Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I Cant Get Rid Of Virtumonde/trojan


  • This topic is locked This topic is locked
26 replies to this topic

#1 henrik88

henrik88

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 01 January 2008 - 06:48 PM

Hello i think i have a Trojan or Virtumonde or some kind of malware. I have gotten throughout my computers virus process both a Virtumonde and a Trojan.conhook.dl and Trojan.BHO.agz scan result when scanning with AVG anti spyware. I have tried hard to remove this malware but with no succes and thus i have ended up here.

I have downloaded AVG, Ad-aware 2007, Hijackthis, RogueRemover, Spybot Search and Destroy all to get rid of The trojan but for some reason it just sticks.

I somehow get the feeling my computer got infected when i searched for free South park episodes on the internet and i got a popup, and then my internet explorer went berserk and suddenly my windows tray said "Installing AV system care 23%" and i tried to stop it but it insisted on getting on my computer.

I think thats where it might have started, who knows. Since then its been a downhill slope of infections.

Alas what happened was i noticed the outbreak of malware when my desktop suddenly got a "windows update icon" and a "windows system support" put on my desktop all of a sudden without me asking, and i was sitting playing World of Warcraft and suddenly my computer freezes completely and i realized my computer had been infected. I tried to battle the trojan / virus but while i might be able to remove some things with aforementioned programs, it always returns and the infection sticks.

I even ended up using Hijack this liberally but it has not stopped the infection.

At this stage the infection signs are the following - each time i start my computer i get AVG Anti-virus telling me "Trojan.BHO.agz" has been found, following file is infected "C:windows/system32/dsoundc.dll.

I then "quarantine" and followingly remove it, but only 30 seconds to a minute later and i get same popup warning me that i have the exact same trojan i thought i just removed. I have noticed each time AVG becomes aware of the trojan and i quarantine it, An internet explorer process also starts, one with no actual Internet Explorer tab but nonetheless the process is running. i always shut it down, but i can only do such a thing manually so many times before i become tired.

Im hoping someone can help me. Here is my Hijackthis log which was taken in safemode (do tell me if this is a mistake). Additional note: when logging on in safemode it asked me to choose account, which im never asked to do when starting in normal mode. didnt even know i have an account. i had the choice between logging on "Administrator" or "Buhl" in safemode and chose Buhl as i think its the account i use in normal mode. heck i thought it was my only account. let me know if i made a mistake here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:10, on 01-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - C:\WINDOWS\system32\dsoundc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 2060 bytes

Edited by henrik88, 01 January 2008 - 08:55 PM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 03 January 2008 - 09:17 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Can you post me another Hijackthis log please, this time from Normal Mode?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 03 January 2008 - 11:21 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Can you post me another Hijackthis log please, this time from Normal Mode?


Thank you so much for helping me, im making a log now, sorry for first reading this now.

My Hijackthislog may be a bit sparse since i already removed some entries myself at first. I am attaching a screenshot of all the entries in my hijack log, so you know what has been on my computer.

Well without further ado here is the hijack log i just ran in normal mode.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:37, on 03-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\fluffylol.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - C:\WINDOWS\system32\dsoundc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 2702 bytes


I am also including the virus popup that i keep getting, and each time the popup comes, i have noticed through Windows taskmanager, that Internet explorer exe also starts running. And ive also gotten boxes asking me to install chinese simplified language pack when browsing, as of right now, i alt+F4'd the popup to escape the stuff the best i could :thumbsup:

In case you want a Hijackthis log run on the administrator account (that i can only log onto in safemode) here is one attached

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:27, on 03-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Trend Micro\HijackThis\fluffylol.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - C:\WINDOWS\system32\dsoundc.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 2003 bytes

Edited by henrik88, 03 January 2008 - 12:00 PM.


#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 04 January 2008 - 10:06 AM

I would like to ask you not to fix entries yourself with HijackThis, doing so can have serious implications and damage your computer's registry, in sever cases it can be rendered inoperable. From your backups list I can see several legitimate entries that you have fixed - whilst they were not incredibly important system files, doing so will not help your computer in any way; you have prevented some non-malware items from fulfilling their role. Therefore, from now on I urge you not to delete anything else with HijackThis unless I instruct you to do otherwise, if not there could be ramifications in the future.

Before we commence with the clean-up process, I would like to investiagte the nature of one particular file in your system.
Go to this page.
Into the box entitled "Browse to the file you want to submit," copy and paste the filepath below:

C:\Program Files\firefox.exe

Then click the Send File button below.
Please let me know when you have completed this step.

Edited by rookie147, 04 January 2008 - 10:06 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 04 January 2008 - 11:21 AM

Hi Charles!

Yes i had a feeling it might have been a bad idea to use hijackthis myself, ill refrain from that.

I Followed the link like you asked me to in order to submit that firefox exe in C:programfiles directory, but it said that the file exceeded the file size limit of 3 mb :thumbsup:

Also i will be sure to be online at about 10 AM tomorrow so i can answer you a bit faster (i just like sleeping in long too much sometimes :blink:)

Once again thanks alot for helping me out, its such a support

Edited by henrik88, 04 January 2008 - 11:25 AM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 06 January 2008 - 04:39 AM

Hmm, try running a jotti scan:
Please visit the online Jotti Virus Scanner
Click on Browse button.
Copy and paste the filepath into the box.
Click on the Open button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 06 January 2008 - 11:32 AM

File: firefox.exe
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 15637c95a67a2c09b3cc5004be595cca
Packers detected: -
Bit9 reports: No threat detected

Scanner results
Scan taken on 06 Jan 2008 16:21:31 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

According to the scan the file is clean. Its the firefox internet browser launcher which is the only thing i dare use at this point so im all the more happy about that.

Ive Still got the Trojan.bho.agz constant popup from AVG Antivirus and it keeps trying to remove it yet i keep getting the warning. When AVG spots the virus, theres also launched a process called IEXPLORE.exe, and if i shut it down manually it is merely restarted 30 seconds later. Sometimes this IEXPLORE.exe also seems to create a popup in my windows tray in the lower left, saying "Your computer may be infected, click here to scan" of course i never click it, and when i shutdown the IEXPLORE.exe the icon in windows tray disappears.

Just trying to give some info in case it might be useful, thank you for helping me

edit: I ran the Online trendmicro HouseCall scanner and it removed 5 out of 6 viruses, the one Trojan it could not remove was classified as Trojan.bho.agz and they gave guidelines to manually removing it from registry. However i tried deleting the registry key which is connected to the trojan but i get an error message when trying to delete it, and i cannot delete it. I cannot delete, rename or move the file which is reported as being infected by Trojan.bho.agz either, the file named dsoundc.dll located in windows/system32 folder.

Edited by henrik88, 06 January 2008 - 11:34 AM.


#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 06 January 2008 - 03:22 PM

Ive Still got the Trojan.bho.agz constant popup from AVG Antivirus and it keeps trying to remove it yet i keep getting the warning. When AVG spots the virus, theres also launched a process called IEXPLORE.exe, and if i shut it down manually it is merely restarted 30 seconds later. Sometimes this IEXPLORE.exe also seems to create a popup in my windows tray in the lower left, saying "Your computer may be infected, click here to scan" of course i never click it, and when i shutdown the IEXPLORE.exe the icon in windows tray disappears.

IEXPLORE.exe is actually a legitimate file related to internet explorer, so this is why the process is running when you receive a pop-up. Please do not end it as the file will cause no harm on its own.

Disable Spybot's "TeaTimer" function as it may hinder the removal of the infection:
Open Spybot and click on Mode and check Advanced Mode
Check Yes to next window.
Click on Tools in bottom left hand corner.
Press on System Startup icon.
Uncheck Teatimer box.
Click Allow Change box.

Please remember to re-enable it after you're clean.

Scan again with HijackThis and put a checkmark next to the following entry (if present):

O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - C:\WINDOWS\system32\dsoundc.dll


Then close all other windows - you should only see HijackThis on your Desktop - and click the Fix checked button.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\dsoundc.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

In your reply I'd like to see the Combofix log and a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 07 January 2008 - 12:32 AM

Hi Charles!

I was eager to perform the tasks you had listed for me and heres what happened.

I followed your Spybot Teatimer instructions carefully, and have disabled its autostart for now, so that we may clean the registry.

I scanned with hijackthis and removed the entry "O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - C:\WINDOWS\system32\dsoundc.dll" however after i had "fix checked" i did a rescan in order to see if the entry was still there when i rescanned. and it was, i kept trying to fix it through hijack but it didnt stop popping up when i scanned.

I then went on to your second step and downloaded killbox. After i had downloaded it i double clicked the icon from the desktop and got the following error message (picture of it also attached at bottom) "Component 'MSCOMCTL.OCX' or one of its dependencies not correctly registered: a file is missing or invalid". At this point i was a bit sad i couldnt follow the instructions apparently, but oh well i went on to step 3

I downloaded combofix and ran it. I had already noticed when i turned on "show hidden files" in windows folder options, that i had an amazing amount of cluttered files in my C drive for no apparent reason. Well i was amazed to see what the Combofix.exe did, it is truly a work of art and im amazed at all the action it does, thank you for showing me that program. Here follows the combofix log:

ComboFix 08-01-04.1 - Buhl 2008-01-07 6:01:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.486 [GMT 1:00]
Running from: C:\Documents and Settings\Buhl\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos1AA.tmp
C:\pos2.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos2AA.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3F.tmp
C:\pos3AA.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos41.tmp
C:\pos42.tmp
C:\pos43.tmp
C:\pos44.tmp
C:\pos45.tmp
C:\pos46.tmp
C:\pos47.tmp
C:\pos48.tmp
C:\pos49.tmp
C:\pos4A.tmp
C:\pos4B.tmp
C:\pos4C.tmp
C:\pos4D.tmp
C:\pos4E.tmp
C:\pos4F.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos51.tmp
C:\pos52.tmp
C:\pos53.tmp
C:\pos54.tmp
C:\pos55.tmp
C:\pos56.tmp
C:\pos57.tmp
C:\pos58.tmp
C:\pos59.tmp
C:\pos5A.tmp
C:\pos5B.tmp
C:\pos5C.tmp
C:\pos5D.tmp
C:\pos5E.tmp
C:\pos5F.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos61.tmp
C:\pos62.tmp
C:\pos63.tmp
C:\pos64.tmp
C:\pos65.tmp
C:\pos66.tmp
C:\pos67.tmp
C:\pos68.tmp
C:\pos69.tmp
C:\pos6A.tmp
C:\pos6B.tmp
C:\pos6C.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos71.tmp
C:\pos72.tmp
C:\pos73.tmp
C:\pos74.tmp
C:\pos75.tmp
C:\pos76.tmp
C:\pos77.tmp
C:\pos78.tmp
C:\pos79.tmp
C:\pos7A.tmp
C:\pos7B.tmp
C:\pos7C.tmp
C:\pos7D.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\posAA.tmp
C:\Program Files\Temporary
C:\Program Files\WinAble
C:\WINDOWS\msettings.ini
C:\WINDOWS\system32\arkaiwqk.ini
C:\WINDOWS\system32\cgrhotlp.ini
C:\WINDOWS\system32\drivers\lhpnfroh.dat
C:\WINDOWS\system32\dsoundc.dll
C:\WINDOWS\system32\fmmlfnoi.ini
C:\WINDOWS\system32\hhthbmpn.ini
C:\WINDOWS\system32\hnqlmvpr.ini
C:\WINDOWS\system32\hwqfajba.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkogwyqa.ini
C:\WINDOWS\system32\mwitkjjk.ini
C:\WINDOWS\system32\njoarjwy.ini
C:\WINDOWS\system32\nkfjhpeo.ini
C:\WINDOWS\system32\pqtss.bak1
C:\WINDOWS\system32\pqtss.bak2
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\qheioaqm.dll
C:\WINDOWS\system32\qjokpbmp.ini
C:\WINDOWS\system32\roplejqy.ini
C:\WINDOWS\system32\rpcc.exe
C:\WINDOWS\system32\swmsknxn.ini
C:\WINDOWS\system32\tmdlrvqd.ini
C:\WINDOWS\system32\uscwhbru.dll
C:\WINDOWS\system32\vhrbibdr.ini
C:\WINDOWS\system32\whayidnp.ini
C:\WINDOWS\system32\whgqliof.ini
C:\WINDOWS\system32\xnefypma.dll
C:\WINDOWS\system32\ykdcrwtt.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_UZDOFCFH
-------\uzdofcfh


((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 06:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 22:54 . 2008-01-04 22:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-04 22:44 . 2008-01-05 00:04 <DIR> d-------- C:\Documents and Settings\Buhl\.housecall6.6
2008-01-04 22:43 . 2008-01-04 22:43 <DIR> d-------- C:\WINDOWS\Sun
2008-01-04 22:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-04 22:41 . 2008-01-04 22:42 <DIR> d-------- C:\Program Files\Java
2008-01-04 22:39 . 2008-01-04 22:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-01 21:43 . 2008-01-01 21:43 <DIR> d-------- C:\Documents and Settings\Buhl\Application Data\Lavasoft
2008-01-01 20:29 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-30 20:32 . 2008-01-02 21:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 20:32 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-30 20:28 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-30 20:28 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 20:28 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 20:28 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 20:28 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 15:25 . 2007-12-30 15:38 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-20 00:42 . 2007-12-20 00:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-20 00:19 . 2007-12-20 00:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-19 22:38 . 2007-12-19 23:50 316 --a------ C:\WINDOWS\wininit.ini
2007-12-19 21:10 . 2007-12-19 21:10 <DIR> d-------- C:\Documents and Settings\Buhl\Application Data\Grisoft
2007-12-19 21:06 . 2008-01-05 02:51 576 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-19 21:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-19 21:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-19 21:05 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-19 21:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-19 21:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-19 21:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-19 21:00 . 2007-12-19 21:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-19 21:00 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-19 20:32 . 2007-12-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 19:01 . 2007-12-20 02:11 1,647,532 ---hs---- C:\WINDOWS\system32\nejypreq.ini
2007-12-11 17:40 . 2007-12-11 17:41 1,006,204 --ahs---- C:\WINDOWS\system32\bujrcvbs.ini
2007-12-08 17:51 . 2007-12-08 17:51 249,856 --------- C:\WINDOWS\Setup1.exe
2007-12-08 17:51 . 2007-12-08 17:51 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 16:23 --------- d-----w C:\Program Files\extensions
2008-01-04 23:04 5,700 ----a-w C:\Program Files\ssapi.log
2008-01-04 21:42 733 ----a-w C:\Program Files\install.log
2008-01-04 21:42 0 ----a-w C:\Program Files\.autoreg
2008-01-03 01:16 --------- d-----w C:\Program Files\uninstall
2008-01-03 01:15 73,848 ----a-w C:\Program Files\xpcom_compat.dll
2008-01-03 01:15 73,336 ----a-w C:\Program Files\xpicleanup.exe
2008-01-03 01:15 7,650,416 ----a-w C:\Program Files\firefox.exe
2008-01-03 01:15 697 ----a-w C:\Program Files\updater.ini
2008-01-03 01:15 57 ----a-w C:\Program Files\active-update.xml
2008-01-03 01:15 476 ----a-w C:\Program Files\softokn3.chk
2008-01-03 01:15 476 ----a-w C:\Program Files\freebl3.chk
2008-01-03 01:15 456,296 ----a-w C:\Program Files\js3250.dll
2008-01-03 01:15 422,000 ----a-w C:\Program Files\xpcom_core.dll
2008-01-03 01:15 378,472 ----a-w C:\Program Files\nss3.dll
2008-01-03 01:15 34,424 ----a-w C:\Program Files\plc4.dll
2008-01-03 01:15 30,869 ----a-w C:\Program Files\LICENSE
2008-01-03 01:15 30,320 ----a-w C:\Program Files\plds4.dll
2008-01-03 01:15 271,984 ----a-w C:\Program Files\nssckbi.dll
2008-01-03 01:15 254,060 ----a-w C:\Program Files\softokn3.dll
2008-01-03 01:15 222 ----a-w C:\Program Files\browserconfig.properties
2008-01-03 01:15 200,829 ----a-w C:\Program Files\freebl3.dll
2008-01-03 01:15 181 ----a-w C:\Program Files\README.txt
2008-01-03 01:15 161,392 ----a-w C:\Program Files\nspr4.dll
2008-01-03 01:15 132,712 ----a-w C:\Program Files\ssl3.dll
2008-01-03 01:15 132,232 ----a-w C:\Program Files\updater.exe
2008-01-03 01:15 13,952 ----a-w C:\Program Files\AccessibleMarshal.dll
2008-01-03 01:15 13,416 ----a-w C:\Program Files\xpcom.dll
2008-01-03 01:15 13,058 ----a-w C:\Program Files\removed-files
2008-01-03 01:15 12,400 ----a-w C:\Program Files\xpistub.dll
2008-01-03 01:15 112,232 ----a-w C:\Program Files\smime3.dll
2008-01-03 01:15 107 ----a-w C:\Program Files\old-homepage-default.properties
2008-01-03 01:15 1,994 ----a-w C:\Program Files\updates.xml
2008-01-03 01:15 --------- d-----w C:\Program Files\updates
2008-01-03 01:15 --------- d-----w C:\Program Files\searchplugins
2008-01-03 01:15 --------- d-----w C:\Program Files\plugins
2008-01-03 01:15 --------- d-----w C:\Program Files\greprefs
2008-01-03 01:15 --------- d-----w C:\Program Files\components
2008-01-03 01:15 --------- d-----w C:\Program Files\chrome
2007-12-30 22:24 --------- d-----w C:\Program Files\res
2007-12-19 23:13 --------- d-----w C:\Program Files\Yahoo!
2007-12-19 23:13 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Yahoo!
2007-12-19 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-01 18:28 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Skype
2007-11-24 03:28 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Move Networks
2007-11-22 03:44 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Ventrilo
2007-11-14 14:05 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-02 02:44 2,983 -c--a-w C:\Program Files\install_wizard.log
2007-10-02 02:44 1,746 -c--a-w C:\Program Files\install_status.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c5cfa3e]
rundll32.exe C:\WINDOWS\system32\qerpyjen.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
Rundll32 P17.dll,P17Helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35 90112 --a------ C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]
C:\WINDOWS\system32\rpcc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


*Newly Created Service* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43564368-4375-8601-4371-458454791235}]
C:\WINDOWS\system32\tcpdiss.exe /r
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 06:16:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\AppCert\prx97w.dll
.
Completion time: 2008-01-07 6:19:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 05:18:53
.
2008-01-02 20:02:25 --- E O F ---

Ive attached the log as a notepad file as well in case its easier to read

Also after the combofix program has run and rebooted my computer, i have done a new hijacklog, and this time the dsoundc.dll file did not show up for once, here follows the hijackthis log which was run after combofix. Edit: i have renamed the hijack.exe file in my hijackthis folder because i read it was a good idea in one of the threads on the board.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:21:36, on 07-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\fluffylol.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 2922 bytes

Attached Files


Edited by henrik88, 07 January 2008 - 12:39 AM.


#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 08 January 2008 - 04:21 PM

Please click here to download and run missingfilesetup.exe. Then try Killbox again.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 January 2008 - 09:56 AM

I have downloaded the new killbox setup and it works. However combofix already deleted the soundc.dll file so i cannot repeat the step.


The sad news is, i just had a forced restart on my computer where it suddenly shuts down and restarts (it happened while i was playing world of warcraft) and when it had restarted my computer was lagging badly and i couldnt even start world of warcraft again. And suddenly i notice that my desktop screen has been changed from the standard Windows xp theme background with hills, to a completely empty blue. This is the exact thing that happened when my computer first got infected.

And then i see my windows tray having a new icon, a yellow triangle with a black "!" sign inside, and thats the virus popup i used to get with "your computer may be infected click here to scan" which i never clicked as i feared clicking it would only further infect my computer.

I thought the combofix had completely cleaned my computer. I dont know if this is the case, maybe im overreacting from my computer clogging down and showing some symptoms of reinfections

edit: and could i maybe delete the Quarantine folder that Combofix created after deleting the infected files on my C drive? my C drive almost has no mb's left at this point :thumbsup:

Edited by henrik88, 13 January 2008 - 11:06 AM.


#12 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 January 2008 - 10:35 AM

update: after my computer started clogging down (almost freezed) and my desktop suddenly got changed and i got that windows tray icon that i had when i was infected also. I restarted my computer into safemode, i ran AVG Antivirus scan, but it didnt find anything, i then ran Hijackthis

Hijackthis found under the BHO section a new file it was a 02-BHO- filename missing - AlotOfRandomLetters i deleted that entry. After i had done that and restarted my computer into normal mode, my desktop was back to the usual
I am right now running Combofix for the second time to see if it will find something new

I dearly hope my computer will not be reinfected.

I am also wondering if the forced shutdown -> restarts i have had, if they are connected to the virus i had.

Edit: I tried to run Combofix but it doesnt seem to run like it did the first time? It opens up the DOS Window and starts writing "Completing stage 1...Completing stage 30" and so on, but after that it doesnt go into the next phase of "deleting file x" instead it just saves a logfile.

Do i need to make sure i dont already have a logfile named combofixlog.txt before i run combofix again?

2nd Edit: I just ran Housecall virus scan online it found one virus :Troj_BHO.OF, and i removed it with housecall.

I hope i can get the computer clean. I thought combofix had done the trick, as you can see from my first combofix log it deleted alot of stuff

Edited by henrik88, 13 January 2008 - 11:11 AM.


#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 14 January 2008 - 04:39 PM

Edit: I tried to run Combofix but it doesnt seem to run like it did the first time? It opens up the DOS Window and starts writing "Completing stage 1...Completing stage 30" and so on, but after that it doesnt go into the next phase of "deleting file x" instead it just saves a logfile.

That's fine, it means there were no other files to delete, I'd still like to see the log though, along with a new HijackThis log.
Please DO NOT fix entries yourself with HijackThis, most of them will look like "random letters;" doing so can seriously harm your computer.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 19 January 2008 - 09:03 AM

I have run Combofix a second time now as you asked me, and i also ran hijack this, here are the logs.

Combofix log:

ComboFix 08-01-18.5 - Buhl 2008-01-19 14:49:30.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT 1:00]
Running from: C:\Documents and Settings\Buhl\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Buhl\My Documents\pos1F8.tmp
C:\Documents and Settings\Buhl\My Documents\pos1F9.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FA.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FB.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FC.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FD.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FE.tmp
C:\Documents and Settings\Buhl\My Documents\pos1FF.tmp
C:\Documents and Settings\Buhl\My Documents\pos200.tmp
C:\Documents and Settings\Buhl\My Documents\pos201.tmp
C:\Documents and Settings\Buhl\My Documents\pos202.tmp
C:\Documents and Settings\Buhl\My Documents\pos203.tmp
C:\Documents and Settings\Buhl\My Documents\pos204.tmp
C:\Documents and Settings\Buhl\My Documents\pos205.tmp
C:\Documents and Settings\Buhl\My Documents\pos206.tmp
C:\Documents and Settings\Buhl\My Documents\pos207.tmp
C:\Documents and Settings\Buhl\My Documents\pos208.tmp
C:\Documents and Settings\Buhl\My Documents\pos209.tmp
C:\Documents and Settings\Buhl\My Documents\pos20A.tmp
C:\Documents and Settings\Buhl\My Documents\pos20B.tmp
C:\Documents and Settings\Buhl\My Documents\pos20C.tmp
C:\Documents and Settings\Buhl\My Documents\pos20D.tmp
C:\Documents and Settings\Buhl\My Documents\pos20E.tmp
C:\Documents and Settings\Buhl\My Documents\pos20F.tmp
C:\Documents and Settings\Buhl\My Documents\pos210.tmp
C:\Documents and Settings\Buhl\My Documents\pos211.tmp
C:\Documents and Settings\Buhl\My Documents\pos212.tmp
C:\Documents and Settings\Buhl\My Documents\pos213.tmp
C:\Documents and Settings\Buhl\My Documents\pos214.tmp
C:\Documents and Settings\Buhl\My Documents\pos215.tmp
C:\Documents and Settings\Buhl\My Documents\pos216.tmp
C:\Documents and Settings\Buhl\My Documents\pos217.tmp
C:\Documents and Settings\Buhl\My Documents\pos218.tmp
C:\Documents and Settings\Buhl\My Documents\pos219.tmp
C:\Documents and Settings\Buhl\My Documents\pos21A.tmp
C:\Documents and Settings\Buhl\My Documents\pos21B.tmp
C:\Documents and Settings\Buhl\My Documents\pos21C.tmp
C:\Documents and Settings\Buhl\My Documents\pos21D.tmp
C:\Documents and Settings\Buhl\My Documents\pos21E.tmp
C:\Documents and Settings\Buhl\My Documents\pos21F.tmp
C:\Documents and Settings\Buhl\My Documents\pos220.tmp
C:\Documents and Settings\Buhl\My Documents\pos221.tmp
C:\Documents and Settings\Buhl\My Documents\pos222.tmp
C:\Documents and Settings\Buhl\My Documents\pos223.tmp
C:\Documents and Settings\Buhl\My Documents\pos224.tmp
C:\Documents and Settings\Buhl\My Documents\pos225.tmp
C:\Documents and Settings\Buhl\My Documents\pos226.tmp
C:\Documents and Settings\Buhl\My Documents\pos227.tmp
C:\Documents and Settings\Buhl\My Documents\pos228.tmp
C:\Documents and Settings\Buhl\My Documents\pos229.tmp
C:\Documents and Settings\Buhl\My Documents\pos22A.tmp
C:\Documents and Settings\Buhl\My Documents\pos22B.tmp
C:\Documents and Settings\Buhl\My Documents\pos22C.tmp
C:\Documents and Settings\Buhl\My Documents\pos22D.tmp
C:\Documents and Settings\Buhl\My Documents\pos22E.tmp
C:\Documents and Settings\Buhl\My Documents\pos22F.tmp
C:\Documents and Settings\Buhl\My Documents\pos230.tmp
C:\Documents and Settings\Buhl\My Documents\pos231.tmp
C:\Documents and Settings\Buhl\My Documents\pos232.tmp
C:\Documents and Settings\Buhl\My Documents\pos233.tmp
C:\Documents and Settings\Buhl\My Documents\pos234.tmp
C:\Documents and Settings\Buhl\My Documents\pos235.tmp
C:\Documents and Settings\Buhl\My Documents\pos236.tmp
C:\Documents and Settings\Buhl\My Documents\pos237.tmp
C:\Documents and Settings\Buhl\My Documents\pos238.tmp
C:\Documents and Settings\Buhl\My Documents\pos239.tmp
C:\Documents and Settings\Buhl\My Documents\pos23A.tmp
C:\Documents and Settings\Buhl\My Documents\pos23B.tmp
C:\Documents and Settings\Buhl\My Documents\pos23C.tmp
C:\Documents and Settings\Buhl\My Documents\pos23D.tmp
C:\Documents and Settings\Buhl\My Documents\pos23E.tmp
C:\Documents and Settings\Buhl\My Documents\pos23F.tmp
C:\Documents and Settings\Buhl\My Documents\pos240.tmp
C:\Documents and Settings\Buhl\My Documents\pos241.tmp
C:\Documents and Settings\Buhl\My Documents\pos242.tmp
C:\Documents and Settings\Buhl\My Documents\pos243.tmp
C:\Documents and Settings\Buhl\My Documents\pos244.tmp
C:\Documents and Settings\Buhl\My Documents\pos245.tmp
C:\Documents and Settings\Buhl\My Documents\pos246.tmp
C:\Documents and Settings\Buhl\My Documents\pos247.tmp
C:\Documents and Settings\Buhl\My Documents\pos248.tmp
C:\Documents and Settings\Buhl\My Documents\pos249.tmp
C:\Documents and Settings\Buhl\My Documents\pos24A.tmp
C:\Documents and Settings\Buhl\My Documents\pos24B.tmp
C:\Documents and Settings\Buhl\My Documents\pos24C.tmp
C:\Documents and Settings\Buhl\My Documents\pos24D.tmp
C:\Documents and Settings\Buhl\My Documents\pos24E.tmp
C:\Documents and Settings\Buhl\My Documents\pos24F.tmp
C:\Documents and Settings\Buhl\My Documents\pos250.tmp
C:\Documents and Settings\Buhl\My Documents\pos251.tmp
C:\Documents and Settings\Buhl\My Documents\pos252.tmp
C:\Documents and Settings\Buhl\My Documents\pos253.tmp
C:\Documents and Settings\Buhl\My Documents\pos254.tmp
C:\Documents and Settings\Buhl\My Documents\pos255.tmp
C:\Documents and Settings\Buhl\My Documents\pos256.tmp
C:\Documents and Settings\Buhl\My Documents\pos257.tmp
C:\Documents and Settings\Buhl\My Documents\pos258.tmp
C:\Documents and Settings\Buhl\My Documents\pos259.tmp
C:\Documents and Settings\Buhl\My Documents\pos25A.tmp
C:\Documents and Settings\Buhl\My Documents\pos25B.tmp
C:\Documents and Settings\Buhl\My Documents\pos25C.tmp
C:\Documents and Settings\Buhl\My Documents\pos25D.tmp
C:\Documents and Settings\Buhl\My Documents\pos25E.tmp
C:\Documents and Settings\Buhl\My Documents\pos25F.tmp
C:\Documents and Settings\Buhl\My Documents\pos260.tmp
C:\Documents and Settings\Buhl\My Documents\pos261.tmp
C:\Documents and Settings\Buhl\My Documents\pos262.tmp
C:\Documents and Settings\Buhl\My Documents\pos263.tmp
C:\Documents and Settings\Buhl\My Documents\pos264.tmp
C:\Documents and Settings\Buhl\My Documents\pos265.tmp
C:\Documents and Settings\Buhl\My Documents\pos266.tmp
C:\Documents and Settings\Buhl\My Documents\pos267.tmp
C:\Documents and Settings\Buhl\My Documents\pos268.tmp
C:\Documents and Settings\Buhl\My Documents\pos269.tmp
C:\Documents and Settings\Buhl\My Documents\pos26A.tmp
C:\Documents and Settings\Buhl\My Documents\pos26B.tmp
C:\Documents and Settings\Buhl\My Documents\pos26C.tmp
C:\Documents and Settings\Buhl\My Documents\pos26D.tmp
C:\Documents and Settings\Buhl\My Documents\pos26E.tmp
C:\Documents and Settings\Buhl\My Documents\pos26F.tmp
C:\Documents and Settings\Buhl\My Documents\pos270.tmp
C:\Documents and Settings\Buhl\My Documents\pos271.tmp
C:\Documents and Settings\Buhl\My Documents\pos272.tmp
C:\Documents and Settings\Buhl\My Documents\pos273.tmp
C:\Documents and Settings\Buhl\My Documents\pos274.tmp
C:\Documents and Settings\Buhl\My Documents\pos275.tmp
C:\Documents and Settings\Buhl\My Documents\pos276.tmp
C:\Documents and Settings\Buhl\My Documents\pos277.tmp
C:\Documents and Settings\Buhl\My Documents\pos278.tmp
C:\Documents and Settings\Buhl\My Documents\pos279.tmp
C:\Documents and Settings\Buhl\My Documents\pos27A.tmp
C:\Documents and Settings\Buhl\My Documents\pos27B.tmp
C:\Documents and Settings\Buhl\My Documents\pos27C.tmp
C:\Documents and Settings\Buhl\My Documents\pos27D.tmp
C:\Documents and Settings\Buhl\My Documents\pos27E.tmp
C:\Documents and Settings\Buhl\My Documents\pos27F.tmp
C:\Documents and Settings\Buhl\My Documents\pos280.tmp
C:\Documents and Settings\Buhl\My Documents\pos281.tmp
C:\Documents and Settings\Buhl\My Documents\pos282.tmp
C:\Documents and Settings\Buhl\My Documents\pos283.tmp
C:\Documents and Settings\Buhl\My Documents\pos284.tmp
C:\Documents and Settings\Buhl\My Documents\pos285.tmp
C:\Documents and Settings\Buhl\My Documents\pos286.tmp
C:\Documents and Settings\Buhl\My Documents\pos287.tmp
C:\Documents and Settings\Buhl\My Documents\pos288.tmp
C:\Documents and Settings\Buhl\My Documents\pos289.tmp
C:\Documents and Settings\Buhl\My Documents\pos28A.tmp
C:\Documents and Settings\Buhl\My Documents\pos28B.tmp
C:\Documents and Settings\Buhl\My Documents\pos28C.tmp
C:\Documents and Settings\Buhl\My Documents\pos28D.tmp
C:\Documents and Settings\Buhl\My Documents\pos28E.tmp
C:\Documents and Settings\Buhl\My Documents\pos28F.tmp
C:\Documents and Settings\Buhl\My Documents\pos290.tmp
C:\Documents and Settings\Buhl\My Documents\pos291.tmp
C:\Documents and Settings\Buhl\My Documents\pos292.tmp
C:\Documents and Settings\Buhl\My Documents\pos293.tmp
C:\Documents and Settings\Buhl\My Documents\pos294.tmp
C:\Documents and Settings\Buhl\My Documents\pos295.tmp
C:\Documents and Settings\Buhl\My Documents\pos296.tmp
C:\Documents and Settings\Buhl\My Documents\pos297.tmp
C:\Documents and Settings\Buhl\My Documents\pos298.tmp
C:\Documents and Settings\Buhl\My Documents\pos299.tmp
C:\Documents and Settings\Buhl\My Documents\pos29A.tmp
C:\Documents and Settings\Buhl\My Documents\pos29B.tmp
C:\Documents and Settings\Buhl\My Documents\pos29C.tmp
C:\Documents and Settings\Buhl\My Documents\pos29D.tmp
C:\Documents and Settings\Buhl\My Documents\pos29E.tmp
C:\Documents and Settings\Buhl\My Documents\pos29F.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2A9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AD.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2B9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BA.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BD.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2BF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2C9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CA.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CD.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2CF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2D9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DA.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DD.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2DF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2E9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2EA.tmp
C:\Documents and Settings\Buhl\My Documents\pos2EB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2EC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2ED.tmp
C:\Documents and Settings\Buhl\My Documents\pos2EE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2EF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F0.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F1.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F2.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F3.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F4.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F5.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F6.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F7.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F8.tmp
C:\Documents and Settings\Buhl\My Documents\pos2F9.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FA.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FB.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FC.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FD.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FE.tmp
C:\Documents and Settings\Buhl\My Documents\pos2FF.tmp
C:\Documents and Settings\Buhl\My Documents\pos2AA.tmp
C:\Documents and Settings\Buhl\My Documents\pos300.tmp
C:\Documents and Settings\Buhl\My Documents\pos301.tmp
C:\Documents and Settings\Buhl\My Documents\pos302.tmp
C:\Documents and Settings\Buhl\My Documents\pos303.tmp
C:\Documents and Settings\Buhl\My Documents\pos304.tmp
C:\Documents and Settings\Buhl\My Documents\pos305.tmp
C:\Documents and Settings\Buhl\My Documents\pos306.tmp
C:\Documents and Settings\Buhl\My Documents\pos307.tmp
C:\Documents and Settings\Buhl\My Documents\pos308.tmp
C:\Documents and Settings\Buhl\My Documents\pos309.tmp
C:\Documents and Settings\Buhl\My Documents\pos30A.tmp
C:\Documents and Settings\Buhl\My Documents\pos30B.tmp
C:\Documents and Settings\Buhl\My Documents\pos30C.tmp
C:\Documents and Settings\Buhl\My Documents\pos30D.tmp
C:\Documents and Settings\Buhl\My Documents\pos30E.tmp
C:\Documents and Settings\Buhl\My Documents\pos30F.tmp
C:\Documents and Settings\Buhl\My Documents\pos310.tmp
C:\Documents and Settings\Buhl\My Documents\pos311.tmp
C:\Documents and Settings\Buhl\My Documents\pos312.tmp
C:\Documents and Settings\Buhl\My Documents\pos313.tmp
C:\Documents and Settings\Buhl\My Documents\pos314.tmp
C:\Documents and Settings\Buhl\My Documents\pos315.tmp
C:\Documents and Settings\Buhl\My Documents\pos316.tmp
C:\Documents and Settings\Buhl\My Documents\pos317.tmp
C:\Documents and Settings\Buhl\My Documents\pos318.tmp
C:\Documents and Settings\Buhl\My Documents\pos319.tmp
C:\Documents and Settings\Buhl\My Documents\pos31A.tmp
C:\Documents and Settings\Buhl\My Documents\pos31B.tmp
C:\Documents and Settings\Buhl\My Documents\pos31C.tmp
C:\Documents and Settings\Buhl\My Documents\pos31D.tmp
C:\Documents and Settings\Buhl\My Documents\pos31E.tmp
C:\Documents and Settings\Buhl\My Documents\pos31F.tmp
C:\Documents and Settings\Buhl\My Documents\pos320.tmp
C:\Documents and Settings\Buhl\My Documents\pos321.tmp
C:\Documents and Settings\Buhl\My Documents\pos322.tmp
C:\Documents and Settings\Buhl\My Documents\pos323.tmp
C:\Documents and Settings\Buhl\My Documents\pos324.tmp
C:\Documents and Settings\Buhl\My Documents\pos325.tmp
C:\Documents and Settings\Buhl\My Documents\pos326.tmp
C:\Documents and Settings\Buhl\My Documents\pos327.tmp
C:\Documents and Settings\Buhl\My Documents\pos328.tmp
C:\Documents and Settings\Buhl\My Documents\pos329.tmp
C:\Documents and Settings\Buhl\My Documents\pos32A.tmp
C:\Documents and Settings\Buhl\My Documents\pos32B.tmp
C:\Documents and Settings\Buhl\My Documents\pos32C.tmp
C:\Documents and Settings\Buhl\My Documents\pos32D.tmp
C:\Documents and Settings\Buhl\My Documents\pos32E.tmp
C:\Documents and Settings\Buhl\My Documents\pos32F.tmp
C:\Documents and Settings\Buhl\My Documents\pos330.tmp
C:\Documents and Settings\Buhl\My Documents\pos331.tmp
C:\Documents and Settings\Buhl\My Documents\pos332.tmp
C:\Documents and Settings\Buhl\My Documents\pos333.tmp
C:\Documents and Settings\Buhl\My Documents\pos334.tmp
C:\Documents and Settings\Buhl\My Documents\pos335.tmp
C:\Documents and Settings\Buhl\My Documents\pos336.tmp
C:\Documents and Settings\Buhl\My Documents\pos337.tmp
C:\Documents and Settings\Buhl\My Documents\pos338.tmp
C:\Documents and Settings\Buhl\My Documents\pos339.tmp
C:\Documents and Settings\Buhl\My Documents\pos33A.tmp
C:\Documents and Settings\Buhl\My Documents\pos33B.tmp
C:\Documents and Settings\Buhl\My Documents\pos33C.tmp
C:\Documents and Settings\Buhl\My Documents\pos33D.tmp
C:\Documents and Settings\Buhl\My Documents\pos33E.tmp
C:\Documents and Settings\Buhl\My Documents\pos33F.tmp
C:\Documents and Settings\Buhl\My Documents\pos340.tmp
C:\Documents and Settings\Buhl\My Documents\pos341.tmp
C:\Documents and Settings\Buhl\My Documents\pos342.tmp
C:\Documents and Settings\Buhl\My Documents\pos343.tmp
C:\Documents and Settings\Buhl\My Documents\pos344.tmp
C:\Documents and Settings\Buhl\My Documents\pos345.tmp
C:\Documents and Settings\Buhl\My Documents\pos346.tmp
C:\Documents and Settings\Buhl\My Documents\pos347.tmp
C:\Documents and Settings\Buhl\My Documents\pos348.tmp
C:\Documents and Settings\Buhl\My Documents\pos349.tmp
C:\Documents and Settings\Buhl\My Documents\pos34A.tmp
C:\Documents and Settings\Buhl\My Documents\pos34B.tmp
C:\Documents and Settings\Buhl\My Documents\pos34C.tmp
C:\Documents and Settings\Buhl\My Documents\pos34D.tmp
C:\Documents and Settings\Buhl\My Documents\pos34E.tmp
C:\Documents and Settings\Buhl\My Documents\pos34F.tmp
C:\Documents and Settings\Buhl\My Documents\pos350.tmp
C:\Documents and Settings\Buhl\My Documents\pos351.tmp
C:\Documents and Settings\Buhl\My Documents\pos352.tmp
C:\Documents and Settings\Buhl\My Documents\pos353.tmp
C:\Documents and Settings\Buhl\My Documents\pos354.tmp
C:\Documents and Settings\Buhl\My Documents\pos355.tmp
C:\Documents and Settings\Buhl\My Documents\pos356.tmp
C:\Documents and Settings\Buhl\My Documents\pos357.tmp
C:\Documents and Settings\Buhl\My Documents\pos358.tmp
C:\Documents and Settings\Buhl\My Documents\pos359.tmp
C:\Documents and Settings\Buhl\My Documents\pos35A.tmp
C:\Documents and Settings\Buhl\My Documents\pos35B.tmp
C:\Documents and Settings\Buhl\My Documents\pos35C.tmp
C:\Documents and Settings\Buhl\My Documents\pos35D.tmp
C:\Documents and Settings\Buhl\My Documents\pos35E.tmp
C:\Documents and Settings\Buhl\My Documents\pos35F.tmp
C:\Documents and Settings\Buhl\My Documents\pos360.tmp
C:\Documents and Settings\Buhl\My Documents\pos361.tmp
C:\Documents and Settings\Buhl\My Documents\pos362.tmp
C:\Documents and Settings\Buhl\My Documents\pos363.tmp
C:\Documents and Settings\Buhl\My Documents\pos364.tmp
C:\Documents and Settings\Buhl\My Documents\pos365.tmp
C:\Documents and Settings\Buhl\My Documents\pos366.tmp
C:\Documents and Settings\Buhl\My Documents\pos367.tmp
C:\Documents and Settings\Buhl\My Documents\pos368.tmp
C:\Documents and Settings\Buhl\My Documents\pos369.tmp
C:\Documents and Settings\Buhl\My Documents\pos36A.tmp
C:\Documents and Settings\Buhl\My Documents\pos36B.tmp
C:\Documents and Settings\Buhl\My Documents\pos36C.tmp
C:\Documents and Settings\Buhl\My Documents\pos36D.tmp
C:\Documents and Settings\Buhl\My Documents\pos36E.tmp
C:\Documents and Settings\Buhl\My Documents\pos36F.tmp
C:\Documents and Settings\Buhl\My Documents\pos370.tmp
C:\Documents and Settings\Buhl\My Documents\pos371.tmp
C:\Documents and Settings\Buhl\My Documents\pos372.tmp
C:\Documents and Settings\Buhl\My Documents\pos373.tmp
C:\Documents and Settings\Buhl\My Documents\pos374.tmp
C:\Documents and Settings\Buhl\My Documents\pos375.tmp
C:\Documents and Settings\Buhl\My Documents\pos376.tmp
C:\Documents and Settings\Buhl\My Documents\pos377.tmp
C:\Documents and Settings\Buhl\My Documents\pos378.tmp
C:\Documents and Settings\Buhl\My Documents\pos379.tmp
C:\Documents and Settings\Buhl\My Documents\pos37A.tmp
C:\Documents and Settings\Buhl\My Documents\pos37B.tmp
C:\Documents and Settings\Buhl\My Documents\pos37C.tmp
C:\Documents and Settings\Buhl\My Documents\pos37D.tmp
C:\Documents and Settings\Buhl\My Documents\pos37E.tmp
C:\Documents and Settings\Buhl\My Documents\pos37F.tmp
C:\Documents and Settings\Buhl\My Documents\pos380.tmp
C:\Documents and Settings\Buhl\My Documents\pos381.tmp
C:\Documents and Settings\Buhl\My Documents\pos382.tmp
C:\Documents and Settings\Buhl\My Documents\pos383.tmp
C:\Documents and Settings\Buhl\My Documents\pos384.tmp
C:\Documents and Settings\Buhl\My Documents\pos385.tmp
C:\Documents and Settings\Buhl\My Documents\pos386.tmp
C:\Documents and Settings\Buhl\My Documents\pos387.tmp
C:\Documents and Settings\Buhl\My Documents\pos388.tmp
C:\Documents and Settings\Buhl\My Documents\pos389.tmp
C:\Documents and Settings\Buhl\My Documents\pos38A.tmp
C:\Documents and Settings\Buhl\My Documents\pos38B.tmp
C:\Documents and Settings\Buhl\My Documents\pos38C.tmp
C:\Documents and Settings\Buhl\My Documents\pos38D.tmp
C:\Documents and Settings\Buhl\My Documents\pos38E.tmp
C:\Documents and Settings\Buhl\My Documents\pos38F.tmp
C:\Documents and Settings\Buhl\My Documents\pos390.tmp
C:\Documents and Settings\Buhl\My Documents\pos391.tmp
C:\Documents and Settings\Buhl\My Documents\pos392.tmp
C:\Documents and Settings\Buhl\My Documents\pos393.tmp
C:\Documents and Settings\Buhl\My Documents\pos394.tmp
C:\Documents and Settings\Buhl\My Documents\pos395.tmp
C:\Documents and Settings\Buhl\My Documents\pos396.tmp
C:\Documents and Settings\Buhl\My Documents\pos397.tmp
C:\Documents and Settings\Buhl\My Documents\pos398.tmp
C:\Documents and Settings\Buhl\My Documents\pos399.tmp
C:\Documents and Settings\Buhl\My Documents\pos39A.tmp
C:\Documents and Settings\Buhl\My Documents\pos39B.tmp
C:\Documents and Settings\Buhl\My Documents\pos39C.tmp
C:\Documents and Settings\Buhl\My Documents\pos39D.tmp
C:\Documents and Settings\Buhl\My Documents\pos39E.tmp
C:\Documents and Settings\Buhl\My Documents\pos39F.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3A9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AD.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3B9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BA.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BD.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3BF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3C9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CA.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CD.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3CF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3D9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DA.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DD.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3DF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3E9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3EA.tmp
C:\Documents and Settings\Buhl\My Documents\pos3EB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3EC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3ED.tmp
C:\Documents and Settings\Buhl\My Documents\pos3EE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3EF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F0.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F1.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F2.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F3.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F4.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F5.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F6.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F7.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F8.tmp
C:\Documents and Settings\Buhl\My Documents\pos3F9.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FA.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FB.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FC.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FD.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FE.tmp
C:\Documents and Settings\Buhl\My Documents\pos3FF.tmp
C:\Documents and Settings\Buhl\My Documents\pos3AA.tmp
C:\Documents and Settings\Buhl\My Documents\pos400.tmp
C:\Documents and Settings\Buhl\My Documents\pos401.tmp
C:\Documents and Settings\Buhl\My Documents\pos402.tmp
C:\Documents and Settings\Buhl\My Documents\pos403.tmp
C:\Documents and Settings\Buhl\My Documents\pos404.tmp
C:\Documents and Settings\Buhl\My Documents\pos405.tmp
C:\Documents and Settings\Buhl\My Documents\pos406.tmp
C:\Documents and Settings\Buhl\My Documents\pos407.tmp
C:\Documents and Settings\Buhl\My Documents\pos408.tmp
C:\Documents and Settings\Buhl\My Documents\pos409.tmp
C:\Documents and Settings\Buhl\My Documents\pos40A.tmp
C:\Documents and Settings\Buhl\My Documents\pos40B.tmp
C:\Documents and Settings\Buhl\My Documents\pos40C.tmp
C:\Documents and Settings\Buhl\My Documents\pos40D.tmp
C:\Documents and Settings\Buhl\My Documents\pos40E.tmp
C:\Documents and Settings\Buhl\My Documents\pos40F.tmp
C:\Documents and Settings\Buhl\My Documents\pos410.tmp
C:\Documents and Settings\Buhl\My Documents\pos411.tmp
C:\Documents and Settings\Buhl\My Documents\pos412.tmp
C:\Documents and Settings\Buhl\My Documents\pos413.tmp
C:\Documents and Settings\Buhl\My Documents\pos414.tmp
C:\Documents and Settings\Buhl\My Documents\pos415.tmp
C:\Documents and Settings\Buhl\My Documents\pos416.tmp
C:\Documents and Settings\Buhl\My Documents\pos417.tmp
C:\Documents and Settings\Buhl\My Documents\pos418.tmp
C:\Documents and Settings\Buhl\My Documents\pos419.tmp
C:\Documents and Settings\Buhl\My Documents\pos41A.tmp
C:\Documents and Settings\Buhl\My Documents\pos41B.tmp
C:\Documents and Settings\Buhl\My Documents\pos41C.tmp
C:\Documents and Settings\Buhl\My Documents\pos41D.tmp
C:\Documents and Settings\Buhl\My Documents\pos41E.tmp
C:\Documents and Settings\Buhl\My Documents\pos41F.tmp
C:\Documents and Settings\Buhl\My Documents\pos420.tmp
C:\Documents and Settings\Buhl\My Documents\pos421.tmp
C:\Documents and Settings\Buhl\My Documents\pos422.tmp
C:\Documents and Settings\Buhl\My Documents\pos423.tmp
C:\Documents and Settings\Buhl\My Documents\pos424.tmp
C:\Documents and Settings\Buhl\My Documents\pos425.tmp
C:\Documents and Settings\Buhl\My Documents\pos426.tmp
C:\Documents and Settings\Buhl\My Documents\pos427.tmp
C:\Documents and Settings\Buhl\My Documents\pos428.tmp
C:\Documents and Settings\Buhl\My Documents\pos429.tmp
C:\Documents and Settings\Buhl\My Documents\pos42A.tmp
C:\Documents and Settings\Buhl\My Documents\pos42B.tmp
C:\Documents and Settings\Buhl\My Documents\pos42C.tmp
C:\Documents and Settings\Buhl\My Documents\pos42D.tmp
C:\Documents and Settings\Buhl\My Documents\pos42E.tmp
C:\Documents and Settings\Buhl\My Documents\pos42F.tmp
C:\Documents and Settings\Buhl\My Documents\pos430.tmp
C:\Documents and Settings\Buhl\My Documents\pos431.tmp
C:\Documents and Settings\Buhl\My Documents\pos432.tmp
C:\Documents and Settings\Buhl\My Documents\pos433.tmp
C:\Documents and Settings\Buhl\My Documents\pos434.tmp
C:\Documents and Settings\Buhl\My Documents\pos435.tmp
C:\Documents and Settings\Buhl\My Documents\pos436.tmp
C:\Documents and Settings\Buhl\My Documents\pos437.tmp
C:\Documents and Settings\Buhl\My Documents\pos438.tmp
C:\Documents and Settings\Buhl\My Documents\pos439.tmp
C:\Documents and Settings\Buhl\My Documents\pos43A.tmp
C:\Documents and Settings\Buhl\My Documents\pos43B.tmp
C:\Documents and Settings\Buhl\My Documents\pos43C.tmp
C:\Documents and Settings\Buhl\My Documents\pos43D.tmp
C:\Documents and Settings\Buhl\My Documents\pos43E.tmp
C:\Documents and Settings\Buhl\My Documents\pos43F.tmp
C:\Documents and Settings\Buhl\My Documents\pos440.tmp
C:\Documents and Settings\Buhl\My Documents\pos441.tmp
C:\Documents and Settings\Buhl\My Documents\pos442.tmp
C:\Documents and Settings\Buhl\My Documents\pos443.tmp
C:\Documents and Settings\Buhl\My Documents\pos444.tmp
C:\Documents and Settings\Buhl\My Documents\pos445.tmp
C:\Documents and Settings\Buhl\My Documents\pos446.tmp
C:\Documents and Settings\Buhl\My Documents\pos447.tmp
C:\Documents and Settings\Buhl\My Documents\pos448.tmp
C:\Documents and Settings\Buhl\My Documents\pos449.tmp
C:\Documents and Settings\Buhl\My Documents\pos44A.tmp
C:\Documents and Settings\Buhl\My Documents\pos44B.tmp
C:\Documents and Settings\Buhl\My Documents\pos44C.tmp
C:\Documents and Settings\Buhl\My Documents\pos44D.tmp
C:\Documents and Settings\Buhl\My Documents\pos44E.tmp
C:\Documents and Settings\Buhl\My Documents\pos44F.tmp
C:\Documents and Settings\Buhl\My Documents\pos450.tmp
C:\Documents and Settings\Buhl\My Documents\pos451.tmp
C:\Documents and Settings\Buhl\My Documents\pos452.tmp
C:\Documents and Settings\Buhl\My Documents\pos453.tmp
C:\Documents and Settings\Buhl\My Documents\pos454.tmp
C:\Documents and Settings\Buhl\My Documents\pos455.tmp
C:\Documents and Settings\Buhl\My Documents\pos456.tmp
C:\Documents and Settings\Buhl\My Documents\pos457.tmp
C:\Documents and Settings\Buhl\My Documents\pos458.tmp
C:\Documents and Settings\Buhl\My Documents\pos459.tmp
C:\Documents and Settings\Buhl\My Documents\pos45A.tmp
C:\Documents and Settings\Buhl\My Documents\pos45B.tmp
C:\Documents and Settings\Buhl\My Documents\pos45C.tmp
C:\Documents and Settings\Buhl\My Documents\pos45D.tmp
C:\Documents and Settings\Buhl\My Documents\pos45E.tmp
C:\Documents and Settings\Buhl\My Documents\pos45F.tmp
C:\Documents and Settings\Buhl\My Documents\pos460.tmp
C:\Documents and Settings\Buhl\My Documents\pos461.tmp
C:\Documents and Settings\Buhl\My Documents\pos462.tmp
C:\Documents and Settings\Buhl\My Documents\pos463.tmp
C:\Documents and Settings\Buhl\My Documents\pos464.tmp
C:\Documents and Settings\Buhl\My Documents\pos465.tmp
C:\Documents and Settings\Buhl\My Documents\pos466.tmp
C:\Documents and Settings\Buhl\My Documents\pos467.tmp
C:\Documents and Settings\Buhl\My Documents\pos468.tmp
C:\Documents and Settings\Buhl\My Documents\pos469.tmp
C:\Documents and Settings\Buhl\My Documents\pos46A.tmp
C:\Documents and Settings\Buhl\My Documents\pos46B.tmp
C:\Documents and Settings\Buhl\My Documents\pos46C.tmp
C:\Documents and Settings\Buhl\My Documents\pos46D.tmp
C:\Documents and Settings\Buhl\My Documents\pos46E.tmp
C:\Documents and Settings\Buhl\My Documents\pos46F.tmp
C:\Documents and Settings\Buhl\My Documents\pos470.tmp
C:\Documents and Settings\Buhl\My Documents\pos471.tmp
C:\Documents and Settings\Buhl\My Documents\pos472.tmp
C:\Documents and Settings\Buhl\My Documents\pos473.tmp
C:\Documents and Settings\Buhl\My Documents\pos474.tmp
C:\Documents and Settings\Buhl\My Documents\pos475.tmp
C:\Documents and Settings\Buhl\My Documents\pos476.tmp
C:\Documents and Settings\Buhl\My Documents\pos477.tmp
C:\Documents and Settings\Buhl\My Documents\pos478.tmp
C:\Documents and Settings\Buhl\My Documents\pos479.tmp
C:\Documents and Settings\Buhl\My Documents\pos47A.tmp
C:\Documents and Settings\Buhl\My Documents\pos47B.tmp
C:\Documents and Settings\Buhl\My Documents\pos47C.tmp
C:\Documents and Settings\Buhl\My Documents\pos47D.tmp
C:\Documents and Settings\Buhl\My Documents\pos47E.tmp
C:\Documents and Settings\Buhl\My Documents\pos47F.tmp
C:\Documents and Settings\Buhl\My Documents\pos480.tmp
C:\Documents and Settings\Buhl\My Documents\pos481.tmp
C:\Documents and Settings\Buhl\My Documents\pos482.tmp
C:\Documents and Settings\Buhl\My Documents\pos483.tmp
C:\Documents and Settings\Buhl\My Documents\pos484.tmp
C:\Documents and Settings\Buhl\My Documents\pos485.tmp
C:\Documents and Settings\Buhl\My Documents\pos486.tmp
C:\Documents and Settings\Buhl\My Documents\pos487.tmp
C:\Documents and Settings\Buhl\My Documents\pos488.tmp
C:\Documents and Settings\Buhl\My Documents\pos489.tmp
C:\Documents and Settings\Buhl\My Documents\pos48A.tmp
C:\Documents and Settings\Buhl\My Documents\pos48B.tmp
C:\Documents and Settings\Buhl\My Documents\pos48C.tmp
C:\Documents and Settings\Buhl\My Documents\pos48D.tmp
C:\Documents and Settings\Buhl\My Documents\pos48E.tmp
C:\Documents and Settings\Buhl\My Documents\pos48F.tmp
C:\Documents and Settings\Buhl\My Documents\pos490.tmp
C:\Documents and Settings\Buhl\My Documents\pos491.tmp
C:\Documents and Settings\Buhl\My Documents\pos492.tmp
C:\Documents and Settings\Buhl\My Documents\pos493.tmp
C:\Documents and Settings\Buhl\My Documents\pos494.tmp
C:\Documents and Settings\Buhl\My Documents\pos495.tmp
C:\Documents and Settings\Buhl\My Documents\pos496.tmp
C:\Documents and Settings\Buhl\My Documents\pos497.tmp
C:\Documents and Settings\Buhl\My Documents\pos498.tmp
C:\Documents and Settings\Buhl\My Documents\pos499.tmp
C:\Documents and Settings\Buhl\My Documents\pos49A.tmp
C:\Documents and Settings\Buhl\My Documents\pos49B.tmp
C:\Documents and Settings\Buhl\My Documents\pos49C.tmp
C:\Documents and Settings\Buhl\My Documents\pos49D.tmp
C:\Documents and Settings\Buhl\My Documents\pos49E.tmp
C:\Documents and Settings\Buhl\My Documents\pos49F.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4A9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AD.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4B9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BA.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BD.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4BF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4C9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CA.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CD.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4CF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4D9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DA.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DD.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4DF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4E9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4EA.tmp
C:\Documents and Settings\Buhl\My Documents\pos4EB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4EC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4ED.tmp
C:\Documents and Settings\Buhl\My Documents\pos4EE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4EF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F0.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F1.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F2.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F3.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F4.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F5.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F6.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F7.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F8.tmp
C:\Documents and Settings\Buhl\My Documents\pos4F9.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FA.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FB.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FC.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FD.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FE.tmp
C:\Documents and Settings\Buhl\My Documents\pos4FF.tmp
C:\Documents and Settings\Buhl\My Documents\pos4AA.tmp
C:\Documents and Settings\Buhl\My Documents\pos500.tmp
C:\Documents and Settings\Buhl\My Documents\pos501.tmp
C:\Documents and Settings\Buhl\My Documents\pos502.tmp
C:\Documents and Settings\Buhl\My Documents\pos503.tmp
C:\Documents and Settings\Buhl\My Documents\pos504.tmp
C:\Documents and Settings\Buhl\My Documents\pos505.tmp
C:\Documents and Settings\Buhl\My Documents\pos506.tmp
C:\Documents and Settings\Buhl\My Documents\pos507.tmp
C:\Documents and Settings\Buhl\My Documents\pos508.tmp
C:\Documents and Settings\Buhl\My Documents\pos509.tmp
C:\Documents and Settings\Buhl\My Documents\pos50A.tmp
C:\Documents and Settings\Buhl\My Documents\pos50B.tmp
C:\Documents and Settings\Buhl\My Documents\pos50C.tmp
C:\Documents and Settings\Buhl\My Documents\pos50D.tmp
C:\Documents and Settings\Buhl\My Documents\pos50E.tmp
C:\Documents and Settings\Buhl\My Documents\pos50F.tmp
C:\Documents and Settings\Buhl\My Documents\pos510.tmp
C:\Documents and Settings\Buhl\My Documents\pos511.tmp
C:\Documents and Settings\Buhl\My Documents\pos512.tmp
C:\Documents and Settings\Buhl\My Documents\pos513.tmp
C:\Documents and Settings\Buhl\My Documents\pos514.tmp
C:\Documents and Settings\Buhl\My Documents\pos515.tmp
C:\Documents and Settings\Buhl\My Documents\pos516.tmp
C:\Documents and Settings\Buhl\My Documents\pos517.tmp
C:\Documents and Settings\Buhl\My Documents\pos518.tmp
C:\Documents and Settings\Buhl\My Documents\pos519.tmp
C:\Documents and Settings\Buhl\My Documents\pos51A.tmp
C:\Documents and Settings\Buhl\My Documents\pos51B.tmp
C:\Documents and Settings\Buhl\My Documents\pos51C.tmp
C:\Documents and Settings\Buhl\My Documents\pos51D.tmp
C:\Documents and Settings\Buhl\My Documents\pos51E.tmp
C:\Documents and Settings\Buhl\My Documents\pos51F.tmp
C:\Documents and Settings\Buhl\My Documents\pos520.tmp
C:\Documents and Settings\Buhl\My Documents\pos521.tmp
C:\Documents and Settings\Buhl\My Documents\pos522.tmp
C:\Documents and Settings\Buhl\My Documents\pos523.tmp
C:\Documents and Settings\Buhl\My Documents\pos524.tmp
C:\Documents and Settings\Buhl\My Documents\pos525.tmp
C:\Documents and Settings\Buhl\My Documents\pos526.tmp
C:\Documents and Settings\Buhl\My Documents\pos527.tmp
C:\Documents and Settings\Buhl\My Documents\pos528.tmp
C:\Documents and Settings\Buhl\My Documents\pos529.tmp
C:\Documents and Settings\Buhl\My Documents\pos52A.tmp
C:\Documents and Settings\Buhl\My Documents\pos52B.tmp
C:\Documents and Settings\Buhl\My Documents\pos52C.tmp
C:\Documents and Settings\Buhl\My Documents\pos52D.tmp
C:\Documents and Settings\Buhl\My Documents\pos52E.tmp
C:\Documents and Settings\Buhl\My Documents\pos52F.tmp
C:\Documents and Settings\Buhl\My Documents\pos530.tmp
C:\Documents and Settings\Buhl\My Documents\pos531.tmp
C:\Documents and Settings\Buhl\My Documents\pos532.tmp
C:\Documents and Settings\Buhl\My Documents\pos533.tmp
C:\Documents and Settings\Buhl\My Documents\pos534.tmp
C:\Documents and Settings\Buhl\My Documents\pos535.tmp
C:\Documents and Settings\Buhl\My Documents\pos536.tmp
C:\Documents and Settings\Buhl\My Documents\pos537.tmp
C:\Documents and Settings\Buhl\My Documents\pos538.tmp
C:\Documents and Settings\Buhl\My Documents\pos539.tmp
C:\Documents and Settings\Buhl\My Documents\pos53A.tmp
C:\Documents and Settings\Buhl\My Documents\pos53B.tmp
C:\Documents and Settings\Buhl\My Documents\pos53C.tmp
C:\Documents and Settings\Buhl\My Documents\pos53D.tmp
C:\Documents and Settings\Buhl\My Documents\pos53E.tmp
C:\Documents and Settings\Buhl\My Documents\pos53F.tmp
C:\Documents and Settings\Buhl\My Documents\pos540.tmp
C:\Documents and Settings\Buhl\My Documents\pos541.tmp
C:\Documents and Settings\Buhl\My Documents\pos542.tmp
C:\Documents and Settings\Buhl\My Documents\pos543.tmp
C:\Documents and Settings\Buhl\My Documents\pos544.tmp
C:\Documents and Settings\Buhl\My Documents\pos545.tmp
C:\Documents and Settings\Buhl\My Documents\pos546.tmp
C:\Documents and Settings\Buhl\My Documents\pos547.tmp
C:\Documents and Settings\Buhl\My Documents\pos548.tmp
C:\Documents and Settings\Buhl\My Documents\pos549.tmp
C:\Documents and Settings\Buhl\My Documents\pos54A.tmp
C:\Documents and Settings\Buhl\My Documents\pos54B.tmp
C:\Documents and Settings\Buhl\My Documents\pos54C.tmp
C:\Documents and Settings\Buhl\My Documents\pos54D.tmp
C:\Documents and Settings\Buhl\My Documents\pos54E.tmp
C:\Documents and Settings\Buhl\My Documents\pos54F.tmp
C:\Documents and Settings\Buhl\My Documents\pos550.tmp
C:\Documents and Settings\Buhl\My Documents\pos551.tmp
C:\Documents and Settings\Buhl\My Documents\pos552.tmp
C:\Documents and Settings\Buhl\My Documents\pos553.tmp
C:\Documents and Settings\Buhl\My Documents\pos554.tmp
C:\Documents and Settings\Buhl\My Documents\pos555.tmp
C:\Documents and Settings\Buhl\My Documents\pos556.tmp
C:\Documents and Settings\Buhl\My Documents\pos557.tmp
C:\Documents and Settings\Buhl\My Documents\pos558.tmp
C:\Documents and Settings\Buhl\My Documents\pos559.tmp
C:\Documents and Settings\Buhl\My Documents\pos55A.tmp
C:\Documents and Settings\Buhl\My Documents\pos55B.tmp
C:\Documents and Settings\Buhl\My Documents\pos55C.tmp
C:\Documents and Settings\Buhl\My Documents\pos55D.tmp
C:\Documents and Settings\Buhl\My Documents\pos55E.tmp
C:\Documents and Settings\Buhl\My Documents\pos55F.tmp
C:\Documents and Settings\Buhl\My Documents\pos560.tmp
C:\Documents and Settings\Buhl\My Documents\pos561.tmp
C:\Documents and Settings\Buhl\My Documents\pos562.tmp
C:\Documents and Settings\Buhl\My Documents\pos563.tmp
C:\Documents and Settings\Buhl\My Documents\pos564.tmp
C:\Documents and Settings\Buhl\My Documents\pos565.tmp
C:\Documents and Settings\Buhl\My Documents\pos566.tmp
C:\Documents and Settings\Buhl\My Documents\pos567.tmp
C:\Documents and Settings\Buhl\My Documents\pos568.tmp
C:\Documents and Settings\Buhl\My Documents\pos569.tmp
C:\Documents and Settings\Buhl\My Documents\pos56A.tmp
C:\Documents and Settings\Buhl\My Documents\pos56B.tmp
C:\Documents and Settings\Buhl\My Documents\pos56C.tmp
C:\Documents and Settings\Buhl\My Documents\pos56D.tmp
C:\Documents and Settings\Buhl\My Documents\pos56E.tmp
C:\Documents and Settings\Buhl\My Documents\pos56F.tmp
C:\Documents and Settings\Buhl\My Documents\pos570.tmp
C:\Documents and Settings\Buhl\My Documents\pos571.tmp
C:\Documents and Settings\Buhl\My Documents\pos572.tmp
C:\Documents and Settings\Buhl\My Documents\pos573.tmp
C:\Documents and Settings\Buhl\My Documents\pos574.tmp
C:\Documents and Settings\Buhl\My Documents\pos575.tmp
C:\Documents and Settings\Buhl\My Documents\pos576.tmp
C:\Documents and Settings\Buhl\My Documents\pos577.tmp
C:\Documents and Settings\Buhl\My Documents\pos578.tmp
C:\Documents and Settings\Buhl\My Documents\pos579.tmp
C:\Documents and Settings\Buhl\My Documents\pos57A.tmp
C:\Documents and Settings\Buhl\My Documents\pos57B.tmp
C:\Documents and Settings\Buhl\My Documents\pos57C.tmp
C:\Documents and Settings\Buhl\My Documents\pos57D.tmp
C:\Documents and Settings\Buhl\My Documents\pos57E.tmp
C:\Documents and Settings\Buhl\My Documents\pos57F.tmp
C:\Documents and Settings\Buhl\My Documents\pos580.tmp
C:\Documents and Settings\Buhl\My Documents\pos581.tmp
C:\Documents and Settings\Buhl\My Documents\pos582.tmp
C:\Documents and Settings\Buhl\My Documents\pos583.tmp
C:\Documents and Settings\Buhl\My Documents\pos584.tmp
C:\Documents and Settings\Buhl\My Documents\pos585.tmp
C:\Documents and Settings\Buhl\My Documents\pos586.tmp
C:\Documents and Settings\Buhl\My Documents\pos587.tmp
C:\Documents and Settings\Buhl\My Documents\pos588.tmp
C:\Documents and Settings\Buhl\My Documents\pos589.tmp
C:\Documents and Settings\Buhl\My Documents\pos58A.tmp
C:\Documents and Settings\Buhl\My Documents\pos58B.tmp
C:\Documents and Settings\Buhl\My Documents\pos58C.tmp
C:\Documents and Settings\Buhl\My Documents\pos58D.tmp
C:\Documents and Settings\Buhl\My Documents\pos58E.tmp
C:\Documents and Settings\Buhl\My Documents\pos58F.tmp
C:\Documents and Settings\Buhl\My Documents\pos590.tmp
C:\Documents and Settings\Buhl\My Documents\pos591.tmp
C:\Documents and Settings\Buhl\My Documents\pos592.tmp
C:\Documents and Settings\Buhl\My Documents\pos593.tmp
C:\Documents and Settings\Buhl\My Documents\pos594.tmp
C:\Documents and Settings\Buhl\My Documents\pos595.tmp
C:\Documents and Settings\Buhl\My Documents\pos596.tmp
C:\Documents and Settings\Buhl\My Documents\pos597.tmp
C:\Documents and Settings\Buhl\My Documents\pos598.tmp
C:\Documents and Settings\Buhl\My Documents\pos599.tmp
C:\Documents and Settings\Buhl\My Documents\pos59A.tmp
C:\Documents and Settings\Buhl\My Documents\pos59B.tmp
C:\Documents and Settings\Buhl\My Documents\pos59C.tmp
C:\Documents and Settings\Buhl\My Documents\pos59D.tmp
C:\Documents and Settings\Buhl\My Documents\pos59E.tmp
C:\Documents and Settings\Buhl\My Documents\pos59F.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A0.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A1.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A2.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A3.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A4.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A5.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A6.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A7.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A8.tmp
C:\Documents and Settings\Buhl\My Documents\pos5A9.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AB.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AC.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AD.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AE.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AF.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B0.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B1.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B2.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B3.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B4.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B5.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B6.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B7.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B8.tmp
C:\Documents and Settings\Buhl\My Documents\pos5B9.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BA.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BB.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BC.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BD.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BE.tmp
C:\Documents and Settings\Buhl\My Documents\pos5BF.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C0.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C1.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C2.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C3.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C4.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C5.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C6.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C7.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C8.tmp
C:\Documents and Settings\Buhl\My Documents\pos5C9.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CA.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CB.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CC.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CD.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CE.tmp
C:\Documents and Settings\Buhl\My Documents\pos5CF.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D0.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D1.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D2.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D3.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D4.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D5.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D6.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D7.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D8.tmp
C:\Documents and Settings\Buhl\My Documents\pos5D9.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DA.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DB.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DC.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DD.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DE.tmp
C:\Documents and Settings\Buhl\My Documents\pos5DF.tmp
C:\Documents and Settings\Buhl\My Documents\pos5AA.tmp
C:\WINDOWS\system32\bujrcvbs.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-19 to 2008-01-19 )))))))))))))))))))))))))))))))
.

2008-01-19 14:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 15:38 . 2008-01-18 15:38 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-18 15:38 . 2008-01-18 16:25 <DIR> d-------- C:\Documents and Settings\Buhl\Application Data\AVG7
2008-01-18 15:38 . 2008-01-18 16:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 15:45 . 2008-01-10 15:46 <DIR> d-------- C:\Program Files\DivX
2008-01-04 22:54 . 2008-01-04 22:44 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-04 22:44 . 2008-01-19 14:01 <DIR> d-------- C:\Documents and Settings\Buhl\.housecall6.6
2008-01-04 22:43 . 2008-01-04 22:43 <DIR> d-------- C:\WINDOWS\Sun
2008-01-04 22:42 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-04 22:41 . 2008-01-04 22:42 <DIR> d-------- C:\Program Files\Java
2008-01-04 22:39 . 2008-01-04 22:39 <DIR> d-------- C:\Program Files\Common Files\Java
2008-01-01 21:43 . 2008-01-01 21:43 <DIR> d-------- C:\Documents and Settings\Buhl\Application Data\Lavasoft
2008-01-01 20:29 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-30 20:32 . 2008-01-09 16:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-12-30 20:32 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-12-30 20:28 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-12-30 20:28 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2007-12-30 20:28 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2007-12-30 20:28 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2007-12-30 20:28 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2007-12-30 15:25 . 2008-01-09 16:15 <DIR> d-------- C:\WINDOWS\system32\AppCert
2007-12-20 00:42 . 2007-12-20 00:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-20 00:19 . 2007-12-20 00:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-19 22:38 . 2007-12-19 23:50 316 --a------ C:\WINDOWS\wininit.ini
2007-12-19 21:06 . 2008-01-05 02:51 576 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-19 21:05 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-12-19 21:05 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-12-19 21:05 . 2007-12-13 19:40 77,824 --a------ C:\WINDOWS\system32\IEDFix.exe
2007-12-19 21:05 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-12-19 21:05 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-19 21:05 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-19 21:00 . 2008-01-18 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-19 20:32 . 2007-12-19 20:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-19 19:01 . 2007-12-20 02:11 1,647,532 ---hs---- C:\WINDOWS\system32\nejypreq.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 13:01 22,708 ----a-w C:\Program Files\ssapi.log
2008-01-17 18:26 --------- d-----w C:\Program Files\extensions
2008-01-10 14:46 1,284 ----a-w C:\Program Files\install.log
2008-01-10 14:46 0 ----a-w C:\Program Files\.autoreg
2008-01-10 14:46 --------- d-----w C:\Program Files\plugins
2008-01-03 01:16 --------- d-----w C:\Program Files\uninstall
2008-01-03 01:15 73,848 ----a-w C:\Program Files\xpcom_compat.dll
2008-01-03 01:15 73,336 ----a-w C:\Program Files\xpicleanup.exe
2008-01-03 01:15 7,650,416 ----a-w C:\Program Files\firefox.exe
2008-01-03 01:15 697 ----a-w C:\Program Files\updater.ini
2008-01-03 01:15 57 ----a-w C:\Program Files\active-update.xml
2008-01-03 01:15 476 ----a-w C:\Program Files\softokn3.chk
2008-01-03 01:15 476 ----a-w C:\Program Files\freebl3.chk
2008-01-03 01:15 456,296 ----a-w C:\Program Files\js3250.dll
2008-01-03 01:15 422,000 ----a-w C:\Program Files\xpcom_core.dll
2008-01-03 01:15 378,472 ----a-w C:\Program Files\nss3.dll
2008-01-03 01:15 34,424 ----a-w C:\Program Files\plc4.dll
2008-01-03 01:15 30,869 ----a-w C:\Program Files\LICENSE
2008-01-03 01:15 30,320 ----a-w C:\Program Files\plds4.dll
2008-01-03 01:15 271,984 ----a-w C:\Program Files\nssckbi.dll
2008-01-03 01:15 254,060 ----a-w C:\Program Files\softokn3.dll
2008-01-03 01:15 222 ----a-w C:\Program Files\browserconfig.properties
2008-01-03 01:15 200,829 ----a-w C:\Program Files\freebl3.dll
2008-01-03 01:15 181 ----a-w C:\Program Files\README.txt
2008-01-03 01:15 161,392 ----a-w C:\Program Files\nspr4.dll
2008-01-03 01:15 132,712 ----a-w C:\Program Files\ssl3.dll
2008-01-03 01:15 132,232 ----a-w C:\Program Files\updater.exe
2008-01-03 01:15 13,952 ----a-w C:\Program Files\AccessibleMarshal.dll
2008-01-03 01:15 13,416 ----a-w C:\Program Files\xpcom.dll
2008-01-03 01:15 13,058 ----a-w C:\Program Files\removed-files
2008-01-03 01:15 12,400 ----a-w C:\Program Files\xpistub.dll
2008-01-03 01:15 112,232 ----a-w C:\Program Files\smime3.dll
2008-01-03 01:15 107 ----a-w C:\Program Files\old-homepage-default.properties
2008-01-03 01:15 1,994 ----a-w C:\Program Files\updates.xml
2008-01-03 01:15 --------- d-----w C:\Program Files\updates
2008-01-03 01:15 --------- d-----w C:\Program Files\searchplugins
2008-01-03 01:15 --------- d-----w C:\Program Files\greprefs
2008-01-03 01:15 --------- d-----w C:\Program Files\components
2008-01-03 01:15 --------- d-----w C:\Program Files\chrome
2007-12-30 22:24 --------- d-----w C:\Program Files\res
2007-12-19 23:13 --------- d-----w C:\Program Files\Yahoo!
2007-12-19 23:13 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Yahoo!
2007-12-19 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-08 16:51 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-12-08 16:51 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-01 18:28 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Skype
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-24 03:28 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Move Networks
2007-11-22 03:44 --------- d-----w C:\Documents and Settings\Buhl\Application Data\Ventrilo
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 16:39 230,912 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-02 02:44 2,983 -c--a-w C:\Program Files\install_wizard.log
2007-10-02 02:44 1,746 -c--a-w C:\Program Files\install_status.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"AVG7_CC"="D:\PROGRA~2\Grisoft\AVG7\avgcc.exe" [2008-01-18 15:38 411648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="D:\PROGRA~2\Grisoft\AVG7\avgw.exe" [2008-01-18 15:38 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9c5cfa3e]
C:\WINDOWS\system32\qerpyjen.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 18:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 11:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsHive]
C:\WINDOWS\system32\rpcc.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\sessionmanager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43564368-4375-8601-4371-458454791235}]
C:\WINDOWS\system32\tcpdiss.exe /r
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 14:53:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 14:54:42
ComboFix-quarantined-files.txt 2008-01-19 13:54:27
.
2008-01-09 20:08:06 --- E O F ---


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:18, on 19-01-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\fluffylol.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A796238E-4D9A-42E0-ADD7-2D7AABCDC1A0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~2\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 3446 bytes

Edited by henrik88, 19 January 2008 - 09:05 AM.


#15 henrik88

henrik88
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 19 January 2008 - 09:11 AM

Here are pictures of a housecall online scan i ran Prior to running the combofix and hijackthis program today

Posted Image

and heres the picture of housecall being unable to remove it

Posted Image

Edited by henrik88, 19 January 2008 - 09:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users