Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not remove Virtumonde and Virtumonde.generic - NEED HELP

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Katana » December 31st, 2007, 1:02 pm

katana wrote:Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Kaspersky Log
  • How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester
Advertisement
Register to Remove

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby xcel » January 2nd, 2008, 10:49 pm

Did they take down the online scanner? I cant see it?
xcel
Active Member
 
Posts: 14
Joined: December 21st, 2007, 9:41 pm

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Katana » January 3rd, 2008, 7:11 am

Go to the Kaspersky page, and click this image
Image
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby xcel » January 5th, 2008, 9:58 pm

When I go to that site I do no see that. Is there another one i can use?
xcel
Active Member
 
Posts: 14
Joined: December 21st, 2007, 9:41 pm

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Katana » January 6th, 2008, 8:27 am

TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan << LINK
  • Under Scan Now click the Full Scan button
  • Follow the prompts to install the Active X if necessary
  • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
  • When the scan is finished, a report will be generated
  • Next to Scan Details click the small Save button and save the report to your desktop.
  • Please post the report in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby xcel » January 8th, 2008, 6:10 am

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-01-08 05:09:25
PROTECTIONS: 1
MALWARE: 35
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
VirusScan Enterprise + AntiSpyware Enterprise8.5.0.781 Yes No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@toplist[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@apmebf[3].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@apmebf[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@www.burstbeacon[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@statse.webtrendslive[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@go[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@target[1].txt
00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@cgi-bin[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@cgi-bin[2].txt
00332832 Adware/DollarRevenue Adware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008629.dll
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\fixwareout\FindT\nircmd.exe
00370608 Adware/PestTrap Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008634.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\jw1173\Desktop\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP83\A0035874.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP89\A0036758.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP88\A0036627.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP85\A0036165.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\jw1173\Desktop\ComboFix.exe[nircmd.cfexe]
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\jw1173\Cookies\jw1173@adserver.easyad[1].txt
02559109 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031964.dll
02642510 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008646.exe
02688391 Trj/WinAble.A Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP57\A0009595.exe
02688464 Adware/DnsInsider Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP57\A0009597.exe
02882925 Adware/AVSystemCare Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008649.exe
02882925 Adware/AVSystemCare Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008652.exe
02883662 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008985.exe
02883662 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008999.exe
02883663 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035092.dll
02883663 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP44\A0008357.dll
02883663 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP45\A0008369.dll
02883663 Adware/SecurityError Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP45\A0008374.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\xasjlang.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\ubhfgapm.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\tvdidwsw.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\trkmramb.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\tjaotioo.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\syjqnibj.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\shqhkfbq.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\sfdysnvy.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\scweaypi.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\rqmwccsy.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\qxkbxanq.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\prcndccm.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\pgijmkhp.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\pdkwkaov.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\oosdrxxc.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\okyyytcq.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\nimtugjy.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\mrisqsfx.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\mownjprv.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\mnwrmerr.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\miyjbnvi.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\lujrkwva.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\ufwrfgqw.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\lavaapih.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\kphkxcel.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\kpayrwgy.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\itxgkphn.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\itowdpxg.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\iemfslwq.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\hiljftew.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\helnobsk.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\gwimxakl.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\gvcuocmd.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\gjsigybm.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\ggyoovpe.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\fwsbtnbx.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\fruvrpwa.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\eunffyon.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dxoohmxs.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dohbnpny.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dmnoyxul.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\cyhavnee.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\wsnobmka.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\celubgof.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\bjiswfvl.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\atuodfcr.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\aqrfbssx.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\ulvvhmob.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\xtnequqa.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\unaqhtfg.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\xvqvbbkm.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035324.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035323.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035322.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\untygjon.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035320.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035318.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035316.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035315.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035314.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035313.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035312.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035311.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035310.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035309.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035307.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035305.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035304.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035303.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035302.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035301.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035300.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035299.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035298.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035295.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035294.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035292.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035290.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\lserudcr.dll.bad
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035249.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035250.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035289.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035252.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035253.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035255.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035256.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035257.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035288.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035259.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035260.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035287.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035265.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035266.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035267.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035268.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035286.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035270.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035271.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035272.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035273.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035285.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035284.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035276.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035277.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035278.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035283.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035282.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\wguvoqwi.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035275.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035274.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP61\A0010783.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP62\A0011783.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP63\A0011888.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035251.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP64\A0012380.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\theoaeyr.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0034793.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035293.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0034792.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0013380.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035297.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0015380.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016535.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP79\A0033076.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\pdcgtabi.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0017535.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0017536.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\offqrhhe.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP66\A0017670.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP66\A0017671.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0019069.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035308.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0020069.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0020152.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0021152.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0022152.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0023152.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP68\A0023305.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP69\A0023471.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\wnjrluvs.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP70\A0025471.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP70\A0027641.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035319.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0027888.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035321.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP76\A0031790.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP76\A0031783.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP75\A0031599.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP75\A0031434.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\hlynfqbb.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP75\A0031318.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP74\A0031248.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP74\A0031247.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP74\A0031157.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP74\A0031156.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\axofyeyi.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0030971.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0030897.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0030822.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0030757.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0029687.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0029582.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\wuhqymgt.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0029581.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP73\A0029469.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\hkjsxtlv.dll.bad
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0029331.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0029330.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0028331.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0028330.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0027985.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0028218.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0028118.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP72\A0028115.dll
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP79\A0033147.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\fpsbauwq.exe.bad
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035264.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031966.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031967.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0034878.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031968.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031969.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031970.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031971.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031972.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031973.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031974.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031975.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031976.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016527.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016528.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031977.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031978.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031979.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031980.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP78\A0031981.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016529.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016532.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016531.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP65\A0016530.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\vunycygi.exe.bad
02886380 Adware/SearchAid Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008756.exe
02886382 Adware/Adband Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008763.dll
02887209 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0034626.dll
02887209 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP85\A0036120.dll
02887209 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0034633.dll
02887209 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\miuaoqsv.dll.vir
02887519 Adware/Zenosearch Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008640.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\stoxiwtv.dll.bad
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035269.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035306.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\nbqmwwwn.dll.bad
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035258.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035317.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035291.dll
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\uogqpmni.dll.bad
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\guxcxnpr.dll.bad
02887917 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\dvmttxca.dll.bad
02887918 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\cwfapkne.dll.bad
02888154 Adware/Adband Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP44\A0008350.exe
02888154 Adware/Adband Adware No 0 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP51\A0008754.exe
02888725 Trj/Pakes.DF Virus/Trojan No 1 Yes No C:\WINDOWS\system32\mm6\ncstdb33.exe
02888729 Rootkit/Agent.HNI HackTools No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP57\A0009590.sys
02889814 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{0F096818-3A8F-455C-9E69-D0D7C4D1351C}\RP81\A0035279.dll
02889814 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\iujsmise.dll.bad
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
xcel
Active Member
 
Posts: 14
Joined: December 21st, 2007, 9:41 pm

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Katana » January 8th, 2008, 5:15 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    DirLook::
    C:\WINDOWS\system32\mm6
    
    File::
    C:\WINDOWS\system32\mm6\ncstdb33.exe
    Folder::
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Please post a fresh HJT log in your reply.
How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby xcel » January 8th, 2008, 9:28 pm

ComboFix 08-01-09.2 - jw1173 2008-01-08 18:18:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -5:00]
Running from: C:\Documents and Settings\jw1173\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jw1173\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\mm6\ncstdb33.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos1.tmp
C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos2.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos334.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos408.tmp
C:\pos409.tmp
C:\pos40A.tmp
C:\pos40C.tmp
C:\pos40E.tmp
C:\pos40F.tmp
C:\pos41.tmp
C:\pos410.tmp
C:\pos411.tmp
C:\pos412.tmp
C:\pos413.tmp
C:\pos414.tmp
C:\pos415.tmp
C:\pos416.tmp
C:\pos417.tmp
C:\pos418.tmp
C:\pos419.tmp
C:\pos41A.tmp
C:\pos41C.tmp
C:\pos41D.tmp
C:\pos41E.tmp
C:\pos41F.tmp
C:\pos42.tmp
C:\pos421.tmp
C:\pos422.tmp
C:\pos423.tmp
C:\pos424.tmp
C:\pos425.tmp
C:\pos426.tmp
C:\pos427.tmp
C:\pos428.tmp
C:\pos429.tmp
C:\pos42A.tmp
C:\pos42B.tmp
C:\pos42C.tmp
C:\pos42D.tmp
C:\pos42E.tmp
C:\pos42F.tmp
C:\pos43.tmp
C:\pos430.tmp
C:\pos431.tmp
C:\pos432.tmp
C:\pos433.tmp
C:\pos434.tmp
C:\pos435.tmp
C:\pos436.tmp
C:\pos437.tmp
C:\pos438.tmp
C:\pos439.tmp
C:\pos43A.tmp
C:\pos43B.tmp
C:\pos43C.tmp
C:\pos43D.tmp
C:\pos43E.tmp
C:\pos43F.tmp
C:\pos44.tmp
C:\pos440.tmp
C:\pos441.tmp
C:\pos442.tmp
C:\pos443.tmp
C:\pos444.tmp
C:\pos445.tmp
C:\pos446.tmp
C:\pos447.tmp
C:\pos448.tmp
C:\pos449.tmp
C:\pos44A.tmp
C:\pos44B.tmp
C:\pos44C.tmp
C:\pos44D.tmp
C:\pos44E.tmp
C:\pos44F.tmp
C:\pos45.tmp
C:\pos450.tmp
C:\pos451.tmp
C:\pos452.tmp
C:\pos453.tmp
C:\pos454.tmp
C:\pos455.tmp
C:\pos456.tmp
C:\pos457.tmp
C:\pos458.tmp
C:\pos459.tmp
C:\pos45A.tmp
C:\pos45B.tmp
C:\pos45C.tmp
C:\pos45D.tmp
C:\pos45E.tmp
C:\pos45F.tmp
C:\pos46.tmp
C:\pos460.tmp
C:\pos461.tmp
C:\pos462.tmp
C:\pos463.tmp
C:\pos464.tmp
C:\pos465.tmp
C:\pos466.tmp
C:\pos467.tmp
C:\pos468.tmp
C:\pos469.tmp
C:\pos46A.tmp
C:\pos46B.tmp
C:\pos46C.tmp
C:\pos46D.tmp
C:\pos46E.tmp
C:\pos46F.tmp
C:\pos47.tmp
C:\pos470.tmp
C:\pos471.tmp
C:\pos472.tmp
C:\pos473.tmp
C:\pos474.tmp
C:\pos475.tmp
C:\pos476.tmp
C:\pos477.tmp
C:\pos478.tmp
C:\pos479.tmp
C:\pos47A.tmp
C:\pos47B.tmp
C:\pos47C.tmp
C:\pos47D.tmp
C:\pos47E.tmp
C:\pos47F.tmp
C:\pos48.tmp
C:\pos480.tmp
C:\pos481.tmp
C:\pos482.tmp
C:\pos483.tmp
C:\pos484.tmp
C:\pos485.tmp
C:\pos486.tmp
C:\pos487.tmp
C:\pos488.tmp
C:\pos489.tmp
C:\pos48A.tmp
C:\pos48B.tmp
C:\pos48C.tmp
C:\pos48D.tmp
C:\pos48E.tmp
C:\pos48F.tmp
C:\pos49.tmp
C:\pos490.tmp
C:\pos491.tmp
C:\pos492.tmp
C:\pos493.tmp
C:\pos494.tmp
C:\pos495.tmp
C:\pos496.tmp
C:\pos497.tmp
C:\pos498.tmp
C:\pos499.tmp
C:\pos49A.tmp
C:\pos49B.tmp
C:\pos49C.tmp
C:\pos49D.tmp
C:\pos49E.tmp
C:\pos49F.tmp
C:\pos4A.tmp
C:\pos4A0.tmp
C:\pos4A1.tmp
C:\pos4A2.tmp
C:\pos4A3.tmp
C:\pos4A4.tmp
C:\pos4A5.tmp
C:\pos4A6.tmp
C:\pos4A7.tmp
C:\pos4A8.tmp
C:\pos4A9.tmp
C:\pos4AA.tmp
C:\pos4AB.tmp
C:\pos4AC.tmp
C:\pos4AD.tmp
C:\pos4AE.tmp
C:\pos4AF.tmp
C:\pos4B.tmp
C:\pos4B0.tmp
C:\pos4B1.tmp
C:\pos4B2.tmp
C:\pos4B3.tmp
C:\pos4B4.tmp
C:\pos4B5.tmp
C:\pos4B6.tmp
C:\pos4B7.tmp
C:\pos4B8.tmp
C:\pos4B9.tmp
C:\pos4BA.tmp
C:\pos4BB.tmp
C:\pos4BC.tmp
C:\pos4BD.tmp
C:\pos4BE.tmp
C:\pos4BF.tmp
C:\pos4C.tmp
C:\pos4C0.tmp
C:\pos4C1.tmp
C:\pos4C2.tmp
C:\pos4C3.tmp
C:\pos4C4.tmp
C:\pos4C5.tmp
C:\pos4C6.tmp
C:\pos4C7.tmp
C:\pos4C8.tmp
C:\pos4C9.tmp
C:\pos4CA.tmp
C:\pos4CB.tmp
C:\pos4CC.tmp
C:\pos4CD.tmp
C:\pos4CE.tmp
C:\pos4CF.tmp
C:\pos4D.tmp
C:\pos4D0.tmp
C:\pos4D1.tmp
C:\pos4D2.tmp
C:\pos4D3.tmp
C:\pos4D4.tmp
C:\pos4D5.tmp
C:\pos4D6.tmp
C:\pos4D7.tmp
C:\pos4D8.tmp
C:\pos4D9.tmp
C:\pos4DA.tmp
C:\pos4DB.tmp
C:\pos4DC.tmp
C:\pos4DD.tmp
C:\pos4DE.tmp
C:\pos4DF.tmp
C:\pos4E.tmp
C:\pos4E0.tmp
C:\pos4E1.tmp
C:\pos4E2.tmp
C:\pos4E3.tmp
C:\pos4E4.tmp
C:\pos4E5.tmp
C:\pos4E6.tmp
C:\pos4E7.tmp
C:\pos4E8.tmp
C:\pos4E9.tmp
C:\pos4EA.tmp
C:\pos4EB.tmp
C:\pos4EC.tmp
C:\pos4ED.tmp
C:\pos4EE.tmp
C:\pos4EF.tmp
C:\pos4F.tmp
C:\pos4F0.tmp
C:\pos4F1.tmp
C:\pos4F2.tmp
C:\pos4F3.tmp
C:\pos4F4.tmp
C:\pos4F5.tmp
C:\pos4F6.tmp
C:\pos4F7.tmp
C:\pos4F8.tmp
C:\pos4F9.tmp
C:\pos4FA.tmp
C:\pos4FB.tmp
C:\pos4FC.tmp
C:\pos4FD.tmp
C:\pos4FE.tmp
C:\pos4FF.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos500.tmp
C:\pos501.tmp
C:\pos502.tmp
C:\pos503.tmp
C:\pos504.tmp
C:\pos505.tmp
C:\pos506.tmp
C:\pos507.tmp
C:\pos508.tmp
C:\pos509.tmp
C:\pos50A.tmp
C:\pos50B.tmp
C:\pos50C.tmp
C:\pos50D.tmp
C:\pos50E.tmp
C:\pos50F.tmp
C:\pos51.tmp
C:\pos510.tmp
C:\pos511.tmp
C:\pos512.tmp
C:\pos513.tmp
C:\pos514.tmp
C:\pos515.tmp
C:\pos516.tmp
C:\pos517.tmp
C:\pos518.tmp
C:\pos519.tmp
C:\pos51A.tmp
C:\pos51B.tmp
C:\pos51C.tmp
C:\pos51D.tmp
C:\pos51E.tmp
C:\pos51F.tmp
C:\pos52.tmp
C:\pos520.tmp
C:\pos521.tmp
C:\pos522.tmp
C:\pos523.tmp
C:\pos524.tmp
C:\pos525.tmp
C:\pos526.tmp
C:\pos527.tmp
C:\pos528.tmp
C:\pos529.tmp
C:\pos52A.tmp
C:\pos52B.tmp
C:\pos52C.tmp
C:\pos52D.tmp
C:\pos52E.tmp
C:\pos52F.tmp
C:\pos53.tmp
C:\pos530.tmp
C:\pos531.tmp
C:\pos532.tmp
C:\pos533.tmp
C:\pos534.tmp
C:\pos535.tmp
C:\pos536.tmp
C:\pos537.tmp
C:\pos538.tmp
C:\pos539.tmp
C:\pos53A.tmp
C:\pos53B.tmp
C:\pos53C.tmp
C:\pos53D.tmp
C:\pos53E.tmp
C:\pos53F.tmp
C:\pos54.tmp
C:\pos540.tmp
C:\pos541.tmp
C:\pos542.tmp
C:\pos543.tmp
C:\pos544.tmp
C:\pos545.tmp
C:\pos546.tmp
C:\pos547.tmp
C:\pos548.tmp
C:\pos549.tmp
C:\pos54A.tmp
C:\pos54B.tmp
C:\pos54C.tmp
C:\pos54D.tmp
C:\pos54E.tmp
C:\pos54F.tmp
C:\pos55.tmp
C:\pos550.tmp
C:\pos551.tmp
C:\pos552.tmp
C:\pos553.tmp
C:\pos554.tmp
C:\pos555.tmp
C:\pos556.tmp
C:\pos557.tmp
C:\pos558.tmp
C:\pos559.tmp
C:\pos55A.tmp
C:\pos55B.tmp
C:\pos55C.tmp
C:\pos55D.tmp
C:\pos55E.tmp
C:\pos55F.tmp
C:\pos56.tmp
C:\pos560.tmp
C:\pos561.tmp
C:\pos562.tmp
C:\pos563.tmp
C:\pos564.tmp
C:\pos565.tmp
C:\pos566.tmp
C:\pos567.tmp
C:\pos568.tmp
C:\pos569.tmp
C:\pos56A.tmp
C:\pos56B.tmp
C:\pos56C.tmp
C:\pos56D.tmp
C:\pos56E.tmp
C:\pos56F.tmp
C:\pos57.tmp
C:\pos570.tmp
C:\pos571.tmp
C:\pos572.tmp
C:\pos573.tmp
C:\pos574.tmp
C:\pos575.tmp
C:\pos576.tmp
C:\pos577.tmp
C:\pos578.tmp
C:\pos579.tmp
C:\pos57A.tmp
C:\pos57B.tmp
C:\pos57C.tmp
C:\pos57D.tmp
C:\pos57E.tmp
C:\pos57F.tmp
C:\pos58.tmp
C:\pos580.tmp
C:\pos581.tmp
C:\pos582.tmp
C:\pos583.tmp
C:\pos584.tmp
C:\pos585.tmp
C:\pos586.tmp
C:\pos587.tmp
C:\pos588.tmp
C:\pos589.tmp
C:\pos58A.tmp
C:\pos58B.tmp
C:\pos58C.tmp
C:\pos58D.tmp
C:\pos58E.tmp
C:\pos58F.tmp
C:\pos59.tmp
C:\pos590.tmp
C:\pos591.tmp
C:\pos592.tmp
C:\pos593.tmp
C:\pos594.tmp
C:\pos595.tmp
C:\pos596.tmp
C:\pos597.tmp
C:\pos598.tmp
C:\pos599.tmp
C:\pos59A.tmp
C:\pos59B.tmp
C:\pos59C.tmp
C:\pos59D.tmp
C:\pos59E.tmp
C:\pos59F.tmp
C:\pos5A.tmp
C:\pos5A0.tmp
C:\pos5A1.tmp
C:\pos5A2.tmp
C:\pos5A3.tmp
C:\pos5A4.tmp
C:\pos5A5.tmp
C:\pos5A6.tmp
C:\pos5A7.tmp
C:\pos5A8.tmp
C:\pos5A9.tmp
C:\pos5AA.tmp
C:\pos5AB.tmp
C:\pos5AC.tmp
C:\pos5AD.tmp
C:\pos5AE.tmp
C:\pos5AF.tmp
C:\pos5B.tmp
C:\pos5B0.tmp
C:\pos5B1.tmp
C:\pos5B2.tmp
C:\pos5B3.tmp
C:\pos5B4.tmp
C:\pos5B5.tmp
C:\pos5B6.tmp
C:\pos5B7.tmp
C:\pos5B8.tmp
C:\pos5B9.tmp
C:\pos5BA.tmp
C:\pos5BB.tmp
C:\pos5BC.tmp
C:\pos5BD.tmp
C:\pos5BE.tmp
C:\pos5BF.tmp
C:\pos5C.tmp
C:\pos5C0.tmp
C:\pos5C1.tmp
C:\pos5C2.tmp
C:\pos5C3.tmp
C:\pos5C4.tmp
C:\pos5C5.tmp
C:\pos5C6.tmp
C:\pos5C7.tmp
C:\pos5C8.tmp
C:\pos5C9.tmp
C:\pos5CA.tmp
C:\pos5CB.tmp
C:\pos5CC.tmp
C:\pos5CD.tmp
C:\pos5CE.tmp
C:\pos5CF.tmp
C:\pos5D.tmp
C:\pos5D0.tmp
C:\pos5D1.tmp
C:\pos5D2.tmp
C:\pos5D3.tmp
C:\pos5D4.tmp
C:\pos5D5.tmp
C:\pos5D6.tmp
C:\pos5D7.tmp
C:\pos5D8.tmp
C:\pos5D9.tmp
C:\pos5DA.tmp
C:\pos5DB.tmp
C:\pos5DC.tmp
C:\pos5DD.tmp
C:\pos5DE.tmp
C:\pos5DF.tmp
C:\pos5E.tmp
C:\pos5E0.tmp
C:\pos5E1.tmp
C:\pos5E2.tmp
C:\pos5E3.tmp
C:\pos5E4.tmp
C:\pos5E5.tmp
C:\pos5E6.tmp
C:\pos5E7.tmp
C:\pos5E8.tmp
C:\pos5E9.tmp
C:\pos5EA.tmp
C:\pos5EB.tmp
C:\pos5EC.tmp
C:\pos5ED.tmp
C:\pos5EE.tmp
C:\pos5EF.tmp
C:\pos5F.tmp
C:\pos5F0.tmp
C:\pos5F1.tmp
C:\pos5F2.tmp
C:\pos5F3.tmp
C:\pos5F4.tmp
C:\pos5F5.tmp
C:\pos5F6.tmp
C:\pos5F8.tmp
C:\pos5F9.tmp
C:\pos5FA.tmp
C:\pos5FB.tmp
C:\pos5FD.tmp
C:\pos5FE.tmp
C:\pos5FF.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos600.tmp
C:\pos601.tmp
C:\pos602.tmp
C:\pos603.tmp
C:\pos604.tmp
C:\pos605.tmp
C:\pos606.tmp
C:\pos607.tmp
C:\pos608.tmp
C:\pos609.tmp
C:\pos60A.tmp
C:\pos60B.tmp
C:\pos60C.tmp
C:\pos60D.tmp
C:\pos60E.tmp
C:\pos60F.tmp
C:\pos61.tmp
C:\pos610.tmp
C:\pos611.tmp
C:\pos612.tmp
C:\pos613.tmp
C:\pos615.tmp
C:\pos616.tmp
C:\pos617.tmp
C:\pos618.tmp
C:\pos619.tmp
C:\pos61A.tmp
C:\pos61B.tmp
C:\pos61C.tmp
C:\pos61E.tmp
C:\pos61F.tmp
C:\pos62.tmp
C:\pos620.tmp
C:\pos621.tmp
C:\pos622.tmp
C:\pos623.tmp
C:\pos624.tmp
C:\pos625.tmp
C:\pos626.tmp
C:\pos627.tmp
C:\pos628.tmp
C:\pos629.tmp
C:\pos62A.tmp
C:\pos62B.tmp
C:\pos62C.tmp
C:\pos62D.tmp
C:\pos62E.tmp
C:\pos62F.tmp
C:\pos63.tmp
C:\pos630.tmp
C:\pos631.tmp
C:\pos632.tmp
C:\pos633.tmp
C:\pos634.tmp
C:\pos635.tmp
C:\pos636.tmp
C:\pos637.tmp
C:\pos638.tmp
C:\pos639.tmp
C:\pos63A.tmp
C:\pos63B.tmp
C:\pos63C.tmp
C:\pos63D.tmp
C:\pos63E.tmp
C:\pos63F.tmp
C:\pos64.tmp
C:\pos640.tmp
C:\pos641.tmp
C:\pos642.tmp
C:\pos643.tmp
C:\pos644.tmp
C:\pos645.tmp
C:\pos646.tmp
C:\pos647.tmp
C:\pos648.tmp
C:\pos649.tmp
C:\pos64A.tmp
C:\pos64B.tmp
C:\pos64C.tmp
C:\pos64D.tmp
C:\pos64E.tmp
C:\pos64F.tmp
C:\pos65.tmp
C:\pos650.tmp
C:\pos651.tmp
C:\pos652.tmp
C:\pos653.tmp
C:\pos654.tmp
C:\pos655.tmp
C:\pos656.tmp
C:\pos657.tmp
C:\pos658.tmp
C:\pos659.tmp
C:\pos65A.tmp
C:\pos65B.tmp
C:\pos65C.tmp
C:\pos65D.tmp
C:\pos65E.tmp
C:\pos65F.tmp
C:\pos66.tmp
C:\pos660.tmp
C:\pos661.tmp
C:\pos662.tmp
C:\pos663.tmp
C:\pos664.tmp
C:\pos665.tmp
C:\pos666.tmp
C:\pos667.tmp
C:\pos668.tmp
C:\pos669.tmp
C:\pos66A.tmp
C:\pos66B.tmp
C:\pos66C.tmp
C:\pos66D.tmp
C:\pos66E.tmp
C:\pos66F.tmp
C:\pos67.tmp
C:\pos670.tmp
C:\pos671.tmp
C:\pos672.tmp
C:\pos673.tmp
C:\pos674.tmp
C:\pos675.tmp
C:\pos676.tmp
C:\pos677.tmp
C:\pos678.tmp
C:\pos679.tmp
C:\pos67A.tmp
C:\pos67B.tmp
C:\pos67C.tmp
C:\pos67D.tmp
C:\pos67E.tmp
C:\pos67F.tmp
C:\pos68.tmp
C:\pos680.tmp
C:\pos681.tmp
C:\pos682.tmp
C:\pos683.tmp
C:\pos684.tmp
C:\pos685.tmp
C:\pos686.tmp
C:\pos687.tmp
C:\pos688.tmp
C:\pos689.tmp
C:\pos68A.tmp
C:\pos68B.tmp
C:\pos68C.tmp
C:\pos68D.tmp
C:\pos68E.tmp
C:\pos68F.tmp
C:\pos69.tmp
C:\pos690.tmp
C:\pos691.tmp
C:\pos692.tmp
C:\pos693.tmp
C:\pos694.tmp
C:\pos695.tmp
C:\pos696.tmp
C:\pos697.tmp
C:\pos698.tmp
C:\pos699.tmp
C:\pos69A.tmp
C:\pos69B.tmp
C:\pos69C.tmp
C:\pos69D.tmp
C:\pos69E.tmp
C:\pos69F.tmp
C:\pos6A.tmp
C:\pos6A0.tmp
C:\pos6A1.tmp
C:\pos6A2.tmp
C:\pos6A3.tmp
C:\pos6A4.tmp
C:\pos6A5.tmp
C:\pos6A6.tmp
C:\pos6A7.tmp
C:\pos6A8.tmp
C:\pos6A9.tmp
C:\pos6AA.tmp
C:\pos6AB.tmp
C:\pos6AC.tmp
C:\pos6AD.tmp
C:\pos6AE.tmp
C:\pos6AF.tmp
C:\pos6B.tmp
C:\pos6B0.tmp
C:\pos6B1.tmp
C:\pos6B2.tmp
C:\pos6B3.tmp
C:\pos6B4.tmp
C:\pos6B5.tmp
C:\pos6B6.tmp
C:\pos6B7.tmp
C:\pos6B8.tmp
C:\pos6B9.tmp
C:\pos6BA.tmp
C:\pos6BB.tmp
C:\pos6BC.tmp
C:\pos6BD.tmp
C:\pos6BE.tmp
C:\pos6BF.tmp
C:\pos6C.tmp
C:\pos6C0.tmp
C:\pos6C1.tmp
C:\pos6C2.tmp
C:\pos6C3.tmp
C:\pos6C4.tmp
C:\pos6C5.tmp
C:\pos6C6.tmp
C:\pos6C7.tmp
C:\pos6C8.tmp
C:\pos6C9.tmp
C:\pos6CA.tmp
C:\pos6CB.tmp
C:\pos6CC.tmp
C:\pos6CD.tmp
C:\pos6CE.tmp
C:\pos6CF.tmp
C:\pos6D.tmp
C:\pos6D0.tmp
C:\pos6D1.tmp
C:\pos6D2.tmp
C:\pos6D3.tmp
C:\pos6D4.tmp
C:\pos6D5.tmp
C:\pos6D6.tmp
C:\pos6D7.tmp
C:\pos6D8.tmp
C:\pos6D9.tmp
C:\pos6DA.tmp
C:\pos6DB.tmp
C:\pos6DC.tmp
C:\pos6DD.tmp
C:\pos6DE.tmp
C:\pos6DF.tmp
C:\pos6E.tmp
C:\pos6E0.tmp
C:\pos6E1.tmp
C:\pos6E2.tmp
C:\pos6E3.tmp
C:\pos6E4.tmp
C:\pos6E5.tmp
C:\pos6E6.tmp
C:\pos6E7.tmp
C:\pos6E8.tmp
C:\pos6E9.tmp
C:\pos6EA.tmp
C:\pos6EB.tmp
C:\pos6EC.tmp
C:\pos6ED.tmp
C:\pos6EE.tmp
C:\pos6EF.tmp
C:\pos6F.tmp
C:\pos6F0.tmp
C:\pos6F1.tmp
C:\pos6F2.tmp
C:\pos6F3.tmp
C:\pos6F4.tmp
C:\pos6F5.tmp
C:\pos6F6.tmp
C:\pos6F7.tmp
C:\pos6F8.tmp
C:\pos6F9.tmp
C:\pos6FA.tmp
C:\pos6FB.tmp
C:\pos6FC.tmp
C:\pos6FD.tmp
C:\pos6FE.tmp
C:\pos6FF.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos700.tmp
C:\pos701.tmp
C:\pos702.tmp
C:\pos703.tmp
C:\pos704.tmp
C:\pos705.tmp
C:\pos706.tmp
C:\pos707.tmp
C:\pos708.tmp
C:\pos709.tmp
C:\pos70A.tmp
C:\pos70B.tmp
C:\pos70C.tmp
C:\pos70D.tmp
C:\pos70E.tmp
C:\pos70F.tmp
C:\pos71.tmp
C:\pos710.tmp
C:\pos711.tmp
C:\pos712.tmp
C:\pos713.tmp
C:\pos714.tmp
C:\pos715.tmp
C:\pos716.tmp
C:\pos717.tmp
C:\pos718.tmp
C:\pos719.tmp
C:\pos71A.tmp
C:\pos71B.tmp
C:\pos71C.tmp
C:\pos71D.tmp
C:\pos71E.tmp
C:\pos71F.tmp
C:\pos72.tmp
C:\pos720.tmp
C:\pos721.tmp
C:\pos722.tmp
C:\pos723.tmp
C:\pos724.tmp
C:\pos725.tmp
C:\pos726.tmp
C:\pos727.tmp
C:\pos728.tmp
C:\pos729.tmp
C:\pos72A.tmp
C:\pos72B.tmp
C:\pos72C.tmp
C:\pos72D.tmp
C:\pos72E.tmp
C:\pos72F.tmp
C:\pos73.tmp
C:\pos730.tmp
C:\pos731.tmp
C:\pos732.tmp
C:\pos733.tmp
C:\pos734.tmp
C:\pos735.tmp
C:\pos736.tmp
C:\pos737.tmp
C:\pos738.tmp
C:\pos739.tmp
C:\pos73A.tmp
C:\pos73B.tmp
C:\pos73C.tmp
C:\pos73D.tmp
C:\pos73E.tmp
C:\pos73F.tmp
C:\pos74.tmp
C:\pos740.tmp
C:\pos741.tmp
C:\pos742.tmp
C:\pos743.tmp
C:\pos744.tmp
C:\pos745.tmp
C:\pos746.tmp
C:\pos747.tmp
C:\pos748.tmp
C:\pos749.tmp
C:\pos74A.tmp
C:\pos74B.tmp
C:\pos74C.tmp
C:\pos74D.tmp
C:\pos74E.tmp
C:\pos74F.tmp
C:\pos75.tmp
C:\pos750.tmp
C:\pos751.tmp
C:\pos752.tmp
C:\pos753.tmp
C:\pos754.tmp
C:\pos755.tmp
C:\pos756.tmp
C:\pos757.tmp
C:\pos758.tmp
C:\pos759.tmp
C:\pos75A.tmp
C:\pos75B.tmp
C:\pos75C.tmp
C:\pos75D.tmp
C:\pos75E.tmp
C:\pos75F.tmp
C:\pos76.tmp
C:\pos760.tmp
C:\pos761.tmp
C:\pos762.tmp
C:\pos763.tmp
C:\pos764.tmp
C:\pos765.tmp
C:\pos766.tmp
C:\pos767.tmp
C:\pos768.tmp
C:\pos769.tmp
C:\pos76A.tmp
C:\pos76B.tmp
C:\pos76C.tmp
C:\pos76D.tmp
C:\pos76E.tmp
C:\pos76F.tmp
C:\pos77.tmp
C:\pos770.tmp
C:\pos771.tmp
C:\pos772.tmp
C:\pos773.tmp
C:\pos774.tmp
C:\pos775.tmp
C:\pos776.tmp
C:\pos777.tmp
C:\pos778.tmp
C:\pos779.tmp
C:\pos77A.tmp
C:\pos77B.tmp
C:\pos77C.tmp
C:\pos77D.tmp
C:\pos77E.tmp
C:\pos77F.tmp
C:\pos78.tmp
C:\pos780.tmp
C:\pos781.tmp
C:\pos782.tmp
C:\pos783.tmp
C:\pos784.tmp
C:\pos785.tmp
C:\pos786.tmp
C:\pos787.tmp
C:\pos788.tmp
C:\pos789.tmp
C:\pos78A.tmp
C:\pos78B.tmp
C:\pos78C.tmp
C:\pos78D.tmp
C:\pos78E.tmp
C:\pos78F.tmp
C:\pos79.tmp
C:\pos790.tmp
C:\pos791.tmp
C:\pos792.tmp
C:\pos793.tmp
C:\pos794.tmp
C:\pos795.tmp
C:\pos796.tmp
C:\pos797.tmp
C:\pos798.tmp
C:\pos799.tmp
C:\pos79A.tmp
C:\pos79B.tmp
C:\pos79C.tmp
C:\pos79D.tmp
C:\pos79E.tmp
C:\pos79F.tmp
C:\pos7A.tmp
C:\pos7A0.tmp
C:\pos7A1.tmp
C:\pos7A2.tmp
C:\pos7A3.tmp
C:\pos7A4.tmp
C:\pos7A5.tmp
C:\pos7A6.tmp
C:\pos7A7.tmp
C:\pos7A8.tmp
C:\pos7A9.tmp
C:\pos7AA.tmp
C:\pos7AB.tmp
C:\pos7AC.tmp
C:\pos7AD.tmp
C:\pos7AE.tmp
C:\pos7AF.tmp
C:\pos7B.tmp
C:\pos7B0.tmp
C:\pos7B1.tmp
C:\pos7B2.tmp
C:\pos7B3.tmp
C:\pos7B4.tmp
C:\pos7B5.tmp
C:\pos7B6.tmp
C:\pos7B7.tmp
C:\pos7B8.tmp
C:\pos7B9.tmp
C:\pos7BA.tmp
C:\pos7BB.tmp
C:\pos7BC.tmp
C:\pos7BD.tmp
C:\pos7BE.tmp
C:\pos7BF.tmp
C:\pos7C.tmp
C:\pos7C0.tmp
C:\pos7C1.tmp
C:\pos7C2.tmp
C:\pos7C3.tmp
C:\pos7C4.tmp
C:\pos7C5.tmp
C:\pos7C6.tmp
C:\pos7C7.tmp
C:\pos7C8.tmp
C:\pos7C9.tmp
C:\pos7CA.tmp
C:\pos7CB.tmp
C:\pos7CC.tmp
C:\pos7CD.tmp
C:\pos7CE.tmp
C:\pos7CF.tmp
C:\pos7D.tmp
C:\pos7D1.tmp
C:\pos7D2.tmp
C:\pos7D3.tmp
C:\pos7D4.tmp
C:\pos7D5.tmp
C:\pos7D6.tmp
C:\pos7D7.tmp
C:\pos7D8.tmp
C:\pos7D9.tmp
C:\pos7DA.tmp
C:\pos7DB.tmp
C:\pos7DC.tmp
C:\pos7DD.tmp
C:\pos7DE.tmp
C:\pos7DF.tmp
C:\pos7E.tmp
C:\pos7E0.tmp
C:\pos7E1.tmp
C:\pos7E2.tmp
C:\pos7E3.tmp
C:\pos7E4.tmp
C:\pos7E6.tmp
C:\pos7E7.tmp
C:\pos7E8.tmp
C:\pos7E9.tmp
C:\pos7EA.tmp
C:\pos7EB.tmp
C:\pos7EC.tmp
C:\pos7ED.tmp
C:\pos7EE.tmp
C:\pos7EF.tmp
C:\pos7F.tmp
C:\pos7F0.tmp
C:\pos7F1.tmp
C:\pos7F2.tmp
C:\pos7F3.tmp
C:\pos7F4.tmp
C:\pos7F5.tmp
C:\pos7F6.tmp
C:\pos7F7.tmp
C:\pos7F8.tmp
C:\pos7F9.tmp
C:\pos7FA.tmp
C:\pos7FB.tmp
C:\pos7FC.tmp
C:\pos7FD.tmp
C:\pos7FE.tmp
C:\pos7FF.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos800.tmp
C:\pos801.tmp
C:\pos802.tmp
C:\pos803.tmp
C:\pos804.tmp
C:\pos805.tmp
C:\pos806.tmp
C:\pos807.tmp
C:\pos808.tmp
C:\pos809.tmp
C:\pos80A.tmp
C:\pos80B.tmp
C:\pos80C.tmp
C:\pos80D.tmp
C:\pos80E.tmp
C:\pos80F.tmp
C:\pos81.tmp
C:\pos810.tmp
C:\pos811.tmp
C:\pos812.tmp
C:\pos813.tmp
C:\pos814.tmp
C:\pos815.tmp
C:\pos816.tmp
C:\pos817.tmp
C:\pos818.tmp
C:\pos819.tmp
C:\pos81A.tmp
C:\pos81B.tmp
C:\pos81C.tmp
C:\pos81D.tmp
C:\pos81E.tmp
C:\pos81F.tmp
C:\pos82.tmp
C:\pos820.tmp
C:\pos821.tmp
C:\pos822.tmp
C:\pos823.tmp
C:\pos824.tmp
C:\pos825.tmp
C:\pos826.tmp
C:\pos827.tmp
C:\pos828.tmp
C:\pos829.tmp
C:\pos82A.tmp
C:\pos82B.tmp
C:\pos82C.tmp
C:\pos82D.tmp
C:\pos82E.tmp
C:\pos82F.tmp
C:\pos83.tmp
C:\pos830.tmp
C:\pos831.tmp
C:\pos832.tmp
C:\pos833.tmp
C:\pos834.tmp
C:\pos835.tmp
C:\pos836.tmp
C:\pos837.tmp
C:\pos838.tmp
C:\pos839.tmp
C:\pos83A.tmp
C:\pos83B.tmp
C:\pos83C.tmp
C:\pos83D.tmp
C:\pos83E.tmp
C:\pos83F.tmp
C:\pos84.tmp
C:\pos840.tmp
C:\pos841.tmp
C:\pos842.tmp
C:\pos843.tmp
C:\pos844.tmp
C:\pos845.tmp
C:\pos846.tmp
C:\pos847.tmp
C:\pos848.tmp
C:\pos849.tmp
C:\pos84A.tmp
C:\pos84B.tmp
C:\pos84C.tmp
C:\pos84D.tmp
C:\pos84E.tmp
C:\pos84F.tmp
C:\pos85.tmp
C:\pos850.tmp
C:\pos851.tmp
C:\pos852.tmp
C:\pos853.tmp
C:\pos854.tmp
C:\pos855.tmp
C:\pos856.tmp
C:\pos857.tmp
C:\pos858.tmp
C:\pos859.tmp
C:\pos85A.tmp
C:\pos85B.tmp
C:\pos85C.tmp
C:\pos85D.tmp
C:\pos85E.tmp
C:\pos85F.tmp
C:\pos86.tmp
C:\pos860.tmp
C:\pos861.tmp
C:\pos862.tmp
C:\pos863.tmp
C:\pos864.tmp
C:\pos865.tmp
C:\pos866.tmp
C:\pos867.tmp
C:\pos868.tmp
C:\pos869.tmp
C:\pos86A.tmp
C:\pos86B.tmp
C:\pos86C.tmp
C:\pos86D.tmp
C:\pos86E.tmp
C:\pos86F.tmp
C:\pos87.tmp
C:\pos870.tmp
C:\pos871.tmp
C:\pos872.tmp
C:\pos873.tmp
C:\pos874.tmp
C:\pos875.tmp
C:\pos876.tmp
C:\pos877.tmp
C:\pos878.tmp
C:\pos879.tmp
C:\pos87A.tmp
C:\pos87B.tmp
C:\pos87C.tmp
C:\pos87D.tmp
C:\pos87E.tmp
C:\pos87F.tmp
C:\pos88.tmp
C:\pos880.tmp
C:\pos881.tmp
C:\pos882.tmp
C:\pos883.tmp
C:\pos884.tmp
C:\pos885.tmp
C:\pos886.tmp
C:\pos887.tmp
C:\pos888.tmp
C:\pos889.tmp
C:\pos88A.tmp
C:\pos88B.tmp
C:\pos88C.tmp
C:\pos88D.tmp
C:\pos88E.tmp
C:\pos88F.tmp
C:\pos89.tmp
C:\pos890.tmp
C:\pos891.tmp
C:\pos892.tmp
C:\pos893.tmp
C:\pos894.tmp
C:\pos895.tmp
C:\pos896.tmp
C:\pos897.tmp
C:\pos898.tmp
C:\pos899.tmp
C:\pos89A.tmp
C:\pos89B.tmp
C:\pos89C.tmp
C:\pos89D.tmp
C:\pos89E.tmp
C:\pos89F.tmp
C:\pos8A.tmp
C:\pos8A0.tmp
C:\pos8A1.tmp
C:\pos8A2.tmp
C:\pos8A3.tmp
C:\pos8A4.tmp
C:\pos8A5.tmp
C:\pos8A6.tmp
C:\pos8A7.tmp
C:\pos8A8.tmp
C:\pos8A9.tmp
C:\pos8AA.tmp
C:\pos8AB.tmp
C:\pos8AC.tmp
C:\pos8AD.tmp
C:\pos8AE.tmp
C:\pos8AF.tmp
C:\pos8B.tmp
C:\pos8B0.tmp
C:\pos8B1.tmp
C:\pos8B2.tmp
C:\pos8B3.tmp
C:\pos8B4.tmp
C:\pos8B5.tmp
C:\pos8B6.tmp
C:\pos8B7.tmp
C:\pos8B8.tmp
C:\pos8B9.tmp
C:\pos8BA.tmp
C:\pos8BB.tmp
C:\pos8BC.tmp
C:\pos8BD.tmp
C:\pos8BE.tmp
C:\pos8BF.tmp
C:\pos8C.tmp
C:\pos8C0.tmp
C:\pos8C1.tmp
C:\pos8C2.tmp
C:\pos8C3.tmp
C:\pos8C4.tmp
C:\pos8C5.tmp
C:\pos8C6.tmp
C:\pos8C7.tmp
C:\pos8C8.tmp
C:\pos8C9.tmp
C:\pos8CA.tmp
C:\pos8CB.tmp
C:\pos8CC.tmp
C:\pos8CD.tmp
C:\pos8CE.tmp
C:\pos8CF.tmp
C:\pos8D.tmp
C:\pos8D0.tmp
C:\pos8D1.tmp
C:\pos8D2.tmp
C:\pos8D3.tmp
C:\pos8D4.tmp
C:\pos8D5.tmp
C:\pos8D6.tmp
C:\pos8D7.tmp
C:\pos8D8.tmp
C:\pos8D9.tmp
C:\pos8DA.tmp
C:\pos8DB.tmp
C:\pos8DC.tmp
C:\pos8DD.tmp
C:\pos8DE.tmp
C:\pos8DF.tmp
C:\pos8E.tmp
C:\pos8E0.tmp
C:\pos8E1.tmp
C:\pos8E2.tmp
C:\pos8E3.tmp
C:\pos8E4.tmp
C:\pos8E5.tmp
C:\pos8E6.tmp
C:\pos8E7.tmp
C:\pos8E8.tmp
C:\pos8E9.tmp
C:\pos8EA.tmp
C:\pos8EB.tmp
C:\pos8EC.tmp
C:\pos8ED.tmp
C:\pos8EE.tmp
C:\pos8EF.tmp
C:\pos8F.tmp
C:\pos8F0.tmp
C:\pos8F1.tmp
C:\pos8F2.tmp
C:\pos8F3.tmp
C:\pos8F4.tmp
C:\pos8F5.tmp
C:\pos8F6.tmp
C:\pos8F7.tmp
C:\pos8F8.tmp
C:\pos8F9.tmp
C:\pos8FA.tmp
C:\pos8FB.tmp
C:\pos8FC.tmp
C:\pos8FD.tmp
C:\pos8FE.tmp
C:\pos8FF.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos900.tmp
C:\pos901.tmp
C:\pos902.tmp
C:\pos903.tmp
C:\pos904.tmp
C:\pos905.tmp
C:\pos906.tmp
C:\pos907.tmp
C:\pos908.tmp
C:\pos909.tmp
C:\pos90A.tmp
C:\pos90B.tmp
C:\pos90C.tmp
C:\pos90D.tmp
C:\pos90E.tmp
C:\pos90F.tmp
C:\pos91.tmp
C:\pos910.tmp
C:\pos911.tmp
C:\pos912.tmp
C:\pos913.tmp
C:\pos914.tmp
C:\pos915.tmp
C:\pos916.tmp
C:\pos917.tmp
C:\pos918.tmp
C:\pos919.tmp
C:\pos91A.tmp
C:\pos91B.tmp
C:\pos91C.tmp
C:\pos91D.tmp
C:\pos91E.tmp
C:\pos91F.tmp
C:\pos92.tmp
C:\pos920.tmp
C:\pos921.tmp
C:\pos922.tmp
C:\pos923.tmp
C:\pos924.tmp
C:\pos925.tmp
C:\pos926.tmp
C:\pos927.tmp
C:\pos928.tmp
C:\pos929.tmp
C:\pos92A.tmp
C:\pos92B.tmp
C:\pos92C.tmp
C:\pos92D.tmp
C:\pos92E.tmp
C:\pos92F.tmp
C:\pos93.tmp
C:\pos930.tmp
C:\pos931.tmp
C:\pos932.tmp
C:\pos933.tmp
C:\pos934.tmp
C:\pos935.tmp
C:\pos936.tmp
C:\pos937.tmp
C:\pos938.tmp
C:\pos939.tmp
C:\pos93A.tmp
C:\pos93B.tmp
C:\pos93C.tmp
C:\pos93D.tmp
C:\pos93E.tmp
C:\pos93F.tmp
C:\pos94.tmp
C:\pos940.tmp
C:\pos941.tmp
C:\pos942.tmp
C:\pos943.tmp
C:\pos944.tmp
C:\pos945.tmp
C:\pos946.tmp
C:\pos947.tmp
C:\pos948.tmp
C:\pos949.tmp
C:\pos94A.tmp
C:\pos94B.tmp
C:\pos94C.tmp
C:\pos94D.tmp
C:\pos94E.tmp
C:\pos94F.tmp
C:\pos95.tmp
C:\pos950.tmp
C:\pos951.tmp
C:\pos952.tmp
C:\pos953.tmp
C:\pos954.tmp
C:\pos955.tmp
C:\pos956.tmp
C:\pos957.tmp
C:\pos958.tmp
C:\pos959.tmp
C:\pos95A.tmp
C:\pos95B.tmp
C:\pos95C.tmp
C:\pos95D.tmp
C:\pos95E.tmp
C:\pos95F.tmp
C:\pos96.tmp
C:\pos960.tmp
C:\pos961.tmp
C:\pos962.tmp
C:\pos963.tmp
C:\pos964.tmp
C:\pos965.tmp
C:\pos966.tmp
C:\pos967.tmp
C:\pos968.tmp
C:\pos969.tmp
C:\pos96A.tmp
C:\pos96B.tmp
C:\pos96C.tmp
C:\pos96D.tmp
C:\pos96E.tmp
C:\pos96F.tmp
C:\pos97.tmp
C:\pos970.tmp
C:\pos971.tmp
C:\pos972.tmp
C:\pos973.tmp
C:\pos974.tmp
C:\pos975.tmp
C:\pos976.tmp
C:\pos977.tmp
C:\pos978.tmp
C:\pos979.tmp
C:\pos97A.tmp
C:\pos97B.tmp
C:\pos97C.tmp
C:\pos97D.tmp
C:\pos97E.tmp
C:\pos97F.tmp
C:\pos98.tmp
C:\pos980.tmp
C:\pos981.tmp
C:\pos982.tmp
C:\pos983.tmp
C:\pos984.tmp
C:\pos985.tmp
C:\pos986.tmp
C:\pos987.tmp
C:\pos988.tmp
C:\pos989.tmp
C:\pos98A.tmp
C:\pos98B.tmp
C:\pos98C.tmp
C:\pos98D.tmp
C:\pos98E.tmp
C:\pos98F.tmp
C:\pos99.tmp
C:\pos990.tmp
C:\pos991.tmp
C:\pos992.tmp
C:\pos993.tmp
C:\pos994.tmp
C:\pos995.tmp
C:\pos996.tmp
C:\pos997.tmp
C:\pos998.tmp
C:\pos999.tmp
C:\pos99A.tmp
C:\pos99B.tmp
C:\pos99C.tmp
C:\pos99D.tmp
C:\pos99E.tmp
C:\pos99F.tmp
C:\pos9A.tmp
C:\pos9A0.tmp
C:\pos9A1.tmp
C:\pos9A2.tmp
C:\pos9A3.tmp
C:\pos9A4.tmp
C:\pos9A5.tmp
C:\pos9A6.tmp
C:\pos9A7.tmp
C:\pos9A8.tmp
C:\pos9A9.tmp
C:\pos9AA.tmp
C:\pos9AB.tmp
C:\pos9AC.tmp
C:\pos9AD.tmp
C:\pos9AE.tmp
C:\pos9AF.tmp
C:\pos9B.tmp
C:\pos9B0.tmp
C:\pos9B1.tmp
C:\pos9B2.tmp
C:\pos9B3.tmp
C:\pos9B4.tmp
C:\pos9B5.tmp
C:\pos9B6.tmp
C:\pos9B7.tmp
C:\pos9B8.tmp
C:\pos9B9.tmp
C:\pos9BA.tmp
C:\pos9BB.tmp
C:\pos9BC.tmp
C:\pos9BD.tmp
C:\pos9BE.tmp
C:\pos9BF.tmp
C:\pos9C.tmp
C:\pos9C0.tmp
C:\pos9C1.tmp
C:\pos9C2.tmp
C:\pos9C3.tmp
C:\pos9C4.tmp
C:\pos9C5.tmp
C:\pos9C6.tmp
C:\pos9C7.tmp
C:\pos9C8.tmp
C:\pos9C9.tmp
C:\pos9CA.tmp
C:\pos9CB.tmp
C:\pos9CC.tmp
C:\pos9CD.tmp
C:\pos9CE.tmp
C:\pos9CF.tmp
C:\pos9D.tmp
C:\pos9D0.tmp
C:\pos9D1.tmp
C:\pos9D2.tmp
C:\pos9D3.tmp
C:\pos9D4.tmp
C:\pos9D5.tmp
C:\pos9D6.tmp
C:\pos9D7.tmp
C:\pos9D8.tmp
C:\pos9D9.tmp
C:\pos9DA.tmp
C:\pos9DB.tmp
C:\pos9DC.tmp
C:\pos9DD.tmp
C:\pos9DE.tmp
C:\pos9DF.tmp
C:\pos9E.tmp
C:\pos9E0.tmp
C:\pos9E1.tmp
C:\pos9E2.tmp
C:\pos9E3.tmp
C:\pos9E4.tmp
C:\pos9E5.tmp
C:\pos9E6.tmp
C:\pos9E7.tmp
C:\pos9E8.tmp
C:\pos9E9.tmp
C:\pos9EA.tmp
C:\pos9EB.tmp
C:\pos9EC.tmp
C:\pos9ED.tmp
C:\pos9EE.tmp
C:\pos9EF.tmp
C:\pos9F.tmp
C:\pos9F0.tmp
C:\pos9F1.tmp
C:\pos9F2.tmp
C:\pos9F3.tmp
C:\pos9F4.tmp
C:\pos9F5.tmp
C:\pos9F6.tmp
C:\pos9F7.tmp
C:\pos9F8.tmp
C:\pos9F9.tmp
C:\pos9FA.tmp
C:\pos9FB.tmp
C:\pos9FC.tmp
C:\pos9FD.tmp
C:\pos9FE.tmp
C:\pos9FF.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA00.tmp
C:\posA01.tmp
C:\posA02.tmp
C:\posA03.tmp
C:\posA04.tmp
C:\posA05.tmp
C:\posA06.tmp
C:\posA07.tmp
C:\posA08.tmp
C:\posA09.tmp
C:\posA0A.tmp
C:\posA0B.tmp
C:\posA0C.tmp
C:\posA0D.tmp
C:\posA0E.tmp
C:\posA0F.tmp
C:\posA1.tmp
C:\posA10.tmp
C:\posA11.tmp
C:\posA12.tmp
C:\posA13.tmp
C:\posA14.tmp
C:\posA15.tmp
C:\posA16.tmp
C:\posA17.tmp
C:\posA18.tmp
C:\posA19.tmp
C:\posA1A.tmp
C:\posA1B.tmp
C:\posA1C.tmp
C:\posA1D.tmp
C:\posA1E.tmp
C:\posA1F.tmp
C:\posA2.tmp
C:\posA20.tmp
C:\posA21.tmp
C:\posA22.tmp
C:\posA23.tmp
C:\posA24.tmp
C:\posA25.tmp
C:\posA26.tmp
C:\posA27.tmp
C:\posA28.tmp
C:\posA29.tmp
C:\posA2A.tmp
C:\posA2B.tmp
C:\posA2C.tmp
C:\posA2D.tmp
C:\posA2E.tmp
C:\posA2F.tmp
C:\posA3.tmp
C:\posA30.tmp
C:\posA31.tmp
C:\posA32.tmp
C:\posA33.tmp
C:\posA34.tmp
C:\posA35.tmp
C:\posA36.tmp
C:\posA37.tmp
C:\posA38.tmp
C:\posA39.tmp
C:\posA3A.tmp
C:\posA3B.tmp
C:\posA3C.tmp
C:\posA3D.tmp
C:\posA3E.tmp
C:\posA3F.tmp
C:\posA4.tmp
C:\posA40.tmp
C:\posA41.tmp
C:\posA42.tmp
C:\posA43.tmp
C:\posA44.tmp
C:\posA45.tmp
C:\posA46.tmp
C:\posA47.tmp
C:\posA48.tmp
C:\posA49.tmp
C:\posA4A.tmp
C:\posA4B.tmp
C:\posA4C.tmp
C:\posA4D.tmp
C:\posA4E.tmp
C:\posA4F.tmp
C:\posA5.tmp
C:\posA50.tmp
C:\posA51.tmp
C:\posA52.tmp
C:\posA53.tmp
C:\posA54.tmp
C:\posA55.tmp
C:\posA56.tmp
C:\posA57.tmp
C:\posA58.tmp
C:\posA59.tmp
C:\posA5A.tmp
C:\posA5B.tmp
C:\posA5C.tmp
C:\posA5D.tmp
C:\posA5E.tmp
C:\posA5F.tmp
C:\posA6.tmp
C:\posA60.tmp
C:\posA61.tmp
C:\posA62.tmp
C:\posA63.tmp
C:\posA64.tmp
C:\posA65.tmp
C:\posA66.tmp
C:\posA67.tmp
C:\posA68.tmp
C:\posA69.tmp
C:\posA6A.tmp
C:\posA6B.tmp
C:\posA6C.tmp
C:\posA6D.tmp
C:\posA6E.tmp
C:\posA6F.tmp
C:\posA7.tmp
C:\posA70.tmp
C:\posA71.tmp
C:\posA72.tmp
C:\posA73.tmp
C:\posA74.tmp
C:\posA75.tmp
C:\posA76.tmp
C:\posA77.tmp
C:\posA79.tmp
C:\posA7A.tmp
C:\posA7B.tmp
C:\posA7C.tmp
C:\posA7E.tmp
C:\posA7F.tmp
C:\posA8.tmp
C:\posA80.tmp
C:\posA81.tmp
C:\posA82.tmp
C:\posA83.tmp
C:\posA84.tmp
C:\posA85.tmp
C:\posA86.tmp
C:\posA87.tmp
C:\posA88.tmp
C:\posA89.tmp
C:\posA8A.tmp
C:\posA8B.tmp
C:\posA8C.tmp
C:\posA8D.tmp
C:\posA8E.tmp
C:\posA8F.tmp
C:\posA9.tmp
C:\posA90.tmp
C:\posA91.tmp
C:\posA92.tmp
C:\posA93.tmp
C:\posA94.tmp
C:\posA95.tmp
C:\posA96.tmp
C:\posA97.tmp
C:\posA98.tmp
C:\posA99.tmp
C:\posA9A.tmp
C:\posA9B.tmp
C:\posA9C.tmp
C:\posA9D.tmp
C:\posA9E.tmp
C:\posA9F.tmp
C:\posAA.tmp
C:\posAA0.tmp
C:\posAA1.tmp
C:\posAA2.tmp
C:\posAA3.tmp
C:\posAA4.tmp
C:\posAA5.tmp
C:\posAA6.tmp
C:\posAA7.tmp
C:\posAA8.tmp
C:\posAA9.tmp
C:\posAAA.tmp
C:\posAAB.tmp
C:\posAAC.tmp
C:\posAAD.tmp
C:\posAAE.tmp
C:\posAAF.tmp
C:\posAB.tmp
C:\posAB0.tmp
C:\posAB1.tmp
C:\posAB2.tmp
C:\posAB3.tmp
C:\posAB4.tmp
C:\posAB5.tmp
C:\posAB6.tmp
C:\posAB7.tmp
C:\posAB8.tmp
C:\posAB9.tmp
C:\posABA.tmp
C:\posABB.tmp
C:\posABC.tmp
C:\posABD.tmp
C:\posABE.tmp
C:\posABF.tmp
C:\posAC.tmp
C:\posAC0.tmp
C:\posAC1.tmp
C:\posAC2.tmp
C:\posAC3.tmp
C:\posAC4.tmp
C:\posAC5.tmp
C:\posAC6.tmp
C:\posAC7.tmp
C:\posAC8.tmp
C:\posAC9.tmp
C:\posACA.tmp
C:\posACB.tmp
C:\posACC.tmp
C:\posACD.tmp
C:\posACE.tmp
C:\posACF.tmp
C:\posAD.tmp
C:\posAD0.tmp
C:\posAD1.tmp
C:\posAD2.tmp
C:\posAD3.tmp
C:\posAD4.tmp
C:\posAD5.tmp
C:\posAD6.tmp
C:\posAD7.tmp
C:\posAD8.tmp
C:\posAD9.tmp
C:\posADA.tmp
C:\posADB.tmp
C:\posADC.tmp
C:\posADD.tmp
C:\posADE.tmp
C:\posADF.tmp
C:\posAE.tmp
C:\posAE0.tmp
C:\posAE1.tmp
C:\posAE2.tmp
C:\posAE3.tmp
C:\posAE4.tmp
C:\posAE5.tmp
C:\posAE6.tmp
C:\posAE7.tmp
C:\posAE8.tmp
C:\posAE9.tmp
C:\posAEA.tmp
C:\posAEB.tmp
C:\posAEC.tmp
C:\posAED.tmp
C:\posAEE.tmp
C:\posAEF.tmp
C:\posAF.tmp
C:\posAF0.tmp
C:\posAF1.tmp
C:\posAF2.tmp
C:\posAF3.tmp
C:\posAF4.tmp
C:\posAF5.tmp
C:\posAF6.tmp
C:\posAF7.tmp
C:\posAF8.tmp
C:\posAF9.tmp
C:\posAFA.tmp
C:\posAFB.tmp
C:\posAFC.tmp
C:\posAFD.tmp
C:\posAFE.tmp
C:\posAFF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB00.tmp
C:\posB01.tmp
C:\posB02.tmp
C:\posB03.tmp
C:\posB04.tmp
C:\posB05.tmp
C:\posB06.tmp
C:\posB07.tmp
C:\posB08.tmp
C:\posB09.tmp
C:\posB0A.tmp
C:\posB0B.tmp
C:\posB0C.tmp
C:\posB0D.tmp
C:\posB0E.tmp
C:\posB0F.tmp
C:\posB1.tmp
C:\posB10.tmp
C:\posB11.tmp
C:\posB12.tmp
C:\posB13.tmp
C:\posB14.tmp
C:\posB15.tmp
C:\posB16.tmp
C:\posB17.tmp
C:\posB18.tmp
C:\posB19.tmp
C:\posB1A.tmp
C:\posB1B.tmp
C:\posB1C.tmp
C:\posB1D.tmp
C:\posB1E.tmp
C:\posB1F.tmp
C:\posB2.tmp
C:\posB20.tmp
C:\posB21.tmp
C:\posB22.tmp
C:\posB23.tmp
C:\posB24.tmp
C:\posB25.tmp
C:\posB26.tmp
C:\posB27.tmp
C:\posB28.tmp
C:\posB29.tmp
C:\posB2A.tmp
C:\posB2B.tmp
C:\posB2C.tmp
C:\posB2D.tmp
C:\posB2E.tmp
C:\posB2F.tmp
C:\posB3.tmp
C:\posB30.tmp
C:\posB31.tmp
C:\posB32.tmp
C:\posB33.tmp
C:\posB34.tmp
C:\posB35.tmp
C:\posB36.tmp
C:\posB37.tmp
C:\posB38.tmp
C:\posB39.tmp
C:\posB3A.tmp
C:\posB3B.tmp
C:\posB3C.tmp
C:\posB3D.tmp
C:\posB3E.tmp
C:\posB3F.tmp
C:\posB4.tmp
C:\posB40.tmp
C:\posB41.tmp
C:\posB42.tmp
C:\posB43.tmp
C:\posB44.tmp
C:\posB45.tmp
C:\posB46.tmp
C:\posB47.tmp
C:\posB48.tmp
C:\posB49.tmp
C:\posB4A.tmp
C:\posB4B.tmp
C:\posB4C.tmp
C:\posB4D.tmp
C:\posB4E.tmp
C:\posB4F.tmp
C:\posB5.tmp
C:\posB50.tmp
C:\posB51.tmp
C:\posB52.tmp
C:\posB53.tmp
C:\posB54.tmp
C:\posB55.tmp
C:\posB56.tmp
C:\posB57.tmp
C:\posB58.tmp
C:\posB59.tmp
C:\posB5A.tmp
C:\posB5B.tmp
C:\posB5C.tmp
C:\posB5D.tmp
C:\posB5E.tmp
C:\posB5F.tmp
C:\posB6.tmp
C:\posB60.tmp
C:\posB61.tmp
C:\posB62.tmp
C:\posB63.tmp
C:\posB64.tmp
C:\posB65.tmp
C:\posB66.tmp
C:\posB67.tmp
C:\posB68.tmp
C:\posB69.tmp
C:\posB6A.tmp
C:\posB6B.tmp
C:\posB6C.tmp
C:\posB6D.tmp
C:\posB6E.tmp
C:\posB6F.tmp
C:\posB7.tmp
C:\posB70.tmp
C:\posB71.tmp
C:\posB72.tmp
C:\posB73.tmp
C:\posB74.tmp
C:\posB75.tmp
C:\posB76.tmp
C:\posB77.tmp
C:\posB78.tmp
C:\posB79.tmp
C:\posB7A.tmp
C:\posB7B.tmp
C:\posB7C.tmp
C:\posB7D.tmp
C:\posB7E.tmp
C:\posB7F.tmp
C:\posB8.tmp
C:\posB80.tmp
C:\posB81.tmp
C:\posB82.tmp
C:\posB83.tmp
C:\posB84.tmp
C:\posB85.tmp
C:\posB86.tmp
C:\posB87.tmp
C:\posB88.tmp
C:\posB89.tmp
C:\posB8A.tmp
C:\posB8B.tmp
C:\posB8C.tmp
C:\posB8D.tmp
C:\posB8E.tmp
C:\posB8F.tmp
C:\posB9.tmp
C:\posB90.tmp
C:\posB91.tmp
C:\posB92.tmp
C:\posB93.tmp
C:\posB94.tmp
C:\posB95.tmp
C:\posB96.tmp
C:\posB97.tmp
C:\posB98.tmp
C:\posB99.tmp
C:\posB9A.tmp
C:\posB9B.tmp
C:\posB9C.tmp
C:\posB9D.tmp
C:\posB9E.tmp
C:\posB9F.tmp
C:\posBA.tmp
C:\posBA0.tmp
C:\posBA1.tmp
C:\posBA2.tmp
C:\posBA3.tmp
C:\posBA4.tmp
C:\posBA5.tmp
C:\posBA6.tmp
C:\posBA7.tmp
C:\posBA8.tmp
C:\posBA9.tmp
C:\posBAA.tmp
C:\posBAB.tmp
C:\posBAC.tmp
C:\posBAD.tmp
C:\posBAE.tmp
C:\posBAF.tmp
C:\posBB.tmp
C:\posBB0.tmp
C:\posBB1.tmp
C:\posBB2.tmp
C:\posBB3.tmp
C:\posBB4.tmp
C:\posBB5.tmp
C:\posBB6.tmp
C:\posBB7.tmp
C:\posBB8.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFF.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mm6\ncstdb33.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-09 to 2008-01-09 )))))))))))))))))))))))))))))))
.

2008-01-08 18:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 17:36 . 2007-12-11 10:31 176,128 --a------ C:\WINDOWS\system32\KevlarSigs.dll
2008-01-08 17:36 . 2007-06-13 11:41 176,128 --a------ C:\WINDOWS\system32\hidapi.dll
2008-01-08 17:36 . 2007-01-26 17:19 53,248 --a------ C:\WINDOWS\system32\hidapistub.dll
2008-01-08 17:36 . 2007-12-05 12:24 23,398 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2008-01-08 17:33 . 2007-06-13 11:41 182,784 --a------ C:\WINDOWS\system32\drivers\HidSys.sys
2008-01-07 21:32 . 2008-01-07 21:33 <DIR> d-------- C:\Program Files\Panda Security
2008-01-06 19:00 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-01-06 19:00 . 2007-10-03 16:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-01-06 18:59 . 2008-01-06 18:59 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-06 18:59 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-06 18:59 . 2007-07-25 14:24 1,559,040 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-06 18:59 . 2007-12-04 02:33 682,496 --a------ C:\WINDOWS\system32\divx.dll
2008-01-06 18:59 . 2006-09-24 16:11 389,120 --a------ C:\WINDOWS\system32\lameACM.acm
2008-01-06 18:59 . 2007-03-10 12:51 282,624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-01-06 18:59 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-01-06 18:59 . 2007-09-21 01:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-01-06 18:59 . 2007-11-29 23:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-01-06 18:59 . 2007-12-24 13:49 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-01-06 18:59 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-01-05 23:43 . 2008-01-05 23:43 <DIR> d-------- C:\Program Files\MSECache
2008-01-05 21:14 . 2008-01-05 21:14 <DIR> d-------- C:\KAV
2008-01-05 20:40 . 2008-01-05 20:46 <DIR> d-------- C:\Program Files\Winamp
2008-01-05 20:40 . 2008-01-05 20:48 <DIR> d-------- C:\Documents and Settings\jw1173\Application Data\Winamp
2008-01-05 20:33 . 2008-01-05 20:33 <DIR> d-------- C:\Program Files\AVIcodec
2008-01-05 11:09 . 2008-01-05 11:10 <DIR> d-------- C:\Program Files\Virtools Web Player 3.5
2008-01-02 06:35 . 2008-01-02 06:35 11,264 --a------ C:\WINDOWS\system32\PSS00F67.DLL
2007-12-24 22:59 . 2007-12-24 22:59 <DIR> dr-h----- C:\Documents and Settings\jw1173\Application Data\SecuROM
2007-12-24 22:59 . 2007-12-24 22:59 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-24 22:26 . 2007-12-24 22:26 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-24 22:26 . 2007-08-06 19:28 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2007-12-21 15:46 . 2007-12-21 15:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-20 09:47 . 2007-12-20 09:47 894 ---hs---- C:\WINDOWS\system32\bbqfnylh.ini
2007-12-17 23:27 . 2007-12-17 23:27 113 --a------ C:\WINDOWS\notesnsd.ini
2007-12-17 15:40 . 2007-12-17 15:40 <DIR> d-------- C:\Program Files\HP
2007-12-17 15:40 . 2003-11-11 11:16 266,296 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-12-17 15:40 . 2003-10-22 10:26 196,608 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-12-17 15:40 . 2003-07-21 14:24 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-12-17 15:40 . 2003-10-22 10:19 65,536 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-12-17 15:40 . 2003-07-25 12:20 61,699 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-12-17 15:40 . 2003-07-21 14:24 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-12-17 15:38 . 2007-12-17 15:38 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-13 08:38 . 2007-12-13 08:38 <DIR> d-------- C:\Documents and Settings\jw1173\Application Data\Yahoo!
2007-12-13 08:36 . 2007-12-17 21:34 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-12-12 18:42 . 2008-01-04 20:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-12 18:42 . 2007-12-12 18:42 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 15:22 . 2006-09-22 13:23 442,368 --a------ C:\WINDOWS\system32\PSP765B6.DLL
2007-12-10 15:22 . 2006-09-22 13:23 249,856 --a------ C:\WINDOWS\system32\PSR76562.DLL
2007-12-10 15:20 . 2006-09-22 14:09 812,296 --a------ C:\WINDOWS\system32\wodFtpDLX.dll
2007-12-10 15:20 . 2001-03-08 17:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-10 15:19 . 2007-12-10 15:21 <DIR> d-------- C:\Program Files\PharosSystems
2007-12-10 15:19 . 2007-12-10 15:19 1,759 --a------ C:\WINDOWS\pbp0310y.mif
2007-12-10 11:12 . 2007-12-10 11:12 <DIR> d-------- C:\Program Files\Monarch Report Explorer
2007-12-10 11:12 . 1994-06-14 13:19 51,988 --a------ C:\WINDOWS\system32\pres.ttf
2007-12-10 11:10 . 1997-04-08 14:08 299,520 --a------ C:\WINDOWS\uninst.exe
2007-12-10 11:07 . 2007-12-10 11:07 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 11:07 . 2007-12-10 11:07 <DIR> d-------- C:\Program Files\Monarch
2007-12-10 11:07 . 2007-12-10 11:07 <DIR> d-------- C:\Program Files\Common Files\Datawatch Shared
2007-12-10 10:51 . 2005-08-24 15:03 192,512 --a------ C:\WINDOWS\system32\DWRCSET.DLL
2007-12-10 10:51 . 2005-08-24 15:03 160,256 --a------ C:\WINDOWS\system32\DWRCS.EXE
2007-12-10 10:51 . 2004-10-05 15:14 69,632 --a------ C:\WINDOWS\system32\DWRCShell.dll
2007-12-10 10:51 . 2005-08-24 15:02 53,248 --a------ C:\WINDOWS\system32\DWRCK.DLL
2007-12-10 10:51 . 2005-08-24 15:03 43,520 --a------ C:\WINDOWS\system32\DWRCST.EXE
2007-12-10 10:51 . 2004-07-01 09:22 714 --a------ C:\WINDOWS\system32\DWRCST.exe.manifest
2007-12-10 09:31 . 2007-01-08 16:18 2,359,352 --a------ C:\WINDOWS\Cingularbmp.old
2007-12-10 09:31 . 2006-12-20 16:28 1,629,067 --a------ C:\WINDOWS\system32\Cingular.old
2007-12-10 09:31 . 2007-11-12 10:34 1,301,004 --a------ C:\WINDOWS\system32\ATT35Time.att
2007-12-10 07:49 . 2008-01-08 18:03 <DIR> d-------- C:\Program Files\DRU

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-09 23:36 --------- d-----w C:\Documents and Settings\jw1173\Application Data\.purple
2008-01-08 20:51 --------- d-----w C:\Documents and Settings\jw1173\Application Data\gtk-2.0
2008-01-07 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-23 21:23 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-18 02:37 --------- d-----w C:\Documents and Settings\jw1173\Application Data\Yahoo! Messenger
2007-12-18 02:34 --------- d-----w C:\Program Files\Yahoo!
2007-12-17 22:38 --------- d-----w C:\Program Files\zzpxkhkx
2007-12-10 20:19 --------- d--h--w C:\Program Files\SELFHEAL
2007-12-10 16:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-08 23:11 --------- d-----w C:\Program Files\Emanate
2007-12-08 23:09 --------- d-----w C:\Program Files\ASDclient
2007-12-05 14:23 --------- d-----w C:\Program Files\Oracle
2007-12-05 12:53 --------- d-----w C:\Program Files\McAfee
2007-12-05 12:53 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-05 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-05 12:51 --------- d-----w C:\Program Files\Common Files\McAfee Inc
2007-12-03 01:05 --------- d-----w C:\Program Files\lotus
2007-12-02 14:43 --------- d-----w C:\Program Files\Network Associates
2007-12-02 14:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates
2007-12-01 13:33 --------- d-----w C:\Documents and Settings\jw1173\Application Data\Sierra Wireless
2007-11-30 22:31 --------- d-----w C:\Program Files\Pidgin
2007-11-30 22:31 --------- d-----w C:\Program Files\Aspell
2007-11-30 22:29 --------- d-----w C:\Program Files\Common Files\GTK
2007-11-30 20:13 --------- d-----w C:\Program Files\Java
2007-11-30 15:36 --------- d-----w C:\Documents and Settings\jw1173\Application Data\AdobeUM
2007-11-30 15:23 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-30 15:21 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-30 15:11 --------- d-----w C:\Documents and Settings\jw1173\Application Data\Apple Computer
2007-11-30 15:08 --------- d-----w C:\Program Files\QuickTime
2007-11-30 15:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-30 15:07 --------- d-----w C:\Program Files\Apple Software Update
2007-11-30 15:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-30 13:53 --------- d-----w C:\Program Files\AvantGo Connect
2007-11-30 12:45 --------- d-----w C:\Program Files\Everest
2007-11-30 11:53 --------- d-----w C:\Documents and Settings\jw1173\Application Data\SBC
2007-11-30 11:52 --------- d-----w C:\Program Files\Q Team-Link Messenger
2007-11-30 11:47 --------- d-----w C:\Program Files\Compapps
2007-11-29 22:02 --------- d-----w C:\Documents and Settings\jw1173\Application Data\AT&T
2007-11-29 21:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Business Objects
2007-11-29 21:40 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AT&T
2007-11-29 21:33 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2007-11-29 21:16 --------- d-----w C:\Program Files\Quest
2007-11-29 21:14 --------- d-----w C:\Documents and Settings\jw1173\Application Data\DBUpdater
2007-11-29 21:13 --------- d-----w C:\Program Files\Common Files\Research in Motion
2007-11-29 21:13 --------- d-----w C:\Program Files\AT&T
2007-11-29 21:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\AT&T
2007-11-29 21:10 --------- d-----w C:\Program Files\Q Team-Link Messenger Offshore
2007-11-29 21:06 --------- d-----w C:\Program Files\TechSmith
2007-11-29 17:32 --------- d-----w C:\Documents and Settings\jw1173\Application Data\Business Objects
2007-11-29 17:31 --------- d-----w C:\Program Files\Business Objects
2007-11-29 17:15 111,153 ----a-w C:\Program Files\INSTALL.LOG
2007-11-29 17:15 --------- d-----w C:\Documents and Settings\jw1173\Application Data\Intel
2007-11-29 16:28 --------- d-----w C:\Documents and Settings\wc3396\Application Data\Intel
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 15:34 1,301,004 ----a-w C:\WINDOWS\system32\Cingular.scr
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\mm6 ----

2007-11-16 02:07 117913 --a------ C:\WINDOWS\system32\mm6\ncstdb33.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 10:16 37376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-29 16:09:55]
IMproxy.bat [2004-01-30 19:56:00]
McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [2007-12-05 07:51:22]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-08-01 06:50:51]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 0 (0x0)
"RunLogonScriptSync"= 1 (0x1)
"MaxGPOScriptWait"= 0 (0x0)
"RunStartupScriptSync"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoStartMenuMyMusic"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=EPOstartup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=AddAdmin.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=EPOstartup.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337413286-2060671379-61685808-29503\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%\NetLogon\CingularDriveMap.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337413286-2060671379-61685808-35163\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%\NetLogon\CingularDriveMap.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337413286-2060671379-61685808-3711\Scripts\Logon\0\0]
"Script"=%LOGONSERVER%\NetLogon\CingularDriveMap.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1337413286-2060671379-61685808-3711\Scripts\Logon\1\0]
"Script"=%LOGONSERVER%\NetLogon\CingularDriveMap.vbs

R0 GhMon;GhostMountMonitor - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghmon.sys [2004-08-26 16:03]
R1 tcpipBM;Bytemobile Kernel Network Provider;C:\WINDOWS\system32\drivers\tcpipBM.sys [2007-03-23 17:18]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\System32\CCM\CcmExec.exe [2007-04-13 02:50]
R2 DRUAgent;DRUAgent;C:\PROGRAM FILES\DRU\bin\DRUService.exe [2007-06-22 18:02]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;"C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe" [2007-06-13 11:47]
R2 NGClient;Symantec Ghost Win32 Client Agent;C:\Program Files\Symantec\Ghost\ngctw32.exe [2004-08-26 16:35]
R2 prgnDiscAgent;Peregrine Discovery Agent;"C:\Program Files\Peregrine\Discovery Agent\bin32\discagnt.exe" [2005-12-07 21:01]
R2 snmpdm;snmpdm;"C:\Program Files\Emanate\snmpdm.exe" [2007-09-13 13:43]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 23:49]
R3 hidsys;hidsys;C:\WINDOWS\system32\Drivers\hidsys.sys [2007-06-13 11:41]
R3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\System32\CCM\prepdrv.sys [2007-04-13 02:50]
S0 GhPostConfig;GhostPostConfig - Boot Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]
S2 GhPostConfig_Auto;GhostPostConfig - Auto Phase Driver;C:\WINDOWS\system32\Drivers\ghpcw2k.sys [2004-08-26 16:04]
S3 mbxfilt;mbxfilt;C:\WINDOWS\system32\drivers\MbxFilt.sys [2002-12-09 15:29]
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 13:50]
S3 OracleClientCache80;OracleClientCache80;C:\orant\BIN\ONRSD80.EXE [2004-01-08 08:10]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS [2007-03-23 17:14]
S3 SWNC8U20;Sierra Wireless MUX NDIS Driver (UMTS20);C:\WINDOWS\system32\DRIVERS\swnc8u20.sys [2007-03-26 14:21]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20);C:\WINDOWS\system32\DRIVERS\swumx20.sys [2007-03-26 14:21]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Autorun.exe

*Newly Created Service* - HIDSYS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Bo65]
C:\Program Files\Business Objects\BusinessObjects Enterprise 6\bin\UserProfileRkey.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-08 18:40:07
ComboFix-quarantined-files.txt 2008-01-08 23:39:12
ComboFix2.txt 2007-12-30 17:53:28
ComboFix3.txt 2007-12-30 03:04:02
ComboFix4.txt 2007-12-27 15:30:14
xcel
Active Member
 
Posts: 14
Joined: December 21st, 2007, 9:41 pm

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Katana » January 8th, 2008, 10:57 pm

Custom CFScript
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    
    File::
    C:\WINDOWS\system32\PSS00F67.DLL
    C:\WINDOWS\system32\bbqfnylh.ini
    C:\WINDOWS\system32\PSP765B6.DLL
    C:\WINDOWS\system32\PSR76562.DLL
    Folder::
    C:\Program Files\zzpxkhkx
    C:\WINDOWS\system32\mm6
    Driver::
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"=-
    
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    

  • Save this as CFScript.txt and place it on your desktop.


    Image


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Please post a fresh HJT log as well.
How are things running now ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Can not remove Virtumonde and Virtumonde.generic - NEED HELP

Unread postby Gary R » January 16th, 2008, 2:31 pm

Due to lack of response this topic is now closed.

If you still need help open a new thread in the Malware Removal forum and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware