Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page please i need help computer mess up
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-29-2009, 11:18 AM   #1 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


please i need help computer mess up
hi i need help my computer is mess up.
as for whats wrong im not really sure you know the icons on the bottom right of your taskbar right next to the clock is gone, i cant run spy sweeper, i cant system restore, my internet is very slow, from time to time with no browsers open i hear commercials from my speakers, when i search for stuff on a search engine i cant click the link because it takes me to random websites i need to type in the url to get where i want.

it wont let me run GMER nothing happens when i click it

thank you for any help you guys can give
Attached Files
File Type: zip Attach.zip (9.6 KB, 3 views)
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-29-2009, 03:26 PM   #2 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
Rename GMER to OMER then run it again.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 10:09 PM   #3 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
ok that worked here is the new file
Attached Files
File Type: zip ark.zip (8.1 KB, 1 views)
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-29-2009, 10:46 PM   #4 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
Please post all the logs I ask from you starting now.

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Please rename combofix.exe to cfix.exe

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 12:54 AM   #5 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
here is the combofix log
thank you for replying so fast

ComboFix 09-03-29.02 - eric yu 2009-03-29 23:37:51.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1170 [GMT -7:00]
Running from: c:\documents and settings\eric yu\Desktop\Cfix.exe.exe
FW: Webroot Internet Security Essentials *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\0jbnlnu8.exe
C:\1bg.cmd
C:\1irqtv.cmd
C:\1jief.cmd
C:\1n.cmd
C:\1q8p0y.com
C:\3bo9tn.cmd
C:\6.exe
C:\6o0.bat
C:\8nlo1q.cmd
C:\8ox61l6.cmd
C:\9dl.cmd
C:\a.exe
C:\autorun.inf
C:\b.bat
C:\d8ur3qs.bat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\igcmrtjw.cmd
C:\kk.bat
C:\o93ml8.bat
C:\q1pady.cmd
C:\uyfd9cck.cmd
c:\windows\patch.exe
c:\windows\system32\a.exe
c:\windows\system32\desoyahi.dll.vir
c:\windows\system32\drivers\UACddobcpxt.sys
c:\windows\system32\godert1.dll
c:\windows\system32\jibuvuna.dll
c:\windows\system32\jugusaja.dll
c:\windows\system32\jwedsfdo0.dll
c:\windows\system32\jwedsfdo1.dll
c:\windows\system32\kxvo0.dll
c:\windows\system32\kxvo1.dll
c:\windows\system32\msmapi32.exe
c:\windows\system32\nhser43uhjnefr.dll
c:\windows\system32\nmdfgds2.dll
c:\windows\system32\ouvaaq(2).dll
c:\windows\system32\UACabeojxnh.dll
c:\windows\system32\UACarockmxj.log
c:\windows\system32\UACicdxdowy.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkfjsntjl.log
c:\windows\system32\UACplhyijkl.dll
c:\windows\system32\UACqeodpcan.log
c:\windows\system32\UACtiwjctlg.dll
c:\windows\system32\UACygapjcjm.dat
c:\windows\system32\UACyvppbyot.dll
c:\windows\system32\uahhemxk.ini
c:\windows\system32\waduzaga.dll
C:\x.cmd
C:\xwpehlv.com
C:\yfmqo.cmd

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_iprip
-------\Service_iprip


((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-28 22:23 . 2009-03-28 22:23 268 --ah----- C:\sqmdata00.sqm
2009-03-28 22:23 . 2009-03-28 22:23 244 --ah----- C:\sqmnoopt00.sqm
2009-03-28 21:59 . 2004-08-04 03:00 18,944 --a------ c:\windows\system32\simptcp.dll
2009-03-28 21:59 . 2004-08-04 03:00 18,944 --a------ c:\windows\system32\dllcache\simptcp.dll
2009-03-28 21:59 . 2009-03-28 21:59 4,168 --a------ C:\INFCACHE.1
2009-03-28 21:59 . 2009-03-28 21:59 2,352 --a------ C:\autorun.PNF
2009-03-28 12:12 . 2009-03-29 23:45 100,590 --a------ c:\windows\system32\drivers\97ff3114.sys
2009-03-28 12:11 . 2009-03-28 12:11 0 --ah----- c:\windows\system32\BIT4C.tmp
2009-03-25 16:02 . 2009-03-25 16:02 <DIR> d-------- c:\program files\Perfect World Entertainment
2009-03-25 15:53 . 2005-05-10 18:54 258,352 --a------ c:\windows\system32\unicows.dll
2009-03-22 21:38 . 2009-03-22 21:38 <DIR> d-------- C:\Uforia
2009-02-23 18:28 . 2009-02-23 22:14 <DIR> d-------- c:\program files\SoftEther VPN Client 2.0
2009-02-21 11:31 . 2009-02-16 17:39 2,736,890 --a------ c:\windows\system32\GameMon.des

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 18:36 --------- d--h--w c:\documents and settings\eric yu\Application Data\Move Networks
2009-03-29 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-29 05:23 --------- d-----w c:\documents and settings\eric yu\Application Data\Skype
2009-03-25 21:16 --------- d-----w c:\documents and settings\eric yu\Application Data\GetRightToGo
2009-03-25 17:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 17:53 --------- d-----w c:\program files\Cheat Engine
2009-03-22 08:20 --------- d-----w c:\program files\Java
2009-03-01 18:38 --------- d-----w c:\program files\Three Rings Design
2009-02-27 03:29 --------- d-----w c:\documents and settings\eric yu\Application Data\U3
2009-02-01 17:47 --------- d-----w c:\program files\Yahoo!
2009-02-01 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-23 01:40 102,409 --sh--r C:\xc.exe
2009-01-20 04:32 105,015 --sh--r C:\ud.exe
2009-01-18 17:17 103,725 --sh--r C:\y319s.exe
2006-10-01 23:22 94,080 -c--a-w c:\documents and settings\eric yu\Application Data\ezplay.sys
2006-10-01 23:22 47,360 -c--a-w c:\documents and settings\eric yu\Application Data\pcouffin.sys
2006-02-25 03:01 32 -c--a-r c:\documents and settings\All Users\hash.dat
2007-08-27 06:11 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 18:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dpojelozug"="c:\windows\oyudayiyukejub.dll" [2008-04-13 155648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli rspinsf.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dpojelozug]
--a------ 2008-04-13 17:12 155648 c:\windows\oyudayiyukejub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Netlogon"=3 (0x3)
"PnkBstrA"=2 (0x2)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpaceWg.sys [2006-06-17 3543]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-12-28 1086840]
R3 cdspacex;cdspacex;c:\windows\system32\drivers\CDSPACEX.sys [2006-06-17 22571]
R3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\drivers\TwoRabts.sys [2006-06-17 11120]
S3 CEDRIVER52;CEDRIVER52;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 Neo_gameking;SoftEther VPN Client 2.0 Device Driver - gameking;c:\windows\system32\drivers\Neo_gameking.sys [2008-06-27 15232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVDISP;NVDISP;\??\c:\documents and settings\eric yu\Desktop\new maple\nv7800gt.sys --> c:\documents and settings\eric yu\Desktop\new maple\nv7800gt.sys [?]
S3 puma1;puma1;c:\documents and settings\eric yu\Desktop\rakion hack\puma.sys [2007-07-17 30720]
S3 Revolution1;Revolution1;c:\documents and settings\eric yu\Desktop\rakion hack\New Folder\SHAK3.sys [2007-07-17 20864]
S3 sejt1;sejt1;c:\documents and settings\eric yu\Desktop\new maple\cheat 2\AkumaEngine33\sejt.sys [2007-02-01 35456]
S3 TEMPLEVER;TEMPLEVER;\??\c:\documents and settings\eric yu\Desktop\new maple\bypass engine\Templery engine\damainzor.sys --> c:\documents and settings\eric yu\Desktop\new maple\bypass engine\Templery engine\damainzor.sys [?]
S3 XDva014;XDva014;\??\c:\windows\system32\XDva014.sys --> c:\windows\system32\XDva014.sys [?]
S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys --> c:\windows\system32\XDva032.sys [?]
S3 XDva164;XDva164;\??\c:\windows\system32\XDva164.sys --> c:\windows\system32\XDva164.sys [?]
S3 xp1;xp1;\??\c:\documents and settings\eric yu\Desktop\new maple\cheat 2\xpengine\xp.sys --> c:\documents and settings\eric yu\Desktop\new maple\cheat 2\xpengine\xp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8d1069a-28fb-11dd-a688-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-29 c:\windows\Tasks\At1.job
- c:\windows\system32\r61dbM0y.exe []

2009-02-21 c:\windows\Tasks\At10.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-29 c:\windows\Tasks\At11.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-29 c:\windows\Tasks\At12.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-29 c:\windows\Tasks\At13.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At14.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At15.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At16.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-25 c:\windows\Tasks\At17.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At18.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-24 c:\windows\Tasks\At19.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-29 c:\windows\Tasks\At2.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-28 c:\windows\Tasks\At20.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-28 c:\windows\Tasks\At21.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At22.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At23.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At24.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-29 c:\windows\Tasks\At25.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-29 c:\windows\Tasks\At26.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At27.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At28.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-19 c:\windows\Tasks\At29.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At3.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\NPn44TC0.exe []

2008-11-26 c:\windows\Tasks\At31.job
- c:\windows\system32\NPn44TC0.exe []

2009-01-29 c:\windows\Tasks\At32.job
- c:\windows\system32\NPn44TC0.exe []

2009-01-29 c:\windows\Tasks\At33.job
- c:\windows\system32\NPn44TC0.exe []

2009-02-21 c:\windows\Tasks\At34.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-29 c:\windows\Tasks\At35.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-29 c:\windows\Tasks\At36.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-29 c:\windows\Tasks\At37.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At38.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At39.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At4.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At40.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-25 c:\windows\Tasks\At41.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At42.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-24 c:\windows\Tasks\At43.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At44.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At45.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At46.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At47.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At48.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-19 c:\windows\Tasks\At5.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At6.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At7.job
- c:\windows\system32\r61dbM0y.exe []

2009-01-29 c:\windows\Tasks\At8.job
- c:\windows\system32\r61dbM0y.exe []

2009-01-29 c:\windows\Tasks\At9.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- C:\ [2009-03-29 23:44]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- C:\ [2009-03-29 23:44]
.
- - - - ORPHANS REMOVED - - - -

BHO-{c2ba40a2-74f3-42bd-f434-2604812c8954} - c:\windows\system32\nhser43uhjnefr.dll
HKLM-Run-14801 - C:\ocqkmoc.exe
SharedTaskScheduler-{C2BA40A2-74F3-42BD-F434-2604812C8954} - c:\windows\system32\nhser43uhjnefr.dll
SharedTaskScheduler-{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kuyahere.dll
MSConfigStartUp-18075 - C:\ocqkmoc.exe
MSConfigStartUp-18444 - C:\ocqkmoc.exe
MSConfigStartUp-25801 - C:\ocqkmoc.exe
MSConfigStartUp-28404 - C:\ocqkmoc.exe
MSConfigStartUp-29808 - C:\ocqkmoc.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://atlantica.ndoorsgames.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} - hxxp://bombndash.com/common/AppCaller.ocx
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
FF - ProfilePath - c:\documents and settings\eric yu\Application Data\Mozilla\Firefox\Profiles\q3f56i5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\documents and settings\eric yu\Application Data\Mozilla\Firefox\Profiles\q3f56i5m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 23:45:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\97ff3114]
"ImagePath"="\SystemRoot\System32\drivers\97ff3114.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-862683654-2933876951-1334642952-1006\Software\SecuROM\License information*]
"datasecu"=hex:0a,4e,10,7d,45,87,34,29,15,50,ec,35,48,64,8c,27,6f,10,97,2b,47,
aa,f8,b5,35,d5,a3,97,56,02,3d,a9,ec,79,9a,66,47,9e,93,e3,bf,fa,ae,3b,71,b7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\rspinsf.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\lxctcoms.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2009-03-29 23:49:45 - machine was rebooted [eric yu]
ComboFix-quarantined-files.txt 2009-03-30 06:48:52

Pre-Run: 8,171,712,512 bytes free
Post-Run: 9,968,996,352 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

409 --- E O F --- 2008-11-12 08:04:29
Attached Files
File Type: txt ComboFix.txt (24.9 KB, 1 views)
Last edited by Angelfire777; 03-30-2009 at 10:45 AM.
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 11:16 AM   #6 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
Hi,

*I see you have P2P software ( Azureus, eMule) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

http://www.techsupportforum.com/secu...e-sharing.html

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

Please uninstall the following programs too:

AVG Anti-Spyware 7.5 <<AVG Antispyware is no longer supported as a stand alone app.
Client Hack 1.9.2g <<If you don't know what this is remove it.
LiveUpdate 3.1 (Symantec Corporation) <<Remnant from a Symantec installation
My Way Search Assistant

I highly suggest that you avoid using cheat engine too. It works by injecting code into your system's processes and it used to work by hiding itself as a rootkit.

This is very unsafe and can be disastrous.


*Open notepad.
Copy and paste the text inside the code box below to notepad
Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/361246-please-i-need-help-computer-mess-up.html
File::
c:\windows\system32\BIT4C.tmp
C:\xc.exe
C:\ud.exe
C:\y319s.exe
Driver::
XDva014
XDva032
XDva164
97ff3114
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dpojelozug"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\
  00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dpojelozug]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\taskmgr.exe"=-
Collect::
c:\windows\system32\drivers\97ff3114.sys
c:\windows\oyudayiyukejub.dll
c:\windows\rspinsf.dll
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uPolicies-explorer: <NO NAME> =
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


*Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 13.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 13".
  • Click the "Download" button to the right.
  • For Platform, select "Windows"
  • For language, select your language
  • Read the License agreement and then Check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement".
  • Click Continue
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java(TM) 6 Update 11
    • Java(TM) 6 Update 3
    • Java(TM) 6 Update 5
    • Java(TM) 6 Update 7
    • Java(TM) SE Runtime Environment 6 Update 1
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


*Next, it's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer or Firefox, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

1. Click Accept, when prompted to download and install the program files and database of malware definitions.


2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


On your next reply, please include a
  • kaspersky scan log
  • combofix log
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 05:01 PM   #7 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
thank you so much for all the help
here is the combofix and kaspersky scan log

ComboFix 09-03-29.04 - eric yu 2009-03-30 12:24:55.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1039 [GMT -7:00]
Running from: c:\documents and settings\eric yu\Desktop\Cfix.exe.exe
Command switches used :: c:\documents and settings\eric yu\Desktop\cfscript.txt
FW: Webroot Internet Security Essentials *disabled*
* Created a new restore point

FILE ::
C:\ud.exe
c:\windows\system32\BIT4C.tmp
C:\xc.exe
C:\y319s.exe
.

((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-30 )))))))))))))))))))))))))))))))
.

2009-03-28 22:23 . 2009-03-28 22:23 268 --ah----- C:\sqmdata00.sqm
2009-03-28 22:23 . 2009-03-28 22:23 244 --ah----- C:\sqmnoopt00.sqm
2009-03-28 21:59 . 2004-08-04 03:00 18,944 --a------ c:\windows\system32\simptcp.dll
2009-03-28 21:59 . 2004-08-04 03:00 18,944 --a------ c:\windows\system32\dllcache\simptcp.dll
2009-03-28 21:59 . 2009-03-28 21:59 4,168 --a------ C:\INFCACHE.1
2009-03-28 21:59 . 2009-03-28 21:59 2,352 --a------ C:\autorun.PNF
2009-03-25 16:02 . 2009-03-25 16:02 <DIR> d-------- c:\program files\Perfect World Entertainment
2009-03-25 15:53 . 2005-05-10 18:54 258,352 --a------ c:\windows\system32\unicows.dll
2009-03-22 21:38 . 2009-03-22 21:38 <DIR> d-------- C:\Uforia
2009-02-23 18:28 . 2009-02-23 22:14 <DIR> d-------- c:\program files\SoftEther VPN Client 2.0
2009-02-21 11:31 . 2009-02-16 17:39 2,736,890 --a------ c:\windows\system32\GameMon.des

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 19:12 --------- d-----w c:\documents and settings\eric yu\Application Data\Skype
2009-03-30 18:59 --------- d-----w c:\program files\Symantec
2009-03-30 18:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-30 07:35 --------- d--h--w c:\documents and settings\eric yu\Application Data\Move Networks
2009-03-29 06:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 21:16 --------- d-----w c:\documents and settings\eric yu\Application Data\GetRightToGo
2009-03-25 17:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 17:53 --------- d-----w c:\program files\Cheat Engine
2009-03-22 08:20 --------- d-----w c:\program files\Java
2009-03-01 18:38 --------- d-----w c:\program files\Three Rings Design
2009-02-27 03:29 --------- d-----w c:\documents and settings\eric yu\Application Data\U3
2009-02-01 17:47 --------- d-----w c:\program files\Yahoo!
2009-02-01 17:47 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-01-15 07:50 413,696 ----a-w c:\windows\system32\wrap_oal.dll
2009-01-15 07:50 110,592 ----a-w c:\windows\system32\OpenAL32.dll
2009-01-10 17:56 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-14 13:59 5,699,584 ----a-w c:\windows\system32\dllcache\mshtml.dll
2006-10-01 23:22 94,080 -c--a-w c:\documents and settings\eric yu\Application Data\ezplay.sys
2006-10-01 23:22 47,360 -c--a-w c:\documents and settings\eric yu\Application Data\pcouffin.sys
2006-02-25 03:01 32 -c--a-r c:\documents and settings\All Users\hash.dat
2007-08-27 06:11 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-29_23.47.43.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-28 19:16:02 32,768 -c----w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-30 19:14:02 32,768 -c----w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-28 19:16:02 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-30 19:14:02 32,768 -c----w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-28 19:16:02 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-30 19:14:02 32,768 ------w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-11-13 18:04 238968 --a------ c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2008-11-13 6273400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-01-30 14:11 3497984 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Netlogon"=3 (0x3)
"PnkBstrA"=2 (0x2)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Softnyx\\Rakion\\Bin\\rakion.bin"=
"c:\\WINDOWS\\system32\\lxctcoms.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\ijji\\ENGLISH\\u_skid.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\icmpsettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-11-12 29808]
R1 XSPACEWG;XSPACEWG;c:\windows\system32\drivers\XSpaceWg.sys [2006-06-17 3543]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2008-12-28 1086840]
R3 cdspacex;cdspacex;c:\windows\system32\drivers\CDSPACEX.sys [2006-06-17 22571]
R3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\drivers\TwoRabts.sys [2006-06-17 11120]
S3 CEDRIVER52;CEDRIVER52;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 Neo_gameking;SoftEther VPN Client 2.0 Device Driver - gameking;c:\windows\system32\drivers\Neo_gameking.sys [2008-06-27 15232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NVDISP;NVDISP;\??\c:\documents and settings\eric yu\Desktop\new maple\nv7800gt.sys --> c:\documents and settings\eric yu\Desktop\new maple\nv7800gt.sys [?]
S3 puma1;puma1;c:\documents and settings\eric yu\Desktop\rakion hack\puma.sys [2007-07-17 30720]
S3 Revolution1;Revolution1;c:\documents and settings\eric yu\Desktop\rakion hack\New Folder\SHAK3.sys [2007-07-17 20864]
S3 sejt1;sejt1;c:\documents and settings\eric yu\Desktop\new maple\cheat 2\AkumaEngine33\sejt.sys [2007-02-01 35456]
S3 TEMPLEVER;TEMPLEVER;\??\c:\documents and settings\eric yu\Desktop\new maple\bypass engine\Templery engine\damainzor.sys --> c:\documents and settings\eric yu\Desktop\new maple\bypass engine\Templery engine\damainzor.sys [?]
S3 xp1;xp1;\??\c:\documents and settings\eric yu\Desktop\new maple\cheat 2\xpengine\xp.sys --> c:\documents and settings\eric yu\Desktop\new maple\cheat 2\xpengine\xp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\autorun\command - E:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8d1069a-28fb-11dd-a688-00038a000015}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2009-03-30 c:\windows\Tasks\At1.job
- c:\windows\system32\r61dbM0y.exe []

2009-02-21 c:\windows\Tasks\At10.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At11.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At12.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At13.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At14.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At15.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At16.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-25 c:\windows\Tasks\At17.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At18.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-24 c:\windows\Tasks\At19.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At2.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-28 c:\windows\Tasks\At20.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-28 c:\windows\Tasks\At21.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At22.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At23.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At24.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-30 c:\windows\Tasks\At25.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At26.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At27.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At28.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-19 c:\windows\Tasks\At29.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At3.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\NPn44TC0.exe []

2008-11-26 c:\windows\Tasks\At31.job
- c:\windows\system32\NPn44TC0.exe []

2009-01-29 c:\windows\Tasks\At32.job
- c:\windows\system32\NPn44TC0.exe []

2009-01-29 c:\windows\Tasks\At33.job
- c:\windows\system32\NPn44TC0.exe []

2009-02-21 c:\windows\Tasks\At34.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At35.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At36.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At37.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At38.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At39.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At4.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-26 c:\windows\Tasks\At40.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-25 c:\windows\Tasks\At41.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-26 c:\windows\Tasks\At42.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-24 c:\windows\Tasks\At43.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At44.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-28 c:\windows\Tasks\At45.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At46.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At47.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-30 c:\windows\Tasks\At48.job
- c:\windows\system32\NPn44TC0.exe []

2009-03-19 c:\windows\Tasks\At5.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At6.job
- c:\windows\system32\r61dbM0y.exe []

2008-11-26 c:\windows\Tasks\At7.job
- c:\windows\system32\r61dbM0y.exe []

2009-01-29 c:\windows\Tasks\At8.job
- c:\windows\system32\r61dbM0y.exe []

2009-01-29 c:\windows\Tasks\At9.job
- c:\windows\system32\r61dbM0y.exe []

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-27 c:\windows\Tasks\wrSpySweeper_L6481A608EDCB4B93A54B9F94EF8840F0.job
- C:\ [2009-03-30 12:27]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2008-11-13 18:11]

2009-03-20 c:\windows\Tasks\wrSpySweeper_LA7948D877DF546368B648887D87E04C9.job
- C:\ [2009-03-30 12:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://atlantica.ndoorsgames.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
DPF: {CFD7D0F6-CCAF-4FFA-9D7F-CE9B65F562EC} - hxxp://bombndash.com/common/AppCaller.ocx
DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} - hxxp://www.tricksteronline.com/control/KALogoutComponent.cab
DPF: {E2E799BB-0285-4F31-9AE9-F21B4430A775} - hxxp://orka.gamengame.com/Game_Exe/EngOrkaWeb.cab
FF - ProfilePath - c:\documents and settings\eric yu\Application Data\Mozilla\Firefox\Profiles\q3f56i5m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - plugin: c:\documents and settings\eric yu\Application Data\Mozilla\Firefox\Profiles\q3f56i5m.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 12:27:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-862683654-2933876951-1334642952-1006\Software\SecuROM\License information*]
"datasecu"=hex:0a,4e,10,7d,45,87,34,29,15,50,ec,35,48,64,8c,27,6f,10,97,2b,47,
aa,f8,b5,35,d5,a3,97,56,02,3d,a9,ec,79,9a,66,47,9e,93,e3,bf,fa,ae,3b,71,b7,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
Completion time: 2009-03-30 12:30:17
ComboFix-quarantined-files.txt 2009-03-30 19:29:08
ComboFix2.txt 2009-03-30 19:20:07
ComboFix3.txt 2009-03-30 06:49:46

Pre-Run: 9,810,554,880 bytes free
Post-Run: 9,789,734,912 bytes free

314 --- E O F --- 2008-11-12 08:04:29



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 30, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 30, 2009 22:36:40
Records in database: 1987911
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 129458
Threat name: 51
Infected objects: 55
Suspicious objects: 0
Duration of the scan: 02:03:44


File name / Threat name / Threats count
C:\1xxec.exe Infected: Trojan-GameThief.Win32.OnLineGames.tjni 1
C:\3jkka91.com Infected: Trojan-GameThief.Win32.Magania.adkz 1
C:\91m.com Infected: Packed.Win32.Krap.g 1
C:\96.com Infected: Trojan-Downloader.Win32.Exchanger.ahi 1
C:\Documents and Settings\eric yu\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-5d35d3ad Infected: Trojan-Downloader.Java.Agent.f 1
C:\Documents and Settings\eric yu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-6eefe626.zip Infected: Trojan-Downloader.Java.Agent.f 1
C:\dp.exe Infected: Trojan-GameThief.Win32.OnLineGames.tjei 1
C:\fp.exe Infected: Trojan-GameThief.Win32.OnLineGames.tzon 1
C:\gmi1jxy.com Infected: Trojan-GameThief.Win32.Magania.anfa 1
C:\kjibu.com Infected: Trojan-Downloader.Win32.Agent.aspp 1
C:\qjfl.exe Infected: Trojan-GameThief.Win32.OnLineGames.tjnj 1
C:\Qoobox\Quarantine\C\0jbnlnu8.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.tkwf 1
C:\Qoobox\Quarantine\C\1bg.cmd.vir Infected: Trojan-GameThief.Win32.Magania.akxt 1
C:\Qoobox\Quarantine\C\1irqtv.cmd.vir Infected: Trojan.Win32.Agent.avvd 1
C:\Qoobox\Quarantine\C\1jief.cmd.vir Infected: Trojan-GameThief.Win32.OnLineGames.tndj 1
C:\Qoobox\Quarantine\C\1n.cmd.vir Infected: Trojan.Win32.Inject.ofs 1
C:\Qoobox\Quarantine\C\1q8p0y.com.vir Infected: Trojan-GameThief.Win32.Magania.ajew 1
C:\Qoobox\Quarantine\C\3bo9tn.cmd.vir Infected: Trojan-GameThief.Win32.Magania.agzg 1
C:\Qoobox\Quarantine\C\6.exe.vir Infected: Trojan-GameThief.Win32.Magania.agbi 1
C:\Qoobox\Quarantine\C\6o0.bat.vir Infected: Trojan-GameThief.Win32.Magania.auws 1
C:\Qoobox\Quarantine\C\8nlo1q.cmd.vir Infected: Trojan-GameThief.Win32.Magania.anmr 1
C:\Qoobox\Quarantine\C\8ox61l6.cmd.vir Infected: Trojan-GameThief.Win32.OnLineGames.thut 1
C:\Qoobox\Quarantine\C\9dl.cmd.vir Infected: Trojan-GameThief.Win32.Magania.agec 1
C:\Qoobox\Quarantine\C\a.exe.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsng 1
C:\Qoobox\Quarantine\C\b.bat.vir Infected: Trojan-GameThief.Win32.OnLineGames.tuqp 1
C:\Qoobox\Quarantine\C\d8ur3qs.bat.vir Infected: Trojan-GameThief.Win32.Magania.aoxw 1
C:\Qoobox\Quarantine\C\igcmrtjw.cmd.vir Infected: Trojan-GameThief.Win32.Magania.amky 1
C:\Qoobox\Quarantine\C\kk.bat.vir Infected: Trojan-PSW.Win32.OnLineGames.samm 1
C:\Qoobox\Quarantine\C\o93ml8.bat.vir Infected: Trojan.Win32.Crypt.zv 1
C:\Qoobox\Quarantine\C\q1pady.cmd.vir Infected: Trojan-GameThief.Win32.Magania.amry 1
C:\Qoobox\Quarantine\C\ud.exe.vir Infected: Trojan-GameThief.Win32.Magania.atls 1
C:\Qoobox\Quarantine\C\uyfd9cck.cmd.vir Infected: Trojan-GameThief.Win32.Magania.alxm 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\godert1.dll.vir Infected: Trojan-GameThief.Win32.Magania.auvb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jwedsfdo0.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.bkmv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jwedsfdo1.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.bkmv 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxvo0.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.bkmw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxvo1.dll.vir Infected: Trojan-GameThief.Win32.OnLineGames.bkmw 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nhser43uhjnefr.dll.vir Infected: Trojan-Downloader.Win32.Small.ajst 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nmdfgds2.dll.vir Infected: Backdoor.Win32.Agobot.arl 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACabeojxnh.dll.vir Infected: Packed.Win32.Tdss.f 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACicdxdowy.dll.vir Infected: Trojan.Win32.Tdss.ror 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACplhyijkl.dll.vir Infected: Trojan.Win32.TDSS.vta 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtiwjctlg.dll.vir Infected: Trojan.Win32.TDSS.vsz 1
C:\Qoobox\Quarantine\C\x.cmd.vir Infected: Worm.Win32.AutoRun.nng 1
C:\Qoobox\Quarantine\C\xc.exe.vir Infected: Trojan-GameThief.Win32.Magania.auaj 1
C:\Qoobox\Quarantine\C\xwpehlv.com.vir Infected: Trojan-GameThief.Win32.OnLineGames.arym 1
C:\Qoobox\Quarantine\C\y319s.exe.vir Infected: Trojan-GameThief.Win32.Magania.atgf 1
C:\Qoobox\Quarantine\C\yfmqo.cmd.vir Infected: Trojan-GameThief.Win32.Magania.ahtr 1
C:\s38k.exe Infected: Trojan-GameThief.Win32.Magania.ajge 1
C:\tj8odymw.exe Infected: Worm.Win32.AutoRun.myb 1
C:\Uforia\ThreeKingdoms\ThreeKingdoms.exe Infected: Packed.Win32.Black.a 1
C:\uh31.exe Infected: Worm.Win32.AutoRun.nty 1
C:\v0vj.exe Infected: Trojan-GameThief.Win32.OnLineGames.uaeu 1
C:\WINDOWS\system32\afmain1.dll Infected: Packed.Win32.Krap.g 1
C:\xpq63xl.exe Infected: Packed.Win32.Krap.b 1

The selected area was scanned.
Attached Files
File Type: zip ComboFix.zip (6.5 KB, 1 views)
Last edited by Angelfire777; 03-30-2009 at 07:50 PM.
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-30-2009, 08:03 PM   #8 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
*Open notepad.
Copy and paste the text inside the code box below to notepad
Code:
File::
C:\1xxec.exe
C:\3jkka91.com
C:\91m.com
C:\96.com
C:\Documents and Settings\eric yu\Application Data\Sun\Java\Deployment\cache\6.0\51\4278fa73-5d35d3ad
C:\Documents and Settings\eric yu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-6eefe626.zip
C:\dp.exe
C:\fp.exe
C:\gmi1jxy.com
C:\kjibu.com
C:\qjfl.exe
C:\s38k.exe
C:\tj8odymw.exe
C:\uh31.exe
C:\v0vj.exe
C:\WINDOWS\system32\afmain1.dll
C:\xpq63xl.exe
AtJob::
  • Save and Name it as "CFScript"
  • Drag and drop CFScript.txt to your copy of combofix.

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Do you know anything about this?

C:\Uforia\ThreeKingdoms
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Last edited by Angelfire777; 03-30-2009 at 08:04 PM.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2009, 07:19 PM   #9 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
C:\Uforia\ThreeKingdoms is a mmorpg i play
Attached Files
File Type: txt ComboFix.txt (17.1 KB, 4 views)
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-31-2009, 09:03 PM   #10 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
how's it running?
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2009, 11:29 AM   #11 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
everything seems to be running great
thank you for all the help your the best
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-01-2009, 11:17 PM   #12 (permalink)
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
 
Angelfire777's Avatar
 
Join Date: Oct 2006
Posts: 4,581
OS: Vista


Re: please i need help computer mess up
Click start > run > copy and paste:

combofix /u

That will hide your system files, clear your system restore cache and uninstall combofix.

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Read TonyKlein's How Did I Get Infected In The First Place?.

Please check out miekiemoes' "How to Prevent Malware"

Happy safe surfing!

Note: Please reply to this thread one last time so I could mark it as resolved.
__________________
UNITE and ASAP since 2006


If we have helped you, please consider donating.

The past won't be able to hurt you unless you keep on looking back at it.
Angelfire777 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-03-2009, 11:16 AM   #13 (permalink)
Registered User
 
Join Date: Mar 2009
Posts: 8
OS: xp


Re: please i need help computer mess up
thank you so much
i will do what you say and keep my Antivirus updated
acidburn452 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:28 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85