posE32.tmp
C:\posE33.tmp
C:\posE34.tmp
C:\posE35.tmp
C:\posE36.tmp
C:\posE37.tmp
C:\posE38.tmp
C:\posE39.tmp
C:\posE3A.tmp
C:\posE3B.tmp
C:\posE3C.tmp
C:\posE3D.tmp
C:\posE3E.tmp
C:\posE3F.tmp
C:\posE4.tmp
C:\posE40.tmp
C:\posE41.tmp
C:\posE42.tmp
C:\posE43.tmp
C:\posE44.tmp
C:\posE45.tmp
C:\posE46.tmp
C:\posE47.tmp
C:\posE48.tmp
C:\posE49.tmp
C:\posE4A.tmp
C:\posE4B.tmp
C:\posE4C.tmp
C:\posE4D.tmp
C:\posE4E.tmp
C:\posE4F.tmp
C:\posE5.tmp
C:\posE50.tmp
C:\posE51.tmp
C:\posE52.tmp
C:\posE53.tmp
C:\posE54.tmp
C:\posE55.tmp
C:\posE56.tmp
C:\posE57.tmp
C:\posE58.tmp
C:\posE59.tmp
C:\posE5A.tmp
C:\posE5B.tmp
C:\posE5C.tmp
C:\posE5D.tmp
C:\posE5E.tmp
C:\posE5F.tmp
C:\posE6.tmp
C:\posE60.tmp
C:\posE61.tmp
C:\posE62.tmp
C:\posE63.tmp
C:\posE64.tmp
C:\posE65.tmp
C:\posE66.tmp
C:\posE67.tmp
C:\posE68.tmp
C:\posE69.tmp
C:\posE6A.tmp
C:\posE6B.tmp
C:\posE6C.tmp
C:\posE6D.tmp
C:\posE6E.tmp
C:\posE6F.tmp
C:\posE7.tmp
C:\posE70.tmp
C:\posE71.tmp
C:\posE72.tmp
C:\posE73.tmp
C:\posE74.tmp
C:\posE75.tmp
C:\posE76.tmp
C:\posE77.tmp
C:\posE78.tmp
C:\posE79.tmp
C:\posE7A.tmp
C:\posE7B.tmp
C:\posE7C.tmp
C:\posE7D.tmp
C:\posE7E.tmp
C:\posE7F.tmp
C:\posE8.tmp
C:\posE80.tmp
C:\posE81.tmp
C:\posE82.tmp
C:\posE83.tmp
C:\posE84.tmp
C:\posE85.tmp
C:\posE86.tmp
C:\posE87.tmp
C:\posE88.tmp
C:\posE89.tmp
C:\posE8A.tmp
C:\posE8B.tmp
C:\posE8C.tmp
C:\posE8D.tmp
C:\posE8E.tmp
C:\posE8F.tmp
C:\posE9.tmp
C:\posE90.tmp
C:\posE91.tmp
C:\posE92.tmp
C:\posE93.tmp
C:\posE94.tmp
C:\posE95.tmp
C:\posE96.tmp
C:\posE97.tmp
C:\posE98.tmp
C:\posE99.tmp
C:\posE9A.tmp
C:\posE9B.tmp
C:\posE9C.tmp
C:\posE9D.tmp
C:\posE9E.tmp
C:\posE9F.tmp
C:\posEA.tmp
C:\posEA0.tmp
C:\posEA1.tmp
C:\posEA2.tmp
C:\posEA3.tmp
C:\posEA4.tmp
C:\posEA5.tmp
C:\posEA6.tmp
C:\posEA7.tmp
C:\posEA8.tmp
C:\posEA9.tmp
C:\posEAA.tmp
C:\posEAB.tmp
C:\posEAC.tmp
C:\posEAD.tmp
C:\posEAE.tmp
C:\posEAF.tmp
C:\posEB.tmp
C:\posEB0.tmp
C:\posEB1.tmp
C:\posEB2.tmp
C:\posEB3.tmp
C:\posEB4.tmp
C:\posEB5.tmp
C:\posEB6.tmp
C:\posEB7.tmp
C:\posEB8.tmp
C:\posEB9.tmp
C:\posEBA.tmp
C:\posEBB.tmp
C:\posEBC.tmp
C:\posEBD.tmp
C:\posEBE.tmp
C:\posEBF.tmp
C:\posEC.tmp
C:\posEC0.tmp
C:\posEC1.tmp
C:\posEC2.tmp
C:\posEC3.tmp
C:\posEC4.tmp
C:\posEC5.tmp
C:\posEC6.tmp
C:\posEC7.tmp
C:\posEC8.tmp
C:\posEC9.tmp
C:\posECA.tmp
C:\posECB.tmp
C:\posECC.tmp
C:\posECD.tmp
C:\posECE.tmp
C:\posECF.tmp
C:\posED.tmp
C:\posED0.tmp
C:\posED1.tmp
C:\posED2.tmp
C:\posED3.tmp
C:\posED4.tmp
C:\posED5.tmp
C:\posED6.tmp
C:\posED7.tmp
C:\posED8.tmp
C:\posED9.tmp
C:\posEDA.tmp
C:\posEDB.tmp
C:\posEDC.tmp
C:\posEDD.tmp
C:\posEDE.tmp
C:\posEDF.tmp
C:\posEE.tmp
C:\posEE0.tmp
C:\posEE1.tmp
C:\posEE2.tmp
C:\posEE3.tmp
C:\posEE4.tmp
C:\posEE5.tmp
C:\posEE6.tmp
C:\posEE7.tmp
C:\posEE8.tmp
C:\posEE9.tmp
C:\posEEA.tmp
C:\posEEB.tmp
C:\posEEC.tmp
C:\posEED.tmp
C:\posEEE.tmp
C:\posEEF.tmp
C:\posEF.tmp
C:\posEF0.tmp
C:\posEF1.tmp
C:\posEF2.tmp
C:\posEF3.tmp
C:\posEF4.tmp
C:\posEF5.tmp
C:\posEF6.tmp
C:\posEF7.tmp
C:\posEF8.tmp
C:\posEF9.tmp
C:\posEFA.tmp
C:\posEFB.tmp
C:\posEFC.tmp
C:\posEFD.tmp
C:\posEFE.tmp
C:\posEFF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF00.tmp
C:\posF01.tmp
C:\posF02.tmp
C:\posF03.tmp
C:\posF04.tmp
C:\posF05.tmp
C:\posF06.tmp
C:\posF07.tmp
C:\posF08.tmp
C:\posF09.tmp
C:\posF0A.tmp
C:\posF0B.tmp
C:\posF0C.tmp
C:\posF0D.tmp
C:\posF0E.tmp
C:\posF0F.tmp
C:\posF1.tmp
C:\posF10.tmp
C:\posF11.tmp
C:\posF12.tmp
C:\posF13.tmp
C:\posF14.tmp
C:\posF15.tmp
C:\posF16.tmp
C:\posF17.tmp
C:\posF18.tmp
C:\posF19.tmp
C:\posF1A.tmp
C:\posF1B.tmp
C:\posF1C.tmp
C:\posF1D.tmp
C:\posF1E.tmp
C:\posF1F.tmp
C:\posF2.tmp
C:\posF20.tmp
C:\posF21.tmp
C:\posF22.tmp
C:\posF23.tmp
C:\posF24.tmp
C:\posF25.tmp
C:\posF26.tmp
C:\posF27.tmp
C:\posF28.tmp
C:\posF29.tmp
C:\posF2A.tmp
C:\posF2B.tmp
C:\posF2C.tmp
C:\posF2D.tmp
C:\posF2E.tmp
C:\posF2F.tmp
C:\posF3.tmp
C:\posF30.tmp
C:\posF31.tmp
C:\posF32.tmp
C:\posF33.tmp
C:\posF34.tmp
C:\posF35.tmp
C:\posF36.tmp
C:\posF37.tmp
C:\posF38.tmp
C:\posF39.tmp
C:\posF3A.tmp
C:\posF3B.tmp
C:\posF3C.tmp
C:\posF3D.tmp
C:\posF3E.tmp
C:\posF3F.tmp
C:\posF4.tmp
C:\posF40.tmp
C:\posF41.tmp
C:\posF42.tmp
C:\posF43.tmp
C:\posF44.tmp
C:\posF45.tmp
C:\posF46.tmp
C:\posF47.tmp
C:\posF48.tmp
C:\posF49.tmp
C:\posF4A.tmp
C:\posF4B.tmp
C:\posF4C.tmp
C:\posF4D.tmp
C:\posF4E.tmp
C:\posF4F.tmp
C:\posF5.tmp
C:\posF50.tmp
C:\posF51.tmp
C:\posF52.tmp
C:\posF53.tmp
C:\posF54.tmp
C:\posF55.tmp
C:\posF56.tmp
