Page 1 of 11 12345 ... LastLast
Results 1 to 10 of 101

Thread: Vitrumonde (the malware that shall not be named)

  1. #1
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Unhappy Vitrumonde (the malware that shall not be named)

    Hello,

    I have not been able to run the Kaspersky Scanner, as I am unable to use Internet explorer with the current infestation.

    I have run Spybot, and removed many other spywares, but the Vitrumonde and Vitrumonde.generic are persistent. I attempted removal while disconnected from the internet, but spybot locks up, and then the reboot launches spybot for an hour. (that was yesterday's loop).

    Today I am enlisting your help.

    the following is my HJT log: (thanks in advance)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:42:05 AM, on 1/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commun...iewHidden=TRUE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F3 - REG:win.ini: load=C:\WINDOWS\system32\nnnkh.exe
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [3826fe25] rundll32.exe "C:\WINDOWS\system32\vdjxpfgx.dll",b
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144371875335
    O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.intuit.com/NetPay...GLDownload.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

    --
    End of file - 9124 bytes

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi Rhonn1 and welcome to Safer Networking Forums

    Rename HijackThis.exe to Rhonn1.exe and post back a fresh HijackThis log, please.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Question

    I'm not sure I've accomplished the renaming properly.

    I've run vundofix and virtumondebegone, but to no avail.

    I just reactivated my CA firewall.

    Thank you for getting back to me!
    Rhonni

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:16:43 AM, on 1/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

    Antivirus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL

    Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

    Antivirus\VetMsg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal

    Firewall\capfsem.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal

    Firewall\capfasem.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://www.weightwatchers.com/commun...s.aspx?board_i

    d=110&forum_id=1&daterange=2days&viewchange=LASTPOSTDESC&setview

    Hidden=TRUE
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

    = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection

    Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyOverride = 127.0.0.1
    F3 - REG:win.ini: load=C:\WINDOWS\system32\cbawv.exe
    O3 - Toolbar: Yahoo! Companion -

    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -

    c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep

    0 -u
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet

    Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet

    Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust

    Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [3826fe25] rundll32.exe

    "C:\WINDOWS\system32\ltdlfyuj.dll",b
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program

    Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program

    Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting]

    "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User

    'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting]

    "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User

    'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program

    Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program

    Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program

    Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control

    Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

    C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite -

    {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -

    {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -

    C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) -

    {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

    - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player -

    {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

    http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP:

    c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan

    Object) -

    http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows

    Genuine Advantage Validation Tool) -

    http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl

    Class) -

    http://update.microsoft.com/microsof...ontrols/en/x86

    /client/muweb_site.cab?1144371875335
    O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks

    GLDownload Control) -

    https://cbspayroll.intuit.com/NetPay...GLDownload.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} -

    https://a248.e.akamai.net/f/248/5462...ecstore.com/v2

    .0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

    Files\Common Files\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner -

    C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development

    a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program

    Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc.

    - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

    Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program

    Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google -

    C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program

    Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service

    (ITMRTSVC) - CA, Inc. - C:\Program

    Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International,

    Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft cache control (MSControlService) -

    Unknown owner - C:\WINDOWS\system32\windows
    O23 - Service: Pml Driver HPZ12 - HP -

    C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust

    Internet Security Suite\eTrust PestPatrol

    Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program

    Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA -

    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program

    Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program

    Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. -

    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ

    Antivirus\VetMsg.exe

    --
    End of file - 9157 bytes

  4. #4
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Default ooops, here it is without the word wrap

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:16:43 AM, on 1/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commun...iewHidden=TRUE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F3 - REG:win.ini: load=C:\WINDOWS\system32\cbawv.exe
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [3826fe25] rundll32.exe "C:\WINDOWS\system32\ltdlfyuj.dll",b
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144371875335
    O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.intuit.com/NetPay...GLDownload.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

    --
    End of file - 9157 bytes

  5. #5
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Rename HijackThis.exe to Rhonn1.exe by doing the following;

    • Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
    • Right-click on the HijackThis.exe
    • Choose from the pull-down menu; "Rename"
    • And now Rename HijackThis.exe to Rhonn1.exe
    • When you've renamed HijackThis, open HijackThis again.
    • Take a fresh HijackThis log (click Do a system scan and save a log file)
    • Post the fresh HijackThis log here.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  6. #6
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Default

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:36:28 PM, on 1/18/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\Rhonn1.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commun...iewHidden=TRUE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    F3 - REG:win.ini: load=C:\WINDOWS\system32\cbawv.exe
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: {7581e797-2c16-0f9b-dd94-052933ccee16} - {61eecc33-9250-49dd-b9f0-61c2797e1857} - C:\WINDOWS\system32\ktsctlsk.dll
    O2 - BHO: (no name) - {A478D5ED-4F36-44B0-9310-29D8A4610273} - C:\WINDOWS\system32\cbawv.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\jzebpxpw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: (no name) - {C4CF4C59-FED1-497E-82D4-38AB14CE48B1} - C:\WINDOWS\system32\nnnkh.dll (file missing)
    O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\pmnkhfd.dll
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKLM\..\Run: [3826fe25] rundll32.exe "C:\WINDOWS\system32\ltdlfyuj.dll",b
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144371875335
    O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.intuit.com/NetPay...GLDownload.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
    O20 - Winlogon Notify: jzebpxpw - C:\WINDOWS\SYSTEM32\jzebpxpw.dll
    O20 - Winlogon Notify: rqroo - C:\WINDOWS\system32\rqroo.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

    --
    End of file - 10684 bytes

  7. #7
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    1. Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    If you have problems with Combofix usage, see here

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #8
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Default fresh hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:12:17 PM, on 1/19/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\Rhonn1.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commun...iewHidden=TRUE
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
    O2 - BHO: (no name) - {C4CF4C59-FED1-497E-82D4-38AB14CE48B1} - C:\WINDOWS\system32\nnnkh.dll (file missing)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\cafw.exe -cl
    O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe
    O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe
    O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1144371875335
    O16 - DPF: {7411047A-48E1-4EC9-8AC1-088087AD368F} (QuickBooks GLDownload Control) - https://cbspayroll.intuit.com/NetPay...GLDownload.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - https://a248.e.akamai.net/f/248/5462...l/SymDlBrg.cab
    O20 - Winlogon Notify: rqroo - C:\WINDOWS\system32\rqroo.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe
    O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
    O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
    O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
    O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

    --
    End of file - 9935 bytes

  9. #9
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Default combo fix log, part 1

    ComboFix 08-01-18.5 - Rhonni 2008-01-19 7:44:43.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024 [GMT -5:00]
    Running from: C:\Documents and Settings\Rhonni\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Rhonni\My Documents\pos1000.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1001.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1002.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1003.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1004.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1005.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1006.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1007.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1008.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1009.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos100F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1010.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1011.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1012.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1013.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1014.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1015.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1016.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1017.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1018.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1019.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos101F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1020.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1021.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1022.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1023.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1024.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1025.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1026.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1027.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1028.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1029.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos102F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1030.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1031.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1032.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1033.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1034.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1035.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1036.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1037.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1038.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1039.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos103F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1040.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1041.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1042.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1043.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1044.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1045.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1046.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1047.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1048.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1049.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos104F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1050.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1051.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1052.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1053.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1054.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1055.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1056.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1057.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1058.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1059.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos105F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1060.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1061.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1062.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1063.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1064.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1065.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1066.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1067.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1068.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1069.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos106F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1070.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1071.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1072.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1073.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1074.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1075.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1076.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1077.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1078.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1079.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos107F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1080.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1081.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1082.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1083.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1084.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1085.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1086.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1087.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1088.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1089.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos108F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1090.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1091.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1092.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1093.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1094.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1095.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1096.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1097.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1098.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1099.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos109F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10A9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10AF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10B9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10BF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10C9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10CF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10D9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10DF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10E9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10EA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10EB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10EC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10ED.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10EE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10EF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10F9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos10FF.tmp

  10. #10
    Member
    Join Date
    Jan 2008
    Location
    Atlanta, NY, Houston, Rio Grande Valley
    Posts
    89

    Default combo fix log part 2

    C:\Documents and Settings\Rhonni\My Documents\pos1100.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1101.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1102.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1103.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1104.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1105.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1106.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1107.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1108.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1109.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos110F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1110.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1111.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1112.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1113.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1114.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1115.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1116.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1117.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1118.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1119.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos111F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1120.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1121.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1122.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1123.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1124.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1125.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1126.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1127.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1128.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1129.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos112F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1130.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1131.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1132.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1133.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1134.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1135.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1136.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1137.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1138.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1139.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos113F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1140.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1141.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1142.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1143.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1144.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1145.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1146.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1147.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1148.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1149.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos114F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1150.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1151.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1152.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1153.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1154.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1155.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1156.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1157.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1158.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1159.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos115F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1160.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1161.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1162.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1163.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1164.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1165.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1166.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1167.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1168.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1169.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos116F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1170.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1171.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1172.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1173.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1174.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1175.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1176.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1177.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1178.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1179.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos117F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1180.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1181.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1182.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1183.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1184.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1185.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1186.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1187.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1188.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1189.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos118F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1190.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1191.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1192.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1193.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1194.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1195.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1196.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1197.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1198.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos1199.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119A.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119B.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119C.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119D.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119E.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos119F.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11A9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11AF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11B9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11BF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11C9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11CF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11D9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11DF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11E9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11EA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11EB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11EC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11ED.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11EE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11EF.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F0.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F1.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F2.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F3.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F4.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F5.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F6.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F7.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F8.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11F9.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FA.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FB.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FC.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FD.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FE.tmp
    C:\Documents and Settings\Rhonni\My Documents\pos11FF.tmp

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •