ggFTW

MMORPG Gamer Community


Go Back   ggFTW Forum > Off Topic > Computers & Technology > Technical Issues

Elsword
Looking for a new MMO?

Try 

Elsword

Rating:  

8.7

 
LinkBack Thread Tools Display Modes
06-19-2010   #1 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Unhappy need help logging in trickster online

I downloaded and installed trickster online. There is a problem though, after the character selection EXCEPTIONAL ERROR occurs and then the game freezes. I tried reinstalling the game, downloading from another mirror link, renaming XSplash technique, adding the game in the exception list in DEP, disabling firewall, but it's still not working. Just a year ago I was able to play this game on my computer and now that I have installed it again this error occurs. I haven't changed any hardware or settings in my computer since the last time I was able to play this game.

can someone please help me with this problem? I really want to play trickster again so bad
 
Get rid of this ad by registering for our community.
06-19-2010   #2 (permalink)
Pandas!
Special
Shiki's Avatar
Games
AuditionPangyaTibiaTrickster Online
Awards Retired Division HeadAdmin AwardEvent WinnerWandering EyeTwitter FanPervert Award
 
Join Date: Aug 2008
Location: Limbo
Posts: 1,175
iTrader: (9)
Shiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond reputeShiki has a reputation beyond repute
Guild: Symphony
Default

click the "check files" on your launcher? That or the map your character is in has a problem?
__________________
 
06-19-2010   #3 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

I already did check file many times but it's still not working, now i think the exceptional error is gone but there's a new error. It says ALERT: STRING ERROR then the game freezes.

do you have any ideas what to do to fix this error? btw thanks for replying to my post I appreciate it very much
 
06-19-2010   #4 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Can you provide more details such as what version of Windows you're using, and also your current antivirus and firewall?
 
06-19-2010   #5 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

I am using windows XP, my antivirus is ESET NOD32 and my firewall is windows firewall
 
06-19-2010   #6 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Tried temporary disable your ESET as well?
 
06-19-2010   #7 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

yep I tried it but it's still not working
 
06-19-2010   #8 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Try post your HJT log as well.
/gg FTW! - Announcements in Forum : Technical Issues
 
06-19-2010   #9 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

uhmm. . how do I do that?
 
06-19-2010   #10 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Download the HJT from the link provided, run the program and once the log pops up, copy all the contents here on your next reply.
 
06-19-2010   #11 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

okay here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:10 PM, on 6/19/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.5.0_17\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Free Music Zilla Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\solution.vbs"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\XEV~1.THE\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [nod32] C:\DOCUME~1\XEV~1.THE\LOCALS~1\Temp\nodqq.exe
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\XEV~1.THE\LOCALS~1\Temp\dsoqq.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\War Chess\Images\stg_drm.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe (file missing)

--
End of file - 6382 bytes
 
06-19-2010   #12 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Use HJT again to fix these problems
Quote:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [autoMe] wscript.exe "C:\WINDOWS\solution.vbs"
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\XEV~1.THE\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [dso32] C:\DOCUME~1\XEV~1.THE\LOCALS~1\Temp\dsoqq.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe (file missing)
Get Malwarebytes
- Malwarebytes Anti-Malware - Free software downloads and software reviews - CNET Download.com
- Install, update and scan.
- Post the logs here.


Get ComboFix
- http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Disable your NOD32.
- Follow the instructions.
- Post the log after scan.

Post HJT log again on your next reply.


Extra: Is your NOD32 license still valid? And up-to-date?
 
06-19-2010   #13 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

yes it's valid and up to date.

here are the logs:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4215

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/20/2010 1:03:37 AM
mbam-log-2010-06-20 (01-03-37).txt

Scan type: Quick scan
Objects scanned: 195470
Time elapsed: 1 hour(s), 10 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 45

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\R oot\LEGACY_WINSPOOLSVC (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\WinSpoolSvc (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\nod32 (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\mywebsearch plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\cqsgf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\insnts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Application Data\vdolew.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\12gn6id2.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\1thes92p.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\2bbi1ax.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\33r.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\9rfpp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\pbyqfn.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\q0wfr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\qhbfqx.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rfg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rhwhin.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\rpw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xcr.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\xjb3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\awb3ryk.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\bu8.exe (Worm.Tarterf) -> Quarantined and deleted successfully.
C:\ca.exe (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\cobn8w3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\i8ikdjwt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\iuvvl9f3.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\krwyrv0d.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n0qls.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n6eyw.exe (Worm.Taterf) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\cvasds1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\herss.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\M6I77kEicE.log (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temporary Internet Files\Content.IE5\Y8RAT3DN\9[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.
C:\yqq8eqil.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\XXXBA.RESUR (Malware.Trace) -> Quarantined and deleted successfully.
C:\cgaqyi.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\f662sjd.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\p6xebrnt.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\p9rs.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq1.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\dsoqq.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\xev.THE-D7A62AF55CF\Local Settings\Temp\nodqq0.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.





ComboFix 10-06-18.03 - xev 06/20/2010 1:23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.479.241 [GMT 8:00]
Running from: C:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2ul.exe
c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\lJ8kn.txt
c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\yaptm.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb127\SearchSettings.dll
c:\program files\Search Settings\kb127\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
C:\restore
c:\windows\04432.exe
c:\windows\3896.exe
c:\windows\42748.exe
c:\windows\543.exe
c:\windows\88773.exe
c:\windows\system32\SCLabel.ocx
c:\windows\YAHELITE.INI
D:\12gn6id2.exe
D:\1thes92p.exe
D:\2bbi1ax.exe
D:\2ul.exe
D:\33r.exe
D:\9rfpp.exe
D:\autorun.inf
D:\ca.exe
D:\cgaqyi.exe
D:\cobn8w3.exe
D:\f662sjd.exe
D:\i8ikdjwt.exe
D:\n0qls.exe
D:\n6eyw.exe
D:\p6xebrnt.exe
D:\q0wfr.exe
D:\qhbfqx.exe
D:\rfg.exe
D:\rhwhin.exe
D:\rpw.exe
D:\xcr.exe
D:\yqq8eqil.exe

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 15:53 . 2010-06-19 15:57 3715012 ----a-r- C:\ComboFix.exe
2010-06-19 15:46 . 2010-06-19 15:46 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Malwarebytes
2010-06-19 15:45 . 2010-04-29 07:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 15:45 . 2010-06-19 15:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-19 15:45 . 2010-04-29 07:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 15:45 . 2010-06-19 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 15:41 . 2010-06-19 15:43 6153352 ----a-w- C:\mbam-setup-1.46.exe
2010-06-19 14:50 . 2010-06-19 14:50 -------- d-----w- c:\program files\Trend Micro
2010-06-19 14:46 . 2010-06-19 14:46 812344 ----a-w- C:\HJTInstall.exe
2010-06-19 10:14 . 2010-06-19 10:35 67229047 ----a-w- C:\TricksterManualPatch(2).zip
2010-06-19 07:52 . 2006-06-01 11:09 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-06-19 07:48 . 2010-06-19 08:23 18794066 ----a-w- C:\TricksterManualPatch.zip
2010-06-18 15:28 . 2010-06-18 15:27 116224 --sh--r- C:\09lf.exe
2010-06-18 13:20 . 2010-06-19 10:40 -------- d-----w- C:\Ntreev USA
2010-06-18 09:02 . 2010-06-18 14:02 -------- d-----w- c:\program files\FlashGet
2010-06-18 08:39 . 2010-06-18 08:59 4653240 ----a-w- C:\flashget196en.exe
2010-06-18 08:01 . 2010-06-18 08:01 115712 --sh--r- C:\1gkbvsni.exe
2010-06-16 18:17 . 2010-06-19 14:55 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2010-06-15 05:49 . 2005-10-21 18:08 167936 ----a-w- C:\rmxpkegen.exe
2010-06-15 05:47 . 2010-06-15 05:48 77820 ----a-w- C:\Keygen.zip
2010-06-13 17:42 . 2010-06-15 05:50 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Application Data\97A44125C9.sys
2010-06-13 17:42 . 2010-06-16 16:55 1682 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2010-06-13 17:37 . 2010-06-13 17:37 -------- d-----w- c:\program files\Common Files\Enterbrain
2010-06-13 17:26 . 2010-06-13 17:26 -------- d-----w- c:\program files\Enterbrain
2010-06-13 17:21 . 2010-06-13 17:22 -------- d-----w- C:\rpg maker
2010-06-12 05:29 . 2010-06-12 06:21 -------- d-----w- C:\4128646a06d2f43af186
2010-06-09 07:02 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-06-09 07:01 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2010-06-09 07:01 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-06-09 07:01 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-06-09 07:01 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-06-09 07:01 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2010-06-09 07:01 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfil terpipelinesvc.exe
2010-06-09 07:01 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-06-09 07:01 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-06-09 07:01 . 2010-06-09 07:02 -------- d-----w- C:\8edfe395bde670d887299caf066db9
2010-06-07 15:42 . 2010-06-07 15:42 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\PokerCreations
2010-06-07 13:17 . 2010-06-07 13:19 4687008 ----a-w- C:\GameInstaller.exe
2010-06-05 16:11 . 2010-06-05 16:11 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\%string%
2010-05-28 09:18 . 2010-06-02 16:05 -------- d-----w- c:\program files\RebirthRO
2010-05-27 16:57 . 2010-06-18 13:17 -------- d-----w- C:\downloads
2010-05-27 13:49 . 2010-05-27 13:49 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\MultiExtractor
2010-05-27 08:54 . 2010-05-27 13:26 -------- d-----w- c:\program files\Universal Extractor
2010-05-25 16:13 . 2010-05-25 16:13 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-25 16:13 . 2010-05-27 13:08 -------- d-----w- c:\program files\DAEMON Tools Pro
2010-05-25 16:12 . 2010-05-25 16:21 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\DAEMON Tools Pro
2010-05-25 16:12 . 2010-05-25 16:12 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-19 07:52 . 2008-05-27 08:25 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-19 07:41 . 2009-02-23 05:44 42168 ----a-w- c:\documents and settings\xev.THE-D7A62AF55CF\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-16 10:14 . 2008-07-10 13:12 -------- d-----w- c:\program files\Free Music Zilla
2010-06-15 15:09 . 2009-03-10 22:26 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\LimeWire
2010-06-08 15:48 . 2010-04-11 14:05 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\U3
2010-06-07 14:13 . 2009-11-07 10:49 -------- d-----w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\UFC Poker
2010-06-07 14:11 . 2009-11-07 10:48 -------- d-----w- c:\program files\UFC Poker
2010-05-27 14:30 . 2008-05-28 08:46 -------- d-----w- c:\program files\Samsung
2010-05-27 14:28 . 2008-05-27 08:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 14:21 . 2009-07-23 09:08 -------- d-----w- c:\program files\PokerStars
2010-05-27 09:06 . 2010-01-27 14:34 -------- d-----w- c:\program files\No-IP
2010-05-18 16:52 . 2010-05-18 16:52 -------- d-----w- c:\program files\psx emulation cheater
2010-05-06 04:45 . 2008-05-29 02:47 -------- d-----w- c:\program files\iTunes
2010-05-02 05:56 . 2004-08-03 21:17 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2004-08-03 22:56 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 15:36 . 2004-08-03 22:56 662016 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 15:36 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-03-31 09:58 . 2010-02-13 14:30 50354 -c--a-w- c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\uninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-05 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_17\bin\jusched.exe" [2008-11-10 75264]
"VTPreset"="VTPreset.exe" [2004-02-25 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\documents and settings\xev.THE-D7A62AF55CF\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-26 113664]
Free Music Zilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2008-7-10 732352]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-26 113664]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"5121:TCP"= 5121:TCP:map-server
"6121:TCP"= 6121:TCP:char-server
"6900:TCP"= 6900:TCP:login-server

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [12/21/2007 9:51 AM 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 9:51 AM 468224]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/26/2010 12:13 AM 697328]
.
Contents of the 'Scheduled Tasks' folder

2010-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-06-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-01 15:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fmz.qiwa.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*Yahoo! SearchBar Home Page
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*Yahoo!
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Mozilla\Firefox\Profiles\mgksfskp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\xev.THE-D7A62AF55CF\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\Java\jre1.5.0_17\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LimitRO Small Client Installer - d:\myro\uninst.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-20 01:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2010-06-20 01:44:41
ComboFix-quarantined-files.txt 2010-06-19 17:44

Pre-Run: 1,073,954,816 bytes free
Post-Run: 1,445,826,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut
C:\GRLDR="Start Grub"

- - End Of File - - 183338DAC64156A711C5DA3BE28CCEBE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:03 AM, on 6/20/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Free Music Zilla Start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe"
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Free Music Zilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\War Chess\Images\stg_drm.ocx
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 5139 bytes
 
06-19-2010   #14 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Your computer really infected by some malware pretty "badly" /sweat, is your NOD32 even working o.o;? Ever run full scan? Is it original license?

Did you ran the malwarebytes as well?

And can you login to TO now?
 
06-20-2010   #15 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

yeah it's still working but it's only a trial version, I ran the malwarebytes as you instructed me to do but I still cant log in the game.

I am doing a full scan at the moment.
 
06-20-2010   #16 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

It's funny to see NOD 32 failed to protect you despite it's being paid version, too.

Since it's trial version, then uninstall it. Install Avast Antivirus Home Edition here
- Avast Free Antivirus - Reviews and free Avast Free Antivirus downloads at Download.com
- Run the full scan.
 
06-20-2010   #17 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

okay thanks I'm downloading it now I'll update you after the avast scan is complete
 
06-20-2010   #18 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

I finished the full scan and deleted the infected files. I tried to log in to TO again but it still does not work
 
06-20-2010   #19 (permalink)
Snow Vampire
Special
Miyuki's Avatar
Games
Atlantica Online
Awards Retired Forum ModeratorSpirit of ggFTW
 
Join Date: Jun 2008
Posts: 6,550
Blog Entries: 52
iTrader: (0)
Miyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond reputeMiyuki has a reputation beyond repute
Send a message via MSN to Miyuki
IGN: Sarafina
Default

Reset your firewall as well.

- Start->Run
- Type CMD and press ENTER
- Type NETSH FIREWALL RESET and press ENTER
- Restart if prompted, if any.

After that, restore your DEP settings to default, restart. Then uninstall TO, delete the whole folder, and then re-install back.

Try launch it again afterward.
 
06-20-2010   #20 (permalink)
/gg FTW! Lurker
 
Join Date: Jun 2010
Posts: 11
iTrader: (0)
KonyongBayawak is on a distinguished road
Default

argghh still not working
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


zOMG!
Need a new browser game?

Try 

zOMG!

Rating:  

6.4
Hide this banner by registering for our community.