Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected, random pop-ups.


  • This topic is locked This topic is locked
6 replies to this topic

#1 iJoe

iJoe

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 28 February 2009 - 01:49 PM

Lately I've been having random pop-up occurs. This is a family computer, so I don't know what my parents or siblings have been downloading. The pop-ups come about every 5 minutes or so and it gets quite annoying.


So here's my log :



DDS (Ver_09-01-07.01) - NTFSx86
Run by HP_Administrator at 10:43:22.53 on Sat 02/28/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.592 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: avast! antivirus 4.8.1296 [VPS 090227-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Nexon\MapleStory\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
BHO: {84497010-4593-defa-58d4-6df2e93c6d90}: {09d6c39e-2fd6-4d85-afed-395401079448} - c:\windows\system32\cqolqi.dll
BHO: {10137a9c-ad00-4861-a9cc-fbe3945be8e2} - c:\windows\system32\vujigodo.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {f4c06a94-bc66-4a7f-8d56-e7860e3d1b65} - c:\windows\system32\khfGyxXn.dll
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
uRun: [system tool] c:\windows\sysguard.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Fmawofiwupucuse] rundll32.exe "c:\windows\Wlilun.dll",e
mRun: [Gvodijegohewa] rundll32.exe "c:\windows\imaqeboqutun.dll",e
mRun: [54a4e954] rundll32.exe "c:\windows\system32\piragobo.dll",b
mRun: [CPM5797dac8] Rundll32.exe "c:\windows\system32\jusirodo.dll",a
mRun: [sekusokoto] Rundll32.exe "c:\windows\system32\waguroho.dll",s
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {6B8F626A-5E74-4284-88AF-62317F9AB57C} = 68.87.64.196,68.87.66.196
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: nnnnLcyX - nnnnLcyX.dll
AppInit_DLLs: cqolqi.dll c:\windows\system32\jusirodo.dll,c:\windows\system32\hegubagu.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\jusirodo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\jusirodo.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\khfGyxXn
LSA: Notification Packages = scecli c:\windows\system32\hegubagu.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-8-2 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-8-2 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-8-2 155160]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-8-2 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-8-2 352920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]

=============== Created Last 30 ================

2009-02-28 01:13 2,272 a------- c:\windows\system32\msexcr.ini
2009-02-27 07:37 121 ---sh--- c:\windows\system32\ikezutit.ini
2009-02-27 07:37 143,360 a--sh--- c:\windows\system32\cqolqi.dll
2009-02-26 22:13 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Uniblue
2009-02-26 22:12 <DIR> --d----- c:\program files\Uniblue
2009-02-26 22:12 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-26 18:44 1,665,505 ---sh--- c:\windows\system32\obogarip.ini
2009-02-26 06:44 1,665,505 ---sh--- c:\windows\system32\avuwoguz.ini
2009-02-26 06:43 142,848 a--sh--- c:\windows\system32\ttbyeg.dll
2009-02-25 18:26 131,584 a------- c:\windows\imaqeboqutun.dll
2009-02-25 18:14 39,424 a------- c:\windows\Wlilun.dll
2009-02-25 16:39 1,665,505 ---sh--- c:\windows\system32\agudiwoh.ini
2009-02-25 16:39 143,872 a--sh--- c:\windows\system32\ydwizp.dll
2009-02-25 00:08 141,824 a--sh--- c:\windows\system32\dciaei.dll
2009-02-21 19:29 <DIR> --d----- c:\documents and settings\hp_administrator\.netbeans-registration
2009-02-21 18:44 <DIR> --d----- c:\documents and settings\hp_administrator\.netbeans-derby
2009-02-21 18:43 <DIR> --d----- c:\documents and settings\hp_administrator\.netbeans
2009-02-21 18:32 <DIR> --d----- c:\documents and settings\hp_administrator\.nbi
2009-02-21 18:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-09 14:52 72,704 -------- c:\windows\system32\trz2E.tmp
2009-02-08 16:25 <DIR> --d----- C:\ComboFix
2009-02-08 00:46 1,575,757 ---sh--- c:\windows\system32\ctmfhdtd.ini
2009-02-08 00:44 129,024 a------- c:\windows\system32\semvweic.dll
2009-02-07 17:39 1,569,650 a--sh--- c:\windows\system32\fekamylc.ini
2009-02-07 17:36 129,024 a------- c:\windows\system32\fpygrbik.dll
2009-02-06 17:56 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\TortoiseSVN
2009-02-06 17:56 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Subversion
2009-02-06 17:36 <DIR> --d----- c:\program files\TortoiseSVN
2009-02-06 17:36 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-02-06 17:34 1,569,641 a--sh--- c:\windows\system32\mtkpduua.ini
2009-02-06 17:34 129,024 a------- c:\windows\system32\anjdihhg.dll
2009-02-06 17:31 75,776 a------- c:\windows\system32\sixpalhb.dll
2009-02-06 17:31 82,844 a--sh--- c:\windows\system32\nXxyGfhk.ini2
2009-02-06 17:31 82,844 a--sh--- c:\windows\system32\nXxyGfhk.ini
2009-02-06 17:00 <DIR> --d----- c:\program files\MySQL
2009-02-05 16:09 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\MySQL
2009-02-05 14:57 <DIR> a-dshr-- C:\autorun.inf
2009-02-05 12:50 42,320 a------- c:\windows\system32\xfcodec.dll
2009-02-01 13:15 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-02-27 07:37 143,360 a--sh--- c:\windows\system32\petokulu.dll
2009-02-27 07:37 102,912 a--sh--- c:\windows\system32\tituzeki.dll
2009-02-27 07:37 108,544 a--sh--- c:\windows\system32\jusirodo.dll
2009-02-26 21:28 7,812 a------- c:\docume~1\hp_adm~1\applic~1\wklnhst.dat
2009-02-26 18:43 144,384 a--sh--- c:\windows\system32\nojopasu.dll
2009-02-26 18:43 109,568 a--sh--- c:\windows\system32\rezubeza.dll
2009-02-26 18:43 104,448 a--sh--- c:\windows\system32\piragobo.dll
2009-02-26 06:43 104,448 -------- c:\windows\system32\zugowuva.dll
2009-02-26 06:43 142,848 a--sh--- c:\windows\system32\sekanawo.dll
2009-02-26 06:43 108,544 a--sh--- c:\windows\system32\lijuhidi.dll
2009-02-25 16:39 107,520 a--sh--- c:\windows\system32\laviyigo.dll
2009-02-25 16:39 143,872 a--sh--- c:\windows\system32\huzivewe.dll
2009-02-25 16:39 105,472 -------- c:\windows\system32\howiduga.dll
2009-02-25 00:08 103,424 a--sh--- c:\windows\system32\nehukene.dll
2009-02-25 00:08 107,520 a--sh--- c:\windows\system32\vedilune.dll
2009-02-25 00:08 141,824 a--sh--- c:\windows\system32\wadumepo.dll
2009-01-23 17:55 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-01-07 15:03 31 a------- c:\documents and settings\hp_administrator\jagex_runescape_preferences.dat
2008-12-23 12:30 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-23 12:30 208,896 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
2008-12-23 12:29 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2008-12-23 12:29 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2008-12-23 12:29 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2008-12-23 12:29 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2008-12-23 12:29 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2008-12-23 12:29 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2008-12-23 12:29 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2008-12-23 12:29 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2008-12-12 22:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 02:57 333,952 a------- c:\windows\system32\dllcache\srv.sys
2007-05-25 17:39 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 10:44:46.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:01:37 PM

Posted 07 March 2009 - 08:09 PM

Hello iJoe,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.


You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

With Regards,
mas_pogi

#3 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:01:37 PM

Posted 08 March 2009 - 06:16 AM

hi.
  • Your past installation of AVG is still running.
    We will remove any remnant of that installation.

    Please download the AVG remover from here.

    http://www.avg.com/filedir/util/avg_arm_su.../avgremover.exe

  • The following is referring to Uniblue RegistryBooster 2009.

    Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
    • Registry tools can cause irreparable damage to your Operating System
    • Registry tools can, as a result of the above, render your pc to be inoperable.
    This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.

    You should only use them if you have a basic knowledge about the registry and know if a certain key/value is safe to be removed or not.

    Cleaning the registry won't really improve system performance, even though there a lot of orphaned keys.
    IMHO, if registry cleaning was required, then Microsoft would have added this option. So you use registry at you own risk. After all, a corrupted registry is a corrupted Windows.

    Should I Use a Registry Cleaner?

    Mark Russinovich wrote:
    No, even if the registry was massively bloated there would be little impact on the performance of anything other than exhaustive searches (ed. of the registry itself).

    On Win2K Terminal Server systems, however, there is a limit on the total amount of Registry data that can be loaded and so large profile hives can limit the number of users that can be logged on simultaneously.

    I haven't and never will implement a Registry cleaner since it's of little practical use on anything other than Win2K terminal servers and developing one that's both safe and effective requires a huge amount of application-specific knowledge.



    Also want to mention some tools that you are using like

    CCleaner <--it has registry option that cleans clutter in registry better to away from it. :thumbup2:
    TuneUp Utilities 2008 <-- this one too :)

  • Did you install this one?

    WinPcap 3.1

  • If you still have old copy of combofix.exe in your desktop. PLease delete it before
    you proceed.


    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Posted Image



    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
GMER log <-- don't forget
Answer to my questions


Mark

Edited by mas_pogi, 08 March 2009 - 06:19 AM.


#4 iJoe

iJoe
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 12 March 2009 - 08:00 PM

Here's my combo fix log, i'll post the other one later. I'm sorry, but i'm a bit busy, so i'll try and post the other log as soon as possible.







ComboFix 09-03-12.01 - HP_Administrator 2009-03-12 18:47:13.4 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.753 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090310-0] *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
FW: Norton Internet Worm Protection *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM.cfg
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM0.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM1.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM2.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM3.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM4.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM5.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM6.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM7.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM8.che
c:\documents and settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM9.che
c:\windows\system32\ahiyipus.ini
c:\windows\system32\amalozig.ini
c:\windows\system32\bycbmq.dll
c:\windows\system32\ctmfhdtd.ini
c:\windows\system32\darususi.dll
c:\windows\system32\eizmdy.dll
c:\windows\system32\elojukoz.ini
c:\windows\system32\emedagaz.ini
c:\windows\system32\fekamylc.ini
c:\windows\system32\fijovopo.dll
c:\windows\system32\fujegifu.dll
c:\windows\system32\gijiyeli.dll
c:\windows\system32\giletisa.dll
c:\windows\system32\hezuhoge.dll
c:\windows\system32\hovbgj.dll
c:\windows\system32\hukibopa.dll
c:\windows\system32\ifeketes.ini
c:\windows\system32\itubuzeh.ini
c:\windows\system32\jeyavika.dll
c:\windows\system32\jiudxb.dll
c:\windows\system32\jugigoye.dll
c:\windows\system32\mtkpduua.ini
c:\windows\system32\noralowi.dll
c:\windows\system32\nXxyGfhk.ini
c:\windows\system32\nXxyGfhk.ini2
c:\windows\system32\owayarod.ini
c:\windows\system32\papomabi.dll
c:\windows\system32\rirupage.dll
c:\windows\system32\sodimafe.dll
c:\windows\system32\suluyeba.dll
c:\windows\system32\uzogenin.ini
c:\windows\system32\wagisevu.dll
c:\windows\system32\wotologa.dll
c:\windows\system32\xcoynx.dll
c:\windows\system32\yocafi.dll
c:\windows\system32\zagademe.dll
c:\windows\system32\zboezi.dll
c:\windows\system32\zevihami.dll
c:\windows\system32\zokujole.dll
c:\windows\system32\zuwupima.dll

----- BITS: Possible infected sites -----

hxxp://82.98.235.205
.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-01 13:58 . 2009-03-01 13:58 <DIR> d-------- c:\program files\NetBeans 6.5
2009-03-01 13:58 . 2009-03-01 13:58 <DIR> d-------- c:\program files\glassfish-v2ur1
2009-03-01 13:17 . 2009-03-01 13:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-26 23:13 . 2009-02-26 23:13 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Uniblue
2009-02-26 23:12 . 2009-03-01 13:58 <DIR> d----c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-02-21 20:29 . 2009-02-21 20:29 <DIR> d-------- c:\documents and settings\HP_Administrator\.netbeans-registration
2009-02-21 19:44 . 2009-02-21 19:44 <DIR> d-------- c:\documents and settings\HP_Administrator\.netbeans-derby
2009-02-21 19:43 . 2009-02-21 20:31 <DIR> d-------- c:\documents and settings\HP_Administrator\.netbeans
2009-02-21 19:32 . 2009-02-25 19:32 <DIR> d-------- c:\documents and settings\HP_Administrator\.nbi
2009-02-21 19:12 . 2009-02-21 19:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-21 19:09 . 2009-02-21 19:20 <DIR> d-------- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-13 01:33 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\AVGTOOLBAR
2009-03-12 23:42 10,078 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-03-12 19:03 --------- d-----w c:\program files\Warcraft III
2009-03-01 20:58 --------- d-----w c:\program files\Neffy
2009-03-01 05:56 --------- d-----w c:\program files\Steam
2009-02-22 03:54 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\MySQL
2009-02-10 22:42 --------- d-----w c:\program files\Xfire
2009-02-10 02:48 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Xfire
2009-02-07 01:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\TortoiseSVN
2009-02-07 01:56 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Subversion
2009-02-07 01:36 --------- d-----w c:\program files\TortoiseSVN
2009-02-07 01:36 --------- d-----w c:\program files\Common Files\TortoiseOverlays
2009-02-07 01:01 --------- d-----w c:\program files\MySQL
2009-02-05 23:34 --------- d-----w c:\program files\Sun
2009-02-05 23:06 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-01 06:58 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi
2009-01-24 01:55 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-01-24 01:48 --------- d-----w c:\program files\mIRC
2009-01-23 22:48 --------- d-----w c:\program files\Common Files\Software Update Utility
2009-01-23 22:48 --------- d-----w c:\program files\AIM6
2009-01-23 22:48 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-01-23 22:47 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2009-01-23 22:47 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-01-20 22:59 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-19 20:15 --------- d-----w c:\program files\NetMeter
2009-01-19 18:59 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Leadertech
2009-01-07 23:03 31 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2007-05-26 01:39 32 ----a-r c:\documents and settings\All Users\hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 18:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-01-20 1830128]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-21 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-17 12:21 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 12:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
--a------ 2006-04-13 09:05 90112 c:\program files\HP DigitalMedia Archive\DMAScheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-09-29 21:01 67584 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 06:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2006-02-15 22:34 249856 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NATEON]
--a------ 2008-04-23 11:18 507904 c:\program files\NATEON\BIN\NATEON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-05-09 15:50 7311360 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-07-22 22:14 237568 c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 02:23 663552 c:\windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-09 20:42 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-20 15:59 1830128 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-07-17 14:22 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
--------- 2005-08-02 23:19 77312 c:\windows\arpwrmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
--a------ 2004-06-07 14:05 106496 c:\windows\system32\ftutil2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-05-09 15:50 1519616 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-06-13 20:05 16239616 c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\WINDOWS\\Installer\\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\\Icon048298C91.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\WINDOWS\\system32\\P3MxSvr.exe"=
"c:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"c:\\WINDOWS\\system32\\mnetasvr.exe"=
"c:\\WINDOWS\\system32\\mnetvsvr.exe"=
"c:\\Program Files\\Steam\\steamapps\\theaznkid123\\counter-strike\\hl.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\NATEON\\Addin\\965AC526-B52C-4846-9A22-DAAAAE76E9CA\\NateSoftPhoneMain.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\ehome\\ehrecvr.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft 3

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-02 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-05-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-05-28 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-02 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-05-28 7408]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b57f85ff-f195-11dd-9e82-0018f3ae5014}]
\Shell\AutoRun\command - L:\slbkbf.bat
\Shell\open\Command - L:\slbkbf.bat
.
- - - - ORPHANS REMOVED - - - -

BHO-{10137a9c-ad00-4861-a9cc-fbe3945be8e2} - c:\windows\system32\sodimafe.dll
BHO-{a9595e01-fdd7-4f00-91d0-113e80a0f472} - c:\windows\system32\yocafi.dll
BHO-{F4C06A94-BC66-4A7F-8D56-E7860E3D1B65} - c:\windows\system32\khfGyxXn.dll
HKCU-Run-system tool - c:\windows\sysguard.exe
Notify-nnnnLcyX - nnnnLcyX.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daum.net/
TCP: {6B8F626A-5E74-4284-88AF-62317F9AB57C} = 68.87.64.196,68.87.66.196
DPF: {2029F1D2-90E4-49EF-9824-F666D238BFF6} - hxxp://jr.naver.com/comic/book/viewer_new/NHNComicViewer.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/NCLoader.5.cab
DPF: {8C165CC2-E50D-4D99-9D32-DAF6AB15AA32} - hxxp://www.mnet.com/Ver2/App/totalApp/mnethelper/MnetHelper2.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg8.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.cdnetworks.co.kr/cdndist/neffynew/NeffyLauncher.cab
DPF: {B13183E5-7C8A-428A-935A-00D5392F3245} - hxxp://image.tocteen.daum.net/viewer/TnsViewer.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 18:53:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\nexon\MapleStory\npkcmsvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-12 18:58:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-13 01:58:35
ComboFix2.txt 2009-02-04 23:49:00

Pre-Run: 206,712,070,144 bytes free
Post-Run: 205,672,751,104 bytes free

321 --- E O F --- 2009-01-14 05:42:08

#5 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:01:37 PM

Posted 13 March 2009 - 07:35 PM

hi Ijoe :)

I'll be waiting for the other log. Please post when you are ready. :thumbup2:

Mark

#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:01:37 PM

Posted 15 March 2009 - 03:57 PM

hi.


Do you still need help?


Mark

#7 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:06:37 PM

Posted 18 March 2009 - 04:17 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users