Lenovox61

Hi

I read through some threads here and was really impressed by the help given, so I decided to put my own problem up here.

I run F-secure, and yesterday during a full computer scan 2 viruses were discovered:

Trojan:W32/Agent.KRH (C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\HVBB0.exe
Trojan:W32/Agent

The second virus were quarantined. But, f-secure was unable to remove the first. Ive gotten virus warnings in the past, so most likely there is a lot more to be found on the computer as well.


If anyone would take the time to help me get rid of these threats I would very grateful. If you give me step-by-step instructions I can get logs/files needed for you to help me..

Thank you in advance!

Attached:

Attach.zip containing Attach.txt and ARK.txt

DDS.txt:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Benjamin at 18:12:48.39 on 03/07/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2282 [GMT 2:00]

AV: F-Secure Anti-Virus for Workstations 8.00 *On-access scanning enabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\WINDOWS\system32\svchost.exe" 40706
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Benjamin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [sclauncher] c:\program files\simplecenter\bin\win\sclauncher.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RealUpgradeHelper] "c:\program files\common files\real\update_ob\upgrdhlp.exe" "RealNetworks|RealPlayer|6.0"
StartupFolder: c:\docume~1\benjamin\startm~1\programs\startup\autoru~1\produc~1.lnk - c:\program files\common files\logishrd\ereg\setpoint\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to QQ Customized Emoticons - c:\program files\tencent\qq\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\tencent\qq\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\tencent\qq\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\tencent\qq\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\tencent\qq\AddToNetDisk.htm
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\tencent\qq\QQ.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/binary/MJSS.cab69309.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161722270793
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161722263871
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\benjamin\applic~1\mozilla\firefox\profiles\3c3k4z7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\benjamin\local settings\application data\myvrnpapi\npmyvr.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2008-12-11 33408]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2008-12-11 215648]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2008-12-11 86648]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2008-12-11 162456]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2006-10-30 91830]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [2006-10-29 15232]
S2 RPCER;Remote Procedure Call (HNM);c:\program files\netmeeting\comp.exe [2007-3-28 12798152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-2-17 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-2-17 8320]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2008-12-11 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2008-12-11 25184]

=============== Created Last 30 ================

2009-07-03 16:20 <DIR> --d----- c:\windows\pss
2009-07-03 16:12 485,920 a------- c:\windows\system32\NVUNINST.EXE
2009-07-03 16:11 457,248 a------- c:\windows\system32\nvudisp.exe
2009-07-03 16:11 19,495 a------- c:\windows\system32\nvdisp.nvu
2009-07-03 15:48 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-03 15:46 <DIR> --d----- c:\program files\Bonjour
2009-07-03 15:25 <DIR> --d----- c:\program files\PC Wizard 2008
2009-06-30 19:10 <DIR> --d----- c:\documents and settings\benjamin\PrivacIE
2009-06-28 17:01 <DIR> --d----- c:\documents and settings\benjamin\IETldCache
2009-06-28 14:43 <DIR> --d----- c:\windows\ie8updates
2009-06-28 14:42 <DIR> -cd----- c:\windows\ie8
2009-06-24 02:55 <DIR> --d----- c:\program files\DISCIPLINE
2009-06-13 19:14 <DIR> --d----- c:\program files\iPod
2009-06-13 19:14 <DIR> --d----- c:\program files\iTunes
2009-06-10 08:28 3,510,272 a------- c:\windows\system32\nvgames.dll
2009-06-10 08:28 4,022,272 a------- c:\windows\system32\nvdisps.dll
2009-06-10 08:28 13,758,464 a------- c:\windows\system32\nvcpl.dll
2009-06-10 08:28 235,289 a------- c:\windows\system32\NvApps.xml
2009-06-10 08:28 168,004 a------- c:\windows\system32\nvsvc32.exe
2009-06-10 08:28 143,360 a------- c:\windows\system32\nvcolor.exe
2009-06-10 08:28 86,016 a------- c:\windows\system32\nvmctray.dll
2009-06-10 08:28 64,777 a------- c:\windows\system32\NvwsApps.xml
2009-06-10 08:28 229,376 a------- c:\windows\system32\nvmccs.dll
2009-06-10 06:03 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-06-10 06:03 1,580,550 a------- c:\windows\system32\nvdata.bin
2009-06-10 06:03 1,310,720 a------- c:\windows\system32\nvcuvenc.dll
2009-06-10 06:03 671,744 a------- c:\windows\system32\nvcuvid.dll

==================== Find3M ====================

2009-06-10 06:03 9,998,336 a------- c:\windows\system32\nvoglnt.dll
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 06:03 8,087,712 a------- c:\windows\system32\dllcache\nv4_mini.sys
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\nv4_disp.dll
2009-06-10 06:03 5,908,608 a------- c:\windows\system32\dllcache\nv4_disp.dll
2009-06-10 06:03 815,104 a------- c:\windows\system32\nvapi.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcodins.dll
2009-06-10 06:03 151,552 a------- c:\windows\system32\nvcod.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 17:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-05 21:40 215,872 a------- c:\windows\system32\drivers\truecrypt.sys
2009-05-01 20:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 06:55 27,648 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-28 11:05 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-28 11:05 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-25 07:27 636,088 -------- c:\windows\system32\dllcache\iexplore.exe
2009-04-25 07:26 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-04-17 14:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 14:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 16:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 16:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2008-11-06 22:29 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-09-10 14:49 87,608 a------- c:\docume~1\benjamin\applic~1\inst.exe
2008-09-10 14:49 47,360 a------- c:\docume~1\benjamin\applic~1\pcouffin.sys
2007-11-18 01:03 22,328 a------- c:\docume~1\benjamin\applic~1\PnkBstrK.sys
2006-10-24 23:37 1,378 a------- c:\program files\uninstal.log
2001-08-13 15:51 1,396,337 a------- c:\program files\Captura.exe
2007-02-03 23:23 88 ---shr-- c:\windows\system32\B027AC290B.sys
2007-02-03 23:23 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-16 15:51 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 18:13:38.06 ===============

Attached Files

Attach.zip (7.9 KB, 1 views)

Lenovox61

A little update:

- Print screen doesnt seem to work most of the time.

- When I tried to open internet explorer it shut down right away by itself.
After a few times it froze and then I got some error message saying something about "Dr. Watson Post Mortem Debugger" which I have never heard of...

Re-installed IE but problem persists..

Please help me :S

Lenovox61

To (hopefully) help you guys help me I ran combofix following instructions from other threads. Attached is the log file.

Putting up this log that popped up after the scan too just in case:

ComboFix 09-07-03.03 - Benjamin 04/07/2009 2:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2496 [GMT 2:00]
Running from: c:\documents and settings\Benjamin\Desktop\Combo-Fix.exe
AV: F-Secure Anti-Virus for Workstations 8.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Benjamin\Application Data\inst.exe
c:\windows\Installer\18a8ed.msp
c:\windows\Installer\1be674.msp
c:\windows\Installer\4ab5da.msp

.
((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 00:35 . 2009-07-04 00:35 -------- d-----w- c:\windows\LastGood
2009-07-04 00:28 . 2009-07-04 00:28 -------- d-----w- C:\5a6d4bcc2acfd0d445c7e8
2009-07-04 00:27 . 2009-07-04 00:28 -------- d-----w- C:\c7a13c51cb86994d9e99a5b04ec252dd
2009-07-03 14:12 . 2009-06-21 06:46 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-07-03 14:11 . 2009-06-10 04:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-07-03 14:05 . 2009-07-03 14:05 290816 ----a-w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-07-03 13:48 . 2009-07-03 13:48 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-03 13:25 . 2009-07-03 20:48 -------- d-----w- c:\program files\PC Wizard 2008
2009-06-30 17:10 . 2009-06-30 17:10 -------- d-----w- c:\documents and settings\Benjamin\PrivacIE
2009-06-28 17:05 . 2009-06-28 17:05 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2009-06-28 15:01 . 2009-06-28 15:01 -------- d-----w- c:\documents and settings\Benjamin\IETldCache
2009-06-28 12:43 . 2009-06-28 12:43 -------- d-----w- c:\windows\ie8updates
2009-06-28 12:42 . 2009-07-03 13:47 -------- dc----w- c:\windows\ie8
2009-06-24 00:55 . 2009-07-03 13:47 -------- d-----w- c:\program files\DISCIPLINE
2009-06-23 15:03 . 2009-06-23 15:03 152576 ----a-w- c:\documents and settings\Benjamin\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-13 17:14 . 2009-06-13 17:14 -------- d-----w- c:\program files\iPod
2009-06-13 17:14 . 2009-06-13 17:14 -------- d-----w- c:\program files\iTunes
2009-06-13 17:08 . 2009-06-13 17:08 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-10 06:28 . 2009-06-10 06:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 06:28 . 2009-06-10 06:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 06:28 . 2009-06-10 06:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 06:28 . 2009-06-10 06:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 06:28 . 2009-06-10 06:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 06:28 . 2009-06-10 06:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 06:28 . 2009-06-10 06:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 04:03 . 2009-06-10 04:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 04:03 . 2009-06-10 04:03 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 04:03 . 2009-06-10 04:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 04:03 . 2009-06-10 04:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 00:31 . 2008-11-09 15:11 -------- d-----w- c:\documents and settings\Benjamin\Application Data\uTorrent
2009-07-03 18:36 . 2006-11-02 16:22 -------- d-----w- c:\program files\BitLord
2009-07-03 15:34 . 2008-12-10 23:29 -------- d-----w- c:\program files\F-Secure
2009-07-03 14:30 . 2007-03-11 18:03 -------- d-----w- c:\program files\Yahoo!
2009-07-03 14:28 . 2006-10-11 20:35 -------- d-----w- c:\program files\Creative
2009-07-03 14:26 . 2008-10-19 18:00 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-07-03 14:25 . 2007-04-29 01:01 -------- d-----w- c:\program files\AviSynth 2.5
2009-07-03 14:12 . 2006-10-29 19:36 -------- d-----w- c:\documents and settings\Benjamin\Application Data\Skype
2009-07-03 14:05 . 2008-09-07 19:20 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-03 14:05 . 2007-10-18 14:43 -------- d-----w- c:\documents and settings\Benjamin\Application Data\SystemRequirementsLab
2009-07-03 14:00 . 2009-02-11 19:00 -------- d-----w- c:\program files\Azgard Defence
2009-07-03 13:50 . 2008-08-16 09:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-23 15:04 . 2006-10-11 20:30 -------- d-----w- c:\program files\Java
2009-06-13 17:14 . 2008-03-12 17:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 17:12 . 2008-07-05 22:53 -------- d-----w- c:\program files\QuickTime
2009-06-10 22:37 . 2006-10-11 20:41 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 04:03 . 2006-10-11 20:15 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 04:03 . 2006-10-11 20:15 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 04:03 . 2006-10-11 20:15 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 04:03 . 2006-10-11 20:15 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 04:03 . 2004-08-11 16:08 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 04:03 . 2004-08-11 16:08 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-30 12:50 . 2009-05-30 12:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-27 00:50 . 2009-05-27 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 09:33 . 2008-11-24 13:27 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-20 20:25 . 2007-03-07 19:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-20 20:25 . 2007-08-03 21:41 -------- d-----w- c:\program files\Lavasoft
2009-05-19 17:50 . 2008-03-12 17:37 -------- d-----w- c:\documents and settings\Benjamin\Application Data\Apple Computer
2009-05-07 15:32 . 2004-08-11 16:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 19:48 . 2009-05-05 19:40 -------- d-----w- c:\documents and settings\Benjamin\Application Data\TrueCrypt
2009-05-05 19:40 . 2009-05-05 19:40 215872 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-05-05 19:40 . 2009-05-05 19:40 -------- d-----w- c:\program files\TrueCrypt
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2004-08-11 16:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:56 . 2004-08-11 16:00 827392 ----a-w- c:\windows\system32\wininet(3).dll
2009-04-29 04:56 . 2004-08-11 16:00 1159680 ----a-w- c:\windows\system32\urlmon(3).dll
2009-04-29 04:55 . 2004-08-11 16:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-11 16:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-11 16:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 10:37 . 2009-04-10 10:37 152576 ----a-w- c:\documents and settings\Benjamin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2006-10-24 21:37 . 2006-10-24 21:37 1378 ----a-w- c:\program files\uninstal.log
2001-08-13 13:51 . 2001-08-13 13:51 1396337 ----a-w- c:\program files\Captura.exe
2007-02-03 21:23 . 2006-10-26 22:49 88 --sh--r- c:\windows\system32\B027AC290B.sys
2007-02-03 21:23 . 2006-10-26 22:49 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-07-24 1298432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2006-06-15 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185896]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-10-09 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-10-09 1182304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"CTHelper"="CTHELPER.EXE" - c:\windows\CTHELPER.EXE [2005-11-08 16384]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2006-03-01 18944]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-07-17 55824]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2008-01-23 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2008-10-09 136768]

c:\documents and settings\Benjamin\Start Menu\Programs\Startup\AutorunsDisabled
Product Registration.lnk - c:\program files\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2007-8-2 2979080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2007-8-30 319488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe"=
"c:\\Program Files\\Valve\\Steam\\steam.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\benplay\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/12/2008 01:33 33408]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [11/12/2008 01:29 86648]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [30/10/2006 00:28 91830]
R3 uac4pdt;PDT USB Composite Class Filter Driver;c:\windows\system32\drivers\uac4pdt.sys [29/10/2006 21:29 15232]
S2 RPCER;Remote Procedure Call (HNM);c:\program files\NetMeeting\comp.exe [28/03/2007 22:07 12798152]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [17/02/2009 23:46 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [17/02/2009 23:46 8320]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [11/12/2008 01:29 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [11/12/2008 01:29 25184]
.
Contents of the 'Scheduled Tasks' folder

2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 10:34]

2009-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-27 20:17]

2009-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.no/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to QQ Customized Emoticons - c:\program files\Tencent\QQ\AddEmotion.htm
IE: Add to QQ Customized Panel - c:\program files\Tencent\QQ\AddPanel.htm
IE: Add to QQ Emotions - c:\program files\Tencent\QQ\AddEmotion.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send picture by MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Send Picture with QQ MMS - c:\program files\Tencent\QQ\SendMMS.htm
IE: Upload to QQ Network Hard Disk - c:\program files\Tencent\QQ\AddToNetDisk.htm
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157b} - c:\program files\Tencent\QQ\QQ.EXE
DPF: {A92E0798-BFA4-4FEE-BB48-8E2C69B2B0C5} - hxxp://www.navigram.com/engine/v812/PageDive5.cab
FF - ProfilePath - c:\documents and settings\Benjamin\Application Data\Mozilla\Firefox\Profiles\3c3k4z7x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Benjamin\Local Settings\Application Data\myVRnpapi\npmyvr.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 02:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2353852118-607164052-2184361089-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,66,42,8f,60,88,22,dd,be,ce,25,e8,8d,31,33,1f,30,25,f3,14,3c,34,84,
51,b3,08,61,b4,d0,96,b1,82,42,cf,ac,89,89,bc,2e,f2,77,27,57,bb,dd,c7,a2,71,\
"??"=hex:15,d0,a9,2c,eb,86,1c,55,2b,d4,48,d0,00,c8,54,38
.
Completion time: 2009-07-04 2:57
ComboFix-quarantined-files.txt 2009-07-04 00:57

Pre-Run: 82,786,582,528 bytes free
Post-Run: 83,225,931,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
253 --- E O F --- 2009-07-03 13:52

Attached Files

ComboFix.txt (19.0 KB, 0 views)