EN

The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

FORUMS

SEARCH FORUM

[DONE] Sinowal.trojan! HJT log included. I heard this thing was dangerous

Posted 12/5/2008 4:57 AM
#69443
User avatar

InfamousChris Valued member

Date Joined Nov 2016
Total Posts: 18
Hi again I keep getting this pop-up saying Sinowal.Trojan, this popup looks like a Windows pop-up like when the firewall things asks you to block or unblock but the options are grayed out and the only button is Enable Protection but I dont click on it because I dont trust it. Anyways I heard this virus can capture bank information and I need to get rid of it! I have no idea how I caught it either! It just happened when I went to my usual websites that Ive been going to for years

Please someone help!

I ran my anti-virus and seemed like it deleted it but when I rebooted the error came up again

I also used AVG AntiSpyware and it collected almost the same info but never officially deleted it when the reboot took place

ComboFix didnt seem to do the trick either

Here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:22 PM, on 12/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
F:\WINDOWS\system32\CTHELPER.EXE
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Documents and Settings\Chris Romulus\Application Data\Transcend\SJelite3\SJelite3Launch.exe
F:\Program Files\AIM6\aolsoftware.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\REAL\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Comrade.exe] F:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SJelite3Launch] F:\Documents and Settings\Chris Romulus\Application Data\Transcend\SJelite3\SJelite3Launch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223712024187
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - F:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6494 bytes

I always post here and always get cleaned up, you guys never failed to disappoint!

I have a screenshot of the popup that comes up
Post attachments:
untitled.bmp
Posted 12/6/2008 6:52 AM
#69490
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:



Please download Malwarebytes' Anti-Malware:

[color=#0000ff>https://www.spywarefri.dk/downloads1/mbam-setup.exe[/url]



Or here:

https://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968[/color]



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.



Copy and Paste that log into your next reply, along with fresh hijackthis log.





NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/6/2008 6:51 PM
#69525
User avatar

InfamousChris Valued member

Date Joined Nov 2016
Total Posts: 18
Malwarebytes' Anti-Malware 1.31
Database version: 1466
Windows 5.1.2600 Service Pack 3

12/6/2008 1:49:42 PM
mbam-log-2008-12-06 (13-49-42).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 238886
Time elapsed: 1 hour(s), 21 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP1\A0000003.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP11\A0004651.dll (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP11\A0004655.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP11\A0004657.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP2\A0000059.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP3\A0002058.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP3\A0002063.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP3\A0002098.exe (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP3\A0002275.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP4\A0002288.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP4\A0002318.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP8\A0002403.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP8\A0002410.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP8\A0002442.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP8\A0002445.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP9\A0003490.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP9\A0003503.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{868C2413-4778-41DF-B84C-8A129EE980F2}\RP9\A0003505.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:42 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\WINDOWS\RTHDCPL.EXE
F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
F:\WINDOWS\system32\CTHELPER.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\AIM6\aim6.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Documents and Settings\Chris Romulus\Application Data\Transcend\SJelite3\SJelite3Launch.exe
F:\Documents and Settings\Chris Romulus\Application Data\Google\ggqjh22510678.exe
F:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Program Files\AIM6\aolsoftware.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\REAL\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] F:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] F:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [cctray] "F:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "F:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Aim6] "F:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "F:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Comrade.exe] F:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SJelite3Launch] F:\Documents and Settings\Chris Romulus\Application Data\Transcend\SJelite3\SJelite3Launch.exe
O4 - HKCU\..\Run: [vidxhp] "F:\Documents and Settings\Chris Romulus\Application Data\Google\ggqjh22510678.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223712024187
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CaCCProvSP - CA, Inc. - F:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - F:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - F:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6724 bytes
Posted 12/7/2008 8:11 AM
#69554
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I assume you still got the message from the firewall ?



Go to add/remove programs in controlpanel, and remove:

[2]Viewpoint Manager Service [/2]


[2][/2]


[2]Reboot[/2]


[2]
Please download Combofix:

https://download.bleepingcomputer.com/subs/combofix.exe



And save to the desktop.


Close all other browser windows.



Please connect all your external hard drive/flash drive before running Combofix







Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results".



Double-click on the combofix icon found on your desktop.



Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.


When finished, it will produce a logfile located at C:\combofix.txt.


Post the contents of that log in your next reply.
[/2]


[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/7/2008 8:01 PM
#69579
User avatar

InfamousChris Valued member

Date Joined Nov 2016
Total Posts: 18
ComboFix 08-12-06.06 - Chris Romulus 2008-12-07 3:41:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1406 [GMT -5:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Chris Romulus\Application Data\Google\ggqjh22510678.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 03:38 . 2008-12-06 03:38 d-------- f:\program files\Malwarebytes' Anti-Malware
2008-12-06 03:38 . 2008-12-06 03:38 d-------- f:\documents and settings\Chris Romulus\Application Data\Malwarebytes
2008-12-06 03:38 . 2008-12-06 03:38 d-------- f:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-06 03:38 . 2008-12-03 19:52 38,496 --a------ f:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 03:38 . 2008-12-03 19:52 15,504 --a------ f:\windows\system32\drivers\mbam.sys
2008-12-04 23:36 . 2008-12-04 23:36 d-------- f:\program files\Trend Micro
2008-12-04 23:36 . 2008-12-04 23:36 812,344 --a------ F:\HJTInstall.exe
2008-12-04 23:36 . 2008-12-04 23:36 1,734 --a------ F:\HijackThis.lnk
2008-12-04 23:20 . 2008-12-07 03:40 3,061,078 -ra------ F:\ComboFix.exe
2008-12-04 21:02 . 2008-12-04 21:02 d-------- f:\documents and settings\Chris Romulus\Application Data\Grisoft
2008-12-04 20:57 . 2008-12-04 20:57 d-------- f:\documents and settings\All Users\Application Data\Grisoft
2008-12-04 20:57 . 2007-05-30 07:10 10,872 --a------ f:\windows\system32\drivers\AvgAsCln.sys
2008-12-04 20:57 . 2008-12-04 20:57 849 --a------ F:\AVG Anti-Spyware.lnk
2008-11-28 10:34 . 2008-04-13 14:47 25,856 --a------ f:\windows\system32\drivers\usbprint.sys
2008-11-28 10:34 . 2008-04-13 14:47 25,856 --a--c--- f:\windows\system32\dllcache\usbprint.sys
2008-11-20 02:36 . 2008-11-20 02:36 d-------- f:\program files\ATA
2008-11-20 02:34 . 2008-11-20 02:39 d-------- f:\program files\Transcender

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 08:38 --------- d-----w f:\program files\Viewpoint
2008-12-07 08:38 --------- d-----w f:\documents and settings\All Users\Application Data\Viewpoint
2008-11-29 21:11 --------- d---a-w f:\documents and settings\All Users\Application Data\TEMP
2008-11-29 19:41 --------- d-----w f:\program files\Common Files\Wise Installation Wizard
2008-11-29 19:41 --------- d-----w f:\program files\AGEIA Technologies
2008-11-28 01:14 --------- d-----w f:\program files\Steam
2008-11-21 04:35 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\Azureus
2008-11-20 06:40 --------- d-----w f:\program files\Vuze
2008-11-14 00:24 --------- d-----w f:\program files\SystemRequirementsLab
2008-11-02 19:53 --------- d-----w f:\program files\EVGA Precision
2008-11-01 17:32 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\Transcend
2008-10-31 18:34 --------- d-----w f:\documents and settings\Marlon Romulus\Application Data\Apple Computer
2008-10-31 18:32 --------- d-----w f:\documents and settings\Marlon Romulus\Application Data\Nero
2008-10-25 20:45 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\Nero
2008-10-25 20:44 --------- d-----w f:\program files\Common Files\Nero
2008-10-25 20:43 --------- d-----w f:\program files\Nero
2008-10-25 20:43 --------- d-----w f:\documents and settings\All Users\Application Data\Nero
2008-10-18 16:21 --------- d-----w f:\program files\SpeedFan
2008-10-16 02:20 107,888 ----a-w f:\windows\system32\CmdLineExt.dll
2008-10-16 02:19 --------- d-----w f:\program files\GameSpy
2008-10-16 02:16 22,328 ----a-w f:\windows\system32\drivers\PnkBstrK.sys
2008-10-16 02:16 22,328 ----a-w f:\documents and settings\Chris Romulus\Application Data\PnkBstrK.sys
2008-10-16 02:15 669,184 ----a-w f:\windows\system32\pbsvc.exe
2008-10-16 02:15 66,872 ----a-w f:\windows\system32\PnkBstrA.exe
2008-10-16 02:15 103,736 ----a-w f:\windows\system32\PnkBstrB.exe
2008-10-16 02:01 --------- d-----w f:\program files\Electronic Arts
2008-10-14 23:00 --------- d-----w f:\program files\QuickTime
2008-10-14 23:00 --------- d-----w f:\program files\Common Files\Apple
2008-10-14 23:00 --------- d-----w f:\program files\Apple Software Update
2008-10-14 23:00 --------- d-----w f:\documents and settings\All Users\Application Data\Apple Computer
2008-10-14 22:59 --------- d-----w f:\documents and settings\All Users\Application Data\Apple
2008-10-13 14:56 70,936 ----a-w f:\windows\system32\PhysXLoader.dll
2008-10-13 07:10 --------- d-----w f:\program files\GRETECH
2008-10-12 18:25 --------- d-----w f:\program files\Microsoft.NET
2008-10-12 18:25 --------- d-----w f:\program files\Microsoft ActiveSync
2008-10-12 18:08 --------- d-----w f:\documents and settings\All Users\Application Data\Azureus
2008-10-12 18:07 --------- d-----w f:\program files\AskSBar
2008-10-12 06:52 --------- d-----w f:\program files\REAL
2008-10-12 06:52 --------- d-----w f:\program files\Common Files\xing shared
2008-10-12 06:52 --------- d-----w f:\program files\Common Files\Real
2008-10-12 06:51 499,712 ----a-w f:\windows\system32\msvcp71.dll
2008-10-12 06:51 348,160 ----a-w f:\windows\system32\msvcr71.dll
2008-10-11 20:09 --------- d-----w f:\program files\The Weather Channel FW
2008-10-11 16:17 --------- d-----w f:\program files\microsoft frontpage
2008-10-11 16:15 --------- d-----w f:\program files\AIMTunes
2008-10-11 16:14 444,952 ----a-w f:\windows\system32\wrap_oal.dll
2008-10-11 16:14 109,080 ----a-w f:\windows\system32\OpenAL32.dll
2008-10-11 16:14 --------- d--h--w f:\program files\InstallShield Installation Information
2008-10-11 16:14 --------- d-----w f:\program files\Creative
2008-10-11 16:14 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\Creative
2008-10-11 06:42 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\QQ Games Plugin
2008-10-11 06:42 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\acccore
2008-10-11 06:41 --------- d-----w f:\program files\Tencent
2008-10-11 06:41 --------- d-----w f:\program files\AIM6
2008-10-11 06:41 --------- d-----w f:\documents and settings\All Users\Application Data\AOL Downloads
2008-10-11 06:40 --------- d-----w f:\program files\Common Files\AOL
2008-10-11 06:40 --------- d-----w f:\documents and settings\All Users\Application Data\AOL OCP
2008-10-11 06:40 --------- d-----w f:\documents and settings\All Users\Application Data\AOL
2008-10-11 06:40 --------- d-----w f:\documents and settings\All Users\Application Data\acccore
2008-10-11 01:09 880,560 ----a-w f:\windows\system32\drivers\vetefile.sys
2008-10-11 01:09 108,368 ----a-w f:\windows\system32\drivers\veteboot.sys
2008-10-11 01:09 --------- d-----w f:\program files\CA
2008-10-11 01:09 --------- d-----w f:\documents and settings\All Users\Application Data\CA
2008-10-11 01:08 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\GetRightToGo
2008-10-11 00:00 --------- d-----w f:\program files\Common Files\Adobe
2008-10-10 23:22 315,392 ----a-w f:\windows\HideWin.exe
2008-10-10 23:22 --------- d-----w f:\program files\Realtek
2008-10-10 23:22 --------- d-----w f:\program files\Common Files\InstallShield
2008-10-10 23:19 --------- d-----w f:\program files\AMD
2008-10-10 23:16 --------- d-----w f:\documents and settings\Chris Romulus\Application Data\InstallShield
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelTraditionalChinese.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelSwedish.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelSpanish.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelSimplifiedChinese.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelPortugese.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelKorean.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelJapanese.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelGerman.dll
2008-10-07 14:13 58,648 ----a-w f:\windows\system32\AgCPanelFrench.dll
2008-10-07 14:13 288,024 ----a-w f:\windows\system32\PhysXCplUI.exe
2008-10-07 14:13 288,024 ----a-w f:\windows\system32\PhysXCompatCplUI.exe
2008-10-07 14:13 23,320 ----a-w f:\windows\system32\PhysXDevice.dll
2008-10-02 14:07 453,152 ----a-w f:\windows\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-12-04_23.31.42.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-05 04:17:29 53,608 ----a-w f:\windows\system32\perfc009.dat
+ 2008-12-05 12:58:52 53,724 ----a-w f:\windows\system32\perfc009.dat
- 2008-12-05 04:17:29 383,254 ----a-w f:\windows\system32\perfh009.dat
+ 2008-12-05 12:58:52 383,562 ----a-w f:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="f:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DW6"="f:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-10-06 793712]
"Comrade.exe"="f:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="f:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SJelite3Launch"="f:\documents and settings\Chris Romulus\Application Data\Transcend\SJelite3\SJelite3Launch.exe" [2008-06-23 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="f:\windows\RaidTool\xInsIDE.exe" [2008-04-24 36864]
"36X Raid Configurer"="f:\windows\system32\xRaidSetup.exe" [2008-04-24 1970176]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"cctray"="f:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2008-10-10 247024]
"CAVRID"="f:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"TkBellExe"="f:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"NeroFilterCheck"="f:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="f:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"!AVG Anti-Spyware"="f:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-24 f:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-10-07 f:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2008-06-27 f:\windows\system32\CtHelper.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"f:\\Program Files\\AIM6\\aim6.exe"=
"f:\\Program Files\\Steam\\steamapps\\infamouschris86@hotmail.com\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Steam\\steamapps\\infamouschris86@hotmail.com\\age of chivalry\\hl2.exe"=
"f:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"f:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"f:\\WINDOWS\\system32\\PnkBstrA.exe"=
"f:\\WINDOWS\\system32\\PnkBstrB.exe"=

R3 COMMONFX.SYS;COMMONFX.SYS;f:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;f:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;f:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;f:\windows\system32\drivers\nvhda32.sys [2008-10-10 38560]
S3 COMMONFX;COMMONFX;f:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;f:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;f:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTERFXFX;CTERFXFX;f:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;f:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-04 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-vidxhp - f:\documents and settings\Chris Romulus\Application Data\Google\ggqjh22510678.exe


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: f:\windows\system32\VetRedir.dll

f:\windows\Downloaded Program Files\sysreqlab3.dll - f:\windows\Downloaded Program Files\sysreqlab_srl.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
f:\windows\Downloaded Program Files\sysreqlab.osd
FireFox -: Profile - f:\documents and settings\Chris Romulus\Application Data\Mozilla\Firefox\Profiles\xr6as69x.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msn.com
FF -: plugin - f:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - f:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - f:\program files\REAL\Netscape6\nppl3260.dll
FF -: plugin - f:\program files\REAL\Netscape6\nprjplug.dll
FF -: plugin - f:\program files\REAL\Netscape6\nprpjplug.dll
FF -: plugin - f:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-12-07 03:42:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 3:42:45
ComboFix-quarantined-files.txt 2008-12-07 08:42:38
ComboFix2.txt 2008-12-05 04:32:21

Pre-Run: 464,640,135,168 bytes free
Post-Run: 464,631,595,008 bytes free

221 --- E O F --- 2008-10-12 17:06:26
Posted 12/8/2008 3:56 AM
#69589
User avatar

InfamousChris Valued member

Date Joined Nov 2016
Total Posts: 18
Touch ur the man! I left my PC running for a few hours and I havent received the pop-up after the ComboFix run. Everything is running nice and smooth!

THANKS AGAIN!! :smilewinkgrin:
Posted 12/8/2008 5:08 AM
#69597
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Great :smile:






  • We will now clear your existing system restore points and establish a new clean restore point:

Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.







Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->

Uninstall ComboFix. Delete its related folders and files.

Reset your clock settings. Hide file extensions.

Hide the system/hidden files. And resets System Restore again.



Also, please read this article by Tony Klein: How I got Infected in the First Place



[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 12/9/2008 4:22 AM
#69637
User avatar

InfamousChris Valued member

Date Joined Nov 2016
Total Posts: 18
Okay done! Thanks again!!
Posted 12/9/2008 9:04 AM
#69657
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
My pleasure :smile:





Since this issue appears resolved ... this Topic is closed.

If you would like it to be reopened please contact Me.


Thank you !



[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, August 14, 2022, 10:53 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
27 Guest(s), 0 Registered Member(s) are currently online.