Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Virus stops me installing Anti-Virus

  • 26-01-2009 3:50pm
    #1
    Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭


    Dont know if this is a common virus or not, but i am unable to download an anti-virus program to get rid of a virus on my computer. When i type in AVG or McAfee into a search engine, it closes the window. It also stops installation of AVG when i transfer the program to the computer via usb.

    Any help with this would be very gratefully received.


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hello

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      CF_download_FF.gif

      CF_download_rename.gif

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    7. Double click on combo-Fix.exe & follow the prompts.
    8. When finished, it will produce a report for you.
    9. Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


  • Registered Users, Registered Users 2 Posts: 1,194 ✭✭✭Little Miss Cutie


    Hi
    I hope I am not hijaking thread. I have a similar problem.

    I have a work laptop which has McAfee on it that is set up to update everyday at 1pm. However it isnt doing this and wont do it. The reason I know this is that I now have a virus which is infecting every memory stick I use ( I need memory sticks for what I am doing)

    I have no idea how to fix it, the anti virus wont update when I try to run it it just says failed next to details. I am not back in the office for a couple of weeks and need to sort this.

    How does the combi-fix work and can I do it even though I have mcafee installed and will my IT know I have done this?

    Thanks in advance to anyone that can help


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    Cutie_pc wrote: »
    Hi
    I hope I am not hijaking thread. I have a similar problem.

    I have a work laptop which has McAfee on it that is set up to update everyday at 1pm. However it isnt doing this and wont do it. The reason I know this is that I now have a virus which is infecting every memory stick I use ( I need memory sticks for what I am doing)

    I have no idea how to fix it, the anti virus wont update when I try to run it it just says failed next to details. I am not back in the office for a couple of weeks and need to sort this.

    How does the combi-fix work and can I do it even though I have mcafee installed and will my IT know I have done this?

    Thanks in advance to anyone that can help
    Bad idea to be avoiding your IT dept. Since it's a work laptop, give it to them and let them sort it.


  • Registered Users, Registered Users 2 Posts: 112 ✭✭bethm24


    This happened to my brother. Dood, it has a virus.....it needs to be fixed. He had exactly the same problem and it gets worse if you dont fix it now. The guy that fixed my brothers sadi he had a major virus on it and they sourced it to a time when he downloaded antivirus 2009 thinking it was his avg antivirus tellin him to clean his comp.


  • Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭Corholio


    Thanks for the above advice.

    The attached log is the report that ComboFix produced

    Hope someone can get to the root of the problem for me. Cheers again.


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Don't attach the logs please

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum.




    Open notepad and copy/paste the text in the quotebox below into it:
    http://boards.ie/vbulletin/showthread.php?t=2055472050

    Collect::
    c:\windows\wpkzrh.cml
    c:\windows\ggyhki.fyx
    c:\windows\SYSTEM32\260567ed197719dad316289e95779f52.exe
    c:\windows\qshqse.zky
    c:\windows\ncjwbw.pmn
    c:\windows\zbwxey.ajc
    c:\windows\SYSTEM32\159558702775b243a40ab4bd90430bd8.exe
    c:\windows\sunvzt.pnr
    c:\windows\mzdiss.vtg
    c:\windows\rabqvk.rkr
    c:\windows\ezupft.dtk
    c:\windows\xxwjui.olw
    c:\windows\vxhjpf.ytq
    c:\windows\cumogg.krz
    c:\windows\yjqtft.kwg
    c:\windows\qoiwkn.xwv
    c:\windows\lqcwpc.xgc
    c:\windows\zszmif.ymp
    c:\windows\cgmtha.mxn
    c:\windows\SYSTEM32\da903d8f583b67a3649ddcb7b87e92c9.exe
    c:\windows\scpgrn.yfp
    c:\windows\jsmspl.rgn
    c:\windows\tzxote.dfy
    c:\windows\trejue.cfv
    c:\windows\sktndf.gtm
    c:\windows\yivqsv.fmu
    c:\windows\ulmbko.zba
    c:\windows\lntqxv.qoc
    c:\windows\pulibo.pig
    c:\windows\gjusud.hbq
    c:\windows\guwjsv.pxb
    c:\windows\cmlaeg.igz
    c:\windows\axszjf.wbi
    c:\windows\vkthyz.bpc
    c:\windows\kyiwqe.gxm
    c:\windows\wuecmc.zkj
    c:\windows\sxvmfv.tzp
    c:\windows\wiywvh.xbk
    c:\windows\cyuazu.twx
    c:\windows\uvgvle.jvn
    c:\windows\SYSTEM32\5c8f5f35b509d810e0e79fabc8b1b69a.exe
    c:\windows\xnuutv.pym
    c:\windows\bwfdgk.wpn
    c:\windows\usiyxe.gcs
    c:\windows\lifluc.adq
    c:\windows\mfzjyv.puz
    c:\windows\lzuhed.qbj
    c:\windows\buvcgp.sbm
    c:\windows\jslvpe.zmi
    c:\windows\ifbsau.bae
    c:\windows\fdvkhx.tbs
    c:\windows\nixwsf.gjq
    c:\windows\juhcui.kmc
    c:\windows\SYSTEM32\0667ad266d7f3fcd2b18aaf1bfd71160.exe
    c:\windows\ndfspk.pio
    c:\windows\dlrjwj.mwd
    c:\windows\xddhbn.blh
    c:\windows\mycrjs.cgb
    c:\windows\yqpovi.whx
    c:\windows\ofhhwz.sob
    c:\windows\pzzqpm.nbl
    c:\windows\jdwjcx.fsj
    c:\windows\vqozxk.qqp
    c:\windows\jrtlag.xnv
    c:\windows\nycotq.ihj
    c:\windows\vkbpjd.vbt
    c:\windows\hrdnnm.jus
    c:\windows\fewaky.sdo
    c:\windows\SYSTEM32\5477106bc10c62a731b0f1f72bcb32aa.exe
    c:\windows\nzdgvu.rsc
    c:\windows\lrvbrr.cau
    c:\windows\qxdgsg.xho
    c:\windows\kpjqvv.yrb
    c:\windows\wxayox.byk
    c:\windows\ujnrpc.mnm
    c:\windows\jqoueo.ooo
    c:\windows\xrcnmm.lcy
    c:\windows\qfxdph.ukj
    c:\windows\npdpwg.ksp
    c:\windows\hiqwfn.ooj
    c:\windows\crjoxb.pcz
    c:\windows\wevlfw.emd
    c:\windows\hwlxii.yxh
    c:\windows\auqpjj.iqn
    c:\windows\ufmoca.zxd
    c:\windows\svabhf.yqg
    c:\windows\urwhkj.ysj
    c:\windows\mhrevl.lyg
    c:\windows\qkdazv.xwp
    c:\windows\hkuzkv.ona
    c:\windows\zcfgya.cfh
    c:\windows\qgudem.wie
    c:\windows\svqnyi.kfr
    c:\windows\pfsshz.ahg
    c:\windows\curhuc.pym
    c:\windows\wkxhvf.ssz
    c:\windows\jywvii.hif
    c:\windows\boqstk.vpc
    c:\windows\zlcqdf.php
    c:\windows\kkxfaj.oug
    c:\windows\uvcydi.eck
    c:\windows\ibgsfp.nym
    c:\windows\pfubff.ltr
    c:\windows\cznrrc.wdo
    c:\windows\njjrqd.qgh
    c:\windows\ktlwzv.giw
    c:\windows\kawsqt.cuf
    c:\windows\vkdggv.phr
    c:\windows\vcskpx.sui
    c:\windows\ridsjf.llw
    c:\windows\atid.ini
    c:\windows\drggjx.ilb
    c:\windows\SYSTEM32\e864b10ac46e0336e2bc0e0b15425fcf.sys
    c:\windows\SYSTEM32\vumer.dll
    c:\windows\SYSTEM32\970583c9529b7fbe2f18c34be2a7b67c.exe
    c:\windows\29FA3ED5C365F11E36779BEE3FDC58.exe
    c:\windows\SYSTEM32\32cb88ce7082309044182570e9e94560.exe
    c:\windows\SYSTEM32\cd59bbafe06530950f5069dbedd3e23f.exe
    c:\windows\SYSTEM32\2ac0a18f01c9848e52a37dac35da05da.exe
    c:\windows\SYSTEM32\9af88939a72dea87d0a20df8ec8e5690.exe
    c:\windows\1A5761A7C81884D6C4B5A532C50F6.exe
    c:\windows\SYSTEM32\b863004128a9c0180f730517e2ca0e81.exe
    c:\windows\EEA7EC2D66B58DBDC8DDEDC3FE8A9D.exe
    c:\windows\SYSTEM32\0c5f40888115ae0a4223daf69a5661db.exe
    c:\windows\SYSTEM32\995ca38523bb4393926d0accdf12b45e.exe
    c:\windows\SYSTEM32\elrbnach.exe
    c:\windows\74138ED69FCD286B2322E45CC372831F.exe
    c:\windows\SYSTEM32\3614852d292890b44ccbc9e2e6966fb3.exe
    c:\windows\814C2E513DD4D129976210F66ADF55.exe
    c:\windows\SYSTEM32\9a27e61cdd6308bb60999ab1d981348d.exe
    c:\windows\Microsoft.NET\smbv.bak1
    c:\windows\Microsoft.NET\smbv.bak2
    c:\windows\Microsoft.NET\vbms.dll
    c:\windows\REPAIR\evawsys.bak1
    c:\windows\REPAIR\evawsys.bak2
    c:\windows\REPAIR\evawsys.ini2
    c:\windows\REPAIR\syswave.dll
    c:\windows\SYSTEM32\vtstr.dll

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{195054fa-fa5f-11db-8129-000ee7500341}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22275a2e-ae82-11dd-84ba-000ee7500341}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56d2f8ae-e380-11dd-851c-000ee7500341}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{92ea7e66-d90e-11dd-8509-000ee7500341}]


    Driver::
    zw0er_!p

    Rootkit::
    c:\windows\zw0er_!.txt
    c:\windows\system32\zw0er_!.dat
    c:\windows\system32\zw0er_!p.sys

    KillAll::
    Suspect::

    Save this as CFScript.txt


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript.txt into ComboFix.exe

    When finished, it shall produce a log for you. Post that log in your next reply.

    **Note**

    When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
    • Ensure you are connected to the internet and click OK on the message box.


  • Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭Corholio


    Thanks again.

    Firstly this is the contents of Report.txt

    Microsoft Windows XP [Version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\system32\vtstr.dll - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-30 20:32:24
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet023\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet024\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet025\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Enum\Root\LEGACY_ZW0ER_!P.SYS]
    "NextInstance"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Enum\Root\LEGACY_ZW0ER_!P.SYS\0000]
    "Service"="zw0er_!p.sys"
    "Legacy"=dword:00000001
    "ConfigFlags"=dword:00000000
    "Class"="LegacyDriver"
    "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
    "DeviceDesc"="BootConfig"
    "Capabilities"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Services\BTHPORT\Parameters\Keys\000ee7500341]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet027\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"
    "DisplayName"="BootConfig"
    "Group"="Event Log"
    "ErrorControl"=dword:00000000
    "Start"=dword:00000000
    "Type"=dword:00000001
    "Base"="\??\C:\WINDOWS\system32\ntoskrnl.exe"

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\zw0er_!.txt 0 bytes
    C:\WINDOWS\SYSTEM32\zw0er_!.dat 130 bytes
    C:\WINDOWS\SYSTEM32\zw0er_!p.sys 53056 bytes executable

    scan completed successfully
    hidden processes: 0
    hidden services: 1
    hidden files: 3


