withxti.dll hijackthis log file

**hooglebug** · 14-06-2010

every time i start up my computer i get an error message about not being able to run withxti.dll

iv run spybot and avast (full system scan) and they have found nothing.

this is the save list from the uninstall manager:
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Any Video Converter 3.0.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AviSynth 2.5
Belkin N Wireless USB Adapter Setup
Bonjour
CANYON USB PC CAMERA
CDDRV_Installer
Command & Conquer 3
Command & Conquer™ 3: Kane's Wrath
Corel Paint Shop Pro Photo X2
DivX Setup
EatCam Webcam Recorder 4.5 for MSN
EPSON Printer Software
EPSON Scan
ESDX6000_CX5900 User's Guide
Free DVD Video Converter version 1.1
Free Studio version 4.3
Google Earth Plug-in
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java(TM) 6 Update 20
Junk Mail filter update
KhalInstallWrapper
Line 6 Uninstaller
Logitech SetPoint
MagicDisc 2.7.106
Media Go
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Live Add-in 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSRuntime Libraries
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
O2 Broadband Assistant
PlayStation(R)Network Downloader
PlayStation(R)Store
PVSonyDll
QuickTime
Realtek High Definition Audio Driver
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Ulead DVD Workshop 2
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
VC80CRTRedist - 8.0.50727.4053
Veoh Video Compass
Veoh Web Player
Videora Android Converter 5.04
Visual C++ 8.0 CRT (x86) WinSXS MSM
Vuze
Vuze_Remote Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Yahoo! Messenger
YouTube Downloader App 2.03

here's the hijackthis log file

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:57:07, on 14/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\O2\bin\sprtcmd.exe
F:\Local Disk\Program Files\iTunes\iTunesHelper.exe
F:\Local Disk\Program Files\Corel\CorelIOMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIB IE.EXE
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
F:\Local Disk\Program Files\SetPoint\SetPoint.exe
F:\Local Disk\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe
C:\Users\admin\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (file missing)
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "F:\Local Disk\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Corel File Shell Monitor] F:\Local Disk\Program Files\Corel\CorelIOMonitor.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\admin\AppData\Local\Google\Update\Google Update.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIB IE.EXE /FU "C:\Windows\TEMP\E_S2842.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [syncman] c:\users\admin\wuaucldt.exe
O4 - HKCU\..\Run: [Pcopikew] rundll32.exe "C:\Users\admin\AppData\Local\withxti.dll",Sta rtup
O4 - HKCU\..\Run: [Nxewukivegohek] rundll32.exe "C:\Users\admin\AppData\Local\usivuwoxutapimo.dll" ,Startup
O4 - HKCU\..\Run: [Regedit32] C:\Windows\system32\regedit.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: MagicDisc.lnk = F:\Local Disk\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Local Disk\Program Files\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Local Disk\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\LOCALD~1\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://myaccount.gateway.gov.uk/Cli...lInstaller.CAB
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program Files\O2\bin\sprtsvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9253 bytes

**broni** · 15-06-2010

STEP 1. Download Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware: Malwarebytes to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**hooglebug** · 15-06-2010

this is the malwarebytes log

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4199

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

15/06/2010 12:45:49
mbam-log-2010-06-15 (12-45-49).txt

Scan type: Quick scan
Objects scanned: 122513
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\AppDataLow\Software\Mar ketPrecision (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiT oolbar (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\pcopikew (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\nxewukivegohek (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\admin\oashdihasidhasuidhiasdhiashdiuasdha sd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\usivuwoxutapimo.dll (Trojan.Agent.U) -> Delete on reboot.

**hooglebug** · 15-06-2010

gmer log - it kept failing when it got to devices so i turned devices off

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-15 14

42
Windows 6.0.6002 Service Pack 2
Running: yh8zu5r7.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldipow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x96B434FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x96B43322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x96B4345C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8296DDF0 7 Bytes JMP 96B43460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 829D928F 5 Bytes JMP 96B3F4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A32038 5 Bytes JMP 96B40972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 82A338C3 7 Bytes JMP 96B43326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82A93892 7 Bytes JMP 96B43502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtCreateFile + 6 772443DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtCreateFile + B 772443DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + 6 77244B2A 1 Byte [28]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + 6 77244B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtMapViewOfSection + B 77244B2F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenFile + 6 77244BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenFile + B 77244BBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenProcess + 6 77244C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenProcess + B 77244C3F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenProcessToken + B 77244C4F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + 6 77244C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenProcessTokenEx + B 77244C5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenThread + 6 77244CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenThread + B 77244CAF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + 6 77244CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenThreadToken + B 77244CBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtOpenThreadTokenEx + B 77244CCF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + 6 77244D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtQueryAttributesFile + B 77244D5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtQueryFullAttributesFile + B 77244E0F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtSetInformationFile + 6 772452EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtSetInformationFile + B 772452EF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtSetInformationThread + 6 7724533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtSetInformationThread + B 7724533F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 1 Byte [68]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1292] ntdll.dll!NtUnmapViewOfSection + B 772455DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtCreateFile + 6 772443DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtCreateFile + B 772443DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 77244B2A 1 Byte [28]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + 6 77244B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtMapViewOfSection + B 77244B2F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenFile + 6 77244BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenFile + B 77244BBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenProcess + 6 77244C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenProcess + B 77244C3F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenProcessToken + B 77244C4F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + 6 77244C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenProcessTokenEx + B 77244C5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenThread + 6 77244CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenThread + B 77244CAF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + 6 77244CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenThreadToken + B 77244CBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtOpenThreadTokenEx + B 77244CCF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + 6 77244D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtQueryAttributesFile + B 77244D5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtQueryFullAttributesFile + B 77244E0F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtSetInformationFile + 6 772452EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtSetInformationFile + B 772452EF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtSetInformationThread + 6 7724533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtSetInformationThread + B 7724533F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 1 Byte [68]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[1400] ntdll.dll!NtUnmapViewOfSection + B 772455DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtCreateFile + 6 772443DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtCreateFile + B 772443DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77244B2A 1 Byte [28]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77244B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + B 77244B2F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenFile + 6 77244BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenFile + B 77244BBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenProcess + 6 77244C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenProcess + B 77244C3F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + B 77244C4F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + 6 77244C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + B 77244C5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenThread + 6 77244CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenThread + B 77244CAF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + 6 77244CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + B 77244CBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + B 77244CCF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + 6 77244D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + B 77244D5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + B 77244E0F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtSetInformationFile + 6 772452EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtSetInformationFile + B 772452EF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtSetInformationThread + 6 7724533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtSetInformationThread + B 7724533F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 1 Byte [68]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + B 772455DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtCreateFile + 6 772443DA 4 Bytes [28, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtCreateFile + B 772443DF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 77244B2A 1 Byte [28]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 77244B2A 4 Bytes [28, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + B 77244B2F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenFile + 6 77244BBA 4 Bytes [68, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenFile + B 77244BBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenProcess + 6 77244C3A 4 Bytes [A8, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenProcess + B 77244C3F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + B 77244C4F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + 6 77244C5A 4 Bytes [A8, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + B 77244C5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenThread + 6 77244CAA 4 Bytes [68, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenThread + B 77244CAF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + 6 77244CBA 4 Bytes [68, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + B 77244CBF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + B 77244CCF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + 6 77244D5A 4 Bytes [A8, 00, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + B 77244D5F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + B 77244E0F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtSetInformationFile + 6 772452EA 4 Bytes [28, 01, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtSetInformationFile + B 772452EF 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtSetInformationThread + 6 7724533A 4 Bytes [28, 02, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtSetInformationThread + B 7724533F 1 Byte [E2]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 1 Byte [68]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 772455DA 4 Bytes [68, 03, 06, 00]
.text C:\Users\admin\AppData\Local\Google\Chrome\Applica tion\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + B 772455DF 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[632] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000

---- EOF - GMER 1.0.15 ----

**broni** · 16-06-2010

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**hooglebug** · 16-06-2010

combofix log:

ComboFix 10-06-15.03 - admin 16/06/2010 11:41:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2142 [GMT 1:00]
Running from: c:\users\admin\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\admin\AppData\Local\{D0F8C351-E887-487B-8B0D-34172FCDF7F4}
c:\users\admin\AppData\Local\{D0F8C351-E887-487B-8B0D-34172FCDF7F4}\chrome.manifest
c:\users\admin\AppData\Local\{D0F8C351-E887-487B-8B0D-34172FCDF7F4}\chrome\content\_cfg.js
c:\users\admin\AppData\Local\{D0F8C351-E887-487B-8B0D-34172FCDF7F4}\chrome\content\overlay.xul
c:\users\admin\AppData\Local\{D0F8C351-E887-487B-8B0D-34172FCDF7F4}\install.rdf
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.

