Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown pop ups help


  • This topic is locked This topic is locked
22 replies to this topic

#1 tienyboi

tienyboi

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 December 2008 - 07:37 PM

My computer has been having pop ups everytime i open internet explorer. i scaned my computer but found nothing. i keep finding these random dlls in my system32 folder and ive been deleting them but new ones just reappear later on. heres my log file can anyone tell me whats wrong?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:50:00 PM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\My Folder\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09449FF2-D9AA-4E53-AB76-5B4FDC60B52F} - C:\WINDOWS\system32\yayvWmmJ.dll (file missing)
O2 - BHO: (no name) - {1B4CD5DF-ABC4-4273-9DCD-1862952F5AE1} - C:\WINDOWS\system32\cbXOhFYp.dll (file missing)
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - (no file)
O2 - BHO: (no name) - {230e5f33-a85e-41f8-b885-22b126e48cd5} - C:\WINDOWS\system32\gcjmkdpy.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {55F573A0-13AD-415F-AE0A-9C20CF85837C} - (no file)
O2 - BHO: (no name) - {567DC7FA-7DD3-41E0-B1E0-07668B29C7C1} - (no file)
O2 - BHO: (no name) - {629D1503-CC03-4111-A306-64338EB21C65} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {96bee1c4-e824-4f13-ad05-909f68ffea75} - C:\WINDOWS\system32\zodobuzo.dll (file missing)
O2 - BHO: (no name) - {9D92883F-FB91-4E68-81FD-B643E26F890F} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {c21da26a-555b-4536-b27f-3f638c23ff91} - C:\WINDOWS\system32\ratiwizo.dll
O2 - BHO: (no name) - {CBEAFC6D-9B11-40E9-92FE-968F764C8554} - (no file)
O2 - BHO: (no name) - {E0D1FC6F-BE14-4E82-8C7B-C398B924B099} - (no file)
O2 - BHO: {3f499285-6c2e-66db-9af4-c3c57ff4892e} - {e2984ff7-5c3c-4fa9-bd66-e2c6582994f3} - C:\WINDOWS\system32\jakxlj.dll (file missing)
O2 - BHO: (no name) - {EFCA522F-54DE-4A2C-8B1B-A887F19251CE} - (no file)
O2 - BHO: (no name) - {F498CA58-8C9B-4159-A763-B899F4FE2085} - C:\WINDOWS\system32\ssqNeBQG.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LyraHD2TrayApp] "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
O4 - HKLM\..\Run: [zimarojiho] Rundll32.exe "C:\WINDOWS\system32\sevayuga.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPM97a8ee57] Rundll32.exe "c:\windows\system32\murodaji.dll",a
O4 - HKLM\..\RunOnce: [ Windows & Internet Cleaner Pro] C:\Program Files\Windows & Internet Cleaner Pro\WICleaner.exe /ErIEIndex
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ Windows & Internet Cleaner Pro] C:\Program Files\Windows & Internet Cleaner Pro\WICleaner.exe /ErIEIndex
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Proof\flaupdate.exe
O4 - HKUS\S-1-5-20\..\Run: [zimarojiho] Rundll32.exe "C:\WINDOWS\system32\sevayuga.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - AppInit_DLLs: jakxlj.dll c:\windows\system32\timikage.dll C:\WINDOWS\system32\kupuhiku.dll c:\windows\system32\murodaji.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll (file missing)
O20 - Winlogon Notify: winfgm32 - winfgm32.dll (file missing)
O20 - Winlogon Notify: xxyvtrQK - xxyvtrQK.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\murodaji.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\murodaji.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Unknown owner - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 9139 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:07:11 PM

Posted 23 December 2008 - 09:15 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 12:53 PM

I have not taken any action since my last post. Here is the log from DDS


DDS (Version 1.1.0) - NTFSx86
Run by Administrator2 at 12:47:42.40 on Fri 12/26/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.488 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: Norton AntiVirus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator2.TAI-5A969D91DC0\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.playmacro.co.kr
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {55F573A0-13AD-415F-AE0A-9C20CF85837C} - No File
BHO: {567DC7FA-7DD3-41E0-B1E0-07668B29C7C1} - No File
{629d1503-cc03-4111-a306-64338eb21c65}
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
{9d92883f-fb91-4e68-81fd-b643e26f890f}
BHO: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: {c21da26a-555b-4536-b27f-3f638c23ff91} - c:\windows\system32\liyovewa.dll
BHO: {CBEAFC6D-9B11-40E9-92FE-968F764C8554} - No File
BHO: {E0D1FC6F-BE14-4E82-8C7B-C398B924B099} - No File
BHO: {3f499285-6c2e-66db-9af4-c3c57ff4892e}: {e2984ff7-5c3c-4fa9-bd66-e2c6582994f3} - c:\windows\system32\jakxlj.dll
BHO: {EFCA522F-54DE-4A2C-8B1B-A887F19251CE} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_03\bin\jusched.exe"
mRun: [LyraHD2TrayApp] "c:\program files\thomson\lyra jukebox\lyrahdtrayapp\LYRAHD2TrayApp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [zimarojiho] Rundll32.exe "c:\windows\system32\gagalemi.dll",s
mRun: [949bddcb] rundll32.exe "c:\windows\system32\jeziwemo.dll",b
mRun: [CPM97a8ee57] Rundll32.exe "c:\windows\system32\pakewizu.dll",a
mRunOnce: [Windows & Internet Cleaner Pro] c:\program files\windows & internet cleaner pro\WICleaner.exe /ErIEIndex
mExplorerRun: [UpdateManager] c:\program files\common files\microsoft shared\proof\flaupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: jakxlj.dll c:\windows\system32\timikage.dll c:\windows\system32\pidofaho.dll c:\windows\system32\pakewizu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pakewizu.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\pakewizu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
{6584c510-924b-486a-a1a0-e380de08c2db}
SEH: {bb6c9487-aad6-47ee-a3fa-5432126062f2} - c:\windows\system32\xxyvtrQK.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ssqNeBQG
LSA: Notification Packages = scecli c:\windows\system32\pidofaho.dll

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2007-2-27 32256]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2006-9-3 108648]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2006-9-3 108648]
R3 Ausbflt;Ausbflt;c:\windows\system32\drivers\Ausbflt.sys [2006-5-19 6353]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-29 112688]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\kbdcap.sys [2007-8-14 109440]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20071029.008\NAVENG.SYS [2007-10-29 81232]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20071029.008\NAVEX15.SYS [2007-10-29 865904]
R3 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2006-11-2 1252232]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2004-9-2 396480]
S3 DADriv1;DADriv1;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\daengine\DAK32.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\uce\uce\disk_1024.sys []
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\english\gunz\gameguard\dump_wmimmc.sys []
S3 geebers12;geebers12;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\sago hack pack .40\uce + cem + ct\buffy engine\nvid888.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\new folder\IlvMoney1196.sys []
S3 KLIF;KLIF;\??\c:\windows\system32\drivers\klif.sys [2008-1-30 194320]
S3 MzBot;MzBot;\??\C:\MzBot.sys []
S3 puma1;puma1;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\sago hack pack .40\uce + cem + ct\puma engine\puma.sys []
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 xp1;xp1;\??\c:\documents and settings\administrator2.tai-5a969d91dc0\desktop\xpengine\xp.sys []

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2008-12-26 11:11 1,603,449 ---sh--- c:\windows\system32\omewizej.ini
2008-12-25 23:10 1,603,449 ---sh--- c:\windows\system32\iruvujab.ini
2008-12-25 11:10 1,603,449 ---sh--- c:\windows\system32\edisulep.ini
2008-12-24 23:10 1,603,449 ---sh--- c:\windows\system32\uvasebeb.ini
2008-12-24 11:10 1,603,449 ---sh--- c:\windows\system32\etaledop.ini
2008-12-23 23:10 1,603,449 ---sh--- c:\windows\system32\utezumol.ini
2008-12-23 11:10 1,603,449 ---sh--- c:\windows\system32\inulusis.ini
2008-12-22 23:10 1,603,449 ---sh--- c:\windows\system32\oponeluj.ini
2008-12-19 23:54 1,605,628 ---sh--- c:\windows\system32\uwimorup.ini
2008-12-19 11:54 1,605,628 ---sh--- c:\windows\system32\eyalahuz.ini
2008-12-18 23:54 1,605,628 ---sh--- c:\windows\system32\akokorow.ini
2008-12-18 14:17 <DIR> --d----- c:\program files\common files\xing shared
2008-12-18 14:17 <DIR> --d----- c:\program files\common files\Real
2008-12-18 11:54 1,605,637 ---sh--- c:\windows\system32\anekopat.ini
2008-12-17 23:53 1,605,045 ---sh--- c:\windows\system32\oyuletiw.ini
2008-12-17 11:53 1,605,045 ---sh--- c:\windows\system32\oleduzov.ini
2008-12-16 23:53 1,588,726 ---sh--- c:\windows\system32\ibejesoh.ini
2008-12-16 14:17 1,590,451 ---sh--- c:\windows\system32\oduhojev.ini
2008-12-16 13:17 1,590,451 ---sh--- c:\windows\system32\etineven.ini
2008-12-16 01:17 2,713 ---sh--- c:\windows\system32\sijudade.exe
2008-12-15 07:16 1,589,656 ---sh--- c:\windows\system32\efeliram.ini
2008-12-14 19:16 1,589,605 ---sh--- c:\windows\system32\omomajuz.ini
2008-12-14 18:45 1,589,605 ---sh--- c:\windows\system32\ejubawug.ini
2008-12-14 11:33 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-14 11:33 1,409 a------- c:\windows\QTFont.for
2008-12-14 05:44 1,589,605 ---sh--- c:\windows\system32\ulimipoz.ini
2008-12-13 17:44 2,713 ---sh--- c:\windows\system32\navedere.exe
2008-12-12 18:28 2,713 ---sh--- c:\windows\system32\veyolubi.exe
2008-12-12 00:27 2,713 ---sh--- c:\windows\system32\givudozu.exe
2008-12-11 06:26 1,532,106 ---sh--- c:\windows\system32\ozesehus.ini
2008-12-10 18:26 1,528,990 ---sh--- c:\windows\system32\otopijof.ini
2008-12-10 17:26 1,528,990 ---sh--- c:\windows\system32\inodasip.ini
2008-12-10 05:25 1,491,924 ---sh--- c:\windows\system32\ewezuwaw.ini
2008-12-09 17:25 1,491,137 ---sh--- c:\windows\system32\otivayan.ini
2008-12-09 05:25 1,472,174 ---sh--- c:\windows\system32\abebovij.ini
2008-12-08 17:25 1,472,174 ---sh--- c:\windows\system32\owopomif.ini
2008-12-08 16:09 1,544,916 ---sh--- c:\windows\system32\apirapiz.ini
2008-12-08 03:09 1,430,057 ---sh--- c:\windows\system32\ibatupet.ini
2008-12-07 15:08 1,430,057 ---sh--- c:\windows\system32\ovobilod.ini
2008-12-07 03:08 1,430,057 ---sh--- c:\windows\system32\avoyaner.ini
2008-12-06 15:08 1,430,057 ---sh--- c:\windows\system32\erofeyop.ini
2008-12-06 03:08 1,430,057 ---sh--- c:\windows\system32\elimevuw.ini
2008-12-05 15:07 1,430,057 ---sh--- c:\windows\system32\adazipar.ini
2008-12-05 03:07 1,430,057 ---sh--- c:\windows\system32\ipikiwoz.ini
2008-12-04 15:12 1,451,103 ---sh--- c:\windows\system32\ogikisep.ini
2008-12-04 14:07 1,451,103 ---sh--- c:\windows\system32\iderunit.ini
2008-12-04 02:06 1,396,151 ---sh--- c:\windows\system32\ozejefew.ini
2008-12-03 12:05 1,393,986 ---sh--- c:\windows\system32\ajovemof.ini
2008-12-03 09:53 372,736 a------- c:\windows\system32\_IJL11.DLL
2008-12-03 00:05 1,364,188 ---sh--- c:\windows\system32\ujalabam.ini
2008-12-02 12:05 1,364,197 ---sh--- c:\windows\system32\ovekinas.ini
2008-12-01 20:04 1,333,214 ---sh--- c:\windows\system32\olamunuh.ini
2008-12-01 09:08 0 a------- C:\1.exe
2008-12-01 08:04 1,302,050 ---sh--- c:\windows\system32\imikowov.ini
2008-12-01 01:58 372,736 a------- c:\windows\system32\IJL11.DLL
2008-11-30 20:04 1,296,240 ---sh--- c:\windows\system32\ewihokuw.ini
2008-11-30 08:04 1,296,222 ---sh--- c:\windows\system32\emuzamur.ini
2008-11-29 20:51 724,992 a------- c:\windows\iun6002.exe
2008-11-29 20:50 <DIR> --d----- c:\program files\M-Audio Midisport 1x1
2008-11-29 20:03 1,296,231 ---sh--- c:\windows\system32\uyuhediy.ini
2008-11-27 20:02 1,590,546 ---sh--- c:\windows\system32\esunodey.ini
2008-11-26 14:00 1,590,546 ---sh--- c:\windows\system32\ubupegog.ini

==================== Find3M ====================

2008-12-26 11:11 87,137 a--sh--- c:\windows\system32\jeziwemo.dll
2008-12-26 11:11 98,009 a--sh--- c:\windows\system32\pakewizu.dll
2008-12-25 23:10 97,497 a--sh--- c:\windows\system32\gibeyiwa.dll
2008-12-25 23:10 85,074 -------- c:\windows\system32\bajuvuri.dll
2008-12-25 11:10 96,976 a--sh--- c:\windows\system32\vovuwivi.dll
2008-12-25 11:10 85,050 -------- c:\windows\system32\peluside.dll
2008-12-24 23:10 98,481 a--sh--- c:\windows\system32\dopijimi.dll
2008-12-24 23:10 84,775 -------- c:\windows\system32\bebesavu.dll
2008-12-24 11:10 84,712 -------- c:\windows\system32\podelate.dll
2008-12-24 11:10 97,878 a--sh--- c:\windows\system32\yuvobika.dll
2008-12-23 23:10 97,870 a--sh--- c:\windows\system32\sovasosa.dll
2008-12-23 23:10 84,648 -------- c:\windows\system32\lomuzetu.dll
2008-12-23 11:10 99,082 a--sh--- c:\windows\system32\todarulu.dll
2008-12-23 11:10 84,158 -------- c:\windows\system32\sisuluni.dll
2008-12-22 23:10 96,973 a--sh--- c:\windows\system32\pukoyidu.dll
2008-12-22 23:10 87,158 -------- c:\windows\system32\julenopo.dll
2008-12-22 23:09 65,117 a--sh--- c:\windows\system32\sararege.dll
2008-12-22 11:09 94,844 a--sh--- c:\windows\system32\biviriya.dll
2008-12-22 11:09 85,102 a--sh--- c:\windows\system32\zahividu.dll
2008-12-21 23:09 97,068 a--sh--- c:\windows\system32\givujota.dll
2008-12-21 23:09 85,277 a--sh--- c:\windows\system32\hozikuga.dll
2008-12-21 11:09 97,517 a--sh--- c:\windows\system32\lesiziru.dll
2008-12-21 11:09 87,241 a--sh--- c:\windows\system32\jewevame.dll
2008-12-20 23:09 94,807 a--sh--- c:\windows\system32\ruyaveji.dll
2008-12-20 23:09 87,133 a--sh--- c:\windows\system32\vajaziwo.dll
2008-12-20 11:08 94,905 a--sh--- c:\windows\system32\bipitogu.dll
2008-12-20 11:08 83,130 a--sh--- c:\windows\system32\yuhapoha.dll
2008-12-20 11:08 96,963 a--sh--- c:\windows\system32\pahuwusu.dll
2008-12-20 11:08 83,112 a--sh--- c:\windows\system32\wevedahu.dll
2008-12-19 23:54 97,568 a--sh--- c:\windows\system32\kohenoju.dll
2008-12-19 23:54 85,164 a--sh--- c:\windows\system32\puromiwu.dll
2008-12-19 11:54 94,986 a--sh--- c:\windows\system32\wupakuyo.dll
2008-12-18 23:54 97,499 a--sh--- c:\windows\system32\vewehoho.dll
2008-12-18 11:54 94,991 a--sh--- c:\windows\system32\farukika.dll
2008-12-17 23:53 102,146 a--sh--- c:\windows\system32\yonumoha.dll
2008-12-17 11:53 97,343 a--sh--- c:\windows\system32\yajoyike.dll
2008-12-16 23:53 96,004 a--sh--- c:\windows\system32\sejebezo.dll
2008-12-16 14:17 89,842 a--sh--- c:\windows\system32\vejohudo.dll
2008-12-16 14:17 95,846 a--sh--- c:\windows\system32\gujuveli.dll
2008-12-16 13:17 66,794 a--sh--- c:\windows\system32\lolarubu.dll
2008-12-15 07:16 90,857 a--sh--- c:\windows\system32\vukurute.dll
2008-12-14 19:16 91,232 a--sh--- c:\windows\system32\bamutapu.dll
2008-12-14 19:13 91,874 a--sh--- c:\windows\system32\demovugi.dll
2008-12-14 19:13 85,751 a--sh--- c:\windows\system32\yirogoju.dll
2008-12-14 19:12 84,252 a--sh--- c:\windows\system32\wufinugu.dll
2008-12-14 19:12 91,397 a--sh--- c:\windows\system32\rojimimi.dll
2008-12-14 18:45 92,768 a--sh--- c:\windows\system32\murodaji.dll
2008-12-14 18:45 85,749 a--sh--- c:\windows\system32\guwabuje.dll
2008-12-14 05:44 91,230 a--sh--- c:\windows\system32\lihabane.dll
2008-12-11 06:26 85,711 a--sh--- c:\windows\system32\suhesezo.dll
2008-12-11 06:26 91,944 a--sh--- c:\windows\system32\vuwapoya.dll
2008-12-10 18:26 90,763 a--sh--- c:\windows\system32\jagovohi.dll
2008-12-10 17:26 91,428 a--sh--- c:\windows\system32\lalotafo.dll
2008-12-10 17:26 62,065 a--sh--- c:\windows\system32\jaloyeti.dll
2008-12-10 05:25 93,792 a--sh--- c:\windows\system32\mivojefu.dll
2008-12-09 17:25 94,394 a--sh--- c:\windows\system32\rakubija.dll
2008-12-09 05:25 89,303 a--sh--- c:\windows\system32\jivobeba.dll
2008-12-09 05:25 94,909 a--sh--- c:\windows\system32\kipozepe.dll
2008-12-08 17:25 93,474 a--sh--- c:\windows\system32\gowafelo.dll
2008-12-08 16:19 94,902 a--sh--- c:\windows\system32\kuzizubi.dll
2008-12-08 16:19 89,324 a--sh--- c:\windows\system32\yowiripo.dll
2008-12-08 16:18 94,462 a--sh--- c:\windows\system32\hirahuvo.dll
2008-12-08 16:18 88,656 a--sh--- c:\windows\system32\galavobi.dll
2008-12-08 16:09 88,296 a--sh--- c:\windows\system32\ziparipa.dll
2008-12-08 16:09 93,278 a--sh--- c:\windows\system32\zolobewo.dll
2008-12-08 15:09 63,242 a--sh--- c:\windows\system32\gotejife.dll
2008-12-08 15:09 94,510 a--sh--- c:\windows\system32\tihozoya.dll
2008-12-08 03:09 93,996 a--sh--- c:\windows\system32\yibajono.dll
2008-12-07 15:08 93,421 a--sh--- c:\windows\system32\nejukoju.dll
2008-12-07 03:08 93,362 a--sh--- c:\windows\system32\puzuhahi.dll
2008-12-06 15:08 94,365 a--sh--- c:\windows\system32\folejiru.dll
2008-12-06 03:08 93,814 a--sh--- c:\windows\system32\kajapiye.dll
2008-12-05 15:07 64,214 a--sh--- c:\windows\system32\nobuyeli.dll
2008-12-05 15:07 93,843 a--sh--- c:\windows\system32\gafesuta.dll
2008-12-05 03:07 94,972 a--sh--- c:\windows\system32\jenihuye.dll
2008-12-04 14:07 64,565 a--sh--- c:\windows\system32\navedere.dll
2008-12-04 02:06 94,773 a--sh--- c:\windows\system32\huvezopi.dll
2008-12-04 00:06 94,773 a--sh--- c:\windows\system32\rejikago.dll
2008-12-04 00:06 64,053 a--sh--- c:\windows\system32\zukupofe.dll
2008-12-03 12:05 94,773 a--sh--- c:\windows\system32\mavuwene.dll
2008-12-03 00:05 93,237 a--sh--- c:\windows\system32\joloyasa.dll
2008-12-02 12:05 93,237 a--sh--- c:\windows\system32\fibunewu.dll
2008-12-01 20:04 64,052 a--sh--- c:\windows\system32\vohodane.dll
2008-12-01 20:04 93,236 a--sh--- c:\windows\system32\musarowe.dll
2008-12-01 08:04 97,332 a--sh--- c:\windows\system32\kahijaja.dll
2008-11-30 20:04 95,284 a--sh--- c:\windows\system32\jemugezu.dll
2008-11-30 08:04 95,284 a--sh--- c:\windows\system32\kifupiza.dll
2008-11-29 20:03 95,284 a--sh--- c:\windows\system32\fulefoze.dll
2008-11-27 20:02 86,580 a--sh--- c:\windows\system32\yedonuse.dll
2008-11-27 20:02 93,748 a--sh--- c:\windows\system32\sofokujo.dll
2008-11-26 14:00 93,748 a--sh--- c:\windows\system32\mezogune.dll
2008-11-26 14:00 86,580 a--sh--- c:\windows\system32\gogepubu.dll
2008-11-26 02:00 93,236 a--sh--- c:\windows\system32\kolibobo.dll
2007-10-04 19:47 604 a---h--- c:\program files\STLL Notifier
2007-08-31 14:45 0 a------- c:\documents and settings\administrator2.tai-5a969d91dc0\mspformat.exe
2008-09-22 23:09 33,792 a--sh--- c:\windows\system32\betebesu.dll
2007-07-22 06:48 1,795,503 ac-sh--- c:\windows\system32\cfhkj.bak1
2007-07-22 08:21 1,794,863 ac-sh--- c:\windows\system32\cfhkj.ini2
2008-09-22 23:09 65,117 a--sh--- c:\windows\system32\gagalemi.dll
2008-08-25 17:16 701,693 a--sh--- c:\windows\system32\GQBeNqss.ini2
2008-05-04 13:40 524,043 a--sh--- c:\windows\system32\JmmWvyay.ini2
2008-09-22 23:09 65,117 a--sh--- c:\windows\system32\liyovewa.dll
2007-07-22 11:09 6,489 ac-sh--- c:\windows\system32\lnnmp.bak1
2008-09-08 15:09 63,242 a--sh--- c:\windows\system32\mosoruwa.dll
2008-09-22 23:09 65,117 a--sh--- c:\windows\system32\pidofaho.dll
2008-05-04 10:22 521,828 a--sh--- c:\windows\system32\pYFhOXbc.ini2
2007-04-01 18:35 1,243,924 ac-sh--- c:\windows\system32\rqstv.bak1
2007-04-02 21:26 1,252,911 ac-sh--- c:\windows\system32\rqstv.bak2
2007-04-03 09:00 1,246,792 ac-sh--- c:\windows\system32\rqstv.ini2
2008-09-08 15:09 60,416 a--sh--- c:\windows\system32\yimupiki.dll
2008-09-16 13:17 21,504 a--sh--- c:\windows\system32\zegilene.dll
2008-02-18 02:37 996,384 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-02-18 02:37 35,104 a--sh--- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 12:48:46.76 ===============

#4 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 02:57 PM

Hi tienyboi,

Welcome to Bleeping Computers

My name is Tomk_. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
I apologize for the delay in response. We get overwhelmed at times but we are trying our best to keep up.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Posted Image

#5 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 03:51 PM

ComboFix 08-12-26.02 - Administrator2 2008-12-26 15:36:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.491 [GMT -5:00]
Running from: c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: Norton AntiVirus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1.exe
c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\BITS
c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\BITS\BITS.ini
c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\BITS\DHTTable.dat
c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\BITS\ProxyList.ini
c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\BITS\UPnP.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\FlashGet Network
c:\program files\FlashGet Network\Flashget\fgoption.ini
c:\program files\FlashGet Network\Flashget\JCCHS.INI
c:\program files\FlashGet Network\Flashget\LiveUpdateEx.exe
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\0.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\1.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\10.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\11.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\12.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\13.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\14.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\15.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\16.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\17.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\18.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\19.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\2.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\20.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\21.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\3.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\4.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\5.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\6.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\7.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\8.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\9.bmp
c:\program files\FlashGet Network\Flashget\modules\garage\Headers\nologin.bmp
c:\program files\FlashGet Network\Flashget\modules\INMEDIA\Info.ini
c:\program files\FlashGet Network\Flashget\modules\INMEDIA\INMEDIA.dll
c:\program files\FlashGet Network\Flashget\P2PCfg.ini
c:\program files\FlashGet Network\Flashget\P2PShare.dat
c:\program files\FlashGet Network\Flashget\p2spmgr.ini
c:\program files\FlashGet Network\Flashget\p4spmgr.ini
c:\program files\FlashGet Network\Flashget\Profiles\config.dat
c:\program files\FlashGet Network\Flashget\Profiles\tasks.dat
c:\windows\system32\abakukif.ini
c:\windows\system32\abebovij.ini
c:\windows\system32\adazipar.ini
c:\windows\system32\ajovemof.ini
c:\windows\system32\akokorow.ini
c:\windows\system32\anekopat.ini
c:\windows\system32\apirapiz.ini
c:\windows\system32\avoyaner.ini
c:\windows\system32\bajuvuri.dll
c:\windows\system32\bamutapu.dll
c:\windows\system32\bebesavu.dll
c:\windows\system32\bipitogu.dll
c:\windows\system32\biviriya.dll
c:\windows\system32\cfhkj.bak1
c:\windows\system32\cfhkj.ini2
c:\windows\system32\cfhkj.tmp
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\cvnyckgf.ini
c:\windows\system32\demovugi.dll
c:\windows\system32\dopijimi.dll
c:\windows\system32\edisulep.ini
c:\windows\system32\efeliram.ini
c:\windows\system32\ejubawug.ini
c:\windows\system32\elimevuw.ini
c:\windows\system32\emuzamur.ini
c:\windows\system32\erofeyop.ini
c:\windows\system32\esunodey.ini
c:\windows\system32\etaledop.ini
c:\windows\system32\etineven.ini
c:\windows\system32\ewezuwaw.ini
c:\windows\system32\ewihokuw.ini
c:\windows\system32\eyalahuz.ini
c:\windows\system32\farukika.dll
c:\windows\system32\ferlbuqu.ini
c:\windows\system32\fibunewu.dll
c:\windows\system32\folejiru.dll
c:\windows\system32\fulefoze.dll
c:\windows\system32\gafesuta.dll
c:\windows\system32\gagalemi.dll
c:\windows\system32\galavobi.dll
c:\windows\system32\gibeyiwa.dll
c:\windows\system32\givujota.dll
c:\windows\system32\gogepubu.dll
c:\windows\system32\gotejife.dll
c:\windows\system32\gowafelo.dll
c:\windows\system32\GQBeNqss.ini
c:\windows\system32\GQBeNqss.ini2
c:\windows\system32\gujuveli.dll
c:\windows\system32\guwabuje.dll
c:\windows\system32\hirahuvo.dll
c:\windows\system32\hozikuga.dll
c:\windows\system32\huvezopi.dll
c:\windows\system32\ibatupet.ini
c:\windows\system32\ibejesoh.ini
c:\windows\system32\iderunit.ini
c:\windows\system32\imikowov.ini
c:\windows\system32\inodasip.ini
c:\windows\system32\inulusis.ini
c:\windows\system32\ipikiwoz.ini
c:\windows\system32\iruvujab.ini
c:\windows\system32\jagovohi.dll
c:\windows\system32\jaloyeti.dll
c:\windows\system32\jemugezu.dll
c:\windows\system32\jenihuye.dll
c:\windows\system32\jewevame.dll
c:\windows\system32\jeziwemo.dll
c:\windows\system32\jivobeba.dll
c:\windows\system32\JmmWvyay.ini
c:\windows\system32\JmmWvyay.ini2
c:\windows\system32\joloyasa.dll
c:\windows\system32\jqepmpwi.ini
c:\windows\system32\julenopo.dll
c:\windows\system32\kahijaja.dll
c:\windows\system32\kajapiye.dll
c:\windows\system32\kifupiza.dll
c:\windows\system32\kipozepe.dll
c:\windows\system32\kohenoju.dll
c:\windows\system32\kolibobo.dll
c:\windows\system32\kuzizubi.dll
c:\windows\system32\lalotafo.dll
c:\windows\system32\lesiziru.dll
c:\windows\system32\lihabane.dll
c:\windows\system32\liyovewa.dll
c:\windows\system32\lnnmp.bak1
c:\windows\system32\lnnmp.ini
c:\windows\system32\lolarubu.dll
c:\windows\system32\lomuzetu.dll
c:\windows\system32\mavuwene.dll
c:\windows\system32\mezogune.dll
c:\windows\system32\mivojefu.dll
c:\windows\system32\mosoruwa.dll
c:\windows\system32\murodaji.dll
c:\windows\system32\musarowe.dll
c:\windows\system32\navedere.dll
c:\windows\system32\nejukoju.dll
c:\windows\system32\nobuyeli.dll
c:\windows\system32\oduhojev.ini
c:\windows\system32\ogikisep.ini
c:\windows\system32\olamunuh.ini
c:\windows\system32\oleduzov.ini
c:\windows\system32\omewizej.ini
c:\windows\system32\omomajuz.ini
c:\windows\system32\oponeluj.ini
c:\windows\system32\otivayan.ini
c:\windows\system32\otopijof.ini
c:\windows\system32\ovekinas.ini
c:\windows\system32\ovobilod.ini
c:\windows\system32\owopomif.ini
c:\windows\system32\oyuletiw.ini
c:\windows\system32\ozejefew.ini
c:\windows\system32\ozesehus.ini
c:\windows\system32\pahuwusu.dll
c:\windows\system32\pakewizu.dll
c:\windows\system32\peluside.dll
c:\windows\system32\phuqsxwy.ini
c:\windows\system32\pidofaho.dll
c:\windows\system32\podelate.dll
c:\windows\system32\ppqBIkkj.ini
c:\windows\system32\pukoyidu.dll
c:\windows\system32\puromiwu.dll
c:\windows\system32\puzuhahi.dll
c:\windows\system32\pYFhOXbc.ini
c:\windows\system32\pYFhOXbc.ini2
c:\windows\system32\rakubija.dll
c:\windows\system32\rejikago.dll
c:\windows\system32\rojimimi.dll
c:\windows\system32\rqstv.bak1
c:\windows\system32\rqstv.bak2
c:\windows\system32\rqstv.ini
c:\windows\system32\rqstv.ini2
c:\windows\system32\rqstv.tmp
c:\windows\system32\ruyaveji.dll
c:\windows\system32\sararege.dll
c:\windows\system32\sejebezo.dll
c:\windows\system32\sisuluni.dll
c:\windows\system32\sofokujo.dll
c:\windows\system32\sovasosa.dll
c:\windows\system32\suhesezo.dll
c:\windows\system32\tihozoya.dll
c:\windows\system32\todarulu.dll
c:\windows\system32\ubupegog.ini
c:\windows\system32\ujalabam.ini
c:\windows\system32\ulimipoz.ini
c:\windows\system32\utezumol.ini
c:\windows\system32\uvasebeb.ini
c:\windows\system32\uwimorup.ini
c:\windows\system32\uyuhediy.ini
c:\windows\system32\vajaziwo.dll
c:\windows\system32\vejohudo.dll
c:\windows\system32\vewehoho.dll
c:\windows\system32\vohodane.dll
c:\windows\system32\vovuwivi.dll
c:\windows\system32\vukurute.dll
c:\windows\system32\vuwapoya.dll
c:\windows\system32\vvgtvhhp.ini
c:\windows\system32\vwbbtmpa.ini
c:\windows\system32\wevedahu.dll
c:\windows\system32\wufinugu.dll
c:\windows\system32\wupakuyo.dll
c:\windows\system32\yajoyike.dll
c:\windows\system32\yedonuse.dll
c:\windows\system32\yibajono.dll
c:\windows\system32\yimupiki.dll
c:\windows\system32\yirogoju.dll
c:\windows\system32\yonumoha.dll
c:\windows\system32\yowiripo.dll
c:\windows\system32\yuhapoha.dll
c:\windows\system32\yuvobika.dll
c:\windows\system32\zahividu.dll
c:\windows\system32\zegilene.dll
c:\windows\system32\ziparipa.dll
c:\windows\system32\zolobewo.dll
c:\windows\system32\zukupofe.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.101
hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-11-26 to 2008-12-26 )))))))))))))))))))))))))))))))
.

2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Real
2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Common Files\xing shared
2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Common Files\Real
2008-12-18 14:02 . 2008-12-18 14:03 d-------- c:\program files\Google
2008-12-16 01:17 . 2008-12-16 01:17 2,713 ---hs---- c:\windows\system32\sijudade.exe
2008-12-14 11:33 . 2008-12-14 11:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-14 11:33 . 2008-12-14 11:33 1,409 --a------ c:\windows\QTFont.for
2008-12-13 17:44 . 2008-12-13 17:44 2,713 ---hs---- c:\windows\system32\navedere.exe
2008-12-12 18:28 . 2008-12-12 18:28 2,713 ---hs---- c:\windows\system32\veyolubi.exe
2008-12-12 00:27 . 2008-12-12 00:27 2,713 ---hs---- c:\windows\system32\givudozu.exe
2008-12-03 09:53 . 2003-07-06 13:07 372,736 --a------ c:\windows\system32\_IJL11.DLL
2008-12-01 01:58 . 2003-07-06 14:07 372,736 --a------ c:\windows\system32\IJL11.DLL
2008-11-29 20:51 . 2008-11-29 20:50 724,992 --a------ c:\windows\iun6002.exe
2008-11-29 20:50 . 2008-11-29 20:51 d-------- c:\program files\M-Audio Midisport 1x1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-26 20:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-24 04:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 01:35 --------- d-----w c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\uTorrent
2008-11-21 16:24 --------- d--h--w c:\program files\Khipbttxemawv
2007-10-05 00:47 604 ---ha-w c:\program files\STLL Notifier
2007-08-31 19:45 0 ----a-w c:\documents and settings\Administrator2.TAI-5A969D91DC0\mspformat.exe
2008-03-03 10:27 28,672 ----a-w c:\program files\mozilla firefox\components\FlashgetXpi.dll
2008-09-23 04:09 33,792 --sha-w c:\windows\system32\betebesu.dll
2008-02-18 07:37 996,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-02-18 07:37 35,104 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

------- Sigcheck -------

2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 12:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"UpdateManager"="c:\program files\Common Files\Microsoft Shared\Proof\flaupdate.exe" [2008-12-01 147456]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2006-05-27 256000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-21 21:26 294912 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 10:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 08:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2006-09-05 20:22 26248 c:\program files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
R3 Ausbflt;Ausbflt;c:\windows\system32\Drivers\Ausbflt.sys [2006-05-19 6353]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-10-29 112688]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\kbdcap.sys [2007-08-14 109440]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2004-09-02 396480]
S3 DADriv1;DADriv1;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\DAEngine\DAK32.sys []
S3 DISK_DRIVE32;DISK_DRIVE32;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\UCE\UCE\disk_1024.sys []
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys []
S3 geebers12;geebers12;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\Sago Hack Pack .40\UCE + CEM + CT\Buffy Engine\nvid888.sys []
S3 IlvMoneyDRIVER53;IlvMoneyDRIVER53;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\New Folder\IlvMoney1196.sys []
S3 MzBot;MzBot;\??\C:\MzBot.sys []
S3 puma1;puma1;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\Sago Hack Pack .40\UCE + CEM + CT\Puma Engine\puma.sys []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 xp1;xp1;\??\c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\xpengine\xp.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-12-20 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 00:38]
.
- - - - ORPHANS REMOVED - - - -

BHO-{55F573A0-13AD-415F-AE0A-9C20CF85837C} - (no file)
BHO-{567DC7FA-7DD3-41E0-B1E0-07668B29C7C1} - (no file)
BHO-{629D1503-CC03-4111-A306-64338EB21C65} - (no file)
BHO-{9D92883F-FB91-4E68-81FD-B643E26F890F} - (no file)
BHO-{c21da26a-555b-4536-b27f-3f638c23ff91} - c:\windows\system32\liyovewa.dll
BHO-{CBEAFC6D-9B11-40E9-92FE-968F764C8554} - (no file)
BHO-{E0D1FC6F-BE14-4E82-8C7B-C398B924B099} - (no file)
BHO-{e2984ff7-5c3c-4fa9-bd66-e2c6582994f3} - c:\windows\system32\jakxlj.dll
BHO-{EFCA522F-54DE-4A2C-8B1B-A887F19251CE} - (no file)
WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
MSConfigStartUp-CloneCDTray - c:\program files\SlySoft\CloneCD\CloneCDTray.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.playmacro.co.kr
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 15:45:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre1.6.0_03\bin\jusched.exe
c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-26 15:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-26 20:48:15

Pre-Run: 15,953,993,728 bytes free
Post-Run: 15,913,279,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

405 --- E O F --- 2008-02-18 07:31:23

#6 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 07:34 PM

tienyboi,

Before I continue, I need to know if you are aware there is a keylogger on your machine.
Posted Image

#7 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 09:07 PM

Yes i am aware of that. I installed serveral of them a long time ago but i think i uninstalled them later on. Can you tell me which data tells you that?

#8 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 09:11 PM

tienyboi,

Some of the files showing. I can't tell if there is one or two.

Do you want to keep or remove?
Posted Image

#9 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 09:27 PM

I would like to remove them then.

#10 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 09:45 PM

tienyboi,

uTorrent
You have uTorrent, a P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it.

References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/commun...protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm://http://www.techweb.com/wire/1605005...cles/art053.htm
See Clean/Infected P2P Programs here

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    c:\windows\system32\navedere.exe
    c:\windows\system32\veyolubi.exe
    c:\windows\system32\givudozu.exe
    c:\windows\system32\_IJL11.DLL
    c:\windows\system32\IJL11.DLL
    c:\windows\iun6002.exe
    c:\windows\system32\betebesu.dll
    
    Dirlook::
    c:\program files\Khipbttxemawv
    
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "Ghp`amfUbrhLds"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "Mn@iboddPubswLfov"=-
    "Mn@mlrf"=-
    "MnOndNeg"=-
    "MnQtm"=-
    
    Driver::
    DADriv1
    DISK_DRIVE32
    dump_wmimmc
    geebers12
    IlvMoneyDRIVER53
    MzBot
    puma1
    xp1
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Then

Please download [url="http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button"]Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot (shut down your computer then restart it).
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
Posted Image

#11 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 10:22 PM

ComboFix 08-12-26.02 - Administrator2 2008-12-26 21:56:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.633 [GMT -5:00]
Running from: c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator2.TAI-5A969D91DC0\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)
FW: Norton AntiVirus *disabled*
* Created a new restore point

FILE ::
c:\windows\iun6002.exe
c:\windows\system32\_IJL11.DLL
c:\windows\system32\betebesu.dll
c:\windows\system32\givudozu.exe
c:\windows\system32\IJL11.DLL
c:\windows\system32\navedere.exe
c:\windows\system32\veyolubi.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\iun6002.exe
c:\windows\system32\_IJL11.DLL
c:\windows\system32\betebesu.dll
c:\windows\system32\givudozu.exe
c:\windows\system32\IJL11.DLL
c:\windows\system32\navedere.exe
c:\windows\system32\veyolubi.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DADRIV1
-------\Legacy_DISK_DRIVE32
-------\Legacy_DUMP_WMIMMC
-------\Legacy_GEEBERS12
-------\Legacy_ILVMONEYDRIVER53
-------\Legacy_MZBOT
-------\Legacy_PUMA1
-------\Legacy_XP1
-------\Service_DADriv1
-------\Service_DISK_DRIVE32
-------\Service_dump_wmimmc
-------\Service_geebers12
-------\Service_IlvMoneyDRIVER53
-------\Service_MzBot
-------\Service_puma1
-------\Service_xp1


((((((((((((((((((((((((( Files Created from 2008-11-27 to 2008-12-27 )))))))))))))))))))))))))))))))
.

2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Real
2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Common Files\xing shared
2008-12-18 14:17 . 2008-12-18 14:17 d-------- c:\program files\Common Files\Real
2008-12-18 14:02 . 2008-12-18 14:03 d-------- c:\program files\Google
2008-12-16 01:17 . 2008-12-16 01:17 2,713 ---hs---- c:\windows\system32\sijudade.exe
2008-12-14 11:33 . 2008-12-14 11:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-14 11:33 . 2008-12-14 11:33 1,409 --a------ c:\windows\QTFont.for
2008-11-29 20:50 . 2008-11-29 20:51 d-------- c:\program files\M-Audio Midisport 1x1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-27 03:01 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-24 04:30 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 01:35 --------- d-----w c:\documents and settings\Administrator2.TAI-5A969D91DC0\Application Data\uTorrent
2008-11-21 16:24 --------- d--h--w c:\program files\Khipbttxemawv
2007-10-05 00:47 604 ---ha-w c:\program files\STLL Notifier
2007-08-31 19:45 0 ----a-w c:\documents and settings\Administrator2.TAI-5A969D91DC0\mspformat.exe
2008-03-03 10:27 28,672 ----a-w c:\program files\mozilla firefox\components\FlashgetXpi.dll
2008-02-18 07:37 996,384 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-02-18 07:37 35,104 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\Khipbttxemawv ----

2008-11-27 14:27 52203925 --a------ c:\program files\Khipbttxemawv\Log\Visual\11272008.dat
2008-11-27 14:27 384603 --a------ c:\program files\Khipbttxemawv\Log\Text\aiotxt.dat
2008-11-27 13:58 142080 --a------ c:\program files\Khipbttxemawv\Log\Text\aioweb.dat
2008-11-27 00:00 6928337 --a------ c:\program files\Khipbttxemawv\Log\Visual\11262008.dat
2008-11-24 01:09 17140511 --a------ c:\program files\Khipbttxemawv\Log\Visual\11242008.dat
2008-11-24 00:00 201036912 --a------ c:\program files\Khipbttxemawv\Log\Visual\11232008.dat
2008-11-23 00:00 16501568 --a------ c:\program files\Khipbttxemawv\Log\Visual\11222008.dat
2008-11-21 23:33 174666605 --a------ c:\program files\Khipbttxemawv\Log\Visual\11212008.dat
2008-11-21 11:24 470 --a------ c:\program files\Khipbttxemawv\Shortcut to Khipbttxemawv.lnk
2008-11-21 11:23 472 --a------ c:\program files\Khipbttxemawv\Log\Shortcut to Khipbttxemawv.lnk
2008-11-21 11:22 686706 --a------ c:\program files\Khipbttxemawv\unins000.exe
2008-11-21 11:22 12415 --a------ c:\program files\Khipbttxemawv\unins000.dat
2008-10-06 21:37 792754 --a------ c:\program files\Khipbttxemawv\help.chm
2006-05-26 11:22 1734309 --a------ c:\program files\Khipbttxemawv\lyvwdph.exe


------- Sigcheck -------

2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 00:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 c:\windows\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 c:\windows\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 c:\windows\system32\dllcache\tcpip.sys
2007-10-30 12:20 360064 ef7834c1d9ddf4c7da697d8c24a03791 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"AIM"="c:\program files\AIM\aim.exe" [2004-12-08 67160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"UpdateManager"="c:\program files\Common Files\Microsoft Shared\Proof\flaupdate.exe" [2008-12-01 147456]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PowerReg SchedulerV2.exe [2006-05-27 256000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Mn@iboddPubswLfov"= 0 (0x0)
"Mn@mlrf"= 0 (0x0)
"MnOndNeg"= 0 (0x0)
"MnQtm"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-05-21 21:26 294912 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 10:38 241664 c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-11-02 08:03 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2006-09-05 20:22 26248 c:\program files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Lphant\\eLePhantClient.exe"=
"c:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2007-02-27 32256]
R3 Ausbflt;Ausbflt;c:\windows\system32\Drivers\Ausbflt.sys [2006-05-19 6353]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2007-10-29 112688]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\kbdcap.sys [2007-08-14 109440]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2004-09-02 396480]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 15:42]

2008-12-27 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job
- c:\progra~1\NORTON~1\Navw32.exe [2006-09-07 00:38]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.playmacro.co.kr
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-26 22:02:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(628)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-12-26 22:06:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-27 03:05:48
ComboFix2.txt 2008-12-26 20:48:35

Pre-Run: 15,948,898,304 bytes free
Post-Run: 15,888,326,656 bytes free

205 --- E O F --- 2008-02-18 07:31:23
Malwarebytes' Anti-Malware 1.31
Database version: 1552
Windows 5.1.2600 Service Pack 2

12/26/2008 10:15:48 PM
mbam-log-2008-12-26 (22-15-48).txt

Scan type: Quick Scan
Objects scanned: 59379
Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\rahesaga.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zewujoho.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zugodiju.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:18 PM, on 12/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.playmacro.co.kr
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E1B2879-88FF-11D2-8D96-FFFFAC95951F} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKLM\..\Policies\Explorer\Run: [UpdateManager] C:\Program Files\Common Files\Microsoft Shared\Proof\flaupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Unknown owner - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6384 bytes





I think the pop ups have stopped while i surf the internet and the computer is running a bit faster now

After finishing everything I just received a random window pop up ten minuters later about internet explorer that read something like "this is an unsecure page would you like to continue." but nothing happened once i clicked yes.

Edited by tienyboi, 26 December 2008 - 10:27 PM.


#12 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 10:54 PM

tienyboi,

"this is an unsecure page would you like to continue."

This is a normal warning that you should get when going between secure and non-secure pages.

COMBOFIX-Script
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    c:\windows\system32\sijudade.exe
    c:\program files\Common Files\Microsoft Shared\Proof\flaupdate.exe
    
    Folder::
    c:\program files\Khipbttxemawv
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "UpdateManager"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "Ghp`amfUbrhLds"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "Mn@iboddPubswLfov"=-
    "Mn@mlrf"=-
    "MnOndNeg"=-
    "MnQtm"=-
    
    Driver::
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Then

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
In your next reply please provide:
  • ComboFix.txt
  • Kaspersky report
  • New HijackThis log taken after everything else completed
Also:
Download Rooter.exe to your desktop
  • Then doubleclick it to start the tool
  • A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

Posted Image

#13 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 11:15 PM

For some reason the kaspersky site keeps saying i need java 1.5 +. I followed the link to download java and it was successful however i return to the kaspersky site and it still says i need java.

#14 Tomk_

Tomk_

    Malware Eradicator


  • Malware Response Team
  • 686 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 26 December 2008 - 11:33 PM

Let's try this:

JavaRa ...by: Paul McLain and Fred de Vries

Please download JavaRa (Copyright 2008 RaProducts.org) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Print these instructions...you won't have Internet access during this particular phase!
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.
  • Copy and paste the contents of the JavaRa log, in your next reply.
But, after posting, go ahead and reboot. Then try Kaspersky Online again.
Posted Image

#15 tienyboi

tienyboi
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 26 December 2008 - 11:36 PM

JavaRa 1.12 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Fri Dec 26 23:35:31 2008

Found and removed: C:\Program Files\Java\jre1.5.0_03
Found and removed: C:\Program Files\Java\jre1.5.0_11
Found and removed: C:\Program Files\Java\jre1.6.0_01
Found and removed: C:\Program Files\Java\jre1.6.0_03
Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Classes\JavaPlugin.160_03
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}
Found and removed: Software\Classes\JavaPlugin.160_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03
Found and removed: Software\JavaSoft\Java2D\1.6.0_03
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip
------------------------------------
Finished reporting.



The site still doesn't work. After rebooting it still says i need java 1.5+

Edited by tienyboi, 26 December 2008 - 11:42 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users