C:\posF57.tmp
C:\posF58.tmp
C:\posF59.tmp
C:\posF5A.tmp
C:\posF5B.tmp
C:\posF5C.tmp
C:\posF5D.tmp
C:\posF5E.tmp
C:\posF5F.tmp
C:\posF6.tmp
C:\posF60.tmp
C:\posF61.tmp
C:\posF62.tmp
C:\posF63.tmp
C:\posF64.tmp
C:\posF65.tmp
C:\posF66.tmp
C:\posF67.tmp
C:\posF68.tmp
C:\posF69.tmp
C:\posF6A.tmp
C:\posF6B.tmp
C:\posF6C.tmp
C:\posF6D.tmp
C:\posF6E.tmp
C:\posF6F.tmp
C:\posF7.tmp
C:\posF70.tmp
C:\posF71.tmp
C:\posF72.tmp
C:\posF73.tmp
C:\posF74.tmp
C:\posF75.tmp
C:\posF76.tmp
C:\posF77.tmp
C:\posF78.tmp
C:\posF79.tmp
C:\posF7A.tmp
C:\posF7B.tmp
C:\posF7C.tmp
C:\posF7D.tmp
C:\posF7E.tmp
C:\posF7F.tmp
C:\posF8.tmp
C:\posF80.tmp
C:\posF81.tmp
C:\posF82.tmp
C:\posF83.tmp
C:\posF84.tmp
C:\posF85.tmp
C:\posF86.tmp
C:\posF87.tmp
C:\posF88.tmp
C:\posF89.tmp
C:\posF8A.tmp
C:\posF8B.tmp
C:\posF8C.tmp
C:\posF8D.tmp
C:\posF8E.tmp
C:\posF8F.tmp
C:\posF9.tmp
C:\posF90.tmp
C:\posF91.tmp
C:\posF92.tmp
C:\posF93.tmp
C:\posF94.tmp
C:\posF95.tmp
C:\posF96.tmp
C:\posF97.tmp
C:\posF98.tmp
C:\posF99.tmp
C:\posF9A.tmp
C:\posF9B.tmp
C:\posF9C.tmp
C:\posF9D.tmp
C:\posF9E.tmp
C:\posF9F.tmp
C:\posFA.tmp
C:\posFA0.tmp
C:\posFA1.tmp
C:\posFA2.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\WinAble
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\icon.ico
C:\WINDOWS\system32\ajxjhrux.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\eqvtnnay.dll
C:\WINDOWS\system32\ffqyxftr.dll
C:\WINDOWS\SYSTEM32\frxupurw.ini
C:\WINDOWS\system32\iiffcaw.dll
C:\WINDOWS\system32\jbhvhkqt.dll
C:\WINDOWS\system32\jrsxilgo.dll
C:\WINDOWS\system32\jvrlayph.dll
C:\WINDOWS\SYSTEM32\lnnmp.ini
C:\WINDOWS\SYSTEM32\lnnmp.ini2
C:\WINDOWS\system32\mywtfjgh.dll
C:\WINDOWS\system32\nojhkecd.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnnl.dll
C:\WINDOWS\system32\pmnnl.exe
C:\WINDOWS\SYSTEM32\qcpqcbdr.ini
C:\WINDOWS\system32\rdbcqpcq.dll
C:\WINDOWS\system32\tsixsnty.dll
C:\WINDOWS\system32\vanlxfly.dll
C:\WINDOWS\system32\vbczbivj.dll
C:\WINDOWS\system32\vbczbivj.dllbox
C:\WINDOWS\system32\vtaulfet.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wrupuxrf.dll
C:\WINDOWS\SYSTEM32\xkvudlhy.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 )))))))))))))))))))))))))))))))
.