2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-06-15 11:02 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\programdata\Malwarebytes
2010-06-15 11:02 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 12:56 . 2010-06-14 12:56 388096 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-14 12:56 . 2010-06-14 12:56 -------- d-----w- c:\program files\Trend Micro
2010-06-13 22:31 . 2010-06-13 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-09 18:05 . 2010-06-09 18:06 175 ----a-w- c:\users\admin\AppData\Roaming\Azureus\restart.bat
2010-06-04 10:26 . 2010-06-04 10:26 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller. exe
2010-06-04 10:26 . 2010-06-04 10:26 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.ex e
2010-06-04 10:25 . 2010-06-04 10:25 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-27 18:05 . 2010-05-27 18:05 -------- d-----w- c:\users\admin\AppData\Roaming\EPSON
2010-05-26 10:02 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-19 22:53 . 2010-05-19 22:53 -------- d-----w- c:\program files\Veoh Networks
2010-05-17 17:33 . 2010-05-17 17:34 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-16 10:10 . 2010-03-17 22:01 -------- d-----w- c:\programdata\NVIDIA
2010-06-16 10:10 . 2010-03-25 18:45 70581 ----a-w- c:\programdata\nvModes.dat
2010-06-15 10:39 . 2010-04-30 18:14 120 ----a-w- c:\users\admin\AppData\Local\Jwufobabuyutom.dat
2010-06-15 10:39 . 2010-04-30 18:14 0 ----a-w- c:\users\admin\AppData\Local\Egaquy.bin
2010-06-10 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 01:00 . 2010-03-26 00:46 -------- d-----w- c:\users\admin\AppData\Roaming\Azureus
2010-06-09 18:05 . 2010-04-29 23:21 -------- d-----w- c:\program files\Vuze
2010-06-05 09:57 . 2010-04-04 13:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 11:00 . 2010-04-19 16:22 -------- d-----w- c:\users\admin\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2010-06-04 10:27 . 2010-04-24 10:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 10:27 . 2010-03-29 13:43 -------- d-----w- c:\programdata\DivX
2010-06-04 10:26 . 2010-03-29 13:43 -------- d-----w- c:\program files\DivX
2010-06-04 10:25 . 2010-03-29 13:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-04 10:25 . 2010-03-29 13:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-28 14:40 . 2010-03-28 14:57 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-28 00:56 . 2010-03-28 15:01 -------- d-----w- c:\programdata\Corel
2010-05-26 17:06 . 2010-06-10 00:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 00:09 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 10:21 . 2010-03-17 21:16 -------- d-----w- c:\program files\Microsoft
2010-05-24 17:13 . 2010-03-25 18:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-07 16:28 . 2010-04-04 00:00 -------- d-----w- c:\program files\Java
2010-05-06 10:06 . 2010-05-06 10:06 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-04 05:59 . 2010-06-10 00:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 00:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 00:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 00:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 23:14 . 2010-05-01 23:14 -------- d-----w- c:\program files\iPod
2010-05-01 23:14 . 2010-03-25 19:32 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 23:12 . 2010-05-01 23:12 -------- d-----w- c:\program files\Bonjour
2010-05-01 23:10 . 2010-05-01 23:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 14:13 . 2010-06-10 00:09 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 00:41 . 2010-05-01 00:41 -------- d-----w- c:\programdata\LogiShrd
2010-04-30 18:56 . 2010-03-25 20:46 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-30 18:12 . 2010-04-30 18:12 20 ----a-w- c:\users\admin\AppData\Roaming\wzmjhy.dat
2010-04-30 17:39 . 2010-04-30 17:39 -------- d-----w- c:\programdata\EmoticonSmileys
2010-04-30 17:39 . 2010-04-30 17:39 -------- d-----w- c:\programdata\Eula
2010-04-30 17:29 . 2010-04-30 17:29 -------- d-----w- c:\users\admin\AppData\Roaming\nswb
2010-04-30 10:15 . 2010-04-30 10:14 -------- d-----w- c:\program files\Common Files\Logishrd
2010-04-30 10:15 . 2010-03-30 01:03 -------- d-----w- c:\program files\Common Files\Logitech
2010-04-30 10:14 . 2010-03-17 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 10:14 . 2010-04-30 10:14 10134 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2010-04-27 14:37 . 2010-04-27 14:37 -------- d-----w- c:\program files\Belkin
2010-04-25 16:55 . 2010-04-25 16:55 -------- d-----w- c:\users\admin\AppData\Roaming\progeSOFT
2010-04-25 16:54 . 2010-04-25 16:54 -------- d-----w- c:\programdata\progeSOFT
2010-04-24 10:19 . 2010-04-24 10:19 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-24 10:19 . 2010-03-29 13:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-24 10:19 . 2010-04-24 10:19 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-24 10:19 . 2010-04-24 10:19 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-19 15:55 . 2010-04-19 15:55 -------- d-----w- c:\program files\Electronic Arts
2010-04-12 16:29 . 2010-05-07 16:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 11:26 . 2010-03-17 20:43 65688 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 12:38 . 2010-04-08 12:38 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 18:23 . 2010-04-06 18:23 10134 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-04-05 17:01 . 2010-06-10 00:09 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 17:27 . 2010-04-03 17:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27 . 2010-04-03 17:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-04-03 17:27 . 2010-04-03 17:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:27 . 2010-04-03 17:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 17:27 . 2010-04-03 17:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-29 13:45 . 2010-03-29 13:45 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstalle r.exe
2010-03-29 13:45 . 2010-03-29 13:45 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstalle r.exe
2010-03-29 13:45 . 2010-03-29 13:45 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-03-29 13:45 . 2010-03-29 13:45 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.ex e
2010-03-29 13:45 . 2010-03-29 13:45 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-29 13:45 . 2010-03-29 13:45 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-28 15:03 . 2010-03-28 15:03 88 --sh--r- c:\windows\system32\2E3AD77754.sys
2010-03-27 12:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-26 15:43 . 2010-03-26 15:43 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-03-25 18:34 . 2010-03-17 20:42 1356 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2010-03-19 17:46 . 2010-03-26 01:32 607544 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\admin\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2010-03-31 136176]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monit or.exe" [2006-11-03 319488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="f:\local disk\Program Files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Corel File Shell Monitor"="f:\local disk\Program Files\Corel\CorelIOMonitor.exe" [2007-10-30 16200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\users\admin\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
MagicDisc.lnk - f:\local disk\Program Files\MagicDisc\MagicDisc.exe [2010-3-30 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\local disk\Program Files\SetPoint\SetPoint.exe [2010-4-30 805392]
Microsoft Office.lnk - f:\local disk\Program Files\Microsoft Office\Office10\OSA.EXE [2010-1-20 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,24,ea,4d,03,cd,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-03-09 51792]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-05 571264]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-25 541728]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-08 27632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 23:54]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 23:54]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177691706-2591057502-4278436579-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-31 23:54]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177691706-2591057502-4278436579-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-31 23:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\locald~1\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\Vuze_Remote\tbVuze.dll
BHO-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\Vuze_Remote\tbVuze.dll
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\Vuze_Remote\tbVuze.dll
HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
AddRemove-Vuze_Remote Toolbar - c:\progra~1\VUZE_R~1\UNWISE.EXE

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4177691706-2591057502-4278436579-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,8d,6e,b1,8f,a7,56,a4,99,45,48,c0,bf,f8 ,19,1a,02,23,11,40,00,fa,63,
3a,c2,71,3d,0d,0a,91,7b,34,bd,f9,1b,8c,91,5f,8d,24 ,b3,11,6e,1b,8d,a8,f6,be,\
"??"=hex:ba,de,57,2d,15,8e,43,b5,dd,62,88,e3,9a,8d ,1f,1d

[HKEY_USERS\S-1-5-21-4177691706-2591057502-4278436579-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,79,3d,2a,4b,e1,aa,77,64,53,29,9e ,c2,8e,94,00,7c,51,da,cf,95,
11,7f,d5,18,1c,d4,04,de,cd,8c,19,d7,f4,78,08,10,cf ,93,04,c7,0e,e2,a6,72,01,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e ,c5,3b,48,c4
.
Completion time: 2010-06-16 11:57:07
ComboFix-quarantined-files.txt 2010-06-16 10:57

Pre-Run: 328,683,769,856 bytes free
Post-Run: 327,810,875,392 bytes free

- - End Of File - - C7DD753AD6E7C9EC1D272F946D9C2117

**broni** · 17-06-2010

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\users\admin\AppData\Local\Jwufobabuyutom.dat
c:\users\admin\AppData\Local\Egaquy.bin
c:\users\admin\AppData\Roaming\wzmjhy.dat

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**hooglebug** · 17-06-2010

new combofix log:

ComboFix 10-06-16.03 - admin 17/06/2010 11:22:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2320 [GMT 1:00]
Running from: c:\users\admin\Downloads\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\admin\AppData\Local\Egaquy.bin"
"c:\users\admin\AppData\Local\Jwufobabuyutom.d at"
"c:\users\admin\AppData\Roaming\wzmjhy.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\admin\AppData\Local\Egaquy.bin
c:\users\admin\AppData\Local\Jwufobabuyutom.dat
c:\users\admin\AppData\Roaming\wzmjhy.dat
c:\windows\system32\win.com

.
((((((((((((((((((((((((( Files Created from 2010-05-17 to 2010-06-17 )))))))))))))))))))))))))))))))
.

2010-06-17 10:30 . 2010-06-17 10:30 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-17 10:30 . 2010-06-17 10:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2010-06-15 11:02 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-15 11:02 . 2010-06-15 11:02 -------- d-----w- c:\programdata\Malwarebytes
2010-06-15 11:02 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-14 12:56 . 2010-06-14 12:56 388096 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-14 12:56 . 2010-06-14 12:56 -------- d-----w- c:\program files\Trend Micro
2010-06-13 22:31 . 2010-06-13 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-09 18:05 . 2010-06-09 18:06 175 ----a-w- c:\users\admin\AppData\Roaming\Azureus\restart.bat
2010-06-04 10:26 . 2010-06-04 10:26 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller. exe
2010-06-04 10:26 . 2010-06-04 10:26 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-04 10:26 . 2010-06-04 10:26 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.ex e
2010-06-04 10:25 . 2010-06-04 10:25 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-27 18:05 . 2010-05-27 18:05 -------- d-----w- c:\users\admin\AppData\Roaming\EPSON
2010-05-26 10:02 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-19 22:53 . 2010-05-19 22:53 -------- d-----w- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-17 09:55 . 2010-03-17 22:01 -------- d-----w- c:\programdata\NVIDIA
2010-06-17 09:55 . 2010-03-25 18:45 70581 ----a-w- c:\programdata\nvModes.dat
2010-06-10 01:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-10 01:00 . 2010-03-26 00:46 -------- d-----w- c:\users\admin\AppData\Roaming\Azureus
2010-06-09 18:05 . 2010-04-29 23:21 -------- d-----w- c:\program files\Vuze
2010-06-05 09:57 . 2010-04-04 13:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-04 11:00 . 2010-04-19 16:22 -------- d-----w- c:\users\admin\AppData\Roaming\Command & Conquer 3 Kane's Wrath
2010-06-04 10:27 . 2010-04-24 10:19 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-04 10:27 . 2010-03-29 13:43 -------- d-----w- c:\programdata\DivX
2010-06-04 10:26 . 2010-03-29 13:43 -------- d-----w- c:\program files\DivX
2010-06-04 10:25 . 2010-03-29 13:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-04 10:25 . 2010-03-29 13:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-28 14:40 . 2010-03-28 14:57 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-28 00:56 . 2010-03-28 15:01 -------- d-----w- c:\programdata\Corel
2010-05-26 17:06 . 2010-06-10 00:09 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 00:09 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 10:21 . 2010-03-17 21:16 -------- d-----w- c:\program files\Microsoft
2010-05-24 17:13 . 2010-03-25 18:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-17 17:34 . 2010-05-17 17:33 -------- d-----w- c:\program files\Google
2010-05-07 16:28 . 2010-04-04 00:00 -------- d-----w- c:\program files\Java
2010-05-06 10:06 . 2010-05-06 10:06 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-04 05:59 . 2010-06-10 00:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 00:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 00:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 00:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 23:14 . 2010-05-01 23:14 -------- d-----w- c:\program files\iPod
2010-05-01 23:14 . 2010-03-25 19:32 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 23:12 . 2010-05-01 23:12 -------- d-----w- c:\program files\Bonjour
2010-05-01 23:10 . 2010-05-01 23:10 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 14:13 . 2010-06-10 00:09 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 00:41 . 2010-05-01 00:41 -------- d-----w- c:\programdata\LogiShrd
2010-04-30 18:56 . 2010-03-25 20:46 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-30 17:39 . 2010-04-30 17:39 -------- d-----w- c:\programdata\EmoticonSmileys
2010-04-30 17:39 . 2010-04-30 17:39 -------- d-----w- c:\programdata\Eula
2010-04-30 17:29 . 2010-04-30 17:29 -------- d-----w- c:\users\admin\AppData\Roaming\nswb
2010-04-30 10:15 . 2010-04-30 10:14 -------- d-----w- c:\program files\Common Files\Logishrd
2010-04-30 10:15 . 2010-03-30 01:03 -------- d-----w- c:\program files\Common Files\Logitech
2010-04-30 10:14 . 2010-03-17 21:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-30 10:14 . 2010-04-30 10:14 10134 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{3101CB58-3482-4D21-AF1A-7057FC935355}\ARPPRODUCTICON.exe
2010-04-27 14:37 . 2010-04-27 14:37 -------- d-----w- c:\program files\Belkin
2010-04-25 16:55 . 2010-04-25 16:55 -------- d-----w- c:\users\admin\AppData\Roaming\progeSOFT
2010-04-25 16:54 . 2010-04-25 16:54 -------- d-----w- c:\programdata\progeSOFT
2010-04-24 10:19 . 2010-04-24 10:19 84040 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-04-24 10:19 . 2010-03-29 13:45 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-04-24 10:19 . 2010-04-24 10:19 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-04-24 10:19 . 2010-04-24 10:19 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-04-19 15:55 . 2010-04-19 15:55 -------- d-----w- c:\program files\Electronic Arts
2010-04-12 16:29 . 2010-05-07 16:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 11:26 . 2010-03-17 20:43 65688 ----a-w- c:\users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-08 12:38 . 2010-04-08 12:38 27632 ----a-w- c:\windows\system32\drivers\seehcri.sys
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 18:23 . 2010-04-06 18:23 10134 ----a-r- c:\users\admin\AppData\Roaming\Microsoft\Installer \{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-04-05 17:01 . 2010-06-10 00:09 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-03 17:27 . 2010-04-03 17:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 17:27 . 2010-04-03 17:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll
2010-04-03 17:27 . 2010-04-03 17:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 17:27 . 2010-04-03 17:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 17:27 . 2010-04-03 17:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-29 13:45 . 2010-03-29 13:45 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstalle r.exe
2010-03-29 13:45 . 2010-03-29 13:45 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstalle r.exe
2010-03-29 13:45 . 2010-03-29 13:45 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-03-29 13:45 . 2010-03-29 13:45 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.ex e
2010-03-29 13:45 . 2010-03-29 13:45 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-03-29 13:45 . 2010-03-29 13:45 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-03-28 15:03 . 2010-03-28 15:03 88 --sh--r- c:\windows\system32\2E3AD77754.sys
2010-03-27 12:52 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-26 15:43 . 2010-03-26 15:43 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-03-25 18:34 . 2010-03-17 20:42 1356 ----a-w- c:\users\admin\AppData\Local\d3d9caps.dat
2010-03-19 17:46 . 2010-03-26 01:32 607544 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-06-16_10.52.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-06-17 09:57 42142 c:\windows\System32\WDI\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-17 09:57 70236 c:\windows\System32\WDI\BootPerformanceDiagnostics _SystemData.bin
- 2010-03-17 20:42 . 2010-06-16 10:14 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-17 20:42 . 2010-06-17 09:58 16384 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-17 20:42 . 2010-06-16 10:14 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-17 20:42 . 2010-06-17 09:58 32768 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-17 20:42 . 2010-06-16 10:14 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-03-17 20:42 . 2010-06-17 09:58 16384 c:\windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2010-03-25 20:31 . 2010-06-16 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 20:31 . 2010-06-17 09:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-25 20:31 . 2010-06-17 09:55 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 20:31 . 2010-06-16 10:10 32768 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-25 20:31 . 2010-06-16 10:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
+ 2010-03-25 20:31 . 2010-06-17 09:55 16384 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
- 2010-03-17 20:44 . 2010-06-16 10:12 7476 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4177691706-2591057502-4278436579-1000_UserData.bin
+ 2010-03-17 20:44 . 2010-06-17 09:57 7476 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4177691706-2591057502-4278436579-1000_UserData.bin
+ 2010-06-17 09:54 . 2010-06-17 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
- 2010-06-16 10:10 . 2010-06-16 10:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2010-06-17 09:54 . 2010-06-17 09:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2010-06-16 10:10 . 2010-06-16 10:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-17 09:59 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-06-16 10:14 599942 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-06-16 10:14 105448 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-06-17 09:59 105448 c:\windows\System32\perfc009.dat
+ 2010-05-01 18:00 . 2010-06-17 09:55 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
- 2010-05-01 18:00 . 2010-06-16 10:10 245760 c:\windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Windows\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\admin\AppData\Local\Google\Updat e\GoogleUpdate.exe" [2010-03-31 136176]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-03-09 2769336]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monit or.exe" [2006-11-03 319488]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"iTunesHelper"="f:\local disk\Program Files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Corel File Shell Monitor"="f:\local disk\Program Files\Corel\CorelIOMonitor.exe" [2007-10-30 16200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

c:\users\admin\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\
MagicDisc.lnk - f:\local disk\Program Files\MagicDisc\MagicDisc.exe [2010-3-30 576000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\local disk\Program Files\SetPoint\SetPoint.exe [2010-4-30 805392]
Microsoft Office.lnk - f:\local disk\Program Files\Microsoft Office\Office10\OSA.EXE [2010-1-20 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):82,24,ea,4d,03,cd,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-31 136176]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2010-03-09 51792]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\Drivers\GPWADrv.sys [2010-03-05 571264]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-25 541728]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-04-08 27632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 23:54]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 23:54]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177691706-2591057502-4278436579-1000Core.job
- c:\users\admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-31 23:54]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177691706-2591057502-4278436579-1000UA.job
- c:\users\admin\AppData\Local\Google\Update\GoogleU pdate.exe [2010-03-31 23:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - f:\locald~1\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://myaccount.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
.

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4177691706-2591057502-4278436579-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:60,8d,6e,b1,8f,a7,56,a4,99,45,48,c0,bf,f8 ,19,1a,02,23,11,40,00,fa,63,
3a,c2,71,3d,0d,0a,91,7b,34,bd,f9,1b,8c,91,5f,8d,24 ,b3,11,6e,1b,8d,a8,f6,be,\
"??"=hex:ba,de,57,2d,15,8e,43,b5,dd,62,88,e3,9a,8d ,1f,1d

[HKEY_USERS\S-1-5-21-4177691706-2591057502-4278436579-1000\Software\SecuROM\License information*]
"datasecu"=hex:2a,79,3d,2a,4b,e1,aa,77,64,53,29,9e ,c2,8e,94,00,7c,51,da,cf,95,
11,7f,d5,18,1c,d4,04,de,cd,8c,19,d7,f4,78,08,10,cf ,93,04,c7,0e,e2,a6,72,01,\
"rkeysecu"=hex:dd,bc,ad,1e,30,35,24,4f,1a,47,c7,1e ,c5,3b,48,c4
.
Completion time: 2010-06-17 11:35:26
ComboFix-quarantined-files.txt 2010-06-17 10:35
ComboFix2.txt 2010-06-16 10:57

Pre-Run: 328,279,384,064 bytes free
Post-Run: 328,253,153,280 bytes free

- - End Of File - - E1CDA6F157FDE709CD87163A8D3137C8

**broni** · 18-06-2010

How is your computer doing at the moment?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================== ==========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

withxti.dll hijackthis log file

withxti.dll hijackthis log file

Similar Threads

withxti.dll?

HiJackthis log file

HiJackThis Log File

HiJackThis Log File

Help-HijackThis file in 2 posts..lg.file