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"="C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application"
    "C:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe"="C:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe:*:Disabled:Rio Taxi"
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
    "C:\\Program Files\\Kontiki\\KService.exe"="C:\\Program Files\\Kontiki\\KService.exe:*:Enabled:Delivery Manager Service"
    "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
    "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"="C:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :


    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Tue 1 Jul 2008 14,243,082 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
    Mon 13 Jun 2005 567,489 A.SH. --- "C:\WINDOWS\Microsoft.NET\smbv.tmp"
    Sun 18 Dec 2005 443,373 ..SH. --- "C:\WINDOWS\Microsoft.NET\smbv.bak2"
    Thu 11 Aug 2005 505,953 ..SH. --- "C:\WINDOWS\Microsoft.NET\smbv.bak1"
    Fri 29 Apr 2005 468,500 ..SH. --- "C:\WINDOWS\Microsoft.NET\vbms.dll"
    Sun 17 Jul 2005 465,116 ..SH. --- "C:\WINDOWS\REPAIR\evawsys.bak1"
    Sun 17 Jul 2005 464,991 ..SH. --- "C:\WINDOWS\REPAIR\evawsys.bak2"
    Fri 15 Jul 2005 872,468 ..SH. --- "C:\WINDOWS\REPAIR\syswave.dll"
    Thu 9 Nov 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 8 Apr 2008 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv14.bak"
    Thu 5 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sun 8 Jul 2007 7,423,960 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02ec37ec946ef377971d8300cdcd818f\BITC8.tmp"
    Tue 3 Jul 2007 2,388,288 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0b8f54b7625d6446acebabe800ef0126\BITE1.tmp"
    Fri 5 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8361ae28fcfac79271825a6b2935fdb6\BITE5.tmp"
    Tue 3 Jul 2007 791,888 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3e61eb2bda5dda528a8686f8905497f\BITF5.tmp"
    Mon 4 Aug 2008 25,755,448 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d27c2900aa2705e008389ddae7c985e9\BIT4E2.tmp"
    Sun 1 Jul 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3226ed0a8904ae940c1794b1cd8b325\BITBF.tmp"
    Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Anthony Dunne\Application Data\U3\temp\Launchpad Removal.exe"

    Finished!


  • Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭Corholio


    And secondly, this is the log that was created


    ComboFix 09-01-21.04 - Anthony Dunne 2009-01-30 20:46:17.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.115 [GMT 0:00]
    Running from: c:\documents and settings\Anthony Dunne\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\Anthony Dunne\Desktop\CFScript.txt
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall Plus *enabled*
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\1A5761A7C81884D6C4B5A532C50F6.exe
    c:\windows\29FA3ED5C365F11E36779BEE3FDC58.exe
    c:\windows\74138ED69FCD286B2322E45CC372831F.exe
    c:\windows\814C2E513DD4D129976210F66ADF55.exe
    c:\windows\atid.ini
    c:\windows\auqpjj.iqn
    c:\windows\axszjf.wbi
    c:\windows\boqstk.vpc
    c:\windows\buvcgp.sbm
    c:\windows\bwfdgk.wpn
    c:\windows\cgmtha.mxn
    c:\windows\cmlaeg.igz
    c:\windows\crjoxb.pcz
    c:\windows\cumogg.krz
    c:\windows\curhuc.pym
    c:\windows\cyuazu.twx
    c:\windows\cznrrc.wdo
    c:\windows\dlrjwj.mwd
    c:\windows\drggjx.ilb
    c:\windows\EEA7EC2D66B58DBDC8DDEDC3FE8A9D.exe
    c:\windows\ezupft.dtk
    c:\windows\fdvkhx.tbs
    c:\windows\fewaky.sdo
    c:\windows\ggyhki.fyx
    c:\windows\gjusud.hbq
    c:\windows\guwjsv.pxb
    c:\windows\hiqwfn.ooj
    c:\windows\hkuzkv.ona
    c:\windows\hrdnnm.jus
    c:\windows\hwlxii.yxh
    c:\windows\ibgsfp.nym
    c:\windows\ifbsau.bae
    c:\windows\jdwjcx.fsj
    c:\windows\jqoueo.ooo
    c:\windows\jrtlag.xnv
    c:\windows\jslvpe.zmi
    c:\windows\jsmspl.rgn
    c:\windows\juhcui.kmc
    c:\windows\jywvii.hif
    c:\windows\kawsqt.cuf
    c:\windows\kkxfaj.oug
    c:\windows\kpjqvv.yrb
    c:\windows\ktlwzv.giw
    c:\windows\kyiwqe.gxm
    c:\windows\lifluc.adq
    c:\windows\lntqxv.qoc
    c:\windows\lqcwpc.xgc
    c:\windows\lrvbrr.cau
    c:\windows\lzuhed.qbj
    c:\windows\mfzjyv.puz
    c:\windows\mhrevl.lyg
    c:\windows\Microsoft.NET\smbv.bak1
    c:\windows\Microsoft.NET\smbv.bak2
    c:\windows\Microsoft.NET\vbms.dll
    c:\windows\mycrjs.cgb
    c:\windows\mzdiss.vtg
    c:\windows\ncjwbw.pmn
    c:\windows\ndfspk.pio
    c:\windows\nixwsf.gjq
    c:\windows\njjrqd.qgh
    c:\windows\npdpwg.ksp
    c:\windows\nycotq.ihj
    c:\windows\nzdgvu.rsc
    c:\windows\ofhhwz.sob
    c:\windows\pfsshz.ahg
    c:\windows\pfubff.ltr
    c:\windows\pulibo.pig
    c:\windows\pzzqpm.nbl
    c:\windows\qfxdph.ukj
    c:\windows\qgudem.wie
    c:\windows\qkdazv.xwp
    c:\windows\qoiwkn.xwv
    c:\windows\qshqse.zky
    c:\windows\qxdgsg.xho
    c:\windows\rabqvk.rkr
    c:\windows\REPAIR\evawsys.bak1
    c:\windows\REPAIR\evawsys.bak2
    c:\windows\REPAIR\evawsys.ini2
    c:\windows\REPAIR\syswave.dll
    c:\windows\ridsjf.llw
    c:\windows\scpgrn.yfp
    c:\windows\sktndf.gtm
    c:\windows\sunvzt.pnr
    c:\windows\svabhf.yqg
    c:\windows\svqnyi.kfr
    c:\windows\sxvmfv.tzp
    c:\windows\SYSTEM32\0667ad266d7f3fcd2b18aaf1bfd71160.exe
    c:\windows\SYSTEM32\0c5f40888115ae0a4223daf69a5661db.exe
    c:\windows\SYSTEM32\159558702775b243a40ab4bd90430bd8.exe
    c:\windows\SYSTEM32\260567ed197719dad316289e95779f52.exe
    c:\windows\SYSTEM32\2ac0a18f01c9848e52a37dac35da05da.exe
    c:\windows\SYSTEM32\32cb88ce7082309044182570e9e94560.exe
    c:\windows\SYSTEM32\3614852d292890b44ccbc9e2e6966fb3.exe
    c:\windows\SYSTEM32\5477106bc10c62a731b0f1f72bcb32aa.exe
    c:\windows\SYSTEM32\5c8f5f35b509d810e0e79fabc8b1b69a.exe
    c:\windows\SYSTEM32\970583c9529b7fbe2f18c34be2a7b67c.exe
    c:\windows\SYSTEM32\995ca38523bb4393926d0accdf12b45e.exe
    c:\windows\SYSTEM32\9a27e61cdd6308bb60999ab1d981348d.exe
    c:\windows\SYSTEM32\9af88939a72dea87d0a20df8ec8e5690.exe
    c:\windows\SYSTEM32\b863004128a9c0180f730517e2ca0e81.exe
    c:\windows\SYSTEM32\cd59bbafe06530950f5069dbedd3e23f.exe
    c:\windows\SYSTEM32\da903d8f583b67a3649ddcb7b87e92c9.exe
    c:\windows\SYSTEM32\e864b10ac46e0336e2bc0e0b15425fcf.sys
    c:\windows\SYSTEM32\elrbnach.exe
    c:\windows\SYSTEM32\vumer.dll
    c:\windows\trejue.cfv
    c:\windows\tzxote.dfy
    c:\windows\ufmoca.zxd
    c:\windows\ujnrpc.mnm
    c:\windows\ulmbko.zba
    c:\windows\urwhkj.ysj
    c:\windows\usiyxe.gcs
    c:\windows\uvcydi.eck
    c:\windows\uvgvle.jvn
    c:\windows\vcskpx.sui
    c:\windows\vkbpjd.vbt
    c:\windows\vkdggv.phr
    c:\windows\vkthyz.bpc
    c:\windows\vqozxk.qqp
    c:\windows\vxhjpf.ytq
    c:\windows\wevlfw.emd
    c:\windows\wiywvh.xbk
    c:\windows\wkxhvf.ssz
    c:\windows\wpkzrh.cml
    c:\windows\wuecmc.zkj
    c:\windows\wxayox.byk
    c:\windows\xddhbn.blh
    c:\windows\xnuutv.pym
    c:\windows\xrcnmm.lcy
    c:\windows\xxwjui.olw
    c:\windows\yivqsv.fmu
    c:\windows\yjqtft.kwg
    c:\windows\yqpovi.whx
    c:\windows\zbwxey.ajc
    c:\windows\zcfgya.cfh
    c:\windows\zlcqdf.php
    c:\windows\zszmif.ymp

    .
    ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
    .

    2009-01-30 19:58 . 2009-01-30 19:59 <DIR> d
    c:\windows\ERUNT
    2009-01-30 19:45 . 2009-01-30 19:46 <DIR> d
    c:\documents and settings\Administrator
    2009-01-30 19:30 . 2009-01-30 20:39 <DIR> d
    C:\SDFix
    2008-12-29 17:19 . 2008-12-29 17:21 <DIR> d
    c:\program files\AIM Music Link
    2008-12-29 16:37 . 2008-12-29 17:20 <DIR> d
    c:\program files\AIMTunes
    2008-12-29 16:37 . 2008-12-29 16:37 <DIR> d
    c:\documents and settings\All Users\Application Data\AOL Downloads
    2008-12-29 16:36 . 2008-12-29 16:36 <DIR> d
    c:\documents and settings\All Users\Application Data\acccore
    2008-12-28 17:33 . 2008-12-28 17:33 0 --a
    c:\windows\eskwoc.ntf
    2008-12-26 19:33 . 2008-12-26 19:33 0 --a
    c:\windows\xjwxbv.tkb
    2008-12-26 19:33 . 2008-12-26 19:33 0 --a
    c:\windows\lusrhi.ape
    2008-12-26 03:03 . 2008-12-26 03:03 0 --a
    c:\windows\ylwtrn.hdr
    2008-12-26 03:03 . 2008-12-26 03:03 0 --a
    c:\windows\cifjyu.nol
    2008-12-26 02:49 . 2008-12-26 02:49 0 --a
    c:\windows\tvrkdt.bpe
    2008-12-25 17:28 . 2008-12-25 17:28 0 --a
    c:\windows\pfofhi.ckx
    2008-12-25 17:28 . 2008-12-25 17:28 0 --a
    c:\windows\lyfdhw.sjg
    2008-12-25 01:13 . 2008-12-25 01:13 0 --a
    c:\windows\zegsmk.mst
    2008-12-25 01:13 . 2008-12-25 01:13 0 --a
    c:\windows\bsuzlf.bdr
    2008-12-24 17:40 . 2008-12-24 17:40 0 --a
    c:\windows\pcpnmo.ubn
    2008-12-24 17:40 . 2008-12-24 17:40 0 --a
    c:\windows\hreqbk.koq
    2008-12-24 17:40 . 2008-12-24 17:40 0 --a
    c:\windows\dpvtvs.ceb
    2008-12-24 01:20 . 2008-12-24 01:20 0 --a
    c:\windows\lrlyxp.wgw
    2008-12-24 01:20 . 2008-12-24 01:20 0 --a
    c:\windows\kqgfbi.znc
    2008-12-23 01:31 . 2008-12-23 01:31 0 --a
    c:\windows\uxzdyf.uqr
    2008-12-22 13:50 . 2008-12-22 13:50 0 --a
    c:\windows\pdkzim.jfe
    2008-12-22 13:50 . 2008-12-22 13:50 0 --a
    c:\windows\oesiqo.nsz
    2008-12-22 02:53 . 2008-12-22 02:53 <DIR> d
    c:\program files\4U Computing
    2008-12-21 18:17 . 2008-12-21 18:17 0 --a
    c:\windows\ennffv.pzr
    2008-12-21 18:16 . 2008-12-21 18:16 0 --a
    c:\windows\rnvmsl.vxb
    2008-12-21 18:16 . 2008-12-21 18:16 0 --a
    c:\windows\gpesrn.anb
    2008-12-21 18:16 . 2008-12-21 18:16 0 --a
    c:\windows\ambkya.gxa
    2008-12-21 01:37 . 2008-12-21 01:37 <DIR> d
    C:\ConverterOutput
    2008-12-21 01:36 . 2008-12-21 01:36 <DIR> d
    c:\program files\Cucusoft
    2008-12-21 01:36 . 2003-03-30 20:08 372,736 --a
    c:\windows\SYSTEM32\xvid.ax
    2008-12-21 00:32 . 2008-12-21 00:32 0 --a
    c:\windows\ktrnuo.xhl
    2008-12-19 20:25 . 2008-12-19 20:25 0 --a
    c:\windows\cvswfy.wsa
    2008-12-19 01:42 . 2008-12-19 01:42 0 --a
    c:\windows\ypqdxf.kad
    2008-12-19 01:42 . 2008-12-19 01:42 0 --a
    c:\windows\xcmghm.sud
    2008-12-19 01:42 . 2008-12-19 01:42 0 --a
    c:\windows\jhkfmm.kfi
    2008-12-18 20:10 . 2008-12-18 20:10 0 --a
    c:\windows\otzhaf.aju
    2008-12-18 19:54 . 2008-12-18 19:54 0 --a
    c:\windows\raomgt.uyk
    2008-12-18 19:54 . 2008-12-18 19:54 0 --a
    c:\windows\qhzhxr.ytq
    2008-12-18 19:54 . 2008-12-18 19:54 0 --a
    c:\windows\eaneni.eaw
    2008-12-18 00:38 . 2008-12-18 00:38 0 --a
    c:\windows\uzjayx.mgi
    2008-12-18 00:38 . 2008-12-18 00:38 0 --a
    c:\windows\niqlgg.wgw
    2008-12-18 00:38 . 2008-12-18 00:38 0 --a
    c:\windows\gsambj.grn
    2008-12-17 16:39 . 2008-12-17 16:39 0 --a
    c:\windows\ludjyy.mva
    2008-12-17 16:39 . 2008-12-17 16:39 0 --a
    c:\windows\bipidi.kjk
    2008-12-17 16:38 . 2008-12-17 16:38 0 --a
    c:\windows\vkzzwz.gui
    2008-12-17 16:38 . 2008-12-17 16:38 0 --a
    c:\windows\fbnipa.igu
    2008-12-14 21:15 . 2008-12-14 21:15 0 --a
    c:\windows\trufup.jix
    2008-12-14 21:15 . 2008-12-14 21:15 0 --a
    c:\windows\qpurxz.ydf
    2008-12-13 01:03 . 2008-12-13 01:03 0 --a
    c:\windows\rlkcwe.spq
    2008-12-13 01:03 . 2008-12-13 01:03 0 --a
    c:\windows\qdunkz.yjn
    2008-12-12 19:43 . 2008-12-12 19:43 0 --a
    c:\windows\xaoehf.ypc
    2008-12-12 18:48 . 2008-12-12 18:48 0 --a
    c:\windows\xnlvjs.gsv
    2008-12-12 18:48 . 2008-12-12 18:48 0 --a
    c:\windows\khelwp.rct
    2008-12-12 14:08 . 2008-12-12 14:08 0 --a
    c:\windows\uosizu.mad
    2008-12-12 14:08 . 2008-12-12 14:08 0 --a
    c:\windows\aekxql.jjn
    2008-12-12 02:03 . 2008-12-12 02:03 0 --a
    c:\windows\nqjsow.prw
    2008-12-12 02:03 . 2008-12-12 02:03 0 --a
    c:\windows\kvofly.dfs
    2008-12-12 02:03 . 2008-12-12 02:03 0 --a
    c:\windows\cdpxxz.qlm
    2008-12-10 21:23 . 2008-12-10 21:23 0 --a
    c:\windows\yktdvl.grk
    2008-12-10 21:23 . 2008-12-10 21:23 0 --a
    c:\windows\ebmsnd.dau
    2008-12-10 21:23 . 2008-12-10 21:23 0 --a
    c:\windows\dgopyj.luq
    2008-12-09 20:55 . 2004-08-03 23:10 78,464 --a
    c:\windows\SYSTEM32\DRIVERS\usbvideo.sys
    2008-12-09 20:55 . 2004-08-03 23:10 78,464 --a
    c:\windows\SYSTEM32\DLLCACHE\usbvideo.sys
    2008-12-09 20:55 . 2004-08-04 00:56 20,992 --a
    c:\windows\SYSTEM32\dshowext.ax
    2008-12-09 20:55 . 2004-08-04 00:56 20,992 --a
    c:\windows\SYSTEM32\DLLCACHE\dshowext.ax
    2008-12-08 17:24 . 2008-12-08 17:24 0 --a
    c:\windows\vspmue.cvo
    2008-12-08 17:24 . 2008-12-08 17:24 0 --a
    c:\windows\iexhpd.rsd
    2008-12-07 20:13 . 2008-12-07 20:13 0 --a
    c:\windows\vnnhhe.mrq
    2008-12-07 20:13 . 2008-12-07 20:13 0 --a
    c:\windows\smntko.bmx
    2008-12-07 01:30 . 2008-12-07 01:30 0 --a
    c:\windows\rmobwd.aef
    2008-12-07 01:30 . 2008-12-07 01:30 0 --a
    c:\windows\gnqxme.bgl
    2008-12-07 01:30 . 2008-12-07 01:30 0 --a
    c:\windows\efcymu.nvj
    2008-12-06 01:04 . 2008-12-06 01:04 0 --a
    c:\windows\vnhrfj.flk
    2008-12-06 01:04 . 2008-12-06 01:04 0 --a
    c:\windows\szukho.qan
    2008-12-05 18:59 . 2008-12-05 18:59 0 --a
    c:\windows\xnwukb.ynq
    2008-12-05 18:59 . 2008-12-05 18:59 0 --a
    c:\windows\ckcufn.ydj
    2008-12-05 18:59 . 2008-12-05 18:59 0 --a
    c:\windows\birhna.dqw
    2008-12-05 17:30 . 2008-12-05 16:22 102,664 --a
    c:\windows\SYSTEM32\DRIVERS\tmcomm.sys
    2008-12-05 16:22 . 2008-12-05 17:53 <DIR> d
    c:\documents and settings\Anthony Dunne\.housecall6.6
    2008-12-05 16:18 . 2008-12-05 16:18 0 --a
    c:\windows\rvcrdk.ify
    2008-12-05 16:18 . 2008-12-05 16:18 0 --a
    c:\windows\qwkalm.mss
    2008-12-05 16:16 . 2008-12-05 16:16 0 --a
    c:\windows\twezrc.jti
    2008-12-05 16:16 . 2008-12-05 16:16 0 --a
    c:\windows\imgror.qjh
    2008-12-05 16:04 . 2008-12-05 16:04 0 --a
    c:\windows\rfuhoy.bzq
    2008-12-05 16:04 . 2008-12-05 16:04 0 --a
    c:\windows\enleuo.lcg
    2008-12-05 16:03 . 2008-12-05 16:03 0 --a
    c:\windows\npztvy.qhv
    2008-12-05 16:03 . 2008-12-05 16:03 0 --a
    c:\windows\dylkcx.owk
    2008-12-05 15:46 . 2008-12-05 15:47 0 --a
    c:\windows\rtpcih.zth
    2008-12-05 15:46 . 2008-12-05 15:46 0 --a
    c:\windows\goomrl.ana
    2008-12-05 15:46 . 2008-12-05 15:47 0 --a
    c:\windows\gaqgxt.bui
    2008-12-04 19:14 . 2008-12-04 19:15 0 --a
    c:\windows\xyjalw.jbg
    2008-12-04 19:14 . 2008-12-04 19:14 0 --a
    c:\windows\podwwz.wid
    2008-12-03 22:00 . 2008-12-03 22:00 0 --a
    c:\windows\rwpvoj.gxh
    2008-12-03 22:00 . 2008-12-03 22:00 0 --a
    c:\windows\jlvoud.rwq
    2008-12-03 22:00 . 2008-12-03 22:00 0 --a
    c:\windows\bndehk.ijs
    2008-12-01 01:16 . 2008-12-01 01:16 0 --a
    c:\windows\taghuk.inx
    2008-12-01 01:16 . 2008-12-01 01:16 0 --a
    c:\windows\bkmkji.uha

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-30 20:51
    d
    w c:\documents and settings\All Users\Application Data\Kontiki
    2009-01-16 17:37
    d
    w c:\program files\Dl_cats
    2009-01-09 17:24
    d
    w c:\documents and settings\Anthony Dunne\Application Data\uTorrent
    2008-12-29 16:37
    d
    w c:\program files\AIM6
    2008-12-29 16:36
    d
    w c:\documents and settings\All Users\Application Data\Viewpoint
    2008-12-29 16:35
    d
    w c:\documents and settings\All Users\Application Data\AOL
    2008-12-11 00:53
    d
    w c:\program files\uTorrent
    2008-11-28 20:08
    d
    w c:\documents and settings\Anthony Dunne\Application Data\AdobeUM
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-29_19.04.30.51 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-07 15:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE
    + 2009-01-30 19:59:40 7,647,232 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\ntuser.dat
    + 2009-01-30 19:59:40 450,560 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
    + 2008-08-07 15:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
    + 2009-01-30 19:59:17 7,647,232 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
    + 2009-01-30 19:59:17 450,560 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
    - 2009-01-29 18:54:25 16,384 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    + 2009-01-30 20:28:08 16,384 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    - 2009-01-29 18:54:25 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2009-01-30 20:28:08 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-01-29 18:54:25 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-30 20:28:08 32,768 -c--a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2009-01-30 20:49:44 16,384 ----atw c:\windows\temp\Perflib_Perfdata_458.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C78BF498-411B-48F3-A95E-821F009BF106}]
    2005-08-11 19:30 189460 --a
    c:\windows\system32\ssc.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-05-23 3031040]
    "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-02-22 1302528]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "Octoshape Streaming Services"="c:\documents and settings\Anthony Dunne\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-11 290816]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
    "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
    "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-23 57344]
    "VSOCheckTask"="c:\progra~1\mcafee.com\vso\mcmnhdlr.exe" [2003-08-08 122880]
    "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
    "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
    "VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2003-08-17 163840]
    "MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-03-24 1380352]
    "LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-01-28 885760]
    "Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2003-09-15 118784]
    "dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2005-10-21 425984]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
    "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-12-14 458752]
    "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
    "PCSuiteTrayApplication"="c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2005-12-13 217088]
    "DLCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2005-09-08 73728]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "DLCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 73728]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-14 185896]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\SYSTEM32\BTHPROPS.CPL]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-07 113664]
    BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-11-24 1179648]
    Digimax Viewer 2.1.lnk - c:\program files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe [2005-08-09 634880]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{B29BE267-3A64-4F7E-8A57-75FB5E900506}"= "c:\windows\system32\hk.dll" [2006-04-06 52256]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cfgmngr32]
    2006-04-06 15:42 52256 c:\windows\SYSTEM32\hk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
    "c:\\Program Files\\Rio\\Rio Taxi\\riotaxi.exe"=
    "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Documents and Settings\\Anthony Dunne\\Local Settings\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=

    R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [2004-12-17 23296]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-28 24652]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - dnbudf
    .
    Contents of the 'Scheduled Tasks' folder

    2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{2502BBD0-D73B-11DD-B4EC-CEBF56D89593} - c:\windows\system32\vumer.dll
    Notify-vbms - c:\windows\Microsoft.NET\vbms.dll


    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.corkcityfc.ie/
    mStart Page = hxxp://www.euro.dell.com/countries/ie/enu/gen/default.htm
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: coolwebsearch.com
    Trusted Zone: searchmeup.com
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-30 20:50:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    DLCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...


    c:\windows\zw0er_!.txt 0 bytes
    c:\windows\system32\zw0er_!.dat 130 bytes
    c:\windows\system32\zw0er_!p.sys 53056 bytes executable

    scan completed successfully
    hidden files: 3

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet026\Services\zw0er_!p.sys]
    "ImagePath"="system32\zw0er_!p.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet026\Services\Iomega Activity Disk2]
    "ImagePath"="\"\""
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(768)
    c:\windows\system32\hk.dll
    .
    Other Running Processes
    .
    c:\windows\SYSTEM32\LEXBCES.EXE
    c:\windows\SYSTEM32\LEXPPS.EXE
    c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\progra~1\Iomega\System32\AppServices.exe
    c:\program files\Kontiki\KService.exe
    c:\program files\McAfee.com\Agent\Mcdetect.exe
    c:\progra~1\McAfee.com\Agent\McTskshd.exe
    c:\progra~1\McAfee.com\VSO\mcvsrte.exe
    c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
    c:\windows\SYSTEM32\UAService7.exe
    c:\program files\McAfee.com\Agent\mcagent.exe
    c:\program files\McAfee.com\VSO\mcvsshld.exe
    c:\progra~1\McAfee.com\VSO\McVSEscn.exe
    c:\windows\SYSTEM32\RUNDLL32.EXE
    c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
    c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    c:\progra~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\progra~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    c:\program files\AIM6\aolsoftware.exe
    c:\program files\Logitech\Video\FxSvr2.exe
    c:\progra~1\McAfee.com\VSO\McShield.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\SYSTEM32\WSCNTFY.EXE
    c:\windows\SYSTEM32\dlcgcoms.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-30 20:56:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-01-30 20:56:07
    ComboFix2.txt 2009-01-29 19:07:41

    Pre-Run: 51,140,374,528 bytes free
    Post-Run: 51,115,409,408 bytes free

    439 --- E O F --- 2007-10-14 23:06:47


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hello

    Please download ATF Cleaner by Atribune.
      Double-click
    ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browser
      Click
    Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
      Click
    Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.




    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭Corholio


      Malware scan:

      Malwarebytes' Anti-Malware 1.33
      Database version: 1712
      Windows 5.1.2600 Service Pack 2

      31/01/2009 19:51:36
      mbam-log-2009-01-31 (19-51-36).txt

      Scan type: Quick Scan
      Objects scanned: 56289
      Time elapsed: 6 minute(s), 3 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 4
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 6

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\ddsme.kl (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\ddsme.kl.1 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{624f9012-d73b-11dd-95af-61c156d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{52cde0e4-d73b-11dd-9b90-fcc056d89593} (Trojan.BHO) -> Quarantined and deleted successfully.

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      C:\WINDOWS\Downloaded Program Files\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
      C:\WINDOWS\Downloaded Program Files\CONFLICT.1\VideoEggPublisher.exe (Malware.Tool) -> Quarantined and deleted successfully.
      C:\WINDOWS\SYSTEM32\ba3ec77b1945f7dd44ca1dbcde638ccc.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\SYSTEM32\244d119390b34608e0aaaa35b2ad6a2f.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\SYSTEM32\33b9ef7d480a80ff5616d6fb32c765a2.tmp (Trojan.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\SYSTEM32\admparsek.dll (Trojan.Agent) -> Quarantined and deleted successfully.


    6. Advertisement
    7. Registered Users, Registered Users 2 Posts: 14,014 ✭✭✭✭Corholio


      Kaspersky scan:


      KASPERSKY ONLINE SCANNER 7 REPORT
      Sunday, February 1, 2009
      Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
      Kaspersky Online Scanner 7 version: 7.0.25.0
      Program database last update: Saturday, January 31, 2009 15:48:35
      Records in database: 1732766

      Scan settings:
      Scan using the following database: extended
      Scan archives: yes
      Scan mail databases: yes

      Scan area - My Computer:
      A:\
      C:\
      D:\
      E:\

      Scan statistics:
      Files scanned: 70697
      Threat name: 28
      Infected objects: 58
      Suspicious objects: 0
      Duration of the scan: 01:42:28


      File name / Threat name / Threats count
      C:\WINDOWS\system32\hk.dll//UPX/C:\WINDOWS\system32\hk.dll//UPX Infected: Trojan-Downloader.Win32.Delf.amb 2
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\1.d.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.vt 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\1.exe.bac_a03604 Infected: Trojan-Dropper.Win32.Delf.jm 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\36110103225.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Tiny.bm 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\admparsel.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.ako 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\admparsel.dll.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.agw 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\alt.exe.bac_a03604 Infected: Trojan-Clicker.Win32.Delf.eb 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc24.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc40.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc46.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc5.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.lh 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc6.log.bac_a03604 Infected: not-a-virus:AdWare.Win32.Agent.m 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\cpblpbc8.log.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aml 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\febftdve.exe.bac_a03604 Infected: Trojan-PSW.Win32.Delf.nq 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\gtqgpqmo.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\hk.dll.bac_a03604 Infected: Trojan-Downloader.Win32.Delf.amb 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\neemmjgg.exe.bac_a03604 Infected: Trojan-PSW.Win32.Delf.nq 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\nhldr.exe.bac_a03604 Infected: Trojan-Downloader.Win32.Small.egh 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\req.dll.bac_a03604 Infected: Trojan-Downloader.Win32.ConHook.c 1
      C:\Documents and Settings\Anthony Dunne\.housecall6.6\Quarantine\st3.dll.bac_a03604 Infected: Trojan.Win32.Delf.pu 1
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Radial Blur.8BF Infected: Rootkit.Win32.TDSS.eyj 1
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Shear.8BF Infected: Rootkit.Win32.TDSS.eyj 1
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Wave.8BF Infected: Rootkit.Win32.TDSS.eyj 1
      C:\Qoobox\Quarantine\C\WINDOWS\alt.exe.vir Infected: Trojan-Clicker.Win32.Delf.eb 1
      C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\beebdfbdd.dll.vir Infected: Worm.Win32.AutoRun.raz 1
      C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\_beebdfbdd_.dll.zip Infected: Worm.Win32.AutoRun.raz 1
      C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan.Win32.Qhost.kng 6
      C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan.Win32.Agent.cs 1
      C:\Qoobox\Quarantine\[4]-Submit_2009-01-30@20.44.zip Infected: Trojan-Downloader.Win32.Agent.aba 1
      C:\SDFix\backups\backups.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.gen 1
      C:\WINDOWS\cpblpbc18.log Infected: Trojan-Clicker.Win32.Delf.abq 1
      C:\WINDOWS\cpblpbc20.log Infected: Trojan-Downloader.Win32.Delf.ixl 1
      C:\WINDOWS\cpblpbc3.log Infected: Trojan-Downloader.Win32.Delf.lh 1
      C:\WINDOWS\cpblpbc32.log Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\WINDOWS\cpblpbc38.log Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\WINDOWS\cpblpbc4.log Infected: Trojan-Downloader.Win32.Delf.lh 1
      C:\WINDOWS\SYSTEM32\19eee24d207f852bdcf7f2fc86df1e71.tmp Infected: not-a-virus:AdWare.Win32.BHO.drn 1
      C:\WINDOWS\SYSTEM32\admparsel.dll Infected: Trojan-Downloader.Win32.Delf.agw 1
      C:\WINDOWS\SYSTEM32\avw2(2).dll Infected: Trojan-Downloader.Win32.Small.bzs 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u295[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u609[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u713[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u818[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u837[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u909[1].msg Infected: not-a-virus:AdWare.Win32.BHO.fav 1
      C:\WINDOWS\SYSTEM32\d4xofa.dll Infected: Trojan-Downloader.Win32.Delf.aeo 1
      C:\WINDOWS\SYSTEM32\dvaijqku.exe Infected: Trojan-Downloader.Win32.Small.egh 1
      C:\WINDOWS\SYSTEM32\hk.dll Infected: Trojan-Downloader.Win32.Delf.amb 1
      C:\WINDOWS\SYSTEM32\ssc.dll Infected: Trojan-Downloader.Win32.Delf.uy 1
      C:\WINDOWS\SYSTEM32\st3.dll Infected: Trojan.Win32.Delf.pu 1
      C:\WINDOWS\SYSTEM32\vuilpilm.exe Infected: not-a-virus:AdWare.Win32.BHO.can 1
      C:\WINDOWS\SYSTEM32\wsatwuvq.exe Infected: Trojan.Win32.Qhost.kng 1

      The selected area was scanned.


    8. Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


      hello


      1. Close any open browsers.

      2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

      3. Open notepad and copy/paste the text in the quotebox below into it:
      File::
      C:\WINDOWS\system32\hk.dll
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Radial Blur.8BF
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Shear.8BF
      C:\Program Files\Adobe\Photoshop 6.0\Plug-Ins\Filters\Wave.8BF
      C:\WINDOWS\cpblpbc18.log
      C:\WINDOWS\cpblpbc20.log
      C:\WINDOWS\cpblpbc3.log
      C:\WINDOWS\cpblpbc32.log
      C:\WINDOWS\cpblpbc38.log
      C:\WINDOWS\cpblpbc4.log
      C:\WINDOWS\SYSTEM32\19eee24d207f852bdcf7f2fc86df1e71.tmp
      C:\WINDOWS\SYSTEM32\admparsel.dll
      C:\WINDOWS\SYSTEM32\avw2(2).dll
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u295[1].msg
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u609[1].msg
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u713[1].msg
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u818[1].msg
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u837[1].msg
      C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PJ8WXL8R\u909[1].msg
      C:\WINDOWS\SYSTEM32\d4xofa.dll
      C:\WINDOWS\SYSTEM32\dvaijqku.exe
      C:\WINDOWS\SYSTEM32\hk.dll
      C:\WINDOWS\SYSTEM32\ssc.dll
      C:\WINDOWS\SYSTEM32\st3.dll
      C:\WINDOWS\SYSTEM32\vuilpilm.exe
      C:\WINDOWS\SYSTEM32\wsatwuvq.exe

      Folder::

      Registry::

      Driver::

      Save this as CFScript.txt, in the same location as ComboFix.exe


      CFScriptB-4.gif

      Refering to the picture above, drag CFScript into ComboFix.exe

      When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


    Advertisement