Virus stops me installing Anti-Virus

Corholio

Dont know if this is a common virus or not, but i am unable to download an anti-virus program to get rid of a virus on my computer. When i type in AVG or McAfee into a search engine, it closes the window. It also stops installation of AVG when i transfer the program to the computer via usb.

Any help with this would be very gratefully received.

ActorSeeksJob

hello

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

1. If you are using Firefox, make sure that your download settings are as follows:
   • Tools->Options->Main tab
   • Set to "Always ask me where to Save the files".
2. During the download, rename Combofix to Combo-Fix as follows:
   
   
   
   
   
   
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

   ---

   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

     ---

   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

   ---

7. Double click on combo-Fix.exe & follow the prompts.
8. When finished, it will produce a report for you.
9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Little Miss Cutie

Hi
I hope I am not hijaking thread. I have a similar problem.

I have a work laptop which has McAfee on it that is set up to update everyday at 1pm. However it isnt doing this and wont do it. The reason I know this is that I now have a virus which is infecting every memory stick I use ( I need memory sticks for what I am doing)

I have no idea how to fix it, the anti virus wont update when I try to run it it just says failed next to details. I am not back in the office for a couple of weeks and need to sort this.

How does the combi-fix work and can I do it even though I have mcafee installed and will my IT know I have done this?

Thanks in advance to anyone that can help

Blowfish

Cutie_pc wrote: »

Hi
I hope I am not hijaking thread. I have a similar problem.

I have a work laptop which has McAfee on it that is set up to update everyday at 1pm. However it isnt doing this and wont do it. The reason I know this is that I now have a virus which is infecting every memory stick I use ( I need memory sticks for what I am doing)

I have no idea how to fix it, the anti virus wont update when I try to run it it just says failed next to details. I am not back in the office for a couple of weeks and need to sort this.

How does the combi-fix work and can I do it even though I have mcafee installed and will my IT know I have done this?

Thanks in advance to anyone that can help

Bad idea to be avoiding your IT dept. Since it's a work laptop, give it to them and let them sort it.

bethm24

This happened to my brother. Dood, it has a virus.....it needs to be fixed. He had exactly the same problem and it gets worse if you dont fix it now. The guy that fixed my brothers sadi he had a major virus on it and they sourced it to a time when he downloaded antivirus 2009 thinking it was his avg antivirus tellin him to clean his comp.

Corholio

Thanks for the above advice.

The attached log is the report that ComboFix produced

Hope someone can get to the root of the problem for me. Cheers again.

ActorSeeksJob

Don't attach the logs please

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Open notepad and copy/paste the text in the quotebox below into it:

http://boards.ie/vbulletin/showthread.php?t=2055472050

Collect::
c:\windows\wpkzrh.cml
c:\windows\ggyhki.fyx
c:\windows\SYSTEM32\260567ed197719dad316289e95779f52.exe
c:\windows\qshqse.zky
c:\windows\ncjwbw.pmn
c:\windows\zbwxey.ajc
c:\windows\SYSTEM32\159558702775b243a40ab4bd90430bd8.exe
c:\windows\sunvzt.pnr
c:\windows\mzdiss.vtg
c:\windows\rabqvk.rkr
c:\windows\ezupft.dtk
c:\windows\xxwjui.olw
c:\windows\vxhjpf.ytq
c:\windows\cumogg.krz
c:\windows\yjqtft.kwg
c:\windows\qoiwkn.xwv
c:\windows\lqcwpc.xgc
c:\windows\zszmif.ymp
c:\windows\cgmtha.mxn
c:\windows\SYSTEM32\da903d8f583b67a3649ddcb7b87e92c9.exe
c:\windows\scpgrn.yfp
c:\windows\jsmspl.rgn
c:\windows\tzxote.dfy
c:\windows\trejue.cfv
c:\windows\sktndf.gtm
c:\windows\yivqsv.fmu
c:\windows\ulmbko.zba
c:\windows\lntqxv.qoc
c:\windows\pulibo.pig
c:\windows\gjusud.hbq
c:\windows\guwjsv.pxb
c:\windows\cmlaeg.igz
c:\windows\axszjf.wbi
c:\windows\vkthyz.bpc
c:\windows\kyiwqe.gxm
c:\windows\wuecmc.zkj
c:\windows\sxvmfv.tzp
c:\windows\wiywvh.xbk
c:\windows\cyuazu.twx
c:\windows\uvgvle.jvn
c:\windows\SYSTEM32\5c8f5f35b509d810e0e79fabc8b1b69a.exe
c:\windows\xnuutv.pym
c:\windows\bwfdgk.wpn
c:\windows\usiyxe.gcs
c:\windows\lifluc.adq
c:\windows\mfzjyv.puz
c:\windows\lzuhed.qbj
c:\windows\buvcgp.sbm
c:\windows\jslvpe.zmi
c:\windows\ifbsau.bae
c:\windows\fdvkhx.tbs
c:\windows\nixwsf.gjq
c:\windows\juhcui.kmc
c:\windows\SYSTEM32\0667ad266d7f3fcd2b18aaf1bfd71160.exe
c:\windows\ndfspk.pio
c:\windows\dlrjwj.mwd
c:\windows\xddhbn.blh
c:\windows\mycrjs.cgb
c:\windows\yqpovi.whx
c:\windows\ofhhwz.sob
c:\windows\pzzqpm.nbl
c:\windows\jdwjcx.fsj
c:\windows\vqozxk.qqp
c:\windows\jrtlag.xnv
c:\windows\nycotq.ihj
c:\windows\vkbpjd.vbt
c:\windows\hrdnnm.jus
c:\windows\fewaky.sdo
c:\windows\SYSTEM32\5477106bc10c62a731b0f1f72bcb32aa.exe
c:\windows\nzdgvu.rsc
c:\windows\lrvbrr.cau
c:\windows\qxdgsg.xho
c:\windows\kpjqvv.yrb
c:\windows\wxayox.byk
c:\windows\ujnrpc.mnm
c:\windows\jqoueo.ooo
c:\windows\xrcnmm.lcy
c:\windows\qfxdph.ukj
c:\windows\npdpwg.ksp
c:\windows\hiqwfn.ooj
c:\windows\crjoxb.pcz
c:\windows\wevlfw.emd
c:\windows\hwlxii.yxh
c:\windows\auqpjj.iqn
c:\windows\ufmoca.zxd
c:\windows\svabhf.yqg
c:\windows\urwhkj.ysj
c:\windows\mhrevl.lyg
c:\windows\qkdazv.xwp
c:\windows\hkuzkv.ona
c:\windows\zcfgya.cfh
c:\windows\qgudem.wie
c:\windows\svqnyi.kfr
c:\windows\pfsshz.ahg
c:\windows\curhuc.pym
c:\windows\wkxhvf.ssz
c:\windows\jywvii.hif
c:\windows\boqstk.vpc
c:\windows\zlcqdf.php
c:\windows\kkxfaj.oug
c:\windows\uvcydi.eck
c:\windows\ibgsfp.nym
c:\windows\pfubff.ltr
c:\windows\cznrrc.wdo
c:\windows\njjrqd.qgh
c:\windows\ktlwzv.giw
c:\windows\kawsqt.cuf
c:\windows\vkdggv.phr
c:\windows\vcskpx.sui
c:\windows\ridsjf.llw
c:\windows\atid.ini
c:\windows\drggjx.ilb
c:\windows\SYSTEM32\e864b10ac46e0336e2bc0e0b15425fcf.sys
c:\windows\SYSTEM32\vumer.dll
c:\windows\SYSTEM32\970583c9529b7fbe2f18c34be2a7b67c.exe
c:\windows\29FA3ED5C365F11E36779BEE3FDC58.exe
c:\windows\SYSTEM32\32cb88ce7082309044182570e9e94560.exe
c:\windows\SYSTEM32\cd59bbafe06530950f5069dbedd3e23f.exe
c:\windows\SYSTEM32\2ac0a18f01c9848e52a37dac35da05da.exe
c:\windows\SYSTEM32\9af88939a72dea87d0a20df8ec8e5690.exe
c:\windows\1A5761A7C81884D6C4B5A532C50F6.exe
c:\windows\SYSTEM32\b863004128a9c0180f730517e2ca0e81.exe
c:\windows\EEA7EC2D66B58DBDC8DDEDC3FE8A9D.exe
c:\windows\SYSTEM32\0c5f40888115ae0a4223daf69a5661db.exe
c:\windows\SYSTEM32\995ca38523bb4393926d0accdf12b45e.exe
c:\windows\SYSTEM32\elrbnach.exe
c:\windows\74138ED69FCD286B2322E45CC372831F.exe
c:\windows\SYSTEM32\3614852d292890b44ccbc9e2e6966fb3.exe
c:\windows\814C2E513DD4D129976210F66ADF55.exe
c:\windows\SYSTEM32\9a27e61cdd6308bb60999ab1d981348d.exe
c:\windows\Microsoft.NET\smbv.bak1
c:\windows\Microsoft.NET\smbv.bak2
c:\windows\Microsoft.NET\vbms.dll
c:\windows\REPAIR\evawsys.bak1
c:\windows\REPAIR\evawsys.bak2
c:\windows\REPAIR\evawsys.ini2
c:\windows\REPAIR\syswave.dll
c:\windows\SYSTEM32\vtstr.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{195054fa-fa5f-11db-8129-000ee7500341}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22275a2e-ae82-11dd-84ba-000ee7500341}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d2f8ae-e380-11dd-851c-000ee7500341}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92ea7e66-d90e-11dd-8509-000ee7500341}]


Driver::
zw0er_!p

Rootkit::
c:\windows\zw0er_!.txt
c:\windows\system32\zw0er_!.dat
c:\windows\system32\zw0er_!p.sys

KillAll::
Suspect::

Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

• Ensure you are connected to the internet and click OK on the message box.

Corholio

Thanks again.

Firstly this is the contents of Report.txt

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\vtstr.dll - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 20:32:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Enum\Root\LEGACY_ZW0ER_!P.SYS]
"NextInstance"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
"Service"="zw0er_!p.sys"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000000
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="BootConfig"
"Capabilities"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Services\BTHPORT\Parameters\Keys\000ee7500341]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"
"DisplayName"="BootConfig"
"Group"="Event Log"
"ErrorControl"=dword:00000000
"Start"=dword:00000000
"Type"=dword:00000001
"Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\zw0er_!.txt 0 bytes
C:\WINDOWS\SYSTEM32\zw0er_!.dat 130 bytes
C:\WINDOWS\SYSTEM32\zw0er_!p.sys 53056 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 3


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"="C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application"
"C:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe"="C:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe:*:Disabled:Rio Taxi"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="C:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 1 Jul 2008 14,243,082 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Mon 13 Jun 2005 567,489 A.SH. --- "C:\WINDOWS\Microsoft.NET\smbv.tmp"
Sun 18 Dec 2005 443,373 ..SH. --- "C:\WINDOWS\Microsoft.NET\smbv.bak2"
Thu 11 Aug 2005 505,953 ..SH. --- "C:\WINDOWS\Microsoft.NET\smbv.bak1"
Fri 29 Apr 2005 468,500 ..SH. --- "C:\WINDOWS\Microsoft.NET\vbms.dll"
Sun 17 Jul 2005 465,116 ..SH. --- "C:\WINDOWS\REPAIR\evawsys.bak1"
Sun 17 Jul 2005 464,991 ..SH. --- "C:\WINDOWS\REPAIR\evawsys.bak2"
Fri 15 Jul 2005 872,468 ..SH. --- "C:\WINDOWS\REPAIR\syswave.dll"
Thu 9 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 8 Apr 2008 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
Thu 5 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 8 Jul 2007 7,423,960 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02ec37ec946ef377971d8300cdcd818f\BITC8.tmp"
Tue 3 Jul 2007 2,388,288 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b8f54b7625d6446acebabe800ef0126\BITE1.tmp"
Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BITE5.tmp"
Tue 3 Jul 2007 791,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3e61eb2bda5dda528a8686f8905497f\BITF5.tmp"
Mon 4 Aug 2008 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d27c2900aa2705e008389ddae7c985e9\BIT4E2.tmp"
Sun 1 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3226ed0a8904ae940c1794b1cd8b325\BITBF.tmp"
Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Anthony Dunne\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Corholio

And secondly, this is the log that was created


ComboFix 09-01-21.04 - Anthony Dunne 2009-01-30 20:46:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.115 [GMT 0:00]
Running from: c:\documents and settings\Anthony Dunne\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Anthony Dunne\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1A5761A7C81884D6C4B5A532C50F6.exe
c:\windows\29FA3ED5C365F11E36779BEE3FDC58.exe
c:\windows\74138ED69FCD286B2322E45CC372831F.exe
c:\windows\814C2E513DD4D129976210F66ADF55.exe
c:\windows\atid.ini
c:\windows\auqpjj.iqn
c:\windows\axszjf.wbi
c:\windows\boqstk.vpc
c:\windows\buvcgp.sbm
c:\windows\bwfdgk.wpn
c:\windows\cgmtha.mxn
c:\windows\cmlaeg.igz
c:\windows\crjoxb.pcz
c:\windows\cumogg.krz
c:\windows\curhuc.pym
c:\windows\cyuazu.twx
c:\windows\cznrrc.wdo
c:\windows\dlrjwj.mwd
c:\windows\drggjx.ilb
c:\windows\EEA7EC2D66B58DBDC8DDEDC3FE8A9D.exe
c:\windows\ezupft.dtk
c:\windows\fdvkhx.tbs
c:\windows\fewaky.sdo
c:\windows\ggyhki.fyx
c:\windows\gjusud.hbq
c:\windows\guwjsv.pxb
c:\windows\hiqwfn.ooj
c:\windows\hkuzkv.ona
c:\windows\hrdnnm.jus
c:\windows\hwlxii.yxh
c:\windows\ibgsfp.nym
c:\windows\ifbsau.bae
c:\windows\jdwjcx.fsj
c:\windows\jqoueo.ooo
c:\windows\jrtlag.xnv
c:\windows\jslvpe.zmi
c:\windows\jsmspl.rgn
c:\windows\juhcui.kmc
c:\windows\jywvii.hif
c:\windows\kawsqt.cuf
c:\windows\kkxfaj.oug
c:\windows\kpjqvv.yrb
c:\windows\ktlwzv.giw
c:\windows\kyiwqe.gxm
c:\windows\lifluc.adq
c:\windows\lntqxv.qoc
c:\windows\lqcwpc.xgc
c:\windows\lrvbrr.cau
c:\windows\lzuhed.qbj
c:\windows\mfzjyv.puz
c:\windows\mhrevl.lyg
c:\windows\Microsoft.NET\smbv.bak1
c:\windows\Microsoft.NET\smbv.bak2
c:\windows\Microsoft.NET\vbms.dll
c:\windows\mycrjs.cgb
c:\windows\mzdiss.vtg
c:\windows\ncjwbw.pmn
c:\windows\ndfspk.pio
c:\windows\nixwsf.gjq
c:\windows\njjrqd.qgh
c:\windows\npdpwg.ksp
c:\windows\nycotq.ihj
c:\windows\nzdgvu.rsc
c:\windows\ofhhwz.sob
c:\windows\pfsshz.ahg
c:\windows\pfubff.ltr
c:\windows\pulibo.pig
c:\windows\pzzqpm.nbl
c:\windows\qfxdph.ukj
c:\windows\qgudem.wie
c:\windows\qkdazv.xwp
c:\windows\qoiwkn.xwv
c:\windows\qshqse.zky
c:\windows\qxdgsg.xho
c:\windows\rabqvk.rkr
c:\windows\REPAIR\evawsys.bak1
c:\windows\REPAIR\evawsys.bak2
c:\windows\REPAIR\evawsys.ini2
c:\windows\REPAIR\syswave.dll
c:\windows\ridsjf.llw
c:\windows\scpgrn.yfp
c:\windows\sktndf.gtm
c:\windows\sunvzt.pnr
c:\windows\svabhf.yqg
c:\windows\svqnyi.kfr
c:\windows\sxvmfv.tzp
c:\windows\SYSTEM32\0667ad266d7f3fcd2b18aaf1bfd71160.exe
c:\windows\SYSTEM32\0c5f40888115ae0a4223daf69a5661db.exe
c:\windows\SYSTEM32\159558702775b243a40ab4bd90430bd8.exe
c:\windows\SYSTEM32\260567ed197719dad316289e95779f52.exe
c:\windows\SYSTEM32\2ac0a18f01c9848e52a37dac35da05da.exe
c:\windows\SYSTEM32\32cb88ce7082309044182570e9e94560.exe
c:\windows\SYSTEM32\3614852d292890b44ccbc9e2e6966fb3.exe
c:\windows\SYSTEM32\5477106bc10c62a731b0f1f72bcb32aa.exe
c:\windows\SYSTEM32\5c8f5f35b509d810e0e79fabc8b1b69a.exe
c:\windows\SYSTEM32\970583c9529b7fbe2f18c34be2a7b67c.exe
c:\windows\SYSTEM32\995ca38523bb4393926d0accdf12b45e.exe
c:\windows\SYSTEM32\9a27e61cdd6308bb60999ab1d981348d.exe
c:\windows\SYSTEM32\9af88939a72dea87d0a20df8ec8e5690.exe
c:\windows\SYSTEM32\b863004128a9c0180f730517e2ca0e81.exe
c:\windows\SYSTEM32\cd59bbafe06530950f5069dbedd3e23f.exe
c:\windows\SYSTEM32\da903d8f583b67a3649ddcb7b87e92c9.exe
c:\windows\SYSTEM32\e864b10ac46e0336e2bc0e0b15425fcf.sys
c:\windows\SYSTEM32\elrbnach.exe
c:\windows\SYSTEM32\vumer.dll
c:\windows\trejue.cfv
c:\windows\tzxote.dfy
c:\windows\ufmoca.zxd
c:\windows\ujnrpc.mnm
c:\windows\ulmbko.zba
c:\windows\urwhkj.ysj
c:\windows\usiyxe.gcs
c:\windows\uvcydi.eck
c:\windows\uvgvle.jvn
c:\windows\vcskpx.sui
c:\windows\vkbpjd.vbt
c:\windows\vkdggv.phr
c:\windows\vkthyz.bpc
c:\windows\vqozxk.qqp
c:\windows\vxhjpf.ytq
c:\windows\wevlfw.emd
c:\windows\wiywvh.xbk
c:\windows\wkxhvf.ssz
c:\windows\wpkzrh.cml
c:\windows\wuecmc.zkj
c:\windows\wxayox.byk
c:\windows\xddhbn.blh
c:\windows\xnuutv.pym
c:\windows\xrcnmm.lcy
c:\windows\xxwjui.olw
c:\windows\yivqsv.fmu
c:\windows\yjqtft.kwg
c:\windows\yqpovi.whx
c:\windows\zbwxey.ajc
c:\windows\zcfgya.cfh
c:\windows\zlcqdf.php
c:\windows\zszmif.ymp

.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-30 19:58 . 2009-01-30 19:59 <DIR> d

---

c:\windows\ERUNT
2009-01-30 19:45 . 2009-01-30 19:46 <DIR> d

---

c:\documents and settings\Administrator
2009-01-30 19:30 . 2009-01-30 20:39 <DIR> d

---

C:\SDFix
2008-12-29 17:19 . 2008-12-29 17:21 <DIR> d

---

c:\program files\AIM Music Link
2008-12-29 16:37 . 2008-12-29 17:20 <DIR> d

---

c:\program files\AIMTunes
2008-12-29 16:37 . 2008-12-29 16:37 <DIR> d

---

c:\documents and settings\All Users\Application Data\AOL Downloads
2008-12-29 16:36 . 2008-12-29 16:36 <DIR> d

---

c:\documents and settings\All Users\Application Data\acccore
2008-12-28 17:33 . 2008-12-28 17:33 0 --a

---

c:\windows\eskwoc.ntf
2008-12-26 19:33 . 2008-12-26 19:33 0 --a

---

c:\windows\xjwxbv.tkb
2008-12-26 19:33 . 2008-12-26 19:33 0 --a

---

c:\windows\lusrhi.ape
2008-12-26 03:03 . 2008-12-26 03:03 0 --a

---

c:\windows\ylwtrn.hdr
2008-12-26 03:03 . 2008-12-26 03:03 0 --a

---

c:\windows\cifjyu.nol
2008-12-26 02:49 . 2008-12-26 02:49 0 --a

---

c:\windows\tvrkdt.bpe
2008-12-25 17:28 . 2008-12-25 17:28 0 --a

---

c:\windows\pfofhi.ckx
2008-12-25 17:28 . 2008-12-25 17:28 0 --a

---

c:\windows\lyfdhw.sjg
2008-12-25 01:13 . 2008-12-25 01:13 0 --a

---

c:\windows\zegsmk.mst
2008-12-25 01:13 . 2008-12-25 01:13 0 --a

---

c:\windows\bsuzlf.bdr
2008-12-24 17:40 . 2008-12-24 17:40 0 --a

---

c:\windows\pcpnmo.ubn
2008-12-24 17:40 . 2008-12-24 17:40 0 --a

---

c:\windows\hreqbk.koq
2008-12-24 17:40 . 2008-12-24 17:40 0 --a

---

c:\windows\dpvtvs.ceb
2008-12-24 01:20 . 2008-12-24 01:20 0 --a

---

c:\windows\lrlyxp.wgw
2008-12-24 01:20 . 2008-12-24 01:20 0 --a

---

c:\windows\kqgfbi.znc
2008-12-23 01:31 . 2008-12-23 01:31 0 --a

---

c:\windows\uxzdyf.uqr
2008-12-22 13:50 . 2008-12-22 13:50 0 --a

---

c:\windows\pdkzim.jfe
2008-12-22 13:50 . 2008-12-22 13:50 0 --a

---

c:\windows\oesiqo.nsz
2008-12-22 02:53 . 2008-12-22 02:53 <DIR> d

---

c:\program files\4U Computing
2008-12-21 18:17 . 2008-12-21 18:17 0 --a

---

c:\windows\ennffv.pzr
2008-12-21 18:16 . 2008-12-21 18:16 0 --a

---

c:\windows\rnvmsl.vxb
2008-12-21 18:16 . 2008-12-21 18:16 0 --a

---

c:\windows\gpesrn.anb
2008-12-21 18:16 . 2008-12-21 18:16 0 --a

---

c:\windows\ambkya.gxa
2008-12-21 01:37 . 2008-12-21 01:37 <DIR> d

---

C:\ConverterOutput
2008-12-21 01:36 . 2008-12-21 01:36 <DIR> d

---

c:\program files\Cucusoft
2008-12-21 01:36 . 2003-03-30 20:08 372,736 --a

---

c:\windows\SYSTEM32\xvid.ax
2008-12-21 00:32 . 2008-12-21 00:32 0 --a

---

c:\windows\ktrnuo.xhl
2008-12-19 20:25 . 2008-12-19 20:25 0 --a

---

c:\windows\cvswfy.wsa
2008-12-19 01:42 . 2008-12-19 01:42 0 --a

---

c:\windows\ypqdxf.kad
2008-12-19 01:42 . 2008-12-19 01:42 0 --a

---

c:\windows\xcmghm.sud
2008-12-19 01:42 . 2008-12-19 01:42 0 --a

---

c:\windows\jhkfmm.kfi
2008-12-18 20:10 . 2008-12-18 20:10 0 --a

---

c:\windows\otzhaf.aju
2008-12-18 19:54 . 2008-12-18 19:54 0 --a

---

c:\windows\raomgt.uyk
2008-12-18 19:54 . 2008-12-18 19:54 0 --a

---

c:\windows\qhzhxr.ytq
2008-12-18 19:54 . 2008-12-18 19:54 0 --a

---

c:\windows\eaneni.eaw
2008-12-18 00:38 . 2008-12-18 00:38 0 --a

---

c:\windows\uzjayx.mgi
2008-12-18 00:38 . 2008-12-18 00:38 0 --a

---

c:\windows\niqlgg.wgw
2008-12-18 00:38 . 2008-12-18 00:38 0 --a

---

c:\windows\gsambj.grn
2008-12-17 16:39 . 2008-12-17 16:39 0 --a

---

c:\windows\ludjyy.mva
2008-12-17 16:39 . 2008-12-17 16:39 0 --a

---

c:\windows\bipidi.kjk
2008-12-17 16:38 . 2008-12-17 16:38 0 --a

---

c:\windows\vkzzwz.gui
2008-12-17 16:38 . 2008-12-17 16:38 0 --a

---

c:\windows\fbnipa.igu
2008-12-14 21:15 . 2008-12-14 21:15 0 --a

---

c:\windows\trufup.jix
2008-12-14 21:15 . 2008-12-14 21:15 0 --a

---

c:\windows\qpurxz.ydf
2008-12-13 01:03 . 2008-12-13 01:03 0 --a

---

c:\windows\rlkcwe.spq
2008-12-13 01:03 . 2008-12-13 01:03 0 --a

---

c:\windows\qdunkz.yjn
2008-12-12 19:43 . 2008-12-12 19:43 0 --a

---

c:\windows\xaoehf.ypc
2008-12-12 18:48 . 2008-12-12 18:48 0 --a

---

c:\windows\xnlvjs.gsv
2008-12-12 18:48 . 2008-12-12 18:48 0 --a

---

c:\windows\khelwp.rct
2008-12-12 14:08 . 2008-12-12 14:08 0 --a

---

c:\windows\uosizu.mad
2008-12-12 14:08 . 2008-12-12 14:08 0 --a

---

c:\windows\aekxql.jjn
2008-12-12 02:03 . 2008-12-12 02:03 0 --a

---

c:\windows\nqjsow.prw
2008-12-12 02:03 . 2008-12-12 02:03 0 --a

---

c:\windows\kvofly.dfs
2008-12-12 02:03 . 2008-12-12 02:03 0 --a

---

c:\windows\cdpxxz.qlm
2008-12-10 21:23 . 2008-12-10 21:23 0 --a

---

c:\windows\yktdvl.grk
2008-12-10 21:23 . 2008-12-10 21:23 0 --a

---

c:\windows\ebmsnd.dau
2008-12-10 21:23 . 2008-12-10 21:23 0 --a

---

c:\windows\dgopyj.luq
2008-12-09 20:55 . 2004-08-03 23:10 78,464 --a

---

c:\windows\SYSTEM32\DRIVERS\usbvideo.sys
2008-12-09 20:55 . 2004-08-03 23:10 78,464 --a

---

c:\windows\SYSTEM32\DLLCACHE\usbvideo.sys
2008-12-09 20:55 . 2004-08-04 00:56 20,992 --a

---

c:\windows\SYSTEM32\dshowext.ax
2008-12-09 20:55 . 2004-08-04 00:56 20,992 --a

---

c:\windows\SYSTEM32\DLLCACHE\dshowext.ax
2008-12-08 17:24 . 2008-12-08 17:24 0 --a

---

c:\windows\vspmue.cvo
2008-12-08 17:24 . 2008-12-08 17:24 0 --a

---

c:\windows\iexhpd.rsd
2008-12-07 20:13 . 2008-12-07 20:13 0 --a

---

c:\windows\vnnhhe.mrq
2008-12-07 20:13 . 2008-12-07 20:13 0 --a

---

c:\windows\smntko.bmx
2008-12-07 01:30 . 2008-12-07 01:30 0 --a

---

c:\windows\rmobwd.aef
2008-12-07 01:30 . 2008-12-07 01:30 0 --a

---

c:\windows\gnqxme.bgl
2008-12-07 01:30 . 2008-12-07 01:30 0 --a

---

c:\windows\efcymu.nvj
2008-12-06 01:04 . 2008-12-06 01:04 0 --a

---

c:\windows\vnhrfj.flk
2008-12-06 01:04 . 2008-12-06 01:04 0 --a

---

c:\windows\szukho.qan
2008-12-05 18:59 . 2008-12-05 18:59 0 --a

---

c:\windows\xnwukb.ynq
2008-12-05 18:59 . 2008-12-05 18:59 0 --a

---

c:\windows\ckcufn.ydj
2008-12-05 18:59 . 2008-12-05 18:59 0 --a

---

c:\windows\birhna.dqw
2008-12-05 17:30 . 2008-12-05 16:22 102,664 --a

---

c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
2008-12-05 16:22 . 2008-12-05 17:53 <DIR> d

---

c:\documents and settings\Anthony Dunne\.housecall6.6
2008-12-05 16:18 . 2008-12-05 16:18 0 --a

---

c:\windows\rvcrdk.ify
2008-12-05 16:18 . 2008-12-05 16:18 0 --a

---

c:\windows\qwkalm.mss
2008-12-05 16:16 . 2008-12-05 16:16 0 --a

---

c:\windows\twezrc.jti
2008-12-05 16:16 . 2008-12-05 16:16 0 --a

---

c:\windows\imgror.qjh
2008-12-05 16:04 . 2008-12-05 16:04 0 --a

---

c:\windows\rfuhoy.bzq
2008-12-05 16:04 . 2008-12-05 16:04 0 --a

---

c:\windows\enleuo.lcg
2008-12-05 16:03 . 2008-12-05 16:03 0 --a

---

c:\windows\npztvy.qhv
2008-12-05 16:03 . 2008-12-05 16:03 0 --a

---

c:\windows\dylkcx.owk
2008-12-05 15:46 . 2008-12-05 15:47 0 --a

---

c:\windows\rtpcih.zth
2008-12-05 15:46 . 2008-12-05 15:46 0 --a

---

c:\windows\goomrl.ana
2008-12-05 15:46 . 2008-12-05 15:47 0 --a

---

c:\windows\gaqgxt.bui
2008-12-04 19:14 . 2008-12-04 19:15 0 --a

---

c:\windows\xyjalw.jbg
2008-12-04 19:14 . 2008-12-04 19:14 0 --a

---

c:\windows\podwwz.wid
2008-12-03 22:00 . 2008-12-03 22:00 0 --a

---

c:\windows\rwpvoj.gxh
2008-12-03 22:00 . 2008-12-03 22:00 0 --a

---

c:\windows\jlvoud.rwq
2008-12-03 22:00 . 2008-12-03 22:00 0 --a

---

c:\windows\bndehk.ijs
2008-12-01 01:16 . 2008-12-01 01:16 0 --a

---

c:\windows\taghuk.inx
2008-12-01 01:16 . 2008-12-01 01:16 0 --a

---

c:\windows\bkmkji.uha

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 20:51

---

d

---

w c:\documents and settings\All Users\Application Data\Kontiki
2009-01-16 17:37

---

d

---

w c:\program files\Dl_cats
2009-01-09 17:24

---

d

---

w c:\documents and settings\Anthony Dunne\Application Data\uTorrent
2008-12-29 16:37

---

d

---

w c:\program files\AIM6
2008-12-29 16:36

---

d

---

w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-29 16:35

---

d

---

w c:\documents and settings\All Users\Application Data\AOL
2008-12-11 00:53

---

d

---

w c:\program files\uTorrent
2008-11-28 20:08

---

d

---

w c:\documents and settings\Anthony Dunne\Application Data\AdobeUM
.

((((((((((((((((((((((((((((( snapshot@2009-01-29_19.04.30.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 15:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2009-01-30 19:59:40 7,647,232 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2009-01-30 19:59:40 450,560 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 15:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-01-30 19:59:17 7,647,232 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2009-01-30 19:59:17 450,560 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2009-01-29 18:54:25 16,384 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-01-30 20:28:08 16,384 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2009-01-29 18:54:25 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-30 20:28:08 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-29 18:54:25 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 20:28:08 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 20:49:44 16,384 ----atw c:\windows\temp\Perflib_Perfdata_458.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C78BF498-411B-48F3-A95E-821F009BF106}]
2005-08-11 19:30 189460 --a

---

c:\windows\system32\ssc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-05-23 3031040]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-02-22 1302528]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"Octoshape Streaming Services"="c:\documents and settings\Anthony Dunne\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
"VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-03-24 1380352]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 885760]
"Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2003-09-15 118784]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088]
"DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\SYSTEM32\BTHPROPS.CPL]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-07 113664]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-11-24 1179648]
Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-08-09 634880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{B29BE267-3A64-4F7E-8A57-75FB5E900506}"= "c:\windows\system32\hk.dll" [2006-04-06 52256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32]
2006-04-06 15:42 52256 c:\windows\SYSTEM32\hk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2004-12-17 23296]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-28 24652]

--- Other Services/Drivers In Memory ---

*Deregistered* - dnbudf
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -

BHO-{2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - c:\windows\system32\vumer.dll
Notify-vbms - c:\windows\Microsoft.NET\vbms.dll


.

---

Supplementary Scan

---

.
uStart Page = hxxp://www.corkcityfc.ie/
mStart Page = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
Trusted Zone: coolwebsearch.com
Trusted Zone: searchmeup.com
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 20:50:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\windows\zw0er_!.txt 0 bytes
c:\windows\system32\zw0er_!.dat 130 bytes
c:\windows\system32\zw0er_!p.sys 53056 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet026\Services\zw0er_!p.sys]
"ImagePath"="system32\zw0er_!p.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet026\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'winlogon.exe'(768)
c:\windows\system32\hk.dll
.

---

Other Running Processes

---

.
c:\windows\SYSTEM32\LEXBCES.EXE
c:\windows\SYSTEM32\LEXPPS.EXE
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\program files\Kontiki\KService.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\windows\SYSTEM32\UAService7.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
c:\program files\AIM6\aolsoftware.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
c:\windows\SYSTEM32\dlcgcoms.exe
.
**************************************************************************
.
Completion time: 2009-01-30 20:56:55 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-30 20:56:07
ComboFix2.txt 2009-01-29 19:07:41

Pre-Run: 51,140,374,528 bytes free
Post-Run: 51,115,409,408 bytes free

439 --- E O F --- 2007-10-14 23:06:47

ActorSeeksJob

hello

Please download ATF Cleaner by Atribune.

Double-click

ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

Click

Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser

Click

Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

Corholio

Malware scan:

Malwarebytes' Anti-Malware 1.33
Database version: 1712
Windows 5.1.2600 Service Pack 2

31/01/2009 19:51:36
mbam-log-2009-01-31 (19-51-36).txt

Scan type: Quick Scan
Objects scanned: 56289
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ddsme.kl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ddsme.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{624f9012-d73b-11dd-95af-61c156d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{52cde0e4-d73b-11dd-9b90-fcc056d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ba3ec77b1945f7dd44ca1dbcde638ccc.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\244d119390b34608e0aaaa35b2ad6a2f.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\33b9ef7d480a80ff5616d6fb32c765a2.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\admparsek.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Corholio

Kaspersky scan:

---

KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 1, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 31, 2009 15:48:35
Records in database: 1732766

---

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
\
E:\

Scan statistics:
Files scanned: 70697
Threat name: 28
Infected objects: 58
Suspicious objects: 0
Duration of the scan: 01:42:28


File name / Threat name / Threats count
C:\WINDOWS\system32\hk.dll//UPX/C:\WINDOWS\system32\hk.dll//UPX Infected: Trojan-Downloader.Win32.Delf.amb 2
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\1.d.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.vt 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\1.exe.bac_a03604 Infected: Trojan-Dropper.Win32.Delf.jm 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\36110103225.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Tiny.bm 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\admparsel.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.ako 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\admparsel.dll.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.agw 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\alt.exe.bac_a03604 Infected: Trojan-Clicker.Win32.Delf.eb 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc24.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc40.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc46.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc5.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.lh 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc6.log.bac_a03604 Infected: not-a-virus:AdWare.Win32.Agent.m 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc8.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aml 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\febftdve.exe.bac_a03604 Infected: Trojan-PSW.Win32.Delf.nq 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\gtqgpqmo.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\hk.dll.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.amb 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\neemmjgg.exe.bac_a03604 Infected: Trojan-PSW.Win32.Delf.nq 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\nhldr.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Small.egh 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\req.dll.bac_a03604 Infected: Trojan-Downloader.Win32.ConHook.c 1
C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\st3.dll.bac_a03604 Infected: Trojan.Win32.Delf.pu 1
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Radial Blur.8BF Infected: Rootkit.Win32.TDSS.eyj 1
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Shear.8BF Infected: Rootkit.Win32.TDSS.eyj 1
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Wave.8BF Infected: Rootkit.Win32.TDSS.eyj 1
C:\Qoobox\Quarantine\C\WINDOWS\alt.exe.vir Infected: Trojan-Clicker.Win32.Delf.eb 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\beebdfbdd.dll.vir Infected: Worm.Win32.AutoRun.raz 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_beebdfbdd_.dll.zip Infected: Worm.Win32.AutoRun.raz 1
C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan.Win32.Qhost.kng 6
C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan.Win32.Agent.cs 1
C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan-Downloader.Win32.Agent.aba 1
C:\SDFix\backups\backups.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
C:\WINDOWS\cpblpbc18.log Infected: Trojan-Clicker.Win32.Delf.abq 1
C:\WINDOWS\cpblpbc20.log Infected: Trojan-Downloader.Win32.Delf.ixl 1
C:\WINDOWS\cpblpbc3.log Infected: Trojan-Downloader.Win32.Delf.lh 1
C:\WINDOWS\cpblpbc32.log Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\WINDOWS\cpblpbc38.log Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\WINDOWS\cpblpbc4.log Infected: Trojan-Downloader.Win32.Delf.lh 1
C:\WINDOWS\SYSTEM32\19eee24d207f852bdcf7f2fc86df1e71.tmp Infected: not-a-virus:AdWare.Win32.BHO.drn 1
C:\WINDOWS\SYSTEM32\admparsel.dll Infected: Trojan-Downloader.Win32.Delf.agw 1
C:\WINDOWS\SYSTEM32\avw2(2).dll Infected: Trojan-Downloader.Win32.Small.bzs 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u295[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u609[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u713[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u818[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u837[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u909[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
C:\WINDOWS\SYSTEM32\d4xofa.dll Infected: Trojan-Downloader.Win32.Delf.aeo 1
C:\WINDOWS\SYSTEM32\dvaijqku.exe Infected: Trojan-Downloader.Win32.Small.egh 1
C:\WINDOWS\SYSTEM32\hk.dll Infected: Trojan-Downloader.Win32.Delf.amb 1
C:\WINDOWS\SYSTEM32\ssc.dll Infected: Trojan-Downloader.Win32.Delf.uy 1
C:\WINDOWS\SYSTEM32\st3.dll Infected: Trojan.Win32.Delf.pu 1
C:\WINDOWS\SYSTEM32\vuilpilm.exe Infected: not-a-virus:AdWare.Win32.BHO.can 1
C:\WINDOWS\SYSTEM32\wsatwuvq.exe Infected: Trojan.Win32.Qhost.kng 1

The selected area was scanned.

ActorSeeksJob

hello


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\hk.dll
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Radial Blur.8BF
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Shear.8BF
C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Wave.8BF
C:\WINDOWS\cpblpbc18.log
C:\WINDOWS\cpblpbc20.log
C:\WINDOWS\cpblpbc3.log
C:\WINDOWS\cpblpbc32.log
C:\WINDOWS\cpblpbc38.log
C:\WINDOWS\cpblpbc4.log
C:\WINDOWS\SYSTEM32\19eee24d207f852bdcf7f2fc86df1e71.tmp
C:\WINDOWS\SYSTEM32\admparsel.dll
C:\WINDOWS\SYSTEM32\avw2(2).dll
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u295[1].msg
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u609[1].msg
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u713[1].msg
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u818[1].msg
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u837[1].msg
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u909[1].msg
C:\WINDOWS\SYSTEM32\d4xofa.dll
C:\WINDOWS\SYSTEM32\dvaijqku.exe
C:\WINDOWS\SYSTEM32\hk.dll
C:\WINDOWS\SYSTEM32\ssc.dll
C:\WINDOWS\SYSTEM32\st3.dll
C:\WINDOWS\SYSTEM32\vuilpilm.exe
C:\WINDOWS\SYSTEM32\wsatwuvq.exe

Folder::

Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.