Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Problem


  • This topic is locked This topic is locked
8 replies to this topic

#1 dmuliyil

dmuliyil

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 24 May 2009 - 01:07 AM

Hello everyone, I've been having a stubborn malware problem which redirects me to different websites when I click on my search engine results. For example, I'll search for something and click on the first listing, only to have it redirect me to a spyware site. The only way for me to get around this is to manually type in the address. Initially, the problem was very severe, not even allowing me to browse websites without being redirecting to "Jumping.com." However, I installed the newest Kaspersky and did a full scan which purged a lot of the problems. Additionally, I downloaded Malwarebyte's Anti-Malware and managed to further rid my system of bugs. However, this minor (yet annoying) problem still remains, and I would be more than appreciate for any help.

DDS Log

DDS (Ver_09-05-14.01) - NTFSx86
Run by David at 8:39:06.26 on Thu 05/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.436 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: : {1fca21e7-9308-437a-ab87-07fbda7f987a} - c:\windows\system32\ojjcilq.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
dRun: [A00FE448E.exe] c:\windows\temp\_A00FE448E.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\jjxbyrzfs.exe
StartupFolder: c:\docume~1\david\startm~1\programs\startup\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: klogon - c:\windows\system32\klogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\1nhwp2ip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

============= SERVICES / DRIVERS ===============

R0 cztthycv;cztthycv;c:\windows\system32\drivers\cztthycv.sys [2001-8-23 23424]
R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-5-10 226832]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
R3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2007-12-22 119296]

=============== Created Last 30 ================

2009-05-10 19:00 1,365,536 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-05-10 19:00 204,832 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-05-10 19:00 11,748 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-05-10 19:00 1,780 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-05-10 18:58 <DIR> a-dshr-- C:\cmdcons
2009-05-10 18:57 161,792 a------- c:\windows\SWREG.exe
2009-05-10 18:57 98,816 a------- c:\windows\sed.exe
2009-05-10 18:57 <DIR> --d----- C:\Combo-Fix
2009-05-10 18:57 388,608 a------- c:\windows\system32\CF13207.exe
2009-05-10 17:32 <DIR> --d----- c:\docume~1\david\applic~1\Malwarebytes
2009-05-10 17:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-10 17:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 17:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-10 17:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-10 15:42 105,395 a------- c:\windows\system32\drivers\klin.dat
2009-05-10 15:42 94,643 a------- c:\windows\system32\drivers\klick.dat
2009-05-10 15:41 <DIR> --d----- c:\program files\Kaspersky Lab
2009-05-10 15:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-05-10 15:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-05-09 22:48 <DIR> --d----- c:\windows\system32\199638
2009-05-09 11:37 <DIR> --d----- c:\docume~1\david\applic~1\Logs
2009-05-09 09:56 <DIR> --d----- C:\My Downloads
2009-05-09 09:56 <DIR> --d----- c:\docume~1\david\applic~1\QuickDownloadPack
2009-05-09 09:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\QuickDownloadPack
2009-05-09 09:56 <DIR> --d----- c:\program files\QuickDownloadPack
2009-05-07 20:07 202 a------- C:\43214354.bat
2009-04-29 21:15 1,194 a------- c:\windows\wininit.ini
2009-04-29 19:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-29 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2009-05-10 19:06 104,448 a------- c:\windows\system32\igdnilc.dll
2009-05-10 16:25 33,808 a------- c:\windows\system32\drivers\klbg.sys

============= FINISH: 8:40:38.70 ===============



MBAM Log
Malwarebytes' Anti-Malware 1.36
Database version: 2106
Windows 5.1.2600 Service Pack 2

5/22/2009 7:30:08 PM
mbam-log-2009-05-22 (19-29-57).txt

Scan type: Full Scan (C:\|)
Objects scanned: 4260
Time elapsed: 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1fca21e7-9308-437a-ab87-07fbda7f987a} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1fca21e7-9308-437a-ab87-07fbda7f987a} (Trojan.BHO.H) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\ojjcilq.dll (Trojan.BHO.H) -> No action taken.

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:38 PM

Posted 06 June 2009 - 12:00 PM

Hello, dmuliyil.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • RSIT Log

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 dmuliyil

dmuliyil
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 07 June 2009 - 10:04 AM

Hi AOMMASTER;

Thanks for your assistance. I fully understand your situation and am just relieved to have someone help me with this irritating problem. Yes, the problem still persists...

Thanks

Attached Files

  • Attached File  log.txt   22.09KB   5 downloads
  • Attached File  log.txt   22.09KB   3 downloads


#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:38 PM

Posted 07 June 2009 - 10:08 AM

Hi dmuliyil

Glad to help out :thumbup2:

Few things to note:
1.You've only attached one of the logs. The other is a duplicate. Please post up the other one.
2.Please copy and paste logs into the replies rather than attaching them (unless otherwise specified). It makes it easier for me to read.

Thanks :)

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:38 PM

Posted 08 June 2009 - 09:52 AM

Hello, dmuliyil.
I see that you've previously run combofix on your computer. Please post the log produced at C:\combofix.txt.

In your next reply, I'd like to see:
1.The combofix log
2.info.txt from the RSIT scan.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 dmuliyil

dmuliyil
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 11 June 2009 - 12:25 AM

Hi aommaster; Sorry about the duplicate log.
I thought I replied with the requested logs but I don't see it in the window. Hope this is not another duplicate:

ComboFix 09-05-09.05 - David 05/10/2009 19:03:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.630 [GMT -7:00]
Running from: F:\Combo-Fix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David\protect.dll
C:\Documents and Settings\David\Start Menu\Programs\Startup\ChkDisk.dll
C:\Documents and Settings\David\Start Menu\Programs\Startup\ChkDisk.lnk
C:\Documents and Settings\LocalService\protect.dll
C:\Documents and Settings\NetworkService\protect.dll
C:\WINDOWS\ld08.exe
C:\WINDOWS\pp06.exe
C:\WINDOWS\system32\ak1.exe
C:\WINDOWS\system32\config\systemprofile\protect.dll
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
C:\WINDOWS\system32\drivers\ovfsthxkltfuwkb.sys
C:\WINDOWS\system32\lmn_setup.exe
C:\WINDOWS\system32\lmppcsetup.exe
C:\WINDOWS\system32\loader49.exe
C:\WINDOWS\system32\ovfsthxalktjkjb.dat
C:\WINDOWS\system32\ovfsthxgkxidudl.dll
C:\WINDOWS\system32\ovfsthxhywrypxm.dll
C:\WINDOWS\system32\ovfsthxixymuybl.dll
C:\WINDOWS\system32\ovfsthxlog.dat
C:\WINDOWS\system32\ovfsthxoqbiqiol.dat
C:\WINDOWS\system32\winglsetup.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Temp\214665024.exe
C:\WINDOWS\Temp\2225430672.exe
C:\WINDOWS\Temp\4028131392.exe
C:\WINDOWS\system32\ojjcilq.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxirvkiqwh
-------\Legacy_VSARVAEX
-------\Service_vsarvaex


((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.

2009-05-11 02:00:58 . 2009-05-11 02:12:27 147488 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2009-05-11 02:00:58 . 2009-05-11 02:09:23 448032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-05-11 00:32:51 . 2009-05-11 00:32:51 0 d-----w C:\Documents and Settings\David\Application Data\Malwarebytes
2009-05-11 00:32:48 . 2009-04-06 22:32:46 15504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-05-11 00:32:46 . 2009-04-06 22:32:54 38496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-05-11 00:32:45 . 2009-05-11 00:32:45 0 d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-11 00:32:44 . 2009-05-11 00:32:50 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-10 22:42:22 . 2009-05-10 23:25:14 101287 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2009-05-10 22:42:22 . 2009-05-10 23:25:13 89601 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2009-05-10 22:41:30 . 2009-05-10 22:41:30 0 d-----w C:\Program Files\Kaspersky Lab
2009-05-10 22:41:29 . 2009-05-11 02:11:21 0 d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-05-10 22:35:54 . 2009-05-10 22:35:54 0 d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-05-10 05:48:54 . 2009-05-11 00:39:43 0 d-----w C:\WINDOWS\system32\199638
2009-05-09 21:53:02 . 2009-05-10 22:37:38 0 d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-09 18:37:46 . 2009-05-09 18:37:46 0 d-----w C:\Documents and Settings\David\Application Data\Logs
2009-05-09 16:56:06 . 2009-05-09 16:56:06 0 d-----w C:\Documents and Settings\All Users\Application Data\QuickDownloadPack
2009-05-09 16:56:06 . 2009-05-09 16:56:06 0 d-----w C:\My Downloads
2009-05-09 16:56:06 . 2009-05-09 21:51:40 0 d-----w C:\Documents and Settings\David\Application Data\QuickDownloadPack
2009-05-09 16:56:04 . 2009-05-11 00:39:43 0 d-----w C:\Program Files\QuickDownloadPack
2009-05-09 02:14:06 . 2009-05-11 01:06:25 0 d-----w C:\WINDOWS\system32\796525
2009-05-08 03:07:31 . 2009-05-08 03:07:31 202 ----a-w C:\43214354.bat
2009-04-30 02:59:08 . 2009-04-30 02:59:08 0 d-----w C:\Documents and Settings\NetworkService\Application Data\wamajalr
2009-04-30 02:59:08 . 2009-04-30 02:59:08 0 d-----w C:\Documents and Settings\NetworkService\Local Settings\Application Data\wamajalr
2009-04-30 02:45:07 . 2009-05-09 02:22:05 0 d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-30 02:45:07 . 2009-05-09 02:22:06 0 d-----w C:\Program Files\Spybot - Search & Destroy
2009-04-27 00:18:17 . 2009-04-27 00:18:17 0 d-----w C:\Documents and Settings\David\Application Data\InstallShield
2009-04-23 05:08:23 . 2009-04-23 05:08:39 0 d-----w C:\Documents and Settings\David\Local Settings\Application Data\Deployment

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 02:12:45 . 2009-05-11 02:00:58 4776 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-05-11 02:11:54 . 2009-05-11 02:00:58 1556 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2009-05-11 02:06:42 . 2001-08-23 12:00:00 104448 ----a-w C:\WINDOWS\system32\igdnilc.dll
2009-05-10 23:25:19 . 2008-01-30 00:29:38 33808 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
2009-03-29 17:35:00 . 2007-12-22 10:19:21 0 d-----w C:\Program Files\Google
2007-11-10 00:10:20 . 2007-11-10 00:10:20 30288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-10 00:10:22 . 2007-11-10 00:10:22 79440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-10 00:10:24 . 2007-11-10 00:10:24 75344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-10 00:10:28 . 2007-11-10 00:10:28 140880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-10 00:10:44 . 2007-11-10 00:10:44 42576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-10 00:10:46 . 2007-11-10 00:10:46 50768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-10 00:10:50 . 2007-11-10 00:10:50 34384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2007-11-10 00:11:32 . 2007-11-10 00:11:32 685648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-10 00:11:38 . 2007-11-10 00:11:38 30288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FCA21E7-9308-437A-AB87-07FBDA7F987A}]
2001-08-23 12:00:00 104448 ----a-w c:\WINDOWS\system32\ojjcilq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-22 10:19:23 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2006-10-16 01:41:14 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56:50 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 12:11:12 490952]
"Google Update"="C:\Documents and Settings\David\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-23 05:08:40 133104]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 11:40:32 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 04:24:46 32768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47:42 31016]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 15:56:14 236016]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 02:54:31 623992]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-10 23:25:19 206088]
"AGRSMMSG"="AGRSMMSG.exe" - C:\WINDOWS\AGRSMMSG.exe [2003-06-27 15:53:32 88363]


info.txt logfile of random's system information tool 1.06 2009-06-07 07:50:15

======Uninstall list======

-->MsiExec.exe /I{2BE0C605-9BEC-434D-9FAE-931194E72414}
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->MsiExec.exe /I{726A362E-EBFD-4C3F-8664-6593C2B08386}
-->MsiExec.exe /I{943CB81D-11B9-401E-8305-752528D00AA1}
-->MsiExec.exe /I{E75F019D-98A0-4B39-B1A8-3A01400D2A18}
-->MsiExec.exe /X{F664EDB9-59DF-452A-A3D7-085ED1B8D374}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Agere Systems AC'97 Modem-->agrsmdel
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{D793A12F-E362-48BB-B332-1DA5E936B52D}
BlackBerry v2.7 for the RIM 950, 957, 850 and 857 Handhelds-->MsiExec.exe /X{0587F98C-1E0D-479B-BAFA-6FA398AC9DB2}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Citrix Presentation Server Client-->MsiExec.exe /I{42ACCB45-3363-47E0-94E9-F0074CC8BC56}
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
Garmin Communicator Plugin-->MsiExec.exe /X{F6970FBD-809A-4C51-BAB3-D94A04C6C8E7}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Pistonsoft MP3 Audio Recorder version 1.7.0.16-->"C:\Program Files\Pistonsoft MP3 Audio Recorder\unins000.exe"
PlateMan-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PlateMan\ST6UNST.LOG"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickDownloadPack 3.0.47.0-->C:\Program Files\QuickDownloadPack\uninst.exe
Roxio Media Manager-->MsiExec.exe /X{303379C9-8610-4CCF-AF37-C4BF8998C591}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Waste Reporter 2008-->C:\PROGRA~1\WASTER~1\UNWISE.EXE C:\PROGRA~1\WASTER~1\INSTALL.LOG

======Security center information======

AV: Kaspersky Anti-Virus

======System event log======

Computer Name: DAVID-3DFA804C9
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9B1FC0C3. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 23333
Source Name: Dhcp
Time Written: 20090510171957.000000-420
Event Type: warning
User:

Computer Name: DAVID-3DFA804C9
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{EC49E2E6-A72E-45D1-A72B-11DB91C04720}.

Record Number: 23325
Source Name: Server
Time Written: 20090510171328.000000-420
Event Type: warning
User:

Computer Name: DAVID-3DFA804C9
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9B1FC0C3. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 23292
Source Name: Dhcp
Time Written: 20090510171222.000000-420
Event Type: warning
User:

Computer Name: DAVID-3DFA804C9
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9B1FC0C3. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 23278
Source Name: Dhcp
Time Written: 20090510165441.000000-420
Event Type: warning
User:

Computer Name: DAVID-3DFA804C9
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000E9B1FC0C3. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 23246
Source Name: Dhcp
Time Written: 20090510165226.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: DAVID-3DFA804C9
Event Code: 1517
Message: Windows saved user DAVID-3DFA804C9\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4815
Source Name: Userenv
Time Written: 20090527222822.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID-3DFA804C9
Event Code: 1517
Message: Windows saved user DAVID-3DFA804C9\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4804
Source Name: Userenv
Time Written: 20090527061204.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID-3DFA804C9
Event Code: 1517
Message: Windows saved user DAVID-3DFA804C9\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4795
Source Name: Userenv
Time Written: 20090526210132.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID-3DFA804C9
Event Code: 1517
Message: Windows saved user DAVID-3DFA804C9\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4785
Source Name: Userenv
Time Written: 20090526090403.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVID-3DFA804C9
Event Code: 1517
Message: Windows saved user DAVID-3DFA804C9\David registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4776
Source Name: Userenv
Time Written: 20090526001537.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

-----------------EOF-----------------

#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:38 PM

Posted 11 June 2009 - 07:58 AM

Hello, dmuliyil.
Yes, those were logs I wanted :thumbup2:

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advise you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.




Please note that the combofix log that you posted was incomplete. Incomplete logs can cause a problem when preparing a fix, since it gives me incomplete information.

To avoid this happening again, when pasting your logs, do the following:
1.With the log open in notepad press ctrl + A to select all the text
2.Press ctrl + C to copy the log
3.Switch over to the reply feature, and press ctrl + V to paste it.




Please answer the following questions so I can better help you with the cleanup process:

I see that you've run combofix, both renamed and from a directory other than your desktop. Was there any reason for this?


NEXT:

We need to run a Combofix script
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it. Do not copy the word "code".
    file::
    C:\WINDOWS\system32\ojjcilq.dll
    C:\WINDOWS\system32\drivers\klin.dat
    C:\WINDOWS\system32\drivers\klick.dat
    C:\43214354.bat
    C:\WINDOWS\system32\igdnilc.dll
    
    dds::
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    dRun: [A00FE448E.exe] c:\windows\temp\_A00FE448E.exe
    dRun: [uidenhiufgsduiazghs] c:\windows\temp\jjxbyrzfs.exe
    
    Reg::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1FCA21E7-9308-437A-AB87-07FBDA7F987A}]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Now, drag and drop CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
NEXT:

We need to run a Kaspersky Scan
  • Go to Kaspersky WebScanner
  • Click on Kaspersky Online Scanner
  • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database --> Extended (if available otherwise Standard)
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
  • Click OK
  • Now under select a target to scan, Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
  • Scan Archives
  • Scan Mail Bases
In your next reply, please include the following:
  • Answers to my questions above
  • ComboFix.txt
  • Fresh HijackThis Log
  • Kaspersky Log

Edited by aommaster, 11 June 2009 - 07:59 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:38 PM

Posted 14 June 2009 - 01:39 AM

Hello dmuliyil
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 16 June 2009 - 07:28 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users