Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Alureon.h


  • This topic is locked This topic is locked
6 replies to this topic

#1 IceMan804

IceMan804

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 May 2010 - 12:59 AM

Micosoft Windows Malicious Software Removal Tool did a scan and said I was infected with Alureon.h. I have scanned with Kaspersky, Malwarebytes Anti-Malware, and Microsoft Security Essentials. I have since performed numerous rescans and Alureon.h has not been detected again.

I was having trouble with Internet Explorer search results being forwarded to various websites. I no longer seem to have this problem.

I had some issues with GMER freezing up and have attached the results of that file as well.

Here is a copy of my DDS.txt:


DDS (Ver_10-03-17.01) - NTFSx86
Run by clantown # 1 at 6:40:27.62 on Wed 05/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.117 [GMT -4:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\clantown # 1\Desktop\dds.scr
C:\WINDOWS\system32\wuauclt.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www2.timesdispatch.com/
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
Trusted Zone: windowsupdate.com\download
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.68.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1274151695171
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
Hosts: 85.13.206.115 u07012010u#com
Hosts: 85.13.206.115 u07012010u.com

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2009-9-1 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-5-18 315408]
R2 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2009-9-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S1 aoyqqcet;aoyqqcet;\??\c:\windows\system32\drivers\aoyqqcet.sys --> c:\windows\system32\drivers\aoyqqcet.sys [?]
S1 qudaslzm;qudaslzm;\??\c:\windows\system32\drivers\qudaslzm.sys --> c:\windows\system32\drivers\qudaslzm.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [2006-9-27 10664]
UnknownUnknown kfgtfuzz;kfgtfuzz; [x]

=============== Created Last 30 ================

2010-05-19 10:37:40 0 ----a-w- c:\documents and settings\clantown # 1\defogger_reenable
2010-05-19 02:11:26 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 01:50:03 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-19 01:04:57 0 d-sha-r- C:\cmdcons
2010-05-19 01:00:52 98816 ----a-w- c:\windows\sed.exe
2010-05-19 01:00:52 77312 ----a-w- c:\windows\MBR.exe
2010-05-19 01:00:52 256512 ----a-w- c:\windows\PEV.exe
2010-05-19 01:00:52 161792 ----a-w- c:\windows\SWREG.exe
2010-05-18 23:56:19 0 d-----w- c:\windows\system32\scripting
2010-05-18 23:56:18 0 d-----w- c:\windows\l2schemas
2010-05-18 23:56:17 0 d-----w- c:\windows\system32\en
2010-05-18 23:56:16 0 d-----w- c:\windows\system32\bits
2010-05-18 14:08:43 0 d-----w- c:\windows\ie8updates
2010-05-18 14:04:51 0 d-----w- c:\windows\ServicePackFiles
2010-05-18 13:52:31 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-18 13:52:07 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-18 13:52:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-18 13:50:18 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-18 13:47:46 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-05-18 13:47:46 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-05-18 13:46:49 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-05-18 13:40:13 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-05-18 13:38:38 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-05-18 13:38:24 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-05-18 11:31:57 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.kav
2010-05-18 04:42:10 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-18 04:42:09 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-18 04:41:01 0 d-----w- c:\program files\Kaspersky Lab
2010-05-18 04:41:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-05-18 04:39:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2010-05-18 03:56:45 0 d-sh--w- c:\documents and settings\clantown # 1\IECompatCache
2010-05-18 03:55:47 0 d-sh--w- c:\documents and settings\clantown # 1\PrivacIE
2010-05-18 03:55:01 0 d-sh--w- c:\documents and settings\clantown # 1\IETldCache
2010-05-18 03:50:54 0 dc-h--w- c:\windows\ie8
2010-05-18 03:16:07 0 d--h--w- c:\windows\system32\GroupPolicy
2010-05-18 00:35:42 0 d-----w- c:\program files\AVG
2010-05-18 00:35:21 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-05-18 00:30:28 0 d-----w- c:\program files\Windows Installer Clean Up
2010-05-17 23:37:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 23:37:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 23:07:38 0 d-----w- c:\docume~1\clanto~1\applic~1\MSNInstaller
2010-05-17 23:03:35 0 d-----w- c:\docume~1\clanto~1\applic~1\Malwarebytes
2010-05-17 23:03:29 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 23:03:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-17 22:41:52 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-15 01:39:26 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-05-14 22:24:00 0 d-----w- c:\windows\SxsCaPendDel
2010-05-14 18:10:37 0 d-----w- C:\ProgramData
2010-05-14 18:10:37 0 d-----w- c:\program files\Angle Interactive

==================== Find3M ====================

2010-05-19 01:50:03 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 594432 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-25 06:24:35 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-25 06:24:35 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 1985536 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-02-25 06:24:35 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2008-11-16 04:53:24 15134 ----a-w- c:\program files\common files\johypoc.exe
2008-11-16 04:53:24 11446 ----a-w- c:\program files\common files\wymocuba.dll
2008-11-16 04:50:25 19654 ----a-w- c:\program files\common files\yrux.lib
2008-11-16 04:50:25 15501 ----a-w- c:\program files\common files\lymexuneg.exe
2008-11-16 04:50:25 11489 ----a-w- c:\program files\common files\xujehudu.pif
2008-11-16 04:50:25 10446 ----a-w- c:\program files\common files\ibeh.dat
2008-11-16 04:50:25 10357 ----a-w- c:\program files\common files\ejobot.lib
2006-12-12 01:38:26 774144 ----a-w- c:\program files\RngInterstitial.dll

============= FINISH: 6:43:11.10 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:39 PM

Posted 20 May 2010 - 12:30 PM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.



=============================================


ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


1. Can you please post the content's of C:\Combofix.txt.



2. Please go to http://virscan.org/
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    C:\WINDOWS\system32\drivers\senfilt.sys
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 IceMan804

IceMan804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 May 2010 - 03:27 PM

Are you saying I need to download ComboFix and run it?

#4 IceMan804

IceMan804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 May 2010 - 07:08 PM

combofix.txt

ComboFix 10-05-20.07 - clantown # 1 05/20/2010 19:53:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.94 [GMT -4:00]
Running from: c:\documents and settings\clantown # 1\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-20 11:54 . 2010-05-20 11:54 -------- d-----w- c:\documents and settings\mcsexam\Application Data\Malwarebytes
2010-05-20 11:49 . 2010-05-20 11:49 -------- d-sh--w- c:\documents and settings\mcsexam\IECompatCache
2010-05-20 11:48 . 2010-05-20 11:48 -------- d-sh--w- c:\documents and settings\mcsexam\PrivacIE
2010-05-20 11:48 . 2010-05-20 11:48 -------- d-sh--w- c:\documents and settings\mcsexam\IETldCache
2010-05-20 01:21 . 2010-05-20 01:21 -------- d-----w- c:\documents and settings\clantown # 1\Application Data\Office Genuine Advantage
2010-05-19 02:11 . 2010-05-06 14:36 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-19 01:50 . 2010-05-19 01:50 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-18 23:56 . 2010-05-18 23:56 -------- d-----w- c:\windows\system32\scripting
2010-05-18 23:56 . 2010-05-18 23:56 -------- d-----w- c:\windows\l2schemas
2010-05-18 23:56 . 2010-05-18 23:56 -------- d-----w- c:\windows\system32\en
2010-05-18 23:56 . 2010-05-18 23:56 -------- d-----w- c:\windows\system32\bits
2010-05-18 14:08 . 2010-05-18 14:36 -------- d-----w- c:\windows\ie8updates
2010-05-18 14:04 . 2010-05-18 23:50 -------- d-----w- c:\windows\ServicePackFiles
2010-05-18 13:52 . 2010-02-24 13:11 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-18 13:52 . 2010-02-25 06:24 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-18 13:52 . 2010-02-25 06:24 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-18 13:50 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-18 13:47 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2010-05-18 13:47 . 2009-10-15 16:28 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2010-05-18 13:46 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-05-18 13:40 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-05-18 13:38 . 2009-06-10 13:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2010-05-18 05:04 . 2010-05-18 05:04 932368 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2010-05-18 05:04 . 2010-05-18 05:04 678416 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2010-05-18 05:04 . 2010-05-18 05:04 604688 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2010-05-18 05:04 . 2010-05-18 05:04 1096208 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2010-05-18 05:04 . 2010-05-18 05:04 522768 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2010-05-18 05:01 . 2010-05-18 05:01 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-18 05:01 . 2010-05-18 05:01 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-05-18 04:39 . 2010-05-18 04:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-18 03:59 . 2010-05-18 03:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-18 03:56 . 2010-05-18 03:56 -------- d-sh--w- c:\documents and settings\clantown # 1\IECompatCache
2010-05-18 03:55 . 2010-05-18 03:55 -------- d-sh--w- c:\documents and settings\clantown # 1\PrivacIE
2010-05-18 03:55 . 2010-05-18 03:55 -------- d-sh--w- c:\documents and settings\clantown # 1\IETldCache
2010-05-18 03:50 . 2010-05-18 03:51 -------- dc-h--w- c:\windows\ie8
2010-05-18 03:16 . 2010-05-18 03:16 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-05-18 00:35 . 2010-05-18 00:35 -------- d-----w- c:\program files\AVG
2010-05-18 00:35 . 2010-05-18 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-18 00:30 . 2010-05-18 00:30 3584 ----a-r- c:\documents and settings\clantown # 1\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-05-18 00:30 . 2010-05-18 00:30 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-05-17 23:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-17 23:37 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 23:07 . 2010-05-17 23:08 -------- d-----w- c:\documents and settings\clantown # 1\Application Data\MSNInstaller
2010-05-17 23:03 . 2010-05-17 23:03 -------- d-----w- c:\documents and settings\clantown # 1\Application Data\Malwarebytes
2010-05-17 23:03 . 2010-05-17 23:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 23:03 . 2010-05-17 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-17 22:41 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-05-15 01:39 . 2005-09-20 20:31 135168 ----a-w- c:\windows\system32\igfxres.dll
2010-05-14 22:24 . 2010-05-14 22:30 -------- d-----w- c:\windows\SxsCaPendDel
2010-05-14 22:18 . 2010-05-14 22:18 -------- d-----w- c:\documents and settings\clantown # 1\Application Data\Leadertech
2010-05-14 18:10 . 2010-05-14 18:10 -------- d-----w- C:\ProgramData
2010-05-14 18:10 . 2010-05-14 18:10 -------- d-----w- c:\program files\Angle Interactive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 12:58 . 2010-05-18 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-19 01:50 . 2004-08-11 22:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-19 01:10 . 2007-10-22 02:03 -------- d-----w- c:\program files\GamesBar
2010-05-19 00:59 . 2008-01-30 20:35 69336 ----a-w- c:\documents and settings\clantown # 1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-19 00:04 . 2004-08-11 22:14 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-18 11:31 . 2010-05-18 11:31 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.kav
2010-05-18 05:01 . 2010-05-18 05:01 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-05-18 05:01 . 2010-05-18 05:01 19472 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-05-18 05:01 . 2010-05-18 05:01 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-05-18 05:01 . 2010-05-18 04:42 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-18 05:01 . 2010-05-18 04:42 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-18 05:01 . 2010-05-18 05:01 397328 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
2010-05-18 05:01 . 2010-05-18 05:01 17936 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
2010-05-18 05:01 . 2010-05-18 05:01 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
2010-05-18 05:01 . 2010-05-18 05:01 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-05-18 05:01 . 2010-05-18 05:01 315408 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\5.1\klif.sys
2010-05-18 04:41 . 2010-05-18 04:41 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-18 00:30 . 2009-11-12 01:05 -------- d-----w- c:\program files\MSECache
2010-05-17 23:07 . 2007-02-02 03:46 -------- d-----w- c:\program files\MSN Games
2010-05-17 22:58 . 2008-11-19 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-05-14 22:26 . 2006-02-23 12:36 -------- d-----w- c:\program files\Google
2010-05-14 22:26 . 2006-08-22 01:14 -------- d-----w- c:\program files\Verizon Online
2010-05-14 22:22 . 2007-04-06 01:01 -------- d-----w- c:\program files\iWin.com
2010-05-14 22:19 . 2007-05-15 17:03 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-03-10 06:15 . 2004-08-11 22:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2006-02-23 12:14 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-11-16 04:53 . 2008-11-16 04:53 15134 ----a-w- c:\program files\Common Files\johypoc.exe
2008-11-16 04:53 . 2008-11-16 04:53 11446 ----a-w- c:\program files\Common Files\wymocuba.dll
2008-11-16 04:50 . 2008-11-16 04:50 19654 ----a-w- c:\program files\Common Files\yrux.lib
2008-11-16 04:50 . 2008-11-16 04:50 15501 ----a-w- c:\program files\Common Files\lymexuneg.exe
2008-11-16 04:50 . 2008-11-16 04:50 11489 ----a-w- c:\program files\Common Files\xujehudu.pif
2008-11-16 04:50 . 2008-11-16 04:50 10446 ----a-w- c:\program files\Common Files\ibeh.dat
2008-11-16 04:50 . 2008-11-16 04:50 10357 ----a-w- c:\program files\Common Files\ejobot.lib
2006-12-12 01:38 . 2006-12-12 01:38 774144 ----a-w- c:\program files\RngInterstitial.dll
.

------- Sigcheck -------

[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll

c:\windows\System32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-05-19_01.17.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2008-05-09 10:53 90112 c:\windows\system32\wshext.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 90112 c:\windows\system32\dllcache\wshext.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2004-08-11 22:00 . 2008-05-08 11:24 155648 c:\windows\system32\wscript.exe
- 2004-08-11 22:00 . 2008-04-14 00:12 155648 c:\windows\system32\wscript.exe
+ 2004-08-11 22:00 . 2008-05-09 10:53 172032 c:\windows\system32\scrrun.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 172032 c:\windows\system32\scrrun.dll
+ 2004-08-11 22:00 . 2008-05-09 10:53 180224 c:\windows\system32\scrobj.dll
- 2004-08-11 22:00 . 2008-04-14 00:12 180224 c:\windows\system32\scrobj.dll
+ 2008-05-08 11:24 . 2008-05-08 11:24 155648 c:\windows\system32\dllcache\wscript.exe
+ 2008-05-09 10:53 . 2008-05-09 10:53 172032 c:\windows\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53 . 2008-05-09 10:53 180224 c:\windows\system32\dllcache\scrobj.dll
+ 2008-05-07 09:07 . 2008-05-07 09:07 135168 c:\windows\system32\dllcache\cscript.exe
+ 2004-08-11 22:00 . 2008-05-07 09:07 135168 c:\windows\system32\cscript.exe
+ 2010-05-19 02:03 . 2010-05-19 02:03 301056 c:\windows\Installer\2ba530.msi
+ 2004-08-11 22:11 . 2009-06-10 13:19 2066432 c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-05-15 17:03 . 2007-03-23 15:45 2074752 c:\program files\Advanced Registry Optimizer\bak\aro.exe

2006-02-23 12:15 . 2004-10-15 00:42 1404928 c:\program files\Analog Devices\Core\bak\smax4pnp.exe

2007-07-11 01:33 . 2007-07-11 01:33 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2006-08-20 20:10 . 2006-07-26 07:03 49263 c:\program files\Java\jre1.5.0_08\bin\bak\jusched.exe

2004-08-11 22:11 . 2004-10-13 16:24 1694208 c:\program files\Messenger\bak\msmsgs.exe
2008-10-07 23:17 . 2008-04-14 00:12 1695232 c:\program files\Messenger\msmsgs.exe

2004-08-11 22:00 . 2004-08-04 10:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-11 22:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2006-02-23 12:15 . 2005-09-20 20:32 77824 c:\windows\system32\bak\hkcmd.exe
2006-02-23 12:15 . 2005-09-20 20:32 77824 c:\windows\system32\hkcmd.exe

2006-02-23 12:15 . 2005-09-20 20:36 114688 c:\windows\system32\bak\igfxpers.exe
2006-02-23 12:15 . 2005-09-20 20:36 114688 c:\windows\system32\igfxpers.exe

2006-02-23 12:15 . 2005-09-20 20:35 94208 c:\windows\system32\bak\igfxtray.exe
2006-02-23 12:15 . 2005-09-20 20:35 94208 c:\windows\system32\igfxtray.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-21 340456]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\788df4d0]
c:\windows\system32\xpxjwdgq.dll [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 06:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:HASP Port

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S1 aoyqqcet;aoyqqcet;\??\c:\windows\system32\drivers\aoyqqcet.sys --> c:\windows\system32\drivers\aoyqqcet.sys [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [9/27/2006 4:12 PM 10664]
.
Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{3A2A1B4E-B240-4CF0-A39C-94E1658B0297}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www2.timesdispatch.com/
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
Trusted Zone: windowsupdate.com\download
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 20:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="system32\drivers\rdpcdd.kav"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(3920)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-05-20 20:04:57
ComboFix-quarantined-files.txt 2010-05-21 00:04
ComboFix2.txt 2010-05-19 01:22

Pre-Run: 68,079,677,440 bytes free
Post-Run: 68,102,897,664 bytes free

- - End Of File - - 276FF635BE457CDE3D80F7A236421305


#5 IceMan804

IceMan804
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 20 May 2010 - 07:28 PM

I am having troube getting the virscan.org page to load.

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:39 PM

Posted 20 May 2010 - 10:53 PM

Hi,

Your log shows that you have previously downloaded/run Combofix, that's why I ask for the combofix.txt. Please be patient and understand that we have different time zones so it's possible to have some delays between each post.



Registry cleaners Warning:
We do not recommend the usage of registry cleaners / tools due to the following facts:
*Registry tools can cause irreparable damage to your Operating System
*Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

Registry Cleaners and System Tweaking Tools


==================================


1. Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    CODE
    :filefind
    termsrv.dll
    senfilt.sys
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply



2. Download HostsXpert.zip
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



3. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found HERE.)
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

CODE
http://www.bleepingcomputer.com/forums/t/317912/infected-with-alureonh/

Collect::
c:\program files\Common Files\johypoc.exe
c:\program files\Common Files\wymocuba.dll
c:\program files\Common Files\yrux.lib
c:\program files\Common Files\lymexuneg.exe
c:\program files\Common Files\xujehudu.pif
c:\program files\Common Files\ibeh.dat
c:\program files\Common Files\ejobot.lib

Rootkit::
c:\windows\system32\drivers\aoyqqcet.sys
c:\windows\system32\xpxjwdgq.dll

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\788df4d0]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"=-

Driver::
aoyqqcet

AWF::
c:\program files\Messenger\bak\msmsgs.exe
c:\windows\system32\bak\ctfmon.exe

FileLook::
C:\WINDOWS\system32\drivers\senfilt.sys


4. Save this as CFScript.txt, in the same location as ComboFix.exe




5. Refering to the picture above, drag CFScript into ComboFix.exe

6. When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed.  With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

Edited by sempai, 20 May 2010 - 11:36 PM.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:09:39 PM

Posted 26 May 2010 - 10:10 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users