Junior Member
1) Keyboard is just working properly.
2) There is no 'Documentation' in Start>All Programs>ESET
Only: Deinstall.exe, readme.txt, NOD32.exe, NOD32 Control Centre.exe, NOD32 Help
I'm going to run ComboFix right now, after closing and disconnecting internet, terminating Windows Defender, closing applications, and only leaving NOD32 running.
Very many thanks for keep helping me!
Junior Member
Here is the log. However, stupid as I am, I forgot to plug in my MP3-player, which contains the virus aswel. Though, I think you might find something useful in this log too.
I Guess I should run combofix.exe again with my MP3-player plugged in?
Anyway, here are the results (without MP3-player):
EDIT = First victory already! I found out I can acces my C en D drive from 'My Computer' again! =D
ComboFix 09-02-10.03 - Rick 2009-02-16 18:37:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.1535.1181 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Rick\Bureaublad\ComboFix.exe
AV: NOD32 antivirus systeem 2.51 *On-access scanning enabled* (Updated)
* Resident AV is active
WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Rick\Local Settings\Temporary Internet Files\ijjistarter2.exe
c:\program files\Mozilla Firefox\components\iamfamous.dll
c:\recycler\S-3-4-91-100026391-100023195-100025905-6192.com
c:\windows\system32\drivers\gaopdxapalqjns.sys
c:\windows\system32\drivers\gaopdxcfnpppyx.sys
c:\windows\system32\drivers\gaopdxexumlxwp.sys
c:\windows\system32\drivers\gaopdxkmhdrbvr.sys
c:\windows\system32\drivers\gaopdxljejnlmt.sys
c:\windows\system32\drivers\gaopdxmtnbmlex.sys
c:\windows\system32\drivers\gaopdxoewmetag.sys
c:\windows\system32\drivers\gaopdxorpjkroy.sys
c:\windows\system32\drivers\gaopdxsilxmoqv.sys
c:\windows\system32\drivers\gaopdxvdhmpxel.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxiqwhxilr.dll
D:\Autorun.inf
d:\recycler\S-2-7-16-100017966-100012673-100025305-4543.com
d:\recycler\S-3-4-25-100008465-100019509-100022783-8172.com
d:\recycler\S-3-4-91-100026391-100023195-100025905-6192.com
d:\recycler\S-3-9-26-100005196-100025209-100009521-8331.com
d:\recycler\S-4-8-51-100003449-100012727-100015118-5138.com
d:\recycler\S-5-2-27-100007919-100031600-100010127-4075.com
d:\recycler\S-5-9-14-100029529-100028350-100001443-8999.com
d:\recycler\S-7-3-17-100006551-100027663-100019215-2623.com
d:\recycler\S-8-7-52-100000004-100018885-100016347-2386.com
d:\recycler\S-9-2-49-100008218-100016052-100007970-1292.com
d:\recycler\S-9-5-86-100000442-100028696-100022750-5543.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
(((((((((((((((((((( Bestanden Gemaakt van 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))
.
2009-02-05 21:50 . 2009-02-05 21:50 42,320 --a------ c:\windows\system32\xfcodec.dll
2009-02-05 13:31 . 2009-02-05 13:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-02-05 13:01 . 2009-02-05 13:03 <DIR> d-------- c:\windows\system32\NtmsData
2009-02-01 13:56 . 2009-02-16 18:44 <DIR> d-------- c:\program files\Steam
2009-01-31 21:42 . 2009-01-31 21:42 <DIR> d-------- C:\CFLog
2009-01-31 16:05 . 2009-01-31 16:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Age of Empires 3
2009-01-29 16:19 . 2009-01-29 16:19 <DIR> d-------- c:\program files\MSECache
2009-01-28 20:29 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2009-01-28 20:29 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2009-01-28 20:29 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2009-01-28 20:29 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2009-01-28 20:29 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2009-01-28 20:28 . 2009-01-28 20:28 <DIR> d-------- c:\windows\Logs
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-02-16 17:44 --------- d-----w c:\program files\DNA
2009-02-16 17:44 --------- d-----w c:\documents and settings\Rick\Application Data\DNA
2009-02-16 16:59 --------- d-----w c:\documents and settings\Rick\Application Data\Xfire
2009-02-14 16:06 --------- d-----w c:\documents and settings\Rick\Application Data\BitTorrent
2009-02-14 15:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-13 10:51 189,672 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-13 10:51 138,584 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-12 14:20 --------- d-----w c:\program files\Xfire
2009-02-11 18:57 70,968 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-11 16:10 --------- d-----w c:\program files\ESET
2009-02-08 20:37 --------- d-----w c:\documents and settings\Rick\Application Data\LimeWirePlus
2009-02-08 19:40 --------- d-----w c:\program files\Messenger Plus
2009-01-31 14:32 --------- d-----w c:\program files\LimeWire Plus
2009-01-29 20:35 --------- d-----w c:\documents and settings\Rick\Application Data\My Games
2009-01-29 20:32 --------- d-----w c:\program files\Game Cam v1.4
2009-01-12 14:08 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2008-12-17 07:29 --------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2008-12-13 18:05 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-11 17:22 22,328 ----a-w c:\documents and settings\Rick\Application Data\PnkBstrK.sys
2008-10-24 13:52 30 ----a-w c:\documents and settings\Rick\jagex_runescape_preferences.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-25 342848]
"Steam"="c:\program files\Steam\Steam.exe" [2009-02-01 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-10 921600]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-12-27 988736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-09-17 81920]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"C-Media Mixer"="Mixer.exe" [2002-10-15 c:\windows\mixer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-22 39264]
c:\documents and settings\Rick\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-02-29 546816]
PowerReg Scheduler.exe [2008-04-26 256000]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-12 805392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr .exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\WINDOWS\\system32\\p3xsvr.exe"=
"d:\\spellen\\Call Of Duty 4\\iw3mp.exe"=
"d:\\spellen\\Civilization 4\\Civilization4.exe"=
"d:\\spellen\\Civilization 4\\Warlords\\Civ4Warlords.exe"=
"d:\\spellen\\Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\LimeWire Plus\\LimeWire.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\spellen\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"d:\\spellen\\Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACED RV11.sys [2008-01-23 501560]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 atirage;atirage;c:\windows\system32\drivers\atirag em.sys [2007-10-08 70784]
S3 XDva031;XDva031;\??\c:\windows\system32\XDva031.sy s --> c:\windows\system32\XDva031.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\XDva214.sy s --> c:\windows\system32\XDva214.sys [?]
--- Andere Services/Drivers In Geheugen ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3B6F3917-0B5C-9D48-4C95-15D496D553DB}]
c:\docume~1\Rick\LOCALS~1\Temp\IXP000.TMP\FRAPS2~1 .EXE
.
Inhoud van de 'Gedeelde Taken' map
2009-02-13 c:\windows\Tasks\Easy Onderhoud.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-12-28 18:13]
2009-02-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: com.tw\www.msi
DPF: {0CC52A09-A146-4AC4-85E5-B9A575CA8196} - hxxp://www.ace-onlines.com/Downloads/pc_info.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC} - hxxp://www.ace-onlines.com/game/WebLauncher.cab
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - hxxp://config.hyosungcdn.com/download/p3xset.cab
FF - ProfilePath - c:\documents and settings\Rick\Application Data\Mozilla\Firefox\Profiles\6jlumc42.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 18:44:36
Windows 5.1.2600 Service Pack 2 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\m chInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-764733703-725345543-1003\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1123561945-764733703-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:25,06,1d,8b,bf,b6,0a,de,73,69,0a,a5,86,f5 ,97,22,f6,11,70,99,af,14,7b,
02,60,4d,cf,c9,8f,81,8c,84,c8,7b,3a,64,fd,ea,6a,18 ,8b,45,92,6f,33,4c,83,c2,\
"??"=hex:ab,07,d9,e1,c5,d1,72,6c,5a,ae,45,fb,dc,db ,e9,d0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\s ystem32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
- - - - - - - > 'winlogon.exe'(652)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\relog_ap.dll
c:\program files\TuneUp Utilities 2006\WinStylerThemeHelper.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
************************************************** ************************
.
Voltooingstijd: 2009-02-16 18:49:07 - machine werd herstart
ComboFix-quarantined-files.txt 2009-02-16 17:49:04
Pre-Run: 4,461,400,064 bytes beschikbaar
Post-Run: 4,434,395,136 bytes beschikbaar
242 --- E O F --- 2009-01-30 06:48:57
Senior Member (Canada)
Try 'NOD32 Help' for any needed documentation. Sorry, my latest version (v3.0) was downloaded 2 weeks ago.2) There is no 'Documentation' in Start>All Programs>ESET
Only: Deinstall.exe, readme.txt, NOD32.exe, NOD32 Control Centre.exe, NOD32 Help
Here is a link explaining how to reset your protected settings password:
OLDER VERSIONS:
Eset - I cannot access the settings – NOD32 asks for password. What should I do?
NOD32 V3.0:
Eset - Settings are password protected (ESET Smart Security and ESET NOD32 Antivirus 3.x)
I doubt that most MP3 players can be made to be a drive letter. Here is one link where there appear to some possible exceptions to that:
Make your MP3 player to show up as a Drive Letter
Otherwise, and potentially, there is one or more infected files on that MP3 which could easily reinfect your PC (or originally came from your PC).
Maybe now a good time to run MBAM.
Junior Member
Yeah tomorrow I'm going to check if I can get into safe mode.
Then run MBAM, see what comes out.
About my MP3-player, I wait with it, I've already been thinking about buying a new one, this one's getting old, and the thing itself is bending a little (yea really, it does), so it won't take long before he 'dies' a painful death.
And then I'll figure out NOD32 with your links.
I'll keep you updated here, thanks!
Junior Member
I took just a bit more than 1 very boring hour, but here are the results:
Though I think even I can understand the outcome of this full scan
Malwarebytes' Anti-Malware 1.34
Database versie: 1766
Windows 5.1.2600 Service Pack 2
17-2-2009 17:14:58
mbam-log-2009-02-17 (17-14-58).txt
Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 214818
Verstreken tijd: 1 hour(s), 9 minute(s), 0 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