2008-01-16 18:08 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-15 18:21 . 2004-01-14 20:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2008-01-08 07:17 . 2008-01-15 09:08 594 --ahs---- C:\WINDOWS\SYSTEM32\yqenmrwp.ini
2008-01-07 23:44 . 2008-01-07 23:45 <DIR> d-------- C:\EOrganizer
2007-12-28 17:24 . 2008-01-06 19:06 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray .exe
2007-12-28 17:24 . 2008-01-06 19:06 114,688 --a------ C:\WINDOWS\SYSTEM32\hkcmd .exe
2007-12-28 14:10 . 2008-01-16 19:52 16,929 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2007-12-28 14:09 . 2007-12-28 14:09 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-28 14:08 . 2007-12-31 09:32 <DIR> d-------- C:\Program Files\SiteAdvisor
2007-12-28 14:08 . 2008-01-16 18:09 <DIR> d-------- C:\Documents and Settings\Rwchipman\Application Data\SiteAdvisor
2007-12-28 14:08 . 2008-01-07 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-28 14:05 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-12-28 14:00 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-12-28 14:00 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-12-28 14:00 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-12-28 14:00 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-12-28 14:00 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-12-28 13:59 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-12-28 13:57 . 2007-12-28 14:00 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-12-28 13:56 . 2008-01-16 09:12 <DIR> d-------- C:\Program Files\McAfee
2007-12-28 13:47 . 2007-12-28 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-28 09:05 . 2007-12-28 12:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-27 18:06 . 2007-12-27 18:06 1,283,174 --a------ C:\Install
2007-12-27 02:01 . 2007-12-28 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-27 01:51 . 2007-12-28 14:26 <DIR> d-------- C:\WINDOWS\CAVTemp
2007-12-27 01:50 . 2007-12-27 01:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\to9
2007-12-27 01:50 . 2007-12-27 01:51 <DIR> d-------- C:\WINDOWS\SYSTEM32\dj2
2007-12-27 01:50 . 2007-12-27 11:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\bbc9
2007-12-27 01:50 . 2008-01-06 20:19 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo02
2007-12-27 01:50 . 2007-12-27 01:50 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 01:50 . 2008-01-16 19:39 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 20:26 --------- d-----w C:\Program Files\Picasa2
2007-12-28 20:22 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-28 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-28 17:32 --------- d-----w C:\Program Files\Symantec
2007-12-28 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 20:09 --------- d-----w C:\Documents and Settings\Rwchipman\Application Data\WholeSecurity
.
<pre>
----a-w			49,152 2008-01-07 00:06:36  C:\Program Files\Brother\Brmfl04b\BrStDvPt .exe
----a-w		   851,968 2008-01-15 14:07:53  C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w		   323,584 2008-01-07 00:06:16  C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w		   155,648 2008-01-07 00:06:22  C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w		   204,800 2008-01-07 00:06:00  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w		   599,280 2008-01-07 00:06:45  C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon .exe
----a-w		 1,160,480 2008-01-14 03:14:02  C:\Program Files\McAfee\MHN\McENUI .exe
----a-w		   582,992 2008-01-16 14:13:25  C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w		 1,694,208 2008-01-07 00:07:32  C:\Program Files\Messenger\MSMSGS .EXE
----a-w			53,248 2008-01-07 00:06:00  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w		   118,784 2008-01-07 00:06:08  C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w		   335,872 2008-01-07 00:06:23  C:\Program Files\Picasa2\PicasaMediaDetector .exe
----a-w		   380,928 2008-01-07 00:06:56  C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w			40,960 2008-01-07 00:06:34  C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
----a-w			57,393 2008-01-07 00:06:28  C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
----a-w			36,640 2008-01-07 19:46:45  C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w		   185,456 2008-01-07 00:07:08  C:\Program Files\Yahoo!\Antivirus\CAVRID .exe
----a-w		   230,512 2008-01-07 00:07:06  C:\Program Files\Yahoo!\Antivirus\CAVTray .exe
----a-w		   129,536 2008-01-07 00:06:51  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w		   407,032 2008-01-07 00:07:01  C:\Program Files\Yahoo!\YOP\yop .exe
----a-w		   114,688 2008-01-07 00:06:00  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w		   155,648 2008-01-07 00:06:00  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [ ]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [ ]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [ ]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [ ]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [ ]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [ ]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [ ]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [ ]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [ ]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [ ]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [ ]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [ ]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [ ]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [ ]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 10:51 24638 C:\WINDOWS\SYSTEM32\PCANotify.dll

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 16:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 00:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-09 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 18:58:56 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-12-28 18:58:55 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 19:54:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 20:00:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 01:00:07
.
2008-01-10 06:53:01 --- E O F ---
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\yqenmrwp.ini

Folder::
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\ardCo02
C:\Temp\cEeer12

RenV::
----a-w 49,152 2008-01-07 00:06:36 C:\Program Files\Brother\Brmfl04b\BrStDvPt .exe
----a-w 851,968 2008-01-15 14:07:53 C:\Program Files\Brother\ControlCenter2\brctrcen .exe
----a-w 323,584 2008-01-07 00:06:16 C:\Program Files\Common Files\Dell\EUSW\Support .exe
----a-w 155,648 2008-01-07 00:06:22 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w 204,800 2008-01-07 00:06:00 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 599,280 2008-01-07 00:06:45 C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon .exe
----a-w 1,160,480 2008-01-14 03:14:02 C:\Program Files\McAfee\MHN\McENUI .exe
----a-w 582,992 2008-01-16 14:13:25 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 1,694,208 2008-01-07 00:07:32 C:\Program Files\Messenger\MSMSGS .EXE
----a-w 53,248 2008-01-07 00:06:00 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask .exe
----a-w 118,784 2008-01-07 00:06:08 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray .exe
----a-w 335,872 2008-01-07 00:06:23 C:\Program Files\Picasa2\PicasaMediaDetector .exe
----a-w 380,928 2008-01-07 00:06:56 C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w 40,960 2008-01-07 00:06:34 C:\Program Files\ScanSoft\PaperPort\IndexSearch .exe
----a-w 57,393 2008-01-07 00:06:28 C:\Program Files\ScanSoft\PaperPort\pptd40nt .exe
----a-w 36,640 2008-01-07 19:46:45 C:\Program Files\SiteAdvisor\6253\SiteAdv .exe
----a-w 185,456 2008-01-07 00:07:08 C:\Program Files\Yahoo!\Antivirus\CAVRID .exe
----a-w 230,512 2008-01-07 00:07:06 C:\Program Files\Yahoo!\Antivirus\CAVTray .exe
----a-w 129,536 2008-01-07 00:06:51 C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w 407,032 2008-01-07 00:07:01 C:\Program Files\Yahoo!\YOP\yop .exe
----a-w 114,688 2008-01-07 00:06:00 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-07 00:06:00 C:\WINDOWS\SYSTEM32\igfxtray .exe


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post the logs please
  • 0

#10
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the log from combofix.

ComboFix 08-02-25.3 - Rwchipman 2008-02-28 14:01:00.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.423 [GMT -5:00]
Running from: C:\Documents and Settings\Rwchipman\My Documents\Vundo_cleanup\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rwchipman\My Documents\Vundo_cleanup\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\SYSTEM32\yqenmrwp.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\cEeer12
C:\Temp\cEeer12\skAt.log
C:\WINDOWS\SYSTEM32\ardCo02
C:\WINDOWS\SYSTEM32\bbc9
C:\WINDOWS\SYSTEM32\dj2
C:\WINDOWS\SYSTEM32\to9
C:\WINDOWS\SYSTEM32\yqenmrwp.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 19:05 --------- d-----w C:\Program Files\McAfee
2008-02-28 19:00 --------- d-----w C:\Program Files\Picasa2
2008-02-28 18:58 --------- d-----w C:\Documents and Settings\Rwchipman\Application Data\SiteAdvisor
2008-01-08 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-12-31 14:32 --------- d-----w C:\Program Files\SiteAdvisor
2007-12-28 20:22 28,256 ----a-w C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-12-28 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-28 19:09 --------- d-----w C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-12-28 19:00 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-28 18:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-28 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rabio
2007-12-28 17:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 17:32 --------- d-----w C:\Program Files\Symantec
2007-12-28 17:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-28 14:05 --------- d-----w C:\Program Files\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2008-01-06 19:07 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2008-01-06 19:06 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2008-01-06 19:06 114688]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-06 19:06 204800]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2008-01-06 19:06 53248]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2008-01-06 19:06 118784]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2008-01-06 19:06 323584]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-01-06 19:06 335872]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2008-01-06 19:06 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2008-01-06 19:06 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2008-01-06 19:06 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe" [2008-01-06 19:06 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2008-01-15 09:07 851968]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-01-06 19:06 599280]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2008-01-06 19:06 129536]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2008-01-06 19:06 380928]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-01-06 19:07 407032]
"CaAvTray"="C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" [2008-01-06 19:07 230512]
"CAVRID"="C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" [2008-01-06 19:07 185456]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2008-01-16 09:13 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2008-01-07 14:46 36640]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2008-01-13 22:14 1160480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 10:51 24638 C:\WINDOWS\SYSTEM32\PCANotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 16:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 00:27]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-09 23:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 06:01:45 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-02-01 06:00:11 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 14:07:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Yahoo!\Antivirus\autodown.exe
.
**************************************************************************
.
Completion time: 2008-02-28 14:16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 19:16:24
ComboFix2.txt 2008-01-17 01:00:13
.
2008-02-15 22:12:23 --- E O F ---
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#12
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Kaspersky Online Scan Log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-03-06 17:54
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/03/2008
Kaspersky Anti-Virus database records: 605235
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59001
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 4
Duration of the scan process: 01:26:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\EasyNet\MHNData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C0A7CE92-077C-49E5-BB99-B4B40242E09B}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{F3F2A245-9E29-4965-8646-509D036561E6}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip/xpupdate.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Rwchipman\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Temp\Perflib_Perfdata_9d0.dat Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Temp\sqlite_fM2R4t7RSLl2Shi Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Temp\~DF92AF.tmp Object is locked skipped
C:\Documents and Settings\Rwchipman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Rwchipman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Rwchipman\ntuser.dat.LOG Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ajxjhrux.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\nojhkecd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\wrupuxrf.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1091\A0034537.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1091\A0034544.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1091\A0034549.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1126\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{682F3CCD-CF69-4903-BC4D-BB9E815A16B8}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_uQvUybKe6ViLox1 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_ak88oeJFbZ9Tch3 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Bgr38NipdEUYEXR Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Dmww5Skq2egdiKx Object is locked skipped
C:\WINDOWS\Temp\mcmsc_POl8oZpgtuF5ZUe Object is locked skipped
C:\WINDOWS\Temp\sqlite_9REMSKCpAFr5UMX Object is locked skipped
C:\WINDOWS\Temp\sqlite_eW8bu4wpf3hQzap Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SunshineNet Web Accelerator\PBHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malw...tup/webinst.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156893026992
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 10292 bytes
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malw...tup/webinst.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Reboot and post a new HijackThis log and tell me how your PC is running
  • 0

#14
Rachel Chipman

Rachel Chipman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Fixed the items in Hijackthis and rebooted. Here is a new HiJackThis log.
Computer seems to be running ok. However, the icon for my C: drive is still a RED X.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SunshineNet Web Accelerator\PBHELPER.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec....ta/nprdtinf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1156893026992
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 9989 bytes
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.driveclea...leanerstart.cab

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@ECHO OFF
If exist DrvIconQuery.txt Del DrvIconQuery.txt
Echo Report>>DrvIconQuery.txt
Echo %date% %time% >>DrvIconQuery.txt
Echo.>>DrvIconQuery.txt
@ECHO Working.......
Reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /s >> DrvIconQuery.txt
start notepad DrvIconQuery.txt


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Make sure you attach the report in your reply


Also post a new HijackThis log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP