CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 934
Comments: 25
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

[DONE]Very annoying pop ups!
Goto page Previous  1, 2
 
Post new topic   This topic is locked you cannot edit posts or make replies       All -> FavForums -> Trend Micro HijackThis Logs [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
grsamf

1st Responder
Site Moderator

Joined: Oct 08, 2006
Posts: 1264

1st Responders Moderators Premium

PostPosted: Sun May 18, 2008 2:32 pm    Post subject:
Reply with quote

Run HijackThis again, but this time choose Do a system scan only. That is the second option from the top in the What would you like to do choices. After HijackThis completes the system scan, check the box immediately to the left of the following item(s):

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c

O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s

Please be very careful, do NOT check any other boxes. Then, click on Fix checked on the bottom left side of the HijackThis screen.

Now close HijackThis and restart your computer.

Open Notepad (not WordPad). Highlight the text in the quote box below and copy and paste it to NotePad. Be sure to copy the entire contents of the quote box. Save the file to your desktop as CFScript.txt. To do this, in Notepad, click File–>Save As. In the pop up box, be sure that “Text Document (*.txt)” is selected in the “Save as type:” option.

Quote:
FILE::
C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll
C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll
C:\Users\Kris\AppData\Local\Temp\xiohducc.dll


Now drag the CFScript.txt file you just created onto the ComboFix icon. To do that, left click on CFScript.txt and drag it until it covers the ComboFix icon.

image

ComboFix will run again. Again be sure not to click the Combofix window while it is running.

A new Combofix log will be produced.

Let’s run a scan with BitDefender to be sure we are getting rid of everything.

ComboFix and MBAM both removed some malware and I don’t see any evidence of remaining nasties on you computer. You mentioned performance problems. Are you still experiencing those problems? If so, can you give some details.

Let’s run an online scan with BitDefender to see if it comes up with something that is not showing elsewhere.

Please perform a BitDefender Online Virus and Malware Scan
  • Click on I Agree.
  • An ActiveX warning box will appear, click on Install.
  • Under Select What You Want To Check For Viruses.
  • Please Check My Computer and Click Ok
  • Now Click On Click Here To Scan
  • Next, Click on Click here to export the scan report
  • Save it to your Desktop.
  • In your next reply, please include the Bitdefender log and a new HJT log.
Post the ComboFix log, BitDefender log, and a new HJT log in your next post.


_________________
How to be wise in two easy steps: 1) Think of something really stupid to say. 2) Don't say it.

The better I get to know my fellow lawyers, the more I love my dog.
Back to top
View users profile Send private message
Abomination

Trooper
Trooper


Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
PostPosted: Mon May 19, 2008 8:17 am    Post subject:
Reply with quote

Hi Gerald. I did the HJT System Scan only as you told me in your last post but there were none of the dlls (mIJCUKca.dll, jKAWnLEx.dll, xiohducc.dll) to check and fix. I posted a HJT log below to show you those dlls aren't there(or am i blind, lol). I think they were deleted when I did the first ComboFix scan cuz right after it was done the pop ups were gone. Also, besides pop ups, the Reset button on my computer was constantly blinking as if some process was running and I couldn't locate it. That made the comp pause for a second so if I was typing in google tab or in messenger chat the letters during that pause were missing. But after the first ComboFix scan my comp runs now smoothly like before it was infected Smile
Ok here's the HJT log. I did not go to the next step because I want to hear from you first.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:53 AM, on 5/19/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\VPro520.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1 TRAY] "C:\ProgramData\ToolProxyProxy.77csgcg"
O4 - HKCU\..\Run: [spyprodetector] C:\Program Files\Spyware Process Detector\spydetector.exe TRAY
O4 - Global Startup: VPro520.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://postarca.posta.si
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC50C44C-2FED-4CE7-AAAE-F2CE0F714BBB}: NameServer = 193.189.160.23 193.189.160.13
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 5722 bytes
Back to top
View users profile Send private message
grsamf

1st Responder
Site Moderator

Joined: Oct 08, 2006
Posts: 1264

1st Responders Moderators Premium

PostPosted: Mon May 19, 2008 2:32 pm    Post subject:
Reply with quote

The entries were in the previous HJT log you posted, but were perhaps removed on a reboot. Go ahead and follow the rest of the instructions in my previous post.


_________________
How to be wise in two easy steps: 1) Think of something really stupid to say. 2) Don't say it.

The better I get to know my fellow lawyers, the more I love my dog.
Back to top
View users profile Send private message
Abomination

Trooper
Trooper


Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
PostPosted: Tue May 20, 2008 1:33 am    Post subject:
Reply with quote

Here are the logs!

ComboFix 08-05-15.3 - Kris 2008-05-19 23:46:51.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1316 [GMT 2:00]
Running from: C:\Users\Kris\Desktop\ComboFix.exe
Command switches used :: C:\Users\Kris\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll
C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll
C:\Users\Kris\AppData\Local\Temp\xiohducc.dll
.

((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 00:07 . 2008-05-18 00:07 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-18 00:06 . 2008-05-18 00:06 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 00:06 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-18 00:06 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-14 22:04 . 2008-05-14 22:17 <DIR> d-------- C:\Program Files\Spyware Process Detector
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\Users\All Users\Ubisoft
2008-05-14 10:16 . 2008-05-14 10:16 <DIR> d-------- C:\ProgramData\Ubisoft
2008-05-14 10:16 . 2008-05-19 10:56 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-05-14 10:15 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-05-14 10:15 . 2008-05-14 10:15 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-14 10:15 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-05-14 10:15 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-05-14 10:15 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-05-14 10:15 . 2008-05-19 10:56 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-05-14 10:15 . 2008-05-14 10:15 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-05-14 10:15 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-05-09 20:19 . 2008-05-09 20:19 200,920,181 --a------ C:\Windows\MEMORY.DMP
2008-05-04 22:30 . 2008-05-04 22:30 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\Users\All Users\Grisoft
2008-05-04 22:27 . 2008-05-04 22:27 <DIR> d-------- C:\ProgramData\Grisoft
2008-05-04 22:27 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-05-04 21:52 . 2008-05-04 21:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-30 16:29 . 2008-04-30 16:29 <DIR> d-------- C:\Users\Kris\AppData\Roaming\ArcSoft
2008-04-30 16:23 . 2008-04-30 16:23 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-30 16:23 . 1995-08-01 04:44 212,480 --a------ C:\Windows\PCDLIB32.DLL
2008-04-30 16:22 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\DIFX
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Windows\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Philips
2008-04-30 16:21 . 2008-04-30 16:21 <DIR> d-------- C:\Program Files\Common Files\SPC520NC
2008-04-30 16:21 . 2003-03-19 06:20 1,060,864 --a------ C:\Windows\MFC71.dll
2008-04-30 16:21 . 2007-10-01 14:38 483,328 --a------ C:\Windows\System32\drivers\SPC520.sys
2008-04-30 16:21 . 2003-02-21 13:42 348,160 --a------ C:\Windows\msvcr71.dll
2008-04-30 16:21 . 2007-09-28 16:05 307,200 --a------ C:\Windows\System32\stvspc.ax
2008-04-30 16:21 . 2007-04-06 12:42 73,728 --a------ C:\Windows\VPro520.exe
2008-04-30 16:21 . 2007-10-01 14:38 7,680 --a------ C:\Windows\System32\drivers\SPC520m.sys
2008-04-30 00:35 . 2008-05-14 08:51 <DIR> d-------- C:\Users\Kris\AppData\Roaming\Xfire
2008-04-30 00:35 . 2008-05-14 06:41 <DIR> d-------- C:\Users\All Users\Xfire
2008-04-30 00:35 . 2008-05-14 06:41 <DIR> d-------- C:\ProgramData\Xfire
2008-04-30 00:35 . 2008-04-30 00:35 <DIR> d-------- C:\Program Files\Xfire
2008-04-28 23:43 . 2002-07-17 15:20 84,832 --a------ C:\Windows\System32\drivers\ASPI32.SYS
2008-04-28 23:43 . 2002-07-17 15:23 45,056 --a------ C:\Windows\System32\WNASPI32.DLL
2008-04-23 00:28 . 2008-04-23 00:28 41,296 --a------ C:\Windows\System32\xfcodec.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:54 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-05-18 10:40 --------- d-----w C:\Program Files\Windows Mail
2008-05-17 22:45 --------- d-----w C:\Users\Kris\AppData\Roaming\IMVU
2008-05-14 08:16 22,328 ----a-w C:\Users\Kris\AppData\Roaming\PnkBstrK.sys
2008-05-14 07:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-11 18:08 6,334,023 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-05-11 10:08 2,322,944 ----a-w C:\Windows\Internet Logs\xDBE87A.tmp
2008-05-05 14:09 --------- d-----w C:\ProgramData\Media Center Programs
2008-05-04 08:37 --------- d-----w C:\ProgramData\Lavasoft
2008-05-04 08:36 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-04 07:37 --------- d-----w C:\Program Files\Common Files\DAZ
2008-04-18 15:28 2,871,808 ----a-w C:\Windows\Internet Logs\xDBCDAA.tmp
2008-03-22 18:17 2,869,248 ----a-w C:\Windows\Internet Logs\xDBCBC6.tmp
2008-03-22 18:17 1,818,624 ----a-w C:\Windows\Internet Logs\xDBCEA4.tmp
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-25 23:59 118,784 ----a-w C:\Windows\Internet Logs\xDBC59F.tmp
2008-02-24 05:39 2,973,696 ----a-w C:\Windows\Internet Logs\xDBD2F7.tmp
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-08-30 10:13 174 --sha-w C:\Program Files\desktop.ini
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-17_23.50.27.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-17 20:55:56 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-19 20:54:32 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-17 20:55:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-19 20:54:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-17 20:55:56 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-19 20:54:33 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-17 20:57:54 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-19 20:57:06 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-17 20:58:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 20:57:01 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-19 20:59:18 1,574 ----a-w C:\Windows\SoftwareDistribution\EventCache\{5DE783E4-C303-42F0-BA6E-1B0CE5EC47EC}.bin
- 2008-05-17 20:56:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-19 20:54:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-17 20:56:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-19 20:54:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-17 20:56:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-19 20:54:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-04-06 05:56:20 19,836,024 ----a-w C:\Windows\System32\mrt.exe
+ 2008-05-09 21:35:04 16,863,864 ----a-w C:\Windows\System32\mrt.exe
- 2008-05-17 21:01:53 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-19 20:59:48 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-17 21:01:53 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-19 20:59:48 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-14 04:42:24 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-18 11:00:05 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-17 20:58:38 7,682 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1048035828-3249620089-2720664529-1000_UserData.bin
+ 2008-05-19 07:42:32 7,896 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1048035828-3249620089-2720664529-1000_UserData.bin
- 2008-05-17 20:58:37 99,350 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 20:58:10 99,838 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-17 20:58:36 34,238 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-19 20:58:09 34,482 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat
+ 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat
+ 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat
+ 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-07-11 22:03 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:34 125440]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:33 201728]
"1 TRAY"="C:\ProgramData\ToolProxyProxy.77csgcg" [2008-04-14 10:48 61456]
"spyprodetector"="C:\Program Files\Spyware Process Detector\spydetector.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-11 20:41 1006264]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-06 21:00 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-06 21:00 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-06 21:00 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPro520.lnk - C:\Windows\VPro520.exe [2008-04-30 16:21:07 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9281512B-641A-4B9D-AE41-E4D4DFD223BD}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0A197A8B-409A-457F-A87C-26A330CFA33C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A1A0E5EC-D107-494B-91C2-1BE078B7B1A6}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D49CCFFE-A706-4C82-8C66-D1B2B8A16052}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4E784D70-38B0-4144-B415-39C77980BA86}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C4AC0E30-D148-470D-81DF-6884A0DE8A28}"= UDP:D:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{7CA38990-784F-4B0A-96A0-4408C8C21579}"= TCP:D:\Games\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{9265599E-23AE-4AC6-830B-1B822391E7F9}"= UDP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{7AC41EA7-147E-4ADE-8AB2-C05FA2D888B5}"= TCP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2
"{0638D6FC-9A4B-41C8-B8FF-A256044A7F2C}"= UDP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update
"{6F49026F-B3E2-413F-9F0F-5F5F0C9124A5}"= TCP:D:\Games\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

S3 ASPI;Advanced SCSI Programming Interface Driver;C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 15:20]
S3 SPC520;Philips SPC520NC PC Camera;C:\Windows\system32\drivers\SPC520.sys [2007-10-01 14:38]
S3 SPC520m;Philips SPC520NC PC Cameram;C:\Windows\system32\drivers\SPC520m.sys [2007-10-01 14:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98266f07-6101-11dc-954b-0018f3093e46}]
\shell\AutoRun\command - J:\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-18 23:35:57 C:\Windows\Tasks\User_Feed_Synchronization-{9CDFD5C3-918A-412A-A03C-BA9EB8457E05}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 23:48:36
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\Kris\AppData\Local\Temp\~DF21C9.tmp 81920 bytes
C:\Users\Kris\AppData\Local\Temp\~DF21D8.tmp 512 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2008-05-19 23:49:42
ComboFix-quarantined-files.txt 2008-05-19 21:49:06
ComboFix2.txt 2008-05-17 22:18:18

Pre-Run: 54,642,323,456 bytes free
Post-Run: 54,614,839,296 bytes free

213 --- E O F --- 2008-05-18 10:40:22



Bitdefender log:

Time
01:09:14

Files
446685

Folders
22916

Boot Sectors
3

Archives
2422

Packed Files
25713




Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1




Engines Info

Virus Definitions
1202597

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

D:\Users\Kris\AppData\Local\Temp\vuwxx.ini
Infected with: Trojan.Vundo.DVS

D:\Users\Kris\AppData\Local\Temp\vuwxx.ini
Disinfection failed

D:\Users\Kris\AppData\Local\Temp\vuwxx.ini
Deleted


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:27 PM, on 5/4/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1 TRAY] "C:\ProgramData\ToolProxyProxy.77csgcg"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c
O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: VPro520.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Kris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://postarca.posta.si
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC50C44C-2FED-4CE7-AAAE-F2CE0F714BBB}: NameServer = 193.189.160.23 193.189.160.13
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6080 bytes
Back to top
View users profile Send private message
Abomination

Trooper
Trooper


Joined: Jun 23, 2004
Posts: 23
Location: Slovenia
PostPosted: Tue May 20, 2008 1:41 am    Post subject:
Reply with quote

Well I'll be damned. Those dlls that I couldn't find are now shown in this new HJT log I posted! How is that possible?
Back to top
View users profile Send private message
grsamf

1st Responder
Site Moderator

Joined: Oct 08, 2006
Posts: 1264

1st Responders Moderators Premium

PostPosted: Sat May 24, 2008 6:08 pm    Post subject:
Reply with quote

I am very sorry for the delay. I have had some problems getting email notifications when someone responds in a thread.

Let's try again to stop the problem dlls. I will repeat the instructions.

Run HijackThis again,[/color][/b] but this time choose Do a system scan only. That is the second option from the top in the What would you like to do choices. After HijackThis completes the system scan, check the box immediately to the left of the following item(s):

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Kris\AppData\Local\Temp\mlJCUKca.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Kris\AppData\Local\Temp\jKaWnLEx.dll,c

O4 - HKCU\..\Run: [BM55bf0bd8] Rundll32.exe "C:\Users\Kris\AppData\Local\Temp\xiohducc.dll",s

Please be very careful, do NOT check any other boxes. Then, click on Fix checked on the bottom left side of the HijackThis screen.

Now close HijackThis and restart your computer.

Post a new HJT log and let me know how your computer is running now.


_________________
How to be wise in two easy steps: 1) Think of something really stupid to say. 2) Don't say it.

The better I get to know my fellow lawyers, the more I love my dog.
Back to top
View users profile Send private message
grsamf

1st Responder
Site Moderator

Joined: Oct 08, 2006
Posts: 1264

1st Responders Moderators Premium

PostPosted: Sun Jun 01, 2008 12:58 pm    Post subject:
Reply with quote

This thread will be locked due to lack of response. If you need to have to have it reopened, please send a PM to me or another moderator.


_________________
How to be wise in two easy steps: 1) Think of something really stupid to say. 2) Don't say it.

The better I get to know my fellow lawyers, the more I love my dog.
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   This topic is locked you cannot edit posts or make replies       All -> FavForums -> Trend Micro HijackThis Logs All times are GMT
Goto page Previous  1, 2
Page 2 of 2

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
220ppm 0.712s (0.182s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer