Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus or not? WD My passport can't enter to view files


  • This topic is locked This topic is locked
27 replies to this topic

#1 brnjas

brnjas

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 29 March 2013 - 07:27 AM

Hi James,

As suggested by you I started new topic here. So, lets write again my problem.

I have WD My Passport external hard drive 1TB. He's worked o.k since two weeks ago. Then suddenly he's start to show me this message every time I want to view my files on disc:

 

 

Error loading ~$WFLXAWQ.FAT32

 

The specified module could not be found

 

I tried to change source (brother's laptop) To see data there but nothing. Same massage as on my comp.

So disappointed I went to my friend to try on his comp. When we connect My Passport immediately is start to work fine. I could

see my data on it and everything worked perfectly. Then I went home and I scan entire computer and WD My Passport with NOD32 Antivirus 5, Found 5 infection = cleared successfully. Everything worked o.k.

Two day's ago I tried to view my data on My Passport and when I click on icon in My computers nothing happens, click again nothing. So, my problem now is that I can't enter again to see data. But this time no message is coming on screen. Nothing is happening. TO other computers when I connect My Passport same nothing is happening...

I have this program WD Smart Were who comes with My Passport hard drive and he's reading that HDD is recognized on computer (Used memory on HDD=87%, temperature=ok, locked=no).

I download and started Western Digital Data LIfeGuard Diagnostics program for Windows Xp and this are the results:

 

 

Test Option: QUICK TEST Model Number: WD My Passport 0748 Unit Serial Number: WXC1A72X7892 Firmware Number: 1019 Capacity: 1000.17 GB SMART Status: PASS Test Result: PASS Test Time: 10:44:28, March 28, 2013

 

Test Option: EXTENDED TEST Model Number: WD My Passport 0748 Unit Serial Number: WXC1A72X7892 Firmware Number: 1019 Capacity: 1000.17 GB SMART Status: PASS Test Result: PASS Test Time: 23:11:17, March 28, 2013

 

Should I mention that I have:

OS: Windows XP Professional Version 2002 Service Pack 3

AMD Sempron™ Processor 3000+ , 1.98 GHz, 1.50 GB of RAM

 

This is My old Comp. but hi's doing the job  :P

 

James, please help and if you need any other information about this let me know.

 

Thanks in advance

 

Zoran

 

P.S: Sorry for my bad English



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 01 April 2013 - 07:49 PM

Hi brnjas,

 

My name is etavares and I'll be helping you with this thread.  Do you still require help with this issue?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 03 April 2013 - 06:25 AM

hello etavares,

yes please help...

I have immportant data on this hard disk.

 

brnjas



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 03 April 2013 - 07:06 PM

Hi, plug the hard drive in, click Start --> right-click My Computer and select Manage.  Under Storage, click Disk Management.  You should see a few disks (at least one) such as Disk 0, then a partition with a drive letter (e.g. C:) to the right of that.  Is there one with an 'unassigned' drive letter?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 13 April 2013 - 06:08 AM

Do you still need help?



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 14 April 2013 - 04:10 AM

etavares,

I'm sorry, I was out of country.

Yes sir. I need help. So, I did like you said and under Storage=Disk Management I have two internal hard drives (C:,D:) and My Passport (H:). And according to this the My Passport is healthy and online used memory 932 GB NTFS. Everything seems it's working but like I said when I enter in icon in My Computer=My Passport (H:) than the computer open again new folder and there is this shortcut:

 

 

My Passport (932GB)

Shortcut

 

I don't know, maybe some files are missing or something like that. I want to say maybe some files from system are missing because of virus or something else.

 

Please help

 

brnjas



#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 14 April 2013 - 05:53 AM

Hi brnjas,

 

OK, thanks for the information.  Please follow the instructions in this link and we'll see if it could be a virus:

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

Please post the logs in a reply in this thread and I'll look them over.  That error tells me that your windows on that machine may be corrupted...virus or otherwise.  In case we need it, do you have a Windows installation CD?

 

-etavares



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 14 April 2013 - 08:50 AM

Hi Etavares,

 

I will follow the instruction you told me and I will post the results later.

No, I'm sorry but I don't have Windows installation CD

 

brnjas



#9 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 14 April 2013 - 10:41 AM

etavares,

 

please how to attach the attach.txt from desktop? I can't find this option Attachments...

 

please help

 

brnjas



#10 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 15 April 2013 - 04:19 AM

Hi etavares,

 

So, here are the logs you require:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.17.2
Run by User at 16:43:32 on 2013-04-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.623 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\WINDOWS\SoftwareProtection\systemvital.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Transas Shared\Navigation\IBSConfig\IBSSvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Transas Shared\Navigation\NavTex\NavTex.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredimail.com?a=6mb0WrZURs
uInternet Connection Wizard,ShellNext = hxxp://rapidshare.com/files/134242616/NodLogin_9.6__32_and_64bits_.rar
uProxyOverride = <local>
mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\windupdt\winupdate.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: Vuze Remote Toolbar: {BA14329E-9550-4989-B3F2-9732E92D17CC} - c:\program files\vuze_remote\prxtbVuze.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0360.0\npwinext.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
uRun: [Videohost] c:\docume~1\user\locals~1\temp\b.exe
uRun: [system34] c:\windows\softwareprotection\systemvital.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [windows_update.exe] c:\documents and settings\user\my documents\downloads\programs\cod 4 hack\Call of Duty 4 Undetected Hack
uRun: [winupdater] c:\windupdt\winupdate.exe
uRun: [WindowsUpd_] c:\documents and settings\user\application data\WindowsUpd_.exe
uRun: [Real Desktop] "c:\program files\real desktop\Real Desktop.exe"
uRun: [Facebook Update] "c:\documents and settings\user\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "c:\documents and settings\user\local settings\application data\akamai\netsession_win.exe"
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0360.0\mswinext.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [INSAutoRunner] "c:\program files\common files\transas shared\navigation\tools\INSAutoRun.exe" SilentMode
mRun: [WindowsUpd_] c:\documents and settings\user\application data\WindowsUpd_.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WD Drive Unlocker] c:\program files\western digital\wd apps\WDDriveAutoUnlock.exe
mRun: [WD Quick View] c:\program files\western digital\wd smartware\WDDMStatus.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mExplorerRun: [WindowsUpd_] c:\documents and settings\user\application data\WindowsUpd_.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\real desktop.lnk - c:\program files\real desktop\Real Desktop.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\registration heroes of might & magic 5 - tribes of the east.lnk - d:\heroes of m&m\heroes of might and magic v - tribes of the east\registration\RegistrationReminder.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\regist~1.lnk - g:\registration_us\RegistrationReminder.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\registration prince of persia warrior within.lnk - d:\prince of persia warrior within\support\register\RegistrationReminder.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm
IE: Translate with Di dictionary - <no file>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/openapi/receivers/FMSI.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{D5929BC4-D123-41AA-885A-EE3E21BBB3E8} : DHCPNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-12-6 35328]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;c:\docume~1\user\locals~1\temp\VSPE.sys [2011-11-4 25984]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2009-10-15 33952]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/25 20:48:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
R2 INSSvc;Transas INS Network;c:\program files\common files\transas shared\navigation\ibsconfig\IBSSvc.exe [2008-4-29 241664]
R2 NavTex;Transas NavTex;c:\program files\common files\transas shared\navigation\navtex\NavTex.exe [2007-12-25 241664]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-3-19 3289208]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\WDDMService.exe [2011-12-15 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\western digital\wd drive manager\WDDriveService.exe [2012-9-6 248248]
R2 WDFMEService;WDFME;c:\program files\western digital\wd smartware\WDFME.exe [2011-12-15 1591176]
R2 WDRulesService;WDRules;c:\program files\western digital\wd smartware\WDRulesEngine.exe [2011-12-15 1091992]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2011-3-26 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca445ce2b2b504;Google Update Service (gupdate1ca445ce2b2b504);c:\program files\google\update\GoogleUpdate.exe [2009-10-3 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-7 161384]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S2 Transas Basic Service;Transas Basic Service;c:\program files\common files\transas shared\navigation\shared\TBService.exe [2007-12-24 241664]
S3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys --> c:\windows\system32\drivers\appliand.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11220.sys [2013-2-23 106656]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\common files\futuremark shared\futuremark systeminfo\FMSISvc.exe [2011-2-2 135584]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2011-9-5 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena\safedrv.sys --> c:\program files\garena\safedrv.sys [?]
S3 SENTEMU;SENTEMU;\??\c:\transas\ns4000\sentemu.sys --> c:\transas\ns4000\SENTEMU.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-28 09:37:52 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 16:21:36 -------- d-----w- c:\documents and settings\user\local settings\application data\Western_Digital
2013-03-24 19:34:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 19:24:03 -------- d-----w- c:\program files\CCleaner
2013-03-24 19:13:51 -------- d-----w- c:\program files\Oracle
2013-03-23 01:09:28 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 19:47:48 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2013-03-21 19:22:03 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 09:29:16 -------- d-----w- c:\program files\common files\Western Digital
2013-03-21 09:28:50 -------- d-----w- c:\documents and settings\user\local settings\application data\Western Digital
2013-03-21 04:10:18 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-20 21:08:07 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 20:41:46 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-20 20:39:02 -------- d-----w- c:\windows\system32\Adobe
2013-03-18 22:04:06 -------- d-----w- c:\documents and settings\user\local settings\application data\Wondershare
2013-03-18 22:04:05 -------- d-----w- c:\program files\common files\Wondershare
2013-03-18 22:03:47 -------- d-----w- c:\program files\Temp
2013-03-18 21:58:25 -------- d-----w- c:\windows\system32\WDCSAM
2013-03-18 21:57:10 694272 ----a-w- c:\windows\system32\WD SES Driver Setup (x86).msi
2013-03-18 21:07:21 -------- d-----w- c:\documents and settings\all users\application data\Cached Installations
2013-03-18 20:30:34 -------- d-----w- c:\program files\Western Digital
2013-03-18 20:15:09 -------- d-----w- c:\documents and settings\all users\application data\Western Digital
2013-03-18 19:25:08 -------- d-----w- c:\documents and settings\user\local settings\application data\Opera
2013-03-18 12:45:42 -------- d-----w- c:\documents and settings\all users\application data\ZoomBrowser
2013-03-18 12:45:11 -------- d-----w- c:\program files\Canon
2013-03-18 12:17:08 -------- d-----w- c:\documents and settings\user\application data\CANON INC
2013-03-17 23:43:34 143872 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2013-03-30 13:16:19 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-03-30 13:16:01 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-03-30 13:16:01 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-03-30 13:07:30 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-28 11:16:09 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-03-28 11:12:08 22328 ----a-w- c:\documents and settings\user\application data\PnkBstrK.sys
2013-03-24 19:34:25 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-24 19:34:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 11:42:35 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 04:23:36 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 01:31:48 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 09:30:19 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-03-02 01:31:30 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:05:27 668672 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:05:27 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:05:25 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 01:02:06 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
============= FINISH: 16:44:24.32 ===============

 

and Attach.txt:

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/25/2009 6:35:09 PM
System Uptime: 4/14/2013 3:22:15 PM (1 hours ago)
.
Motherboard: | | MS-7030
Processor: AMD Sempron™ Processor 3000+ | Socket 940 | 1979/220mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 59 GiB total, 23.703 GiB free.
D: is FIXED (NTFS) - 53 GiB total, 8.306 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is FIXED (NTFS) - 931 GiB total, 126.937 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_2000&DEV_2800&SUBSYS_28001801&REV_02\4&3191A3E6&0&4070
Manufacturer: Smart Link (www.smlink.com)
Name: Smart Link 56K Voice Modem
PNP Device ID: PCI\VEN_2000&DEV_2800&SUBSYS_28001801&REV_02\4&3191A3E6&0&4070
Service: Modem
.
==== System Restore Points ===================
.
RP1115: 1/30/2013 6:07:48 PM - System Checkpoint
RP1116: 2/1/2013 6:37:05 PM - System Checkpoint
RP1117: 2/20/2013 4:21:51 PM - Software Distribution Service 3.0
RP1118: 2/20/2013 7:27:29 PM - Software Distribution Service 3.0
RP1119: 2/23/2013 10:03:30 AM - System Checkpoint
RP1120: 2/24/2013 12:28:12 PM - System Checkpoint
RP1121: 2/24/2013 4:22:40 PM - Installed Rise Of Legends
RP1122: 2/24/2013 4:23:48 PM - Installed Rise Of Legends
RP1123: 2/24/2013 4:24:48 PM - Installed Rise Of Legends
RP1124: 2/25/2013 9:14:29 PM - System Checkpoint
RP1125: 2/26/2013 1:02:45 PM - Installed Prince of Persia Warrior Within
RP1126: 2/26/2013 1:02:57 PM - Installed Prince of Persia Warrior Within
RP1127: 2/26/2013 2:27:55 PM - Removed Prince of Persia Warrior Within
RP1128: 2/26/2013 2:29:41 PM - Installed Prince of Persia Warrior Within
RP1129: 2/26/2013 2:29:48 PM - Installed Prince of Persia Warrior Within
RP1130: 2/27/2013 4:16:53 PM - Installed DirectX
RP1131: 2/28/2013 9:16:48 PM - System Checkpoint
RP1132: 3/1/2013 4:52:53 PM - Installed Akamai NetSession Interface
RP1133: 3/4/2013 6:23:48 PM - System Checkpoint
RP1134: 3/6/2013 9:28:20 AM - System Checkpoint
RP1135: 3/6/2013 9:59:11 AM - Removed Prince of Persia Warrior Within
RP1136: 3/6/2013 9:59:45 AM - Removed Rise Of Legends
RP1137: 3/6/2013 10:18:13 AM - Installed Ground Control II
RP1138: 3/7/2013 10:45:12 AM - Removed Ground Control II
RP1139: 3/7/2013 11:14:41 AM - Installed Falcon 4.0: Allied Force
RP1140: 3/7/2013 11:33:42 AM - Removed Falcon 4.0: Allied Force
RP1141: 3/7/2013 7:43:22 PM - Uniblue DriverScanner installation
RP1142: 3/8/2013 10:08:00 AM - Removed Java 7 Update 15
RP1143: 3/10/2013 2:04:41 AM - System Checkpoint
RP1144: 3/12/2013 12:30:50 PM - System Checkpoint
RP1145: 3/13/2013 1:27:31 PM - Software Distribution Service 3.0
RP1146: 3/15/2013 9:32:52 PM - System Checkpoint
RP1147: 3/18/2013 12:19:42 AM - Removed QuickTime
RP1148: 3/18/2013 12:20:39 AM - Removed Java™ 6 Update 38
RP1149: 3/18/2013 12:21:25 AM - Removed Java 7 Update 17
RP1150: 3/18/2013 12:26:40 AM - Installed Java 7 Update 17
RP1151: 3/18/2013 12:42:47 AM - Removed Java 7 Update 17
RP1152: 3/18/2013 12:43:14 AM - Installed Java 7 Update 17
RP1153: 3/18/2013 9:30:33 PM - Installed SES Driver
RP1154: 3/18/2013 9:44:46 PM - Installed WD Software Upgrader
RP1155: 3/18/2013 9:46:18 PM - Installed WD Software Upgrader
RP1156: 3/18/2013 10:07:49 PM - Installed ParetoLogic Data Recovery.
RP1157: 3/18/2013 11:02:37 PM - Removed ParetoLogic Data Recovery.
RP1158: 3/19/2013 12:06:24 PM - Software Distribution Service 3.0
RP1159: 3/20/2013 1:36:19 PM - System Checkpoint
RP1160: 3/21/2013 10:32:53 AM - Installed WD Drive Utilities
RP1161: 3/21/2013 8:48:52 PM - Software Distribution Service 3.0
RP1162: 3/23/2013 12:23:56 PM - System Checkpoint
RP1163: 3/24/2013 6:15:21 PM - System Checkpoint
RP1164: 3/24/2013 8:13:07 PM - Installed Java™ 7 Update 5
RP1165: 3/24/2013 8:13:50 PM - Installed JavaFX 2.1.1
RP1166: 3/24/2013 8:33:52 PM - Removed Java 7 Update 17
RP1167: 3/24/2013 8:34:21 PM - Installed Java 7 Update 17
RP1168: 3/27/2013 9:16:26 PM - System Checkpoint
RP1169: 3/28/2013 9:40:52 PM - System Checkpoint
RP1170: 3/30/2013 1:44:56 PM - System Checkpoint
RP1171: 3/31/2013 4:06:14 PM - System Checkpoint
RP1172: 4/14/2013 10:33:42 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 12.0
AGEIA PhysX v7.09.13
Ambush Pack 1.00 for Pocket Tanks Deluxe
AMD Processor Driver
Ashampoo Burning Studio 6 FREE
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
ATI Control Panel
ATI Display Driver
BridgeMan
BS.Player PRO
Call of Duty® 4 - Modern Warfare™
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Canon Camera Access Library
Canon DIGITAL CAMERA Solution Disk Software Guide
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A3300 IS and A3200 IS and A2200 Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Chaos Pack 1.00 for Pocket Tanks Deluxe
Compatibility Pack for the 2007 Office system
Conduit Engine
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CPUID CPU-Z 1.53.1
CyberLink PowerDVD 9
Darkstar One
Data Lifeguard Diagnostic for Windows 1.24
Di reènik, v1.0.0.58
DivX Setup
Driver Detective
DriverScanner
ESET NOD32 Antivirus
Facebook Plug-In
Facebook Video Calling 1.2.0.287
Fireworks Pack v1.0 for Pocket Tanks Deluxe
Flamethrower Pack 1.00 for Pocket Tanks Deluxe
Futuremark SystemInfo
GameSpy Arcade
Gold Pack v1.0 for Pocket Tanks Deluxe
GOM Player
Google Chrome
Google Update Helper
Gravity Pack v1.0 for Pocket Tanks Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
Java 7 Update 17
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
L&H TTS3000 British English
League of Legends
Marlins Test
Meteor Pack 1.00 for Pocket Tanks Deluxe
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft LifeCam
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WinUsb 1.0
MSN
MSN Toolbar
MSN Toolbar Platform
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV2Player (remove only)
Nuke Pack 1.00 for Pocket Tanks Deluxe
NVIDIA Drivers
NvMixer
OGA Notifier 2.0.0048.0
Opera 12.14
PC Wizard 2010.1.93
Pocket Tanks Deluxe v1.3
Power Pack 1.00 for Pocket Tanks Deluxe
PowerISO
Prince of Persia T2T
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sentinel System Driver
SES Driver
Skype Click to Call
Skype™ 6.2
Snowball Pack v1.0 for Pocket Tanks Deluxe
Sony Ericsson Update Engine
Super Pack v1.1 for Pocket Tanks Deluxe
swMSM
System Requirements Lab
System Requirements Lab CYRI
The Battle for Middle-earth ™
The Lord of the Rings FREE Trial
Tsunamis '99
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
ViewSonic Monitor Drivers
Vsk5
Vuze
Vuze Remote Toolbar
WD Drive Utilities
WD Security
WD SmartWare
WebFldrs XP
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Media Format 11 runtime
Windows Media Player 11
WinGPS Pro 3.0
WinRAR archiver
WORLD SOCCER WINNING ELEVEN 8 INTERNATIONAL
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
4/14/2013 10:15:05 AM, error: Service Control Manager [7023] - The SSHNAS service terminated with the following error: The specified module could not be found.
4/14/2013 10:15:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Transas Basic Service service to connect.
4/14/2013 10:15:05 AM, error: Service Control Manager [7000] - The Transas Basic Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/14/2013 10:15:05 AM, error: Service Control Manager [7000] - The Sntnlusb service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

 

Thanks in advance

 

brnjas



#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 15 April 2013 - 05:45 AM

Hello, brnjas.
Backdoor Warning
One or more of the identified infections is a backdoor trojan.
 
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
 
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
 
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
 
We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.  If you do decide to proceed, please continue with the fix below.
 
 
 
 
Registry Cleaner Warning
 
 
I also see that you have a Ccleaner installed.  It is a great tool that I use.  However, be careful of the registry cleaning functionality (versus file cleaning),  Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry.  If you do use it, make sure to use a tool like ERUNT to back up your registry first.  Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!
 
See here for more information:
 
 
 
Ask Toolbar Warning"
 
I see you have the Ask.Com toolbar installed.  This often comes bundled with spyware and is recommended you remove.
 
Please see here for more information:
 
If you would like to remove it, please go to add/Remove Programs and uninstall it.
Conduit Toolbar Warning"
 
I see you have the a Conduit toolbar installed.  This often is recognized as trackware and I recommend you remove it.
 
If you would like to remove it, please go to add/Remove Programs and uninstall Vuze Remote Toolbar.
 
 
 
 
 
 
Step 1
 
Please uninstall any of the following program(s) using Add/Remove Programs if they are present. To do this, go to Start > Settings > Control Panel and double-click on Add/Remove Programs. From within Add/Remove Programs highlight each one and select Remove.
 
 
Conduit Engine
Java™ 7 Update 5
Vuze Remote Toolbar
 
 
Be sure to reboot when done.
 
 
 
Step 2
 
 
 
Next, please download ComboFix from one of these locations:
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
   
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)

   
  • Double click on etavaresCF.exe & follow the prompts.

   
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

   
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 
 
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 
whatnext.png
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.
 
Note:  After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion."  If you receive this error, please reboot and it should disappear.
 
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 15 April 2013 - 08:24 AM

Hi etavares,

 

I did like you said and these are the results:

 

 

ComboFix 13-04-15.01 - User 04/15/2013  14:21:41.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.731 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\etavaresCF.exe.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
c:\documents and settings\User\Application Data\data.dat
c:\documents and settings\User\Application Data\facemoods.com
c:\documents and settings\User\Application Data\HPSU_48BitScanUpdate.log
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User\WINDOWS
c:\windows\ST6UNST.000
c:\windows\system32\Drivers\oreans32.sys
c:\windows\system32\SETD90.tmp
c:\windows\system32\SETD95.tmp
c:\windows\system32\SETD9C.tmp
c:\windows\system32\SETDA5.tmp
c:\windows\system32\SETDA8.tmp
c:\windows\system32\SETDAA.tmp
c:\windows\system32\SETDAD.tmp
c:\windows\system32\SETDAF.tmp
c:\windows\system32\SETDBE.tmp
c:\windows\system32\SETE08.tmp
c:\windows\system32\userdata.dll
C:\Windupdt
H:\autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
-------\Service_SSHNAS
-------\Legacy_oreans32
-------\Service_oreans32
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-15 to 2013-04-15  )))))))))))))))))))))))))))))))
.
.
2013-04-15 10:16 . 2013-04-15 10:40 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2013-04-15 10:16 . 2013-04-15 12:06 -------- d-----w- c:\program files\Xfire
2013-04-15 10:14 . 2013-04-15 10:17 -------- d-----w- c:\documents and settings\User\Downloads
2013-03-28 09:37 . 2013-03-28 09:37 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 16:21 . 2013-03-27 16:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Western_Digital
2013-03-24 19:34 . 2013-03-24 19:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 19:24 . 2013-03-24 19:24 -------- d-----w- c:\program files\CCleaner
2013-03-24 19:13 . 2013-03-24 19:13 -------- d-----w- c:\program files\Oracle
2013-03-24 19:13 . 2013-03-24 19:13 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 19:47 . 2013-03-21 20:07 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2013-03-21 19:22 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 09:29 . 2013-03-21 09:29 -------- d-----w- c:\program files\Common Files\Western Digital
2013-03-21 09:28 . 2013-03-21 09:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Western Digital
2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-20 21:08 . 2013-03-24 19:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 20:41 . 2013-03-24 19:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-20 20:39 . 2013-03-20 20:39 -------- d-----w- c:\windows\system32\Adobe
2013-03-20 20:35 . 2013-03-20 20:35 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-18 22:04 . 2013-03-18 22:04 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Wondershare
2013-03-18 22:04 . 2013-03-18 22:04 -------- d-----w- c:\program files\Common Files\Wondershare
2013-03-18 22:03 . 2013-03-20 11:31 -------- d-----w- c:\program files\Temp
2013-03-18 21:58 . 2013-03-18 21:58 -------- d-----w- c:\windows\system32\WDCSAM
2013-03-18 21:57 . 2011-03-15 09:23 694272 ----a-w- c:\windows\system32\WD SES Driver Setup (x86).msi
2013-03-18 21:07 . 2013-03-18 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2013-03-18 20:30 . 2013-03-21 09:32 -------- d-----w- c:\program files\Western Digital
2013-03-18 20:15 . 2013-03-21 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2013-03-18 19:25 . 2013-03-18 19:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Opera
2013-03-18 19:24 . 2013-03-18 19:25 -------- d-----w- c:\program files\Opera
2013-03-18 12:45 . 2013-03-18 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2013-03-18 12:45 . 2013-03-18 12:46 -------- d-----w- c:\program files\Canon
2013-03-18 12:17 . 2013-03-18 12:17 -------- d-----w- c:\documents and settings\User\Application Data\CANON INC
2013-03-17 23:44 . 2013-03-17 23:44 -------- d-----w- c:\program files\Common Files\Java
2013-03-17 23:43 . 2012-05-04 18:29 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-17 23:43 . 2013-04-15 12:03 -------- d-----w- c:\program files\Java
2013-03-17 23:05 . 2013-03-17 23:05 -------- d-----w- c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 10:01 . 2011-12-11 16:10 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-15 10:00 . 2011-12-11 16:10 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-15 10:00 . 2010-02-15 21:30 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-15 09:58 . 2010-02-19 18:37 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-28 11:16 . 2011-12-11 16:10 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-03-28 11:12 . 2010-02-15 13:29 22328 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2013-03-24 19:34 . 2012-07-14 14:13 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-24 19:34 . 2010-05-05 06:58 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 11:42 . 2013-03-13 11:42 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 04:23 . 2009-02-06 10:30 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 01:31 . 2009-06-09 19:32 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 09:30 . 2013-01-01 22:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-03-02 01:31 . 2009-06-09 19:33 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2009-06-25 16:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:05 . 2009-06-09 19:33 668672 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:05 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:05 . 2009-06-09 19:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 01:02 . 2009-06-09 19:33 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows_update.exe"="c:\documents and settings\User\My Documents\Downloads\Programs\cod 4 hack\Call of Duty 4 Undetected Hack" [X]
"Facebook Update"="c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"INSAutoRunner"="c:\program files\Common Files\Transas Shared\Navigation\Tools\INSAutoRun.exe" [2008-04-29 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-9-30 256000]
Real Desktop.lnk - c:\program files\Real Desktop\Real Desktop.exe [N/A]
Registration Heroes of Might & Magic 5 - Tribes of the East.LNK - d:\heroes of m&m\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe [N/A]
Registration Pacific Fighters.LNK - g:\registration_us\RegistrationReminder.exe [N/A]
Registration Prince of Persia Warrior Within.LNK - d:\prince of persia warrior within\Support\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTiBSKeyRunner]
2008-04-29 15:18 110592 ----a-w- c:\program files\Common Files\Transas Shared\Navigation\Shared\KeyRunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 01:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"d:\\backup\\downloads\\call of duty 4\\INSTALL\\iw3mp.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\lord of the rings mid earth\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49999:TCP"= 49999:TCP:Transas NavTex
"50000:UDP"= 50000:UDP:INS Network Discovery
"50000:TCP"= 50000:TCP:INS Network Configuration
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/12/2009 8:35 PM 682232]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 9:20 AM 103112]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/25 20:48];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 1:03 PM 974944]
R2 INSSvc;Transas INS Network;c:\program files\Common Files\Transas Shared\Navigation\IBSConfig\IBSSvc.exe [4/29/2008 2:54 PM 241664]
R2 NavTex;Transas NavTex;c:\program files\Common Files\Transas Shared\Navigation\NavTex\NavTex.exe [12/25/2007 11:35 AM 241664]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 10:26 PM 3289208]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [12/15/2011 10:25 AM 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [9/6/2012 11:50 AM 248248]
R2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [12/15/2011 10:25 AM 1591176]
R2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [12/15/2011 10:25 AM 1091992]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3/26/2011 7:55 PM 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\User\LOCALS~1\Temp\VSPE.sys --> c:\docume~1\User\LOCALS~1\Temp\VSPE.sys [?]
S2 gupdate1ca445ce2b2b504;Google Update Service (gupdate1ca445ce2b2b504);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2009 9:08 PM 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/7/2013 2:24 PM 161384]
S2 Transas Basic Service;Transas Basic Service;c:\program files\Common Files\Transas Shared\Navigation\Shared\TBService.exe [12/24/2007 8:45 PM 241664]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2/23/2013 11:50 AM 106656]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2/2/2011 4:37 PM 135584]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/5/2011 5:21 PM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 SENTEMU;SENTEMU;\??\c:\transas\NS4000\SENTEMU.SYS --> c:\transas\NS4000\SENTEMU.SYS [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-14 08:50 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-15 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-03-07 13:47]
.
2013-03-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-796845957-1801674531-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-15 22:39]
.
2013-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-796845957-1801674531-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-15 22:39]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 19:08]
.
2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 19:08]
.
2013-04-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com?a=6mb0WrZURs
uInternet Connection Wizard,ShellNext = hxxp://rapidshare.com/files/134242616/NodLogin_9.6__32_and_64bits_.rar
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary - 
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-WindowsUpd_ - c:\documents and settings\User\Application Data\WindowsUpd_.exe
HKCU-Run-Real Desktop - c:\program files\Real Desktop\Real Desktop.exe
HKCU-Run-Akamai NetSession Interface - c:\documents and settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
HKLM-Run-WindowsUpd_ - c:\documents and settings\User\Application Data\WindowsUpd_.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-15 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:75,44,ff,80,0e,8e,c5,f7,5a,3a,8f,28,5c,fc,90,46,5b,00,11,57,a7,a9,eb,
   42,10,70,b0,3e,69,42,02,9d,eb,90,9a,1b,8a,d1,ba,ad,92,d8,ca,4b,a9,2d,12,ef,\
"??"=hex:af,0e,fb,8d,79,bd,06,60,66,04,48,95,12,5e,5d,2c
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:ac,40,a0,78,48,f3,09,25,1d,ab,5b,3e,9d,43,c6,8e,e9,95,72,8b,54,
   64,e1,48,69,3a,9f,ec,42,b3,0a,41,fb,48,c5,ef,c8,d4,1c,7d,7d,4f,c5,50,ff,ee,\
"rkeysecu"=hex:7e,9f,7e,c8,26,88,62,83,07,f4,37,fc,ec,8c,cd,59
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(840)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2904)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2013-04-15  14:32:56 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-15 12:32
.
Pre-Run: 24,343,138,304 bytes free
Post-Run: 25,769,267,200 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AA3CDAD21E681365A7CFB6F6C3C933EA
 
Everything was going smoothly. The program asked me to install "Microsoft Windows Recovery Console" and I allow that. 
 
I really hope we can fix this problem with My Passport and I appreciate your help, sir
 
 
 
brnjas


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 15 April 2013 - 07:36 PM

Hello, brnjas.
 
 
Step 1
 
Please make sure that you can view all hidden files.  Instructions on how to do this can be found here:
 
 
Please click this link-->Jotti
 
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
 
c:\windows\system32\user32.dll
 
Please post back the results of the scan in your next post.
 
If Jotti is busy, try the same at Virustotal:  http://www.virustotal.com/
 
 
 
Step 2
 
 
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
 
3. Open Notepad and copy/paste the text in the codebox below into Notepad:
 
File::
c:\docume~1\user\locals~1\temp\b.exe
c:\documents and settings\user\application data\WindowsUpd_.exe
Folder::
c:\windows\softwareprotection\
c:\program files\conduitengine\
c:\program files\vuze_remote\
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 0
DDS::
uStart Page = hxxp://mystart.incredimail.com?a=6mb0WrZURs
uInternet Connection Wizard,ShellNext = hxxp://rapidshare.com/files/134242616/NodLogin_9.6__32_and_64bits_.rar
 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
CFScriptB-4.gif
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 
Note:  After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion."  If you receive this error, please reboot and it should disappear.
 
etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 brnjas

brnjas
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 17 April 2013 - 05:02 AM

hello etavares,

 

I started Jotti and those antiviruses (scanners) found nothing.

Combofix results are:

 

 

ComboFix 13-04-15.01 - User 04/17/2013  11:27:07.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1535.884 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\etavaresCF.exe.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\docume~1\user\locals~1\temp\b.exe"
"c:\documents and settings\user\application data\WindowsUpd_.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\softwareprotection
c:\windows\softwareprotection\_socket.pyd
c:\windows\softwareprotection\_ssl.pyd
c:\windows\softwareprotection\bz2.pyd
c:\windows\softwareprotection\cod4 serial database.ptn
c:\windows\softwareprotection\gdiplus.dll
c:\windows\softwareprotection\MSVCP71.dll
c:\windows\softwareprotection\MSVCR71.dll
c:\windows\softwareprotection\python25.dll
c:\windows\softwareprotection\pywintypes25.dll
c:\windows\softwareprotection\systemvital.exe
c:\windows\softwareprotection\unicodedata.pyd
c:\windows\softwareprotection\win32api.pyd
c:\windows\softwareprotection\wx._controls_.pyd
c:\windows\softwareprotection\wx._core_.pyd
c:\windows\softwareprotection\wx._gdi_.pyd
c:\windows\softwareprotection\wx._misc_.pyd
c:\windows\softwareprotection\wx._windows_.pyd
c:\windows\softwareprotection\wxbase28uh_net_vc.dll
c:\windows\softwareprotection\wxbase28uh_vc.dll
c:\windows\softwareprotection\wxmsw28uh_adv_vc.dll
c:\windows\softwareprotection\wxmsw28uh_core_vc.dll
c:\windows\softwareprotection\wxmsw28uh_html_vc.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-17 to 2013-04-17  )))))))))))))))))))))))))))))))
.
.
2013-04-15 10:16 . 2013-04-15 14:06 -------- d-----w- c:\documents and settings\User\Application Data\Xfire
2013-04-15 10:16 . 2013-04-15 13:46 -------- d-----w- c:\program files\Xfire
2013-04-15 10:14 . 2013-04-15 10:17 -------- d-----w- c:\documents and settings\User\Downloads
2013-03-28 09:37 . 2013-03-28 09:37 -------- d-----w- c:\program files\Western Digital Corporation
2013-03-27 16:21 . 2013-03-27 16:21 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Western_Digital
2013-03-24 19:34 . 2013-03-24 19:34 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-24 19:24 . 2013-03-24 19:24 -------- d-----w- c:\program files\CCleaner
2013-03-24 19:13 . 2013-03-24 19:13 -------- d-----w- c:\program files\Oracle
2013-03-24 19:13 . 2013-03-24 19:13 -------- d-----w- c:\documents and settings\User\Application Data\Oracle
2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2013-03-21 19:47 . 2013-03-21 20:07 -------- d-----w- c:\program files\Pocket Tanks Deluxe
2013-03-21 19:22 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 09:29 . 2013-03-21 09:29 -------- d-----w- c:\program files\Common Files\Western Digital
2013-03-21 09:28 . 2013-03-21 09:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Western Digital
2013-03-21 04:10 . 2013-03-21 04:10 42880 ----a-w- c:\windows\system32\xfcodec.dll
2013-03-20 21:08 . 2013-03-24 19:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-20 20:41 . 2013-03-24 19:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-20 20:39 . 2013-03-20 20:39 -------- d-----w- c:\windows\system32\Adobe
2013-03-20 20:35 . 2013-03-20 20:35 -------- d-----w- c:\program files\Common Files\Adobe
2013-03-18 22:04 . 2013-03-18 22:04 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Wondershare
2013-03-18 22:04 . 2013-03-18 22:04 -------- d-----w- c:\program files\Common Files\Wondershare
2013-03-18 22:03 . 2013-03-20 11:31 -------- d-----w- c:\program files\Temp
2013-03-18 21:58 . 2013-03-18 21:58 -------- d-----w- c:\windows\system32\WDCSAM
2013-03-18 21:57 . 2011-03-15 09:23 694272 ----a-w- c:\windows\system32\WD SES Driver Setup (x86).msi
2013-03-18 21:07 . 2013-03-18 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Cached Installations
2013-03-18 20:30 . 2013-03-21 09:32 -------- d-----w- c:\program files\Western Digital
2013-03-18 20:15 . 2013-03-21 09:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2013-03-18 19:25 . 2013-03-18 19:25 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Opera
2013-03-18 19:24 . 2013-03-18 19:25 -------- d-----w- c:\program files\Opera
2013-03-18 12:45 . 2013-03-18 12:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2013-03-18 12:45 . 2013-03-18 12:46 -------- d-----w- c:\program files\Canon
2013-03-18 12:17 . 2013-03-18 12:17 -------- d-----w- c:\documents and settings\User\Application Data\CANON INC
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-15 14:03 . 2011-12-11 16:10 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-15 14:03 . 2011-12-11 16:10 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-15 14:03 . 2010-02-15 21:30 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-15 13:51 . 2010-02-19 18:37 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-03-28 11:16 . 2011-12-11 16:10 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-03-28 11:12 . 2010-02-15 13:29 22328 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2013-03-24 19:34 . 2012-07-14 14:13 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-24 19:34 . 2010-05-05 06:58 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 11:42 . 2013-03-13 11:42 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-08 08:36 . 2008-04-14 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 04:23 . 2009-02-06 10:30 2070016 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 01:31 . 2009-06-09 19:32 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-06 09:30 . 2013-01-01 22:07 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-03-02 01:31 . 2009-06-09 19:33 1876224 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2009-06-25 16:28 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:05 . 2009-06-09 19:33 668672 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:05 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:05 . 2009-06-09 19:33 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 01:02 . 2009-06-09 19:33 369664 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-04-14 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2008-04-14 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . CA74C32AD4E1C087066B321E0DA8C22E . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"windows_update.exe"="c:\documents and settings\User\My Documents\Downloads\Programs\cod 4 hack\Call of Duty 4 Undetected Hack" [X]
"Facebook Update"="c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-02-28 75048]
"VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0360.0\mswinext.exe" [2009-11-18 240480]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"INSAutoRunner"="c:\program files\Common Files\Transas Shared\Navigation\Tools\INSAutoRun.exe" [2008-04-29 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 3080264]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2009-9-30 256000]
Real Desktop.lnk - c:\program files\Real Desktop\Real Desktop.exe [N/A]
Registration Heroes of Might & Magic 5 - Tribes of the East.LNK - d:\heroes of m&m\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe [N/A]
Registration Pacific Fighters.LNK - g:\registration_us\RegistrationReminder.exe [N/A]
Registration Prince of Persia Warrior Within.LNK - d:\prince of persia warrior within\Support\Register\RegistrationReminder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTiBSKeyRunner]
2008-04-29 15:18 110592 ----a-w- c:\program files\Common Files\Transas Shared\Navigation\Shared\KeyRunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 01:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"d:\\backup\\downloads\\call of duty 4\\INSTALL\\iw3mp.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"d:\\lord of the rings mid earth\\game.dat"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49999:TCP"= 49999:TCP:Transas NavTex
"50000:UDP"= 50000:UDP:INS Network Discovery
"50000:TCP"= 50000:TCP:INS Network Configuration
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"8371:TCP"= 8371:TCP:League of Legends Launcher
"8371:UDP"= 8371:UDP:League of Legends Launcher
"8372:TCP"= 8372:TCP:League of Legends Launcher
"8372:UDP"= 8372:UDP:League of Legends Launcher
"8373:TCP"= 8373:TCP:League of Legends Launcher
"8373:UDP"= 8373:UDP:League of Legends Launcher
"8374:TCP"= 8374:TCP:League of Legends Launcher
"8374:UDP"= 8374:UDP:League of Legends Launcher
"8375:TCP"= 8375:TCP:League of Legends Launcher
"8375:UDP"= 8375:UDP:League of Legends Launcher
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/12/2009 8:35 PM 682232]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [8/4/2011 9:20 AM 103112]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/25 20:48];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 7:40 PM 87536]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/22/2011 1:03 PM 974944]
R2 INSSvc;Transas INS Network;c:\program files\Common Files\Transas Shared\Navigation\IBSConfig\IBSSvc.exe [4/29/2008 2:54 PM 241664]
R2 NavTex;Transas NavTex;c:\program files\Common Files\Transas Shared\Navigation\NavTex\NavTex.exe [12/25/2007 11:35 AM 241664]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [12/15/2011 10:25 AM 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [9/6/2012 11:50 AM 248248]
R2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [12/15/2011 10:25 AM 1591176]
R2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [12/15/2011 10:25 AM 1091992]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [3/26/2011 7:55 PM 27632]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\User\LOCALS~1\Temp\VSPE.sys --> c:\docume~1\User\LOCALS~1\Temp\VSPE.sys [?]
S2 gupdate1ca445ce2b2b504;Google Update Service (gupdate1ca445ce2b2b504);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2009 9:08 PM 133104]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3/19/2013 10:26 PM 3289208]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/7/2013 2:24 PM 161384]
S2 Transas Basic Service;Transas Basic Service;c:\program files\Common Files\Transas Shared\Navigation\Shared\TBService.exe [12/24/2007 8:45 PM 241664]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys --> c:\windows\system32\DRIVERS\appliand.sys [?]
S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 EraserUtilDrv11220;EraserUtilDrv11220;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys [2/23/2013 11:50 AM 106656]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2/2/2011 4:37 PM 135584]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [9/5/2011 5:21 PM 13224]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\safedrv.sys --> c:\program files\Garena\safedrv.sys [?]
S3 SENTEMU;SENTEMU;\??\c:\transas\NS4000\SENTEMU.SYS --> c:\transas\NS4000\SENTEMU.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-14 08:50 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-03-07 13:47]
.
2013-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-796845957-1801674531-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-15 22:39]
.
2013-04-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1757981266-796845957-1801674531-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-15 22:39]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 19:08]
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-03 19:08]
.
2013-04-17 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevedi sa Di recnikom - c:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary - 
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-DivXMediaServer - c:\program files\DivX\DivX Media Server\DivXMediaServer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-17 11:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:75,44,ff,80,0e,8e,c5,f7,5a,3a,8f,28,5c,fc,90,46,5b,00,11,57,a7,a9,eb,
   42,10,70,b0,3e,69,42,02,9d,eb,90,9a,1b,8a,d1,ba,ad,92,d8,ca,4b,a9,2d,12,ef,\
"??"=hex:af,0e,fb,8d,79,bd,06,60,66,04,48,95,12,5e,5d,2c
.
[HKEY_USERS\S-1-5-21-1757981266-796845957-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:ac,40,a0,78,48,f3,09,25,1d,ab,5b,3e,9d,43,c6,8e,e9,95,72,8b,54,
   64,e1,48,69,3a,9f,ec,42,b3,0a,41,fb,48,c5,ef,c8,d4,1c,7d,7d,4f,c5,50,ff,ee,\
"rkeysecu"=hex:7e,9f,7e,c8,26,88,62,83,07,f4,37,fc,ec,8c,cd,59
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(844)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-04-17  11:39:57
ComboFix-quarantined-files.txt  2013-04-17 09:39
ComboFix2.txt  2013-04-15 12:32
.
Pre-Run: 25,759,891,456 bytes free
Post-Run: 25,809,752,064 bytes free
.
- - End Of File - - 98A45E14F7A3904979A2C0B86ED8B28E
 
 
Thanks in advance
 
 
brnjas


#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 17 April 2013 - 07:37 PM

Hello, brnjas.

Let's do a quick scan.


Step 1

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users