New Virus(es) B.exe, etc

**wbutt** · 23-07-2009

Thanks for the reply Neal

1.
c:\windows\system32\rmc_fixasf.exe

VirusTotal - Free Online Virus and Malware Scan - Reanalyse

2.
c:\windows\popcinfo.dat

3.Find folder:
c:\document and settings\ALLUSERS\APPLICATION DATA\19377654

It just has a file called 19377654

here it is

http://img216.imageshack.us/img216/3549/dal2.jpg

**wbutt** · 23-07-2009

oh god, i think i doubled posted. hopefully same results. because when i first posted i didnt read that "moderator will approve before it is visible" and i thought i lost all my results :/

So so sorry

**wbutt** · 29-07-2009

Neal?

Or anyone of the DAL help community have an idea of my status?

**Neal** · 29-07-2009

Please delete the combofix you have now and download a fresh copy and run it per previous instructions please.

also after doing the combofix tell me what your computer is up to now please.

**wbutt** · 31-07-2009

Originally Posted by Neal

Please delete the combofix you have now and download a fresh copy and run it per previous instructions please.

also after doing the combofix tell me what your computer is up to now please.

Sorry to confirm you want me to post the combofix log or?

No more random program exes are popping up though?

**wbutt** · 31-07-2009

was about to head off to bed but figured you prob WANT me to post combofix log after getting me to run it so here it is. sorry about that

ComboFix 09-07-29.04 - HP_Administrator 07/31/2009 2:42.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1627 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\PurpleBean.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-28 03:09 . 2009-07-28 03:50 139016 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-28 03:09 . 2009-07-28 03:09 139152 ----a-w- c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2009-07-28 03:01 . 2009-07-28 03:01 -------- d-----w- c:\program files\EA Games
2009-07-28 03:01 . 2009-06-25 23:36 1291640 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\c23yrm5a.default\ext ensions\battlefieldheroespatcher@ea.com\platform\W INNT_x86-msvc\plugins\BFHUpdater.exe
2009-07-28 03:01 . 2009-06-25 23:36 729088 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\c23yrm5a.default\ext ensions\battlefieldheroespatcher@ea.com\platform\W INNT_x86-msvc\plugins\npBFHUpdater.dll
2009-07-28 02:55 . 2009-07-28 03:03 347200 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-07-28 02:55 . 2009-07-28 03:05 453696 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2009-07-28 02:55 . 2009-07-28 03:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PunkBuster
2009-07-28 02:55 . 2009-07-28 03:03 179264 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-07-28 02:55 . 2009-07-28 03:03 57344 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-07-28 02:55 . 2009-07-28 03:03 874660 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-07-28 02:55 . 2009-07-28 03:03 2657344 ----a-w- c:\documents and settings\HP_Administrator\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-07-28 02:48 . 2009-07-28 02:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\id Software
2009-07-28 02:48 . 2009-07-28 03:49 189488 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-28 02:48 . 2009-07-28 03:09 794408 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-28 02:48 . 2009-07-28 03:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-28 02:48 . 2009-07-28 02:48 -------- d-----w- c:\windows\system32\LogFiles
2009-07-28 02:48 . 2009-07-28 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-07-28 02:22 . 2009-07-28 02:22 -------- d-----w- c:\windows\SWAT 4
2009-07-25 22:10 . 2009-07-25 22:10 -------- d-----w- c:\program files\Softnyx
2009-07-25 07:06 . 2008-05-01 02:28 1654869 ----a-w- c:\documents and settings\All Users\Application Data\DynuEncrypt.dll
2009-07-25 02:27 . 2009-07-25 02:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Wippien
2009-07-25 02:27 . 2009-07-25 02:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Language
2009-07-25 02:27 . 2008-12-31 07:43 487479 ----a-w- c:\windows\system32\SkinMagic.dll
2009-07-25 02:27 . 2008-12-31 07:43 23480 ----a-w- c:\windows\system32\drivers\wip0204.sys
2009-07-25 02:27 . 2009-07-25 02:28 -------- d-----w- c:\program files\Wippien
2009-07-25 02:11 . 2009-07-25 02:14 32845 ----a-w- c:\windows\scunin.dat
2009-07-25 02:11 . 2009-07-25 02:14 967 ----a-w- c:\windows\ScUnin.pif
2009-07-25 02:11 . 2009-07-25 02:14 70656 ----a-w- c:\windows\ScUnin.exe
2009-07-25 02:11 . 2009-07-25 03:26 -------- d-----w- c:\program files\Starcraft
2009-07-24 01:59 . 2009-07-24 01:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-24 01:50 . 2009-07-24 01:59 558552 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PLauncher.exe
2009-07-24 01:50 . 2009-06-04 00:48 779720 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\PurpleBean.exe
2009-07-24 01:50 . 2009-05-28 01:08 591320 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ExLauncher.exe
2009-07-24 01:50 . 2008-09-04 23:34 112048 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPrePLauncher.exe
2009-07-24 01:50 . 2008-08-28 19:50 480688 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjistarter2FxB.exe
2009-07-24 01:50 . 2008-08-28 19:50 83376 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreStarter2FxB.exe
2009-07-24 01:50 . 2008-08-28 19:50 79280 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiPreNotify2FxB.exe
2009-07-24 01:50 . 2008-08-28 19:50 50608 ----a-w- c:\documents and settings\All Users\Application Data\ijjigame\ijjiNotify2FxB.exe
2009-07-24 01:50 . 2009-07-24 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame
2009-07-24 01:35 . 2009-07-24 01:35 -------- d-----w- c:\program files\NHN USA
2009-07-24 01:35 . 2009-05-27 00:31 58800 ----a-w- c:\windows\system32\ijjiProcessRestarter.exe
2009-07-24 01:35 . 2009-05-13 03:48 710064 ----a-w- c:\windows\system32\ijjiSetup.exe
2009-07-24 01:35 . 2008-06-12 06:01 58800 ----a-w- c:\windows\system32\ijjiPlugin2.dll
2009-07-24 01:35 . 2008-04-23 21:02 157152 ----a-w- c:\windows\system32\PubPlugin.dll
2009-07-24 01:23 . 2009-07-24 01:23 -------- d-----w- C:\ijji
2009-07-21 18:43 . 2009-07-21 18:56 -------- d-----w- c:\windows\BDOSCAN8
2009-07-21 17:48 . 2009-07-21 17:48 625728 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
2009-07-17 22:26 . 2009-07-17 22:26 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-17 16:39 . 2009-07-17 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\19377654
2009-07-14 10:14 . 2009-07-14 10:14 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DragonicaSCB
2009-07-14 07:30 . 2009-07-14 07:30 -------- d-----w- c:\program files\IAHGames
2009-07-14 02:14 . 2009-07-14 06:40 -------- d-----w- c:\program files\Dragonica Online - Closed Beta Test
2009-07-13 10:31 . 2005-01-04 00:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2009-07-13 10:31 . 2009-07-13 10:31 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-07-13 10:18 . 2009-07-13 10:18 -------- d-----w- c:\program files\GALA-NET
2009-07-11 06:24 . 2009-07-11 06:38 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 21:01 . 2009-07-06 21:01 2373712 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-07-06 10:39 . 2009-07-06 10:39 -------- d-----w- c:\windows\Sun
2009-07-05 06:27 . 2009-07-05 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2009-07-05 06:03 . 2009-07-05 06:03 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Vso
2009-07-05 06:03 . 2009-07-05 06:03 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-05 06:03 . 2009-07-05 06:03 47360 ----a-w- c:\documents and settings\HP_Administrator\Application Data\pcouffin.sys
2009-07-05 06:03 . 2009-07-05 06:35 -------- d-----w- c:\program files\DVDFab 6
2009-07-05 06:01 . 2009-07-05 06:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ImgBurn
2009-07-05 05:59 . 2009-07-05 06:01 -------- d-----w- c:\program files\ImgBurn
2009-07-03 12:06 . 2009-07-05 10:37 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-07-03 12:06 . 2009-07-05 10:37 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-07-03 12:06 . 2009-07-05 10:37 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-03 12:06 . 2009-07-03 12:06 -------- d-----w- c:\windows\Replay Media Catcher
2009-07-03 07:59 . 2009-07-03 07:59 -------- d-----w- c:\program files\Common Files\DirectX
2009-07-03 07:52 . 2009-07-03 07:52 -------- d-----w- c:\windows\system32\AGEIA
2009-07-03 07:52 . 2009-07-03 07:52 -------- d-----w- c:\program files\AGEIA Technologies
2009-07-03 07:39 . 2009-07-03 07:39 -------- d-----w- C:\NVIDIA
2009-07-03 06:58 . 2009-07-14 11:31 -------- d-----w- c:\program files\Codemasters
2009-07-01 21:14 . 2009-07-07 21:10 35 ----a-w- c:\windows\popcinfo.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-31 09:40 . 2009-05-18 06:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\uTorrent
2009-07-26 13:10 . 2009-06-03 01:12 41 ----a-w- c:\windows\popcinfot.dat
2009-07-24 01:35 . 2006-05-24 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 07:52 . 2009-06-20 22:52 117760 ----a-w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-07-20 06:06 . 2009-06-20 22:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-17 22:28 . 2009-06-19 07:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-14 21:39 . 2009-05-18 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 20:36 . 2009-06-19 07:51 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2009-06-19 07:51 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 08:05 . 2009-05-18 02:33 8 ----a-w- c:\windows\system32\nvModes.dat
2009-07-03 07:52 . 2009-05-26 23:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-03 07:43 . 2009-05-18 06:03 -------- d-----w- c:\program files\uTorrent
2009-06-27 21:31 . 2006-05-24 03:29 84976 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:50 . 2004-08-10 04:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\ieencode.dll
2009-06-24 10:11 . 2009-06-24 10:11 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-24 09:58 . 2009-06-24 09:58 -------- d-----w- c:\program files\TeamViewer
2009-06-24 00:08 . 2009-05-18 02:30 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-24 00:08 . 2009-05-18 02:30 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-24 00:07 . 2009-06-24 00:07 -------- d-----w- c:\program files\Common Files\Creative Labs Shared
2009-06-24 00:06 . 2009-05-18 02:29 -------- d-----w- c:\program files\Creative
2009-06-23 23:39 . 2009-06-23 23:39 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-23 23:39 . 2006-05-24 02:59 -------- d-----w- c:\program files\Java
2009-06-23 02:33 . 2009-06-23 02:33 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\teamspeak2
2009-06-21 15:46 . 2009-05-18 02:25 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-20 22:55 . 2009-06-20 07:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-20 22:51 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 22:51 . 2009-06-20 22:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 08:36 . 2009-06-19 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-20 08:06 . 2009-06-20 08:06 -------- d-----w- c:\program files\Trend Micro
2009-06-19 08:57 . 2009-06-19 08:57 -------- d-----w- c:\program files\CCleaner
2009-06-19 07:54 . 2009-06-19 07:14 -------- d-----w- c:\program files\Lavasoft
2009-06-19 07:54 . 2009-06-19 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-19 07:54 . 2009-06-19 07:54 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-06-19 07:51 . 2009-06-19 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-18 06:19 . 2009-05-18 06:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DAEMON Tools Lite
2009-06-16 14:36 . 2004-08-10 04:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 04:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 01:45 . 2009-05-18 07:43 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2009-06-16 01:45 . 2009-05-18 07:43 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:03 . 2009-05-18 02:25 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-06-10 13:03 . 2009-05-01 05:02 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-05-01 05:02 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-05-01 05:02 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-05-01 05:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 13:03 . 2009-05-01 05:02 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-05-01 05:02 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-05-01 05:02 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-05-01 05:02 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2006-05-24 03:13 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2006-05-24 03:13 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-06 04:11 . 2009-06-06 04:11 -------- d-----w- c:\program files\Xvid
2009-06-06 04:09 . 2009-05-18 06:22 -------- d-----w- c:\program files\DivX
2009-06-06 04:09 . 2009-05-18 06:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 22:51 . 2009-06-02 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games
2009-06-01 12:04 . 2009-05-18 06:27 -------- d-----w- c:\program files\CDisplay
2009-05-18 07:43 . 2009-05-18 07:43 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2009-05-18 07:43 . 2009-05-18 07:43 81920 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2009-05-18 07:43 . 2009-05-18 07:43 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2009-05-18 07:43 . 2009-05-18 07:43 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-05-18 06:31 . 2009-05-18 06:31 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-18 02:38 . 2009-05-18 02:38 0 ----a-w- c:\windows\nsreg.dat
2009-05-18 02:11 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-18 02:11 . 2009-05-18 02:11 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSet up.exe
2009-05-18 02:11 . 2009-05-18 02:11 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-05-18 02:11 . 2009-05-18 02:11 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-05-18 02:11 . 2009-05-18 02:11 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-05-18 02:11 . 2009-05-18 02:11 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetect ion3.dll
2009-05-18 02:11 . 2009-05-18 02:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-05-18 02:11 . 2009-05-18 02:11 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-05-18 02:11 . 2009-05-18 02:11 217088 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
2009-05-18 02:11 . 2009-05-18 02:11 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dl l
2009-05-07 15:32 . 2004-08-10 04:00 345600 ------w- c:\windows\system32\localspl.dll
2009-07-22 11:50 . 2009-05-18 02:38 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-22_12.05.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-24 03:02 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2006-05-24 03:02 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 08:10 . 2009-04-29 04:46 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2009-07-24 01:35 . 2008-06-12 06:01 87472 c:\windows\Downloaded Program Files\ijjiPreStarter2.exe
+ 2009-07-24 01:35 . 2008-06-12 06:01 79280 c:\windows\Downloaded Program Files\ijjiPreNotify2.exe
+ 2009-07-24 01:35 . 2008-06-12 06:01 50608 c:\windows\Downloaded Program Files\ijjiNotify2.exe
+ 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2004-08-10 04:00 . 2009-06-26 16:50 620032 c:\windows\system32\urlmon.dll
- 2004-08-10 04:00 . 2009-04-29 04:46 620032 c:\windows\system32\urlmon.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 666624 c:\windows\system32\dllcache\wininet.dll
- 2009-02-20 08:10 . 2009-04-29 04:46 666624 c:\windows\system32\dllcache\wininet.dll
+ 2009-02-20 08:10 . 2009-06-26 16:50 620032 c:\windows\system32\dllcache\urlmon.dll
- 2009-02-20 08:10 . 2009-04-29 04:46 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-28 02:22 . 2009-07-28 02:22 451072 c:\windows\SWAT 4\uninstall.exe
+ 2009-07-28 02:48 . 2009-07-28 02:48 178176 c:\windows\Installer\b5f927.msi
+ 2009-07-29 10:00 . 2009-07-29 10:00 195584 c:\windows\Installer\37ba08c.msi
+ 2009-07-24 01:35 . 2008-09-05 02:29 579032 c:\windows\Downloaded Program Files\PLauncher.exe
+ 2009-07-24 01:35 . 2008-06-17 01:15 480688 c:\windows\Downloaded Program Files\ijjistarter2.exe
+ 2009-07-24 01:35 . 2009-04-29 07:05 112048 c:\windows\Downloaded Program Files\ijjiSetup1010.dll
+ 2004-08-10 04:00 . 2009-07-18 16:05 1509888 c:\windows\system32\shdocvw.dll
+ 2004-08-10 04:00 . 2009-07-18 16:05 3069440 c:\windows\system32\mshtml.dll
+ 2009-03-02 23:04 . 2009-07-18 16:05 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2009-02-20 08:11 . 2009-07-18 16:05 3069440 c:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-05-04 354312]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-05-04 1572872]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-05-04 2817544]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-23 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-06-10 86016]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-10-08 23552]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-5-23 27136]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Wippien\\Wippien.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"58162:TCP"= 58162:TCP:Pando Media Booster
"58162:UDP"= 58162:UDP:Pando Media Booster

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/17/2009 7:41 PM 108289]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 9:22 PM 11776]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\driver s\CT20XUT.sys [10/8/2008 1:21 AM 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\driv ers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\driver s\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\ drivers\UltraMonMirror.sys [9/24/2006 9:23 PM 3584]
R3 wip0204;Wippien Network Adapter 2.4;c:\windows\system32\drivers\wip0204.sys [7/24/2009 7:27 PM 23480]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [6/23/2009 5:07 PM 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XU T.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEX FIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIU T.sys [10/8/2008 1:21 AM 72728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILI ON&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION &pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILI ON&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\c23yrm5a.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\c23yrm5a.default\ext ensions\battlefieldheroespatcher@ea.com\platform\W INNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-31 02:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2244)
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\progra~1\MICROS~4\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\arservice.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\UltraMon\UltraMonTaskbar.exe
c:\program files\Mozilla Firefox\firefox.exe
.
************************************************** ************************
.
Completion time: 2009-07-31 2:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-31 09:52
ComboFix2.txt 2009-07-22 12:10
ComboFix3.txt 2009-06-23 23:00

Pre-Run: 13,362,814,976 bytes free
Post-Run: 13,361,332,224 bytes free

333 --- E O F --- 2009-07-29 10:01

**Neal** · 31-07-2009

everything ok?

New Virus(es) B.exe, etc

Re: New Virus(es) B.exe, etc

Similar Threads

Virus that won't let me open or run any anti-virus software

Do I have a virus?

can't get rid of virus

Is This a Virus

do I have a virus?