Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log From A Really Difficult Removal


  • Please log in to reply
10 replies to this topic

#1 gbmatty

gbmatty

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 28 November 2007 - 12:45 AM

Greetings Comrades,

So, I've been trying to remove something that is pretty difficult. Ran AV, the AdAware, Spybot, the whole gamut of resources that is out there. Perhaps I'm overlooking something and one of you gurus can help.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:42:52 PM, on 11/27/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Cisco Systems\SSL VPN Client\agent.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\WINDOWS\system32\f23hser.exeC:\WINDOWS\System32\GEARSec.exeC:\Program Files\SPAMfighter\sfus.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXEC:\PROGRA~1\Grisoft\AVG7\avgcc.exeC:\Program Files\SPAMfighter\SFAgent.exeC:\Program Files\PeerGuardian2\pg2.exeC:\Program Files\EZBackitup\EZBkuptray.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Microsoft Money\System\mis.exeC:\Program Files\Microsoft Money\System\mnyschdl.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Program Files\Microsoft Money\System\urlmap.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exeC:\A_Drivers\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Icarius\LOCALS~1\Temp\~DPD.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dllO3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dllO4 - HKLM\..\Run: [7091afdcd693] C:\WINDOWS\system32\cewmdm10.exeO4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckRegO4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /rO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [f23mxins] f23mxinsO4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB001" /M "Stylus Photo R340"O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUPO4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url="http://download.divx.com/player/DivXBrowserPlugin.cab"]http://download.divx.com/player/DivXBrowserPlugin.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{069CCEFB-3550-4CD5-99F6-564C6399DED0}: NameServer = 68.6.16.30,68.6.16.25O17 - HKLM\System\CS1\Services\Tcpip\..\{069CCEFB-3550-4CD5-99F6-564C6399DED0}: NameServer = 68.6.16.30,68.6.16.25O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeO23 - Service: FireGL23Util - Diamond Multimedia Systems, Inc - C:\WINDOWS\system32\f23hser.exeO23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exeO23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exeO23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe--End of file - 7666 bytes
Attached File  hijackthis.log   7.39KB   6 downloads

Edited by gbmatty, 28 November 2007 - 12:46 AM.


BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:52 AM

Posted 28 November 2007 - 05:14 AM

Hello gbmatty and welcome to BleepingComputer!

My name is Johannes and I will be dealing with your log today.
Please note that comments are made in green, links are in red and important things are outlined by using the blue color.

Please also take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#3 gbmatty

gbmatty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 28 November 2007 - 09:47 AM

Thanks Johaness, look forward to hearing back from you.

Best Regards,

Matt

#4 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:52 AM

Posted 28 November 2007 - 11:55 AM

Hey gbmatty,

Step #1

It is important that you use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install one of these excellent (and free) products:If you want to have a look at the user manuals for the above suggested programs, have a look at the following:If you do decide to install a third party firewall, make sure that the windows firewall is not running and if it is, deactivate it.

Step #2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Step #3

Run HijackThis, press Scan, and put a check mark next to all these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Icarius\LOCALS~1\Temp\~DPD.dll
O4 - HKLM\..\Run: [7091afdcd693] C:\WINDOWS\system32\cewmdm10.exe
O4 - HKLM\..\Run: [f23mxins] f23mxins


Close all other windows and browsers, and press the Fix Checked button.

Step #4

Once you have done this please create an uninstall list:
  • Start HiJackThis
  • Press 'Config'
  • Press 'Misc Tools'
  • Press 'Open Uninstall Manager'
  • Press 'Save List'
  • Save the log to a convenient location
Step #5

Please download ComboFix from here.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". (Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.)
  • Close any open browsers
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it shall produce a log for you, combofix.txt. Post that log in your next reply together with a new HijackThis log
Note: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

Step #6

Please post back with a fresh HijackThis log and the ComboFix log. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#5 gbmatty

gbmatty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 13 December 2007 - 11:25 AM

Hi Johannes,

Just a quick question. I am running Windows Firewall (yes, I know it sucks) but is it imperative that I install a different one? The reason I ask is that I have settings in the Win Firewall and I'd have to set them up again in the new firewall. So, just wanted to see if I could avoid having to do this.

Regards,

Matt

Edited by gbmatty, 13 December 2007 - 04:20 PM.


#6 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:52 AM

Posted 14 December 2007 - 12:26 AM

Hey Matt,

yes it is imperative. You cannot take over your "permissions" from one firewall to the next, but I know from own experience (just recently reinstalled my pc), that it does not take very long and not many clicks to get to the same state. Your biggest advantage is that you will most likely not be faced with your current problem again that fast, as you are being much more secure than beforehand. Whats a few "yes" / "no" clicks compared to an infected pc with possibility of having to change all your passwords and onlinebanking?

Thanks, Johannes :thumbsup:

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#7 gbmatty

gbmatty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 14 December 2007 - 05:31 PM

Ok Johannes.

You talked me into it. Actually, I just purchased the Zone Alarm Security Suite and I'm in the process of configuring the settings. As soon as I have it tweaked, I'll proceed with Step #2. I'll keep you posted. :thumbsup:

Have a nice weekend

Matt

#8 gbmatty

gbmatty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 18 December 2007 - 11:44 PM

Well, it looks like there were a few things that were found by ZA and it helped to root out some of the offending entries. Here's the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:00 PM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\f23hser.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\EZBackitup\EZBkuptray.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\A_Drivers\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\Icarius\LOCALS~1\Temp\~DPD.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [7091afdcd693] C:\WINDOWS\system32\cewmdm10.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [f23mxins] f23mxins
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EZBack-it-up Tray Scheduler] C:\Program Files\EZBackitup\EZBkuptray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{069CCEFB-3550-4CD5-99F6-564C6399DED0}: NameServer = 68.6.16.30,68.6.16.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{069CCEFB-3550-4CD5-99F6-564C6399DED0}: NameServer = 68.6.16.30,68.6.16.25
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: FireGL23Util - Diamond Multimedia Systems, Inc - C:\WINDOWS\system32\f23hser.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8617 bytes


ComboFix 07-12-19.2 - Icarius 2007-12-18 19:40:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.529 [GMT -8:00]
Running from: C:\A_Drivers\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Icarius\Application Data\macromedia\Flash Player\#SharedObjects\YKY4WELS\www.broadcaster.com
C:\Documents and Settings\Icarius\Application Data\macromedia\Flash Player\#SharedObjects\YKY4WELS\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Icarius\Application Data\macromedia\Flash Player\#SharedObjects\YKY4WELS\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Icarius\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Icarius\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\WINDOWS\system32\media

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.

2007-12-17 19:24 . 2007-12-17 19:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-17 19:24 . 2007-12-17 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-17 08:26 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-12-17 08:25 . 2007-12-17 08:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-12-15 10:17 . 2007-12-15 10:17 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2007-12-14 05:42 . 2007-12-14 05:42 <DIR> d-------- C:\Program Files\SonicWallES
2007-12-13 22:07 . 2007-12-18 18:58 1,113 --a------ C:\rollback.ini
2007-12-13 21:47 . 2007-12-14 05:42 <DIR> d-------- C:\Documents and Settings\Icarius\Application Data\MailFrontier
2007-12-13 21:43 . 2007-12-18 19:47 8,603,424 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-13 21:43 . 2007-12-18 19:46 118,364 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-13 21:37 . 2007-12-14 05:42 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2007-12-13 21:36 . 2007-12-18 19:08 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-12-13 21:26 . 2007-12-13 21:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avg7
2007-12-08 09:49 . 2004-08-04 00:56 20,992 --a------ C:\WINDOWS\system32\dshowext.ax
2007-12-08 09:49 . 2004-08-04 00:56 20,992 --a--c--- C:\WINDOWS\system32\dllcache\dshowext.ax
2007-12-08 09:38 . 2007-12-08 09:38 <DIR> d-------- C:\Program Files\JL2005A
2007-12-05 18:31 . 2005-01-04 09:04 433,620 --a------ C:\WINDOWS\1.sim
2007-12-05 18:29 . 2007-12-05 18:29 13,886 --a------ C:\WINDOWS\index.bdg
2007-12-05 06:08 . 2007-12-05 18:29 0 --a------ C:\WINDOWS\xvoice.wav
2007-11-30 18:35 . 2007-11-30 18:35 <DIR> d-------- C:\Documents and Settings\Icarius\.DownloadManager
2007-11-24 09:47 . 2007-11-24 09:47 78 --a------ C:\WINDOWS\coolacm.ini
2007-11-24 01:24 . 2007-11-24 01:24 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2007-11-21 22:49 . 2007-11-21 22:49 308 --a------ C:\WINDOWS\ifriends.ini
2007-11-20 04:56 . 2005-04-27 20:22 86,016 --a------ C:\WINDOWS\system32\dpl100.dll.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-19 03:51 --------- d-----w C:\Program Files\SPAMfighter
2007-12-19 03:51 --------- d-----w C:\Program Files\PeerGuardian2
2007-12-19 03:09 --------- d-----w C:\Documents and Settings\Icarius\Application Data\Azureus
2007-12-18 03:28 --------- d-----w C:\Documents and Settings\Icarius\Application Data\dvdcss
2007-12-17 16:26 --------- d-----w C:\Program Files\Java
2007-12-17 00:12 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2007-12-15 18:11 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-15 18:09 --------- d-----w C:\Program Files\Autodesk
2007-12-13 04:49 --------- d-----w C:\Documents and Settings\Icarius\Application Data\AdobeUM
2007-12-08 01:46 --------- d-----w C:\Program Files\Azureus
2007-12-06 04:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-20 12:56 86,016 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-20 12:51 --------- d-----w C:\Program Files\DivX
2007-11-17 21:10 --------- d-----w C:\Program Files\XoftSpySE
2007-11-17 15:16 --------- d-----w C:\Documents and Settings\mac user\Application Data\SPAMfighter
2007-11-17 14:53 --------- d-----w C:\Program Files\MagicISO
2007-11-17 02:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-11-15 00:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-15 00:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 14:01 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-11-13 14:01 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-11-13 10:25 20,480 ------w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 14:08 --------- d-----w C:\Documents and Settings\Icarius\Application Data\Nero
2007-11-10 17:19 --------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-10-31 02:11 --------- d-----w C:\Documents and Settings\Icarius\Application Data\muvee Technologies
2007-10-30 03:06 --------- d-----w C:\Program Files\Common Files\Application
2007-10-30 03:06 --------- d-----w C:\Program Files\Common Files\Ankiro
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-20 22:57 --------- d-----w C:\Program Files\TechSmith
2007-10-20 22:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 22:39 --------- d-----w C:\Documents and Settings\Icarius\Application Data\Thunderbird
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2004-10-03 01:04 271 --sh--w C:\Program Files\desktop.ini
2004-10-03 01:04 21,952 ---h--w C:\Program Files\folder.htt
2004-10-07 01:55 220 -csh--w C:\WINDOWS\dwin.sys
2007-04-09 23:31 8 --sh--r C:\WINDOWS\system32\70938D8087.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-07-15 16:44]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 18:04]
"EZBack-it-up Tray Scheduler"="C:\Program Files\EZBackitup\EZBkuptray.exe" [2004-06-03 16:30]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 09:00]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-21 21:06]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-10-25 14:29]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 18:04]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

R2 FireGL23Util;FireGL23Util;C:\WINDOWS\system32\f23hser.exe [2001-04-26 14:24]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-10-25 14:29]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);C:\WINDOWS\system32\drivers\adm8830.sys [2001-08-17 11:19]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2007-02-09 20:05]
S3 FireGL23;FireGL23;C:\WINDOWS\system32\DRIVERS\fgl23m.sys [2001-04-26 14:24]
S3 JL2005;JL2005A Toy Camera;C:\WINDOWS\system32\Drivers\toywdm.sys [2005-05-09 20:22]
S3 NUVision;Pinnacle DVC 80 Video;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-12-03 11:55]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 08:07:00 C:\WINDOWS\Tasks\Backup1.job"
- C:\WINDOWS\system32\ntbackup.exeObackup
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 19:50:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pgfilter]
"ImagePath"="\??\C:\Program Files\PeerGuardian2\pgfilter.sys"
.
Completion time: 2007-12-18 20:03:38 - machine was rebooted
.
2007-12-14 04:55:10 --- E O F ---

Edited by gbmatty, 19 December 2007 - 09:05 AM.


#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:52 AM

Posted 20 December 2007 - 09:49 AM

Hey gbmatty,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (ie the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step #1
  • Open notepad and copy/paste the text in the codebox below into it:

    http://www.bleepingcomputer.com/forums/t/118630/hjt-log-from-a-really-difficult-removal/?p=689605
    
    Suspect::
    C:\WINDOWS\system32\70938D8087.sys
  • Save this as CFScript.txt

    Posted Image
  • Refering to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall
  • Additonally, ComboFix will generate a zipped file on your desktop called Submit [Date Time].zip
    Please submit this file via the html page that should popup after running ComboFix.

    Please include a link to this topic in the message.
Step #2

Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
    • Click into the text area, right-click and chose "select all" (or use ctrl+a)
    • Right-click again and chose "copy" (or ctrl+c)
    • Close Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Step #3

Please post back with a fresh HijackThis log, the ComboFix log and the NOD32 report. Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#10 gbmatty

gbmatty
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:52 PM

Posted 20 December 2007 - 04:34 PM

Johannes,

Thanks for your insight on the evils of Filesharing. I can appreciate your comments and I am well aware of the current world-wide witch hunt that is being conducted by the RIAA/MPAA et al in the name of IP. However, one of my hobbies is film making, I'm an Independent Film Maker, and in my spare time I enjoy watching and making movies. (Just a quick sidebar, someday I hope to make films for a living.) Azureus, or as it is now called Vuze, has been an invaluable tool that I've used successfully to u/l and d/l PUBLIC DOMAIN films, shows, anime, etc. These are completely free and legal because the program has gone legit. It is of note that for me, Vuze has helped get my films out onto the interwebs so others can enjoy my art for free. I'm sure you're not implying that I'm stealing or that I'm a pirate. :thumbsup:

I will endeavor to get the next set of log files as per your request.

Thank You

Matt

#11 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:12:52 AM

Posted 20 December 2007 - 04:41 PM

I'm sure you're not implying that I'm stealing or that I'm a pirate.

Yes correct :thumbsup: .

See the last paragraph:

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Awaiting your new set of logs. Please be informed that I am having my company christmas party tomorrow and will be slightly busy on Saturday, I do hope to get back to you as soon as I can. Thanks for your understanding.

Johannes

Edited by Yourhighness, 20 December 2007 - 04:42 PM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users