Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Blue Screen of Death


  • This topic is locked This topic is locked
18 replies to this topic

#1 Lostfan17

Lostfan17

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 27 June 2009 - 02:10 AM

Hey, I have the Google Redirect Virus. My computer is going very very slowly overall, and I recieve the Bsod (blue screen of death) every single time I turn on my computer. So I can only work from safe mode, that is when I dont get the Bsod. If anyone can help, it will be greatly appreciated.

Here is my Hijack this Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:27 AM, on 6/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-2769234590-500376368-3126826751-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2769234590-500376368-3126826751-1006\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-2769234590-500376368-3126826751-1006\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter (User '?')
O4 - HKUS\S-1-5-21-2769234590-500376368-3126826751-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-2769234590-500376368-3126826751-1006\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab
O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125614730250
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion.../ICSScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.admissions.ucla.edu/bruincam/ac...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgersho...esPlayer_v4.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_...outLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://www.shockwave.com/content/dreamchro...eb.1.0.0.13.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...587/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 14663 bytes

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:11:25 AM

Posted 01 July 2009 - 11:25 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 01 July 2009 - 06:38 PM

Here is a clear description about my problems:
I have a google redirect virus. My computer is overall running very slowly. But the major problem is that everytime I start up my computer, it automatically gets the BSOD within 1 minute of opening up my computer. I can only work from safe mode. Safe mode does not get the Bsod.

I also ran DDS application during safe mode, so i dont know if this is a problem or not.

Here is the Log. I also attached the necessary attachment.


DDS (Ver_09-06-26.01) - NTFSx86 NETWORK
Run by BaoDo at 16:29:27.68 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.709 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BaoDo\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
uSEARCH PAGE = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {A7327C09-B521-4EDB-8509-7D2660C9EC98} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {D7F30B62-8269-41AF-9539-B2697FA7D77E} - No File
TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [Motive SmartBridge] c:\progra~1\sbcsel~1\smartb~1\MotiveSB.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sound blaster live! 24-bit\surround mixer\CTSysVol.exe /r
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
DPF: JT's Blocks - hxxp://download.games.yahoo.com/games/clients/y/blt1_x.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: Yahoo! Bingo - hxxp://download.games.yahoo.com/games/clients/y/xt0_x.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: Yahoo! Dominoes - hxxp://download.games.yahoo.com/games/clients/y/dot8_x.cab
DPF: Yahoo! Dots - hxxp://download.games.yahoo.com/games/clients/y/dtt1_x.cab
DPF: Yahoo! Klondike Solitaire - hxxp://presence.games.yahoo.com/yog/y/ks12_x.cab
DPF: Yahoo! Poker - hxxp://download.games.yahoo.com/games/clients/y/pt3_x.cab
DPF: Yahoo! Pool 2 - hxxp://download.games.yahoo.com/games/clients/y/potg_x.cab
DPF: Yahoo! Reversi - hxxp://download.games.yahoo.com/games/clients/y/rt0_x.cab
DPF: Yahoo! Word Racer - hxxp://download.games.yahoo.com/games/clients/y/wt1_x.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.1.87.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125614730250
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.admissions.ucla.edu/bruincam/activex/AxisCamControl.ocx
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://download.yahoo.com/dl/installs/yab_af.cab
DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} - hxxp://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://gameadvisor.futuremark.com/global/msc311.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4587/mcfscan.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\baodo\applic~1\mozilla\firefox\profiles\07rzf5q7.default\
FF - plugin: c:\documents and settings\baodo\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-6-15 28544]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1005000.086\symefa.sys --> c:\windows\system32\drivers\nav\1005000.086\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1005000.086\bhdrvx86.sys --> c:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1005000.086\cchpx86.sys --> c:\windows\system32\drivers\nav\1005000.086\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090623.001\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090623.001\IDSxpx86.sys [?]
S2 Norton AntiVirus;Norton AntiVirus;"c:\program files\norton antivirus\engine\16.5.0.134\ccsvchst.exe" /s "norton antivirus" /m "c:\program files\norton antivirus\engine\16.5.0.134\dimaster.dll" /prefetch:1 --> c:\program files\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-2-20 24652]
S2 vxucawwjxbd;vxucawwjxbd;c:\windows\system32\drivers\cpqdgwpmtpjyfv.sys [2009-6-23 70656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-23 38160]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090625.039\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090625.039\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090625.039\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090625.039\NAVEX15.SYS [?]

=============== Created Last 30 ================

2009-06-28 22:01 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-06-27 00:04 <DIR> --d----- c:\program files\Trend Micro
2009-06-26 16:26 93 a------- c:\windows\system32\SKYNEThdwwjxvx.dat
2009-06-26 16:20 35,888 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-06-26 16:20 <DIR> --d----- c:\windows\LastGood.Tmp
2009-06-23 22:59 <DIR> --d----- c:\docume~1\baodo\applic~1\Malwarebytes
2009-06-23 22:59 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-23 22:59 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-23 22:59 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-23 22:09 213,024 a------- c:\windows\system32\drivers\str.sys
2009-06-23 22:07 22,528 a---h--- c:\windows\system32\f.exe
2009-06-23 22:07 184 a------- c:\windows\22678h32.bat
2009-06-23 22:07 14,848 ----h--- c:\windows\ld10.exe
2009-06-23 22:07 <DIR> --dsh--- c:\windows\system32\lowsec
2009-06-23 22:07 70,656 a------- c:\windows\system32\drivers\cpqdgwpmtpjyfv.sys
2009-06-23 21:54 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-23 21:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-06-23 21:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-06-23 01:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-20 21:56 <DIR> --d----- c:\program files\Half Life 2
2009-06-20 18:13 74,266 a------- c:\windows\system32\SKYNETewmnsslp.dat
2009-06-18 16:25 <DIR> --d----- c:\docume~1\baodo\applic~1\2K Sports
2009-06-18 02:55 267,272 a------- c:\windows\system32\xactengine2_10.dll
2009-06-18 02:55 3,734,536 a------- c:\windows\system32\d3dx9_36.dll
2009-06-18 02:55 1,374,232 a------- c:\windows\system32\D3DCompiler_36.dll
2009-06-18 02:55 444,776 a------- c:\windows\system32\d3dx10_36.dll
2009-06-18 02:55 267,112 a------- c:\windows\system32\xactengine2_9.dll
2009-06-18 02:55 266,088 a------- c:\windows\system32\xactengine2_8.dll
2009-06-18 02:55 17,928 a------- c:\windows\system32\X3DAudio1_2.dll
2009-06-18 02:55 261,480 a------- c:\windows\system32\xactengine2_7.dll
2009-06-18 02:55 1,123,696 a------- c:\windows\system32\D3DCompiler_33.dll
2009-06-18 02:55 443,752 a------- c:\windows\system32\d3dx10_33.dll
2009-06-18 02:54 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2009-06-18 02:54 255,848 a------- c:\windows\system32\xactengine2_6.dll
2009-06-18 02:54 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-06-18 02:54 251,672 a------- c:\windows\system32\xactengine2_5.dll
2009-06-18 02:54 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-06-18 02:54 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-06-18 02:54 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-06-18 02:54 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-06-18 02:54 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-06-15 14:20 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-06-14 08:35 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-14 08:35 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

==================== Find3M ====================

2009-05-12 22:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 08:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-04-30 14:22 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-04-30 14:22 11,064,832 a------- c:\windows\system32\dllcache\ieframe.dll
2009-04-30 14:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 14:22 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 14:22 385,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 04:21 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-24 22:30 102,400 -------- c:\windows\system32\dllcache\iecompat.dll
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 05:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 07:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-25 23:30 1,445,888 a------- c:\documents and settings\baodo\DesktopWinsockxpFix.exe
2009-03-25 23:30 186,368 a------- c:\documents and settings\baodo\DesktopLSPFix.exe
2009-03-25 23:30 36,864 a------- c:\documents and settings\baodo\DesktopSafeMSI.exe
2008-08-17 12:20 87,608 a------- c:\docume~1\baodo\applic~1\inst.exe
2008-08-17 12:20 47,360 a------- c:\docume~1\baodo\applic~1\pcouffin.sys
2005-08-19 14:56 162,551 a------- c:\documents and settings\baodo\stub.exe
2005-07-28 07:47 0 ac------ c:\program files\AMERICA ONLINE
1993-06-16 01:00 107 ac------ c:\program files\Adl.drv
2009-03-26 00:27 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032620090327\index.dat

============= FINISH: 16:30:26.43 ===============

Attached Files



#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 03 July 2009 - 08:58 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix, since you can only use safe mode, make sure you are using safemode with networking
and that you install the recovery console.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#5 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 July 2009 - 07:03 PM

I want to try cleaning the computer first. And then I want to transfer all my important files on this computer to my other computer like all my pictures and stuff. Will these files be infected if I transfer this to my other computer? Once I transfer, I would most likely probably reformat. Does reformatting guarantee that the rootkit will be gone 100%?? Do you recommend reformating? Because I dont use this computer much often..only to surf the internet when I'm home from college or my Dad uses it. If we stay away from checking our bank accounts, etc.. will it be okay to not reformat??

p.s I apparently also got infected with system security 2009 virus, that wont allow me to run several programs.

Well here is my combofix log.

Attached Files

  • Attached File  log.txt   50.34KB   11 downloads

Edited by Lostfan17, 04 July 2009 - 07:48 PM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 04 July 2009 - 08:03 PM

Copy and paste all logs requested in you reply, Do not attach them unless asked too.


Can you please note this which I posted earlier.

I would recommend formatting that will get rid of any rootkits, If you are going to format it is their any point
in going through the cleaning process? Let me no whether you intend on formatting or not?

Edited by syler, 04 July 2009 - 08:05 PM.

unite.jpg


#7 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 04 July 2009 - 08:28 PM

As of right now, I don't intend to reformat.. as I have many pictures and important files I don't want to lose.

Here is my log.

ComboFix 09-07-04.04 - BaoDo 07/04/2009 15:51.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.664 [GMT -7:00]
Running from: c:\documents and settings\BaoDo\Desktop\123.exe
.
ADS - svchost.exe: deleted 32768 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ckxd.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\173265229mxx.dll
c:\docume~1\BaoDo\LOCALS~1\Temp\csrss.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\lsass.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\services.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\svchost.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\taskmgr.exe
c:\docume~1\BaoDo\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\Administrator\Application Data\wiaserva.log
c:\documents and settings\Administrator\Application Data\wiaservg.log
c:\documents and settings\Administrator\Start Menu\Programs\Startup\fmnupd32.exe
c:\documents and settings\All Users\Application Data\12045624
c:\documents and settings\All Users\Application Data\12045624\12045624
c:\documents and settings\All Users\Application Data\12045624\12045624.exe
c:\documents and settings\BaoDo\Application Data\inst.exe
c:\documents and settings\BaoDo\Application Data\wiaserva.log
c:\documents and settings\BaoDo\Application Data\wiaservg.log
c:\documents and settings\BaoDo\BaoDo.exe
c:\documents and settings\BaoDo\Desktop\System Security 2009.lnk
c:\documents and settings\BaoDo\dyn.exe
c:\documents and settings\BaoDo\Local Settings\Temp\173265229mxx.dll
c:\documents and settings\BaoDo\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\BaoDo\reader_s.exe
c:\documents and settings\BaoDo\Start Menu\Programs\Startup\fmnupd32.exe
c:\documents and settings\BaoDo\Start Menu\Programs\Startup\zqosys32.exe
c:\documents and settings\BaoDo\Start Menu\Programs\System Security
c:\documents and settings\BaoDo\Start Menu\Programs\System Security\System Security
C:\furvsh.exe
C:\jsrtadqg.exe
C:\lsass.exe
C:\ohhvpdqo.exe
c:\recycler\S-1-5-21-0243636035-3055115376-381863306-1556
c:\recycler\S-1-5-21-5504738149-1235186590-610165397-0321\wnzip32.exe
c:\windows\010112010146118114.dat
c:\windows\9129837.exe
c:\windows\Install.txt
c:\windows\Installer\1c7cf.msi
c:\windows\ld10.exe
c:\windows\ld11.exe
c:\windows\sysguard.exe
c:\windows\system32\__c001D040.dat
c:\windows\system32\__c001E9A1.dat
c:\windows\system32\__c0023A64.dat
c:\windows\system32\__c0028B6C.dat
c:\windows\system32\__c002BA16.dat
c:\windows\system32\__c00308.dat
c:\windows\system32\__c00379C1.dat
c:\windows\system32\__c0039F42.dat
c:\windows\system32\__c006FA34.dat
c:\windows\system32\__c0075EB0.dat
c:\windows\system32\__c007DB.dat
c:\windows\system32\__c0084859.dat
c:\windows\system32\__c008AE11.dat
c:\windows\system32\__c008BB0B.dat
c:\windows\system32\__c008EEA4.dat
c:\windows\system32\__c00A0B.dat
c:\windows\system32\__c00ADDD9.dat
c:\windows\system32\__c00BD32.dat
c:\windows\system32\__c00C30D1.dat
c:\windows\system32\__c00CFA48.dat
c:\windows\system32\__c00E68E1.dat
c:\windows\system32\__c00F8E84.dat
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\comsa32.sys
c:\windows\system32\drivers\BEEP.SYS
c:\windows\system32\drivers\cpqdgwpmtpjyfv.sys
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\drivers\NULL.SYS
c:\windows\system32\drivers\smss.exe
c:\windows\system32\drivers\str.sys
c:\windows\system32\f.exe
c:\windows\system32\FInstall.sys
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\Iasv32.dll
c:\windows\system32\Install.txt
c:\windows\system32\Ipripv32.dll
c:\windows\system32\kr_done1
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\mscejczl.exe
c:\windows\system32\mscer.exe
c:\windows\system32\mscfp.exe
c:\windows\system32\mscfxvhn.exe
c:\windows\system32\mscgz.exe
c:\windows\system32\mscit.exe
c:\windows\system32\msckdmsk.exe
c:\windows\system32\msckhu.exe
c:\windows\system32\msclg.exe
c:\windows\system32\msclqt.exe
c:\windows\system32\msclvznb.exe
c:\windows\system32\mscmlcx.exe
c:\windows\system32\mscofenj.exe
c:\windows\system32\mscoikwm.exe
c:\windows\system32\mscqsfo.exe
c:\windows\system32\mscrp.exe
c:\windows\system32\mscskr.exe
c:\windows\system32\mscsn.exe
c:\windows\system32\mscsv.exe
c:\windows\system32\mscuuzk.exe
c:\windows\system32\mscvd.exe
c:\windows\system32\mscwh.exe
c:\windows\system32\mscxcrv.exe
c:\windows\system32\mscxp.exe
c:\windows\system32\mscyy.exe
c:\windows\system32\msdapn.exe
c:\windows\system32\msdcrq.exe
c:\windows\system32\msdcxdg.exe
c:\windows\system32\msdfdybx.exe
c:\windows\system32\msdfu.exe
c:\windows\system32\msdjgra.exe
c:\windows\system32\msdjuf.exe
c:\windows\system32\msdmlmj.exe
c:\windows\system32\msdpisws.exe
c:\windows\system32\msdqsnz.exe
c:\windows\system32\msdts.exe
c:\windows\system32\msdul.exe
c:\windows\system32\msdurc.exe
c:\windows\system32\msdvju.exe
c:\windows\system32\msdxc.exe
c:\windows\system32\msdxezdu.exe
c:\windows\system32\msdza.exe
c:\windows\system32\msdzoe.exe
c:\windows\system32\msebv.exe
c:\windows\system32\msebxdp.exe
c:\windows\system32\msechxst.exe
c:\windows\system32\msedgraf.exe
c:\windows\system32\msefbiz.exe
c:\windows\system32\msehjplj.exe
c:\windows\system32\msejjs.exe
c:\windows\system32\msejxt.exe
c:\windows\system32\msekj.exe
c:\windows\system32\mseosyf.exe
c:\windows\system32\mseqbetp.exe
c:\windows\system32\mseryp.exe
c:\windows\system32\msesj.exe
c:\windows\system32\msetdit.exe
c:\windows\system32\msetdqja.exe
c:\windows\system32\msetgab.exe
c:\windows\system32\mseunqqx.exe
c:\windows\system32\mseyjldp.exe
c:\windows\system32\msfaow.exe
c:\windows\system32\msfbh.exe
c:\windows\system32\msfcjb.exe
c:\windows\system32\msfckhde.exe
c:\windows\system32\msfdp.exe
c:\windows\system32\msfeqtz.exe
c:\windows\system32\msfetfz.exe
c:\windows\system32\msfezdzr.exe
c:\windows\system32\msfgi.exe
c:\windows\system32\msfgvh.exe
c:\windows\system32\msfhcbx.exe
c:\windows\system32\msfjbin.exe
c:\windows\system32\msfjfcn.exe
c:\windows\system32\msfjgm.exe
c:\windows\system32\msfjt.exe
c:\windows\system32\msfkcrvv.exe
c:\windows\system32\msfkdq.exe
c:\windows\system32\msfkkme.exe
c:\windows\system32\msflcs.exe
c:\windows\system32\msfnor.exe
c:\windows\system32\msfnss.exe
c:\windows\system32\msfodhc.exe
c:\windows\system32\msfptzgv.exe
c:\windows\system32\msfpwnd.exe
c:\windows\system32\msfqw.exe
c:\windows\system32\msfvnoej.exe
c:\windows\system32\msfwni.exe
c:\windows\system32\msfxcmf.exe
c:\windows\system32\msfyyn.exe
c:\windows\system32\msfzria.exe
c:\windows\system32\msgayh.exe
c:\windows\system32\msgbyexm.exe
c:\windows\system32\msgchany.exe
c:\windows\system32\msgcuwxb.exe
c:\windows\system32\msgdh.exe
c:\windows\system32\msgdplgb.exe
c:\windows\system32\msgeffon.exe
c:\windows\system32\msgeggy.exe
c:\windows\system32\msgergo.exe
c:\windows\system32\msgfjv.exe
c:\windows\system32\msgfrk.exe
c:\windows\system32\msghrzur.exe
c:\windows\system32\msgij.exe
c:\windows\system32\msgikvp.exe
c:\windows\system32\msgiqt.exe
c:\windows\system32\msgjp.exe
c:\windows\system32\msglhri.exe
c:\windows\system32\msglypt.exe
c:\windows\system32\msgnr.exe
c:\windows\system32\msgnx.exe
c:\windows\system32\msgnxf.exe
c:\windows\system32\msgqb.exe
c:\windows\system32\msgqv.exe
c:\windows\system32\msgrc.exe
c:\windows\system32\msgreg.exe
c:\windows\system32\msgrf.exe
c:\windows\system32\msgrx.exe
c:\windows\system32\msgsyod.exe
c:\windows\system32\msgup.exe
c:\windows\system32\msgvim.exe
c:\windows\system32\msgvm.exe
c:\windows\system32\msgxeb.exe
c:\windows\system32\msgzf.exe
c:\windows\system32\msgzll.exe
c:\windows\system32\mshafyuj.exe
c:\windows\system32\mshaiic.exe
c:\windows\system32\mshavrss.exe
c:\windows\system32\mshbaslg.exe
c:\windows\system32\mshcjk.exe
c:\windows\system32\mshdga.exe
c:\windows\system32\mshdjct.exe
c:\windows\system32\mshfi.exe
c:\windows\system32\mshfrdf.exe
c:\windows\system32\mshft.exe
c:\windows\system32\mshiay.exe
c:\windows\system32\mshifejm.exe
c:\windows\system32\mshjracp.exe
c:\windows\system32\mshkvlo.exe
c:\windows\system32\mshmq.exe
c:\windows\system32\mshpbr.exe
c:\windows\system32\mshpekyz.exe
c:\windows\system32\mshqg.exe
c:\windows\system32\mshqjfby.exe
c:\windows\system32\mshrbx.exe
c:\windows\system32\mshtgw.exe
c:\windows\system32\mshuins.exe
c:\windows\system32\mshujavh.exe
c:\windows\system32\mshvbr.exe
c:\windows\system32\mshzemz.exe
c:\windows\system32\msicn.exe
c:\windows\system32\msicsnzv.exe
c:\windows\system32\msigoo.exe
c:\windows\system32\msihzys.exe
c:\windows\system32\msiiwyi.exe
c:\windows\system32\msijjqeu.exe
c:\windows\system32\msiqm.exe
c:\windows\system32\msirnb.exe
c:\windows\system32\msirnfv.exe
c:\windows\system32\msiskhsm.exe
c:\windows\system32\msisp.exe
c:\windows\system32\msitl.exe
c:\windows\system32\msivn.exe
c:\windows\system32\msivnr.exe
c:\windows\system32\msiwzf.exe
c:\windows\system32\msixb.exe
c:\windows\system32\msixes.exe
c:\windows\system32\msjazdtv.exe
c:\windows\system32\msjbcff.exe
c:\windows\system32\msjbwlur.exe
c:\windows\system32\msjbzm.exe
c:\windows\system32\msjfaquq.exe
c:\windows\system32\msjgnozh.exe
c:\windows\system32\msjgy.exe
c:\windows\system32\msjhoe.exe
c:\windows\system32\msjhtjk.exe
c:\windows\system32\msjhufd.exe
c:\windows\system32\msjipjlj.exe
c:\windows\system32\msjixbp.exe
c:\windows\system32\msjjop.exe
c:\windows\system32\msjlob.exe
c:\windows\system32\msjmb.exe
c:\windows\system32\msjmi.exe
c:\windows\system32\msjnbafn.exe
c:\windows\system32\msjqmvf.exe
c:\windows\system32\msjqp.exe
c:\windows\system32\msjqquu.exe
c:\windows\system32\msjqumdl.exe
c:\windows\system32\msjsy.exe
c:\windows\system32\msjulgmc.exe
c:\windows\system32\msjund.exe
c:\windows\system32\msjuttey.exe
c:\windows\system32\msjvjn.exe
c:\windows\system32\msjxz.exe
c:\windows\system32\msjzhs.exe
c:\windows\system32\msjzkib.exe
c:\windows\system32\mskatajq.exe
c:\windows\system32\mskbpxz.exe
c:\windows\system32\mskbsfy.exe
c:\windows\system32\mskcmnpq.exe
c:\windows\system32\mskdz.exe
c:\windows\system32\mskfd.exe
c:\windows\system32\mskhkzf.exe
c:\windows\system32\mskhway.exe
c:\windows\system32\mskictao.exe
c:\windows\system32\mskkm.exe
c:\windows\system32\msklkwiu.exe
c:\windows\system32\mskmdwz.exe
c:\windows\system32\msknvk.exe
c:\windows\system32\mskpf.exe
c:\windows\system32\mskpjrm.exe
c:\windows\system32\mskqb.exe
c:\windows\system32\mskqbis.exe
c:\windows\system32\mskqs.exe
c:\windows\system32\msksq.exe
c:\windows\system32\msktkhvq.exe
c:\windows\system32\mskto.exe
c:\windows\system32\mskueog.exe
c:\windows\system32\mskxoz.exe
c:\windows\system32\mskyayee.exe
c:\windows\system32\mskyiori.exe
c:\windows\system32\mslahh.exe
c:\windows\system32\mslap.exe
c:\windows\system32\mslcc.exe
c:\windows\system32\mslgbh.exe
c:\windows\system32\mslhblg.exe
c:\windows\system32\mslino.exe
c:\windows\system32\mslipvjo.exe
c:\windows\system32\mslji.exe
c:\windows\system32\msllbhx.exe
c:\windows\system32\msllszbi.exe
c:\windows\system32\mslozqm.exe
c:\windows\system32\mslpeno.exe
c:\windows\system32\mslrim.exe
c:\windows\system32\mslrmdy.exe
c:\windows\system32\msltgqfx.exe
c:\windows\system32\msltvlg.exe
c:\windows\system32\msltzmh.exe
c:\windows\system32\mslvph.exe
c:\windows\system32\mslwkhdm.exe
c:\windows\system32\mslxaf.exe
c:\windows\system32\mslyo.exe
c:\windows\system32\msmaxc.exe
c:\windows\system32\msmbbx.exe
c:\windows\system32\msmefx.exe
c:\windows\system32\msmer.exe
c:\windows\system32\msmfbz.exe
c:\windows\system32\msmgvb.exe
c:\windows\system32\msmio.exe
c:\windows\system32\msmiq.exe
c:\windows\system32\msmjbr.exe
c:\windows\system32\msmmbr.exe
c:\windows\system32\msmmngw.exe
c:\windows\system32\msmoca.exe
c:\windows\system32\msmouot.exe
c:\windows\system32\msmrvl.exe
c:\windows\system32\msmswk.exe
c:\windows\system32\msmtoc.exe
c:\windows\system32\msmvbmbe.exe
c:\windows\system32\msmvupb.exe
c:\windows\system32\msmwa.exe
c:\windows\system32\msmwlc.exe
c:\windows\system32\msmxkrxz.exe
c:\windows\system32\msmxnv.exe
c:\windows\system32\msmzjft.exe
c:\windows\system32\msnbblne.exe
c:\windows\system32\msnbkf.exe
c:\windows\system32\msnboo.exe
c:\windows\system32\msncache.dll
c:\windows\system32\msnda.exe
c:\windows\system32\msndp.exe
c:\windows\system32\msnfac.exe
c:\windows\system32\msnfle.exe
c:\windows\system32\msnflhgb.exe
c:\windows\system32\msnfya.exe
c:\windows\system32\msngh.exe
c:\windows\system32\msngv.exe
c:\windows\system32\msnhen.exe
c:\windows\system32\msnhhdyr.exe
c:\windows\system32\msnidor.exe
c:\windows\system32\msnihj.exe
c:\windows\system32\msnilgrg.exe
c:\windows\system32\msnjle.exe
c:\windows\system32\msnjpnhu.exe
c:\windows\system32\msnkl.exe
c:\windows\system32\msnmavut.exe
c:\windows\system32\msnmcs.exe
c:\windows\system32\msnnqshl.exe
c:\windows\system32\msnoir.exe
c:\windows\system32\msnozq.exe
c:\windows\system32\msnpirrq.exe
c:\windows\system32\msnpo.exe
c:\windows\system32\msntjes.exe
c:\windows\system32\msntnbkz.exe
c:\windows\system32\msnvu.exe
c:\windows\system32\msnzd.exe
c:\windows\system32\msoag.exe
c:\windows\system32\msobalhr.exe
c:\windows\system32\msobeohu.exe
c:\windows\system32\msoedu.exe
c:\windows\system32\msoew.exe
c:\windows\system32\msogbu.exe
c:\windows\system32\msojs.exe
c:\windows\system32\msokbtj.exe
c:\windows\system32\msomqh.exe
c:\windows\system32\msopb.exe
c:\windows\system32\msoqvfmz.exe
c:\windows\system32\msorkt.exe
c:\windows\system32\msosg.exe
c:\windows\system32\msotg.exe
c:\windows\system32\msotzy.exe
c:\windows\system32\msouwiw.exe
c:\windows\system32\msovcpp.exe
c:\windows\system32\msowm.exe
c:\windows\system32\msozdxl.exe
c:\windows\system32\msozkwe.exe
c:\windows\system32\mspbchid.exe
c:\windows\system32\mspbnokj.exe
c:\windows\system32\mspbsisc.exe
c:\windows\system32\mspbzaj.exe
c:\windows\system32\mspdk.exe
c:\windows\system32\mspeq.exe
c:\windows\system32\mspgwww.exe
c:\windows\system32\msphoh.exe
c:\windows\system32\msphrtq.exe
c:\windows\system32\mspii.exe
c:\windows\system32\mspkrkiz.exe
c:\windows\system32\msplmlg.exe
c:\windows\system32\msplpm.exe
c:\windows\system32\msplvu.exe
c:\windows\system32\mspmhf.exe
c:\windows\system32\msppn.exe
c:\windows\system32\msprpxj.exe
c:\windows\system32\mspstblj.exe
c:\windows\system32\mspsw.exe
c:\windows\system32\mspusra.exe
c:\windows\system32\mspvhmi.exe
c:\windows\system32\mspvht.exe
c:\windows\system32\mspvleb.exe
c:\windows\system32\mspvnzb.exe
c:\windows\system32\mspwhbp.exe
c:\windows\system32\mspzlhm.exe
c:\windows\system32\mspzow.exe
c:\windows\system32\msqanehq.exe
c:\windows\system32\msqcwlm.exe
c:\windows\system32\msqcxw.exe
c:\windows\system32\msqev.exe
c:\windows\system32\msqia.exe
c:\windows\system32\msqidqfl.exe
c:\windows\system32\msqjtw.exe
c:\windows\system32\msqkesv.exe
c:\windows\system32\msqlk.exe
c:\windows\system32\msqncxf.exe
c:\windows\system32\msqpqn.exe
c:\windows\system32\msqqbggt.exe
c:\windows\system32\msqqm.exe
c:\windows\system32\msqrj.exe
c:\windows\system32\msqrqkgg.exe
c:\windows\system32\msqsf.exe
c:\windows\system32\msqsfw.exe
c:\windows\system32\msqtlc.exe
c:\windows\system32\msquf.exe
c:\windows\system32\msqvyh.exe
c:\windows\system32\msqwfnbz.exe
c:\windows\system32\msqyk.exe
c:\windows\system32\msqyy.exe
c:\windows\system32\msqzkkk.exe
c:\windows\system32\msqzq.exe
c:\windows\system32\msrapqgi.exe
c:\windows\system32\msrbn.exe
c:\windows\system32\msrddi.exe
c:\windows\system32\msrdoqkj.exe
c:\windows\system32\msrfuc.exe
c:\windows\system32\msrggqyo.exe
c:\windows\system32\msrgyi.exe
c:\windows\system32\msrhpx.exe
c:\windows\system32\msrij.exe
c:\windows\system32\msritx.exe
c:\windows\system32\msrjhgb.exe
c:\windows\system32\msrjsqos.exe
c:\windows\system32\msrkeqx.exe
c:\windows\system32\msrmkioa.exe
c:\windows\system32\msrmwunb.exe
c:\windows\system32\msrotys.exe
c:\windows\system32\msrpn.exe
c:\windows\system32\msrptn.exe
c:\windows\system32\msrsgg.exe
c:\windows\system32\msrsj.exe
c:\windows\system32\msrsp.exe
c:\windows\system32\msrsumod.exe
c:\windows\system32\msrut.exe
c:\windows\system32\msryt.exe
c:\windows\system32\msryxssf.exe
c:\windows\system32\mssascc.exe
c:\windows\system32\msscsnf.exe
c:\windows\system32\msseb.exe
c:\windows\system32\mssedb.exe
c:\windows\system32\mssgzjnl.exe
c:\windows\system32\mssjxj.exe
c:\windows\system32\msskqz.exe
c:\windows\system32\mssksvs.exe
c:\windows\system32\mssma.exe
c:\windows\system32\mssmmv.exe
c:\windows\system32\mssoeor.exe
c:\windows\system32\mssoumjb.exe
c:\windows\system32\msspx.exe
c:\windows\system32\msstcedo.exe
c:\windows\system32\mssvix.exe
c:\windows\system32\mssvng.exe
c:\windows\system32\mssyh.exe
c:\windows\system32\mssza.exe
c:\windows\system32\msszj.exe
c:\windows\system32\msszjlq.exe
c:\windows\system32\msszng.exe
c:\windows\system32\mstbagh.exe
c:\windows\system32\mstbe.exe
c:\windows\system32\mstbgbl.exe
c:\windows\system32\mstcfg.exe
c:\windows\system32\mstek.exe
c:\windows\system32\mstepu.exe
c:\windows\system32\mstghl.exe
c:\windows\system32\msthfyw.exe
c:\windows\system32\mstjyfam.exe
c:\windows\system32\mstlnef.exe
c:\windows\system32\mstrcjn.exe
c:\windows\system32\mstsay.exe
c:\windows\system32\mstslnqq.exe
c:\windows\system32\mstsrsru.exe
c:\windows\system32\msttez.exe
c:\windows\system32\msttjisz.exe
c:\windows\system32\mstuhlxr.exe
c:\windows\system32\mstuxzqk.exe
c:\windows\system32\mstvc.exe
c:\windows\system32\mstvog.exe
c:\windows\system32\mstvuy.exe
c:\windows\system32\mstyfsc.exe
c:\windows\system32\mstzah.exe
c:\windows\system32\msuagt.exe
c:\windows\system32\msuajt.exe
c:\windows\system32\msuavjol.exe
c:\windows\system32\msubavkf.exe
c:\windows\system32\msubzzyq.exe
c:\windows\system32\msuddpq.exe
c:\windows\system32\msudjjcz.exe
c:\windows\system32\msudwa.exe
c:\windows\system32\msueis.exe
c:\windows\system32\msueq.exe
c:\windows\system32\msugbq.exe
c:\windows\system32\msuijtt.exe
c:\windows\system32\msujecl.exe
c:\windows\system32\msujhinj.exe
c:\windows\system32\msujksq.exe
c:\windows\system32\msulofy.exe
c:\windows\system32\msupinyd.exe
c:\windows\system32\msupu.exe
c:\windows\system32\msupxm.exe
c:\windows\system32\msurunx.exe
c:\windows\system32\msute.exe
c:\windows\system32\msuutsl.exe
c:\windows\system32\msuye.exe
c:\windows\system32\msuznm.exe
c:\windows\system32\msuzxgl.exe
c:\windows\system32\msvavc.exe
c:\windows\system32\msvbvqza.exe
c:\windows\system32\msveanap.exe
c:\windows\system32\msvfuon.exe
c:\windows\system32\msvgbh.exe
c:\windows\system32\msvggsk.exe
c:\windows\system32\msvgpf.exe
c:\windows\system32\msviaf.exe
c:\windows\system32\msvjzek.exe
c:\windows\system32\msvkotb.exe
c:\windows\system32\msvkpby.exe
c:\windows\system32\msvne.exe
c:\windows\system32\msvnnjm.exe
c:\windows\system32\msvof.exe
c:\windows\system32\msvpfu.exe
c:\windows\system32\msvrx.exe
c:\windows\system32\msvsbpde.exe
c:\windows\system32\msvuoevw.exe
c:\windows\system32\msvuuqhs.exe
c:\windows\system32\msvvggk.exe
c:\windows\system32\msvwzrls.exe
c:\windows\system32\msvyp.exe
c:\windows\system32\msvzdws.exe
c:\windows\system32\mswaob.exe
c:\windows\system32\mswbbfh.exe
c:\windows\system32\mswcrdfw.exe
c:\windows\system32\mswfr.exe
c:\windows\system32\mswfrwx.exe
c:\windows\system32\mswgdgow.exe
c:\windows\system32\mswgjx.exe
c:\windows\system32\mswik.exe
c:\windows\system32\mswikym.exe
c:\windows\system32\mswjm.exe
c:\windows\system32\mswjpefu.exe
c:\windows\system32\mswjsqy.exe
c:\windows\system32\mswklv.exe
c:\windows\system32\mswmkv.exe
c:\windows\system32\mswnnlur.exe
c:\windows\system32\mswoo.exe
c:\windows\system32\mswpqdf.exe
c:\windows\system32\mswrpor.exe
c:\windows\system32\mswrtxsx.exe
c:\windows\system32\mswst.exe
c:\windows\system32\mswtkmhg.exe
c:\windows\system32\mswueq.exe
c:\windows\system32\mswuzfct.exe
c:\windows\system32\mswvcaop.exe
c:\windows\system32\mswvv.exe
c:\windows\system32\mswwtry.exe
c:\windows\system32\mswyi.exe
c:\windows\system32\mswzd.exe
c:\windows\system32\msxadhlq.exe
c:\windows\system32\msxajld.exe
c:\windows\system32\msxajx.exe
c:\windows\system32\msxbc.exe
c:\windows\system32\msxcmluv.exe
c:\windows\system32\msxdwie.exe
c:\windows\system32\msxdxb.exe
c:\windows\system32\msxgh.exe
c:\windows\system32\msxgktwa.exe
c:\windows\system32\msxgrs.exe
c:\windows\system32\msxix.exe
c:\windows\system32\msxjylot.exe
c:\windows\system32\msxod.exe
c:\windows\system32\msxplnzj.exe
c:\windows\system32\msxpsa.exe
c:\windows\system32\msxqksyc.exe
c:\windows\system32\msxqnk.exe
c:\windows\system32\msxrx.exe
c:\windows\system32\msxsd.exe
c:\windows\system32\msxsllsc.exe
c:\windows\system32\msxsnb.exe
c:\windows\system32\msxtwapm.exe
c:\windows\system32\msxtxc.exe
c:\windows\system32\msxuq.exe
c:\windows\system32\msxvqbck.exe
c:\windows\system32\msxzmp.exe
c:\windows\system32\msxzxgyu.exe
c:\windows\system32\msyacnhd.exe
c:\windows\system32\msyatkd.exe
c:\windows\system32\msybblxk.exe
c:\windows\system32\msybia.exe
c:\windows\system32\msych.exe
c:\windows\system32\msyebhp.exe
c:\windows\system32\msyeuv.exe
c:\windows\system32\msyimx.exe
c:\windows\system32\msyjdku.exe
c:\windows\system32\msykjcv.exe
c:\windows\system32\msyko.exe
c:\windows\system32\msylahcw.exe
c:\windows\system32\msyli.exe
c:\windows\system32\msylndq.exe
c:\windows\system32\msylxzz.exe
c:\windows\system32\msynbkgg.exe
c:\windows\system32\msyoojje.exe
c:\windows\system32\msypdvvx.exe
c:\windows\system32\msypxmyd.exe
c:\windows\system32\msyqccih.exe
c:\windows\system32\msyqgj.exe
c:\windows\system32\msyrl.exe
c:\windows\system32\msyrqlii.exe
c:\windows\system32\msysnnej.exe
c:\windows\system32\msysr.exe
c:\windows\system32\msyti.exe
c:\windows\system32\msytsc.exe
c:\windows\system32\msyulqk.exe
c:\windows\system32\msyuu.exe
c:\windows\system32\msyvkons.exe
c:\windows\system32\msyzl.exe
c:\windows\system32\msyzy.exe
c:\windows\system32\mszcrp.exe
c:\windows\system32\mszdr.exe
c:\windows\system32\mszffudb.exe
c:\windows\system32\mszfhf.exe
c:\windows\system32\mszgznnt.exe
c:\windows\system32\mszij.exe
c:\windows\system32\mszil.exe
c:\windows\system32\msziqpen.exe
c:\windows\system32\mszir.exe
c:\windows\system32\mszjnma.exe
c:\windows\system32\mszjq.exe
c:\windows\system32\mszkrkzt.exe
c:\windows\system32\mszkyq.exe
c:\windows\system32\mszlvud.exe
c:\windows\system32\msznodfs.exe
c:\windows\system32\mszoxevk.exe
c:\windows\system32\mszpe.exe
c:\windows\system32\mszqc.exe
c:\windows\system32\mszqvpbp.exe
c:\windows\system32\mszrhfdl.exe
c:\windows\system32\mszrlh.exe
c:\windows\system32\mszrwd.exe
c:\windows\system32\mszskbd.exe
c:\windows\system32\mszsq.exe
c:\windows\system32\mszuigl.exe
c:\windows\system32\mszuk.exe
c:\windows\system32\mszvskm.exe
c:\windows\system32\mszxu.exe
c:\windows\system32\mszxuimf.exe
c:\windows\system32\mszyfnaf.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\open.ico
c:\windows\system32\p2hhr.bat
c:\windows\system32\pcmstub.sys
c:\windows\system32\reader_s.exe
c:\windows\system32\sdjee3inf.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\SKYNETewmnsslp.dat
c:\windows\system32\SKYNEThdwwjxvx.dat
c:\windows\system32\sopidkc.exe
c:\windows\system32\tocacaasu.dll
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\twain_32
c:\windows\system32\wbem\grpconv.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys
C:\xcrashdump.dat
c:\windows\system32\dabaabaeadfafbaa.dll . . . . failed to delete


c:\windows\system32\grpconv.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI64SI
-------\Legacy_avast!antivirus
-------\Legacy_DRV
-------\Legacy_fci
-------\Legacy_glaide32
-------\Legacy_ias
-------\Legacy_iprip
-------\Legacy_msncache
-------\Legacy_pcmstub
-------\Legacy_SOPIDKC
-------\Legacy_VXUCAWWJXBD
-------\Service_avast!antivirus
-------\Service_drv
-------\Service_fci
-------\Service_glaide32
-------\Service_ias
-------\Service_iprip
-------\Service_msncache
-------\Service_pcmstub
-------\Service_SKYNETknkcrouf
-------\Service_sopidkc
-------\Service_vxucawwjxbd


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-04 22:59 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 22:59 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-04 22:39 . 2009-07-04 22:39 -------- d-s---w- C:\viking
2009-07-04 22:35 . 2009-07-04 22:35 39424 ----a-w- C:\lmkgwrym.exe
2009-07-02 07:24 . 2009-07-02 07:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-02 04:09 . 2009-07-02 04:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-02 04:03 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-02 03:58 . 2009-07-02 03:58 118784 ----a-w- c:\windows\system32\sgcpnjj0ep8n.dll
2009-07-02 03:58 . 2009-07-02 03:58 80191 ----a-w- c:\windows\system32\qgctnjj0ep8n.exe
2009-07-02 03:58 . 2009-07-02 03:58 29696 ----a-w- c:\windows\system32\ydo.exe
2009-07-02 03:57 . 2009-07-04 22:36 96768 ----a-w- C:\stfqqym.exe
2009-07-02 03:57 . 2009-07-04 22:36 220366 ----a-w- C:\illhtee.exe
2009-07-02 03:57 . 2009-07-02 09:26 184848 ----a-w- C:\rcdpquup.exe
2009-07-02 03:56 . 2009-07-02 03:56 96768 ----a-w- C:\fdvjfx.exe
2009-07-02 03:56 . 2009-07-02 03:56 -------- d-----w- c:\program files\drv
2009-07-02 03:56 . 2009-07-02 03:56 206546 ----a-w- C:\gklrwl.exe
2009-07-02 03:56 . 2009-07-02 03:56 184848 ----a-w- C:\qngbvkhl.exe
2009-07-02 03:56 . 2009-07-02 03:56 39424 ----a-w- C:\rmydqsiw.exe
2009-07-02 03:56 . 2009-07-02 03:56 7680 ----a-w- C:\gswrij.exe
2009-06-29 05:01 . 2009-06-29 05:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-27 07:04 . 2009-06-27 07:04 -------- d-----w- c:\program files\Trend Micro
2009-06-24 04:53 . 2009-06-24 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-24 04:15 . 2009-06-24 04:23 56909736 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton AntiVirus 2009 Gaming Edition v16.1.0.33.exe
2009-06-24 04:15 . 2009-06-24 04:23 2265088 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton Trial RESET v1.5.exe
2009-06-23 08:09 . 2009-06-24 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-21 04:56 . 2009-06-21 04:56 -------- d-----w- c:\program files\Half Life 2
2009-06-21 04:40 . 2006-05-09 20:42 3939 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\CSS Install-Update.bat
2009-06-21 04:40 . 2006-05-09 20:40 4792 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2 Install-Update.bat
2009-06-21 04:40 . 2006-04-08 06:53 839680 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steamclient.dll
2009-06-21 04:40 . 2005-01-15 03:09 180224 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steam.dll
2009-06-21 04:40 . 2004-12-05 13:24 110592 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\Unpack.exe
2009-06-20 03:46 . 2009-06-20 03:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-18 23:25 . 2009-06-18 23:25 -------- d-----w- c:\documents and settings\BaoDo\Application Data\2K Sports
2009-06-18 09:55 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-06-18 09:55 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-06-18 09:55 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-06-18 09:55 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-06-18 09:55 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-06-18 09:55 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-06-18 09:55 . 2007-06-21 03:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-06-18 09:55 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-06-18 09:55 . 2007-03-15 23:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-06-18 09:55 . 2007-03-12 23:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-06-18 09:54 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-18 09:54 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-06-18 09:54 . 2006-12-08 19:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-06-18 09:54 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-18 09:54 . 2007-03-05 19:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-06-18 09:54 . 2006-09-28 23:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-06-18 09:54 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-18 09:54 . 2006-07-28 16:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-06-18 09:54 . 2006-07-28 16:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-06-17 06:39 . 2009-06-17 06:39 127872 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\uninstall.exe
2009-06-17 06:39 . 2009-06-17 06:39 1686272 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-17 06:39 4183416 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-15 21:20 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-14 15:35 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-14 15:35 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD1B.tmp
2009-07-04 23:03 . 2004-08-04 11:00 102476 ----a-w- c:\windows\system32\drivers\null.sys
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD19.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD17.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD15.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD11.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLDE.tmp
2009-07-04 23:01 . 2008-11-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-04 23:00 . 2004-07-03 07:02 312847 ----a-w- c:\windows\system32\dabaabaeadfafbaa.dll
2009-07-04 23:00 . 2004-07-03 07:02 312847 ------w- c:\windows\system32\52a5de8c161da234ee0634edd24a8998.TMP
2009-07-04 22:50 . 2009-07-02 05:34 185 ---h--w- c:\windows\Fonts\mlog
2009-07-02 09:26 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\svchost.exe
2009-07-02 09:09 . 2009-07-02 09:09 1036288 ----a-w- c:\windows\drw20.tmp
2009-07-02 09:01 . 2009-07-02 09:01 1036288 ----a-w- c:\windows\drw21.tmp
2009-07-02 08:22 . 2009-07-02 08:22 1036288 ----a-w- c:\windows\drw1C.tmp
2009-07-02 05:56 . 2009-06-24 05:59 -------- d-----w- c:\program files\123
2009-07-02 04:35 . 2009-07-02 04:35 127488 ---h--w- c:\windows\Fonts\winpaged.ocx
2009-07-02 04:35 . 2009-07-02 04:35 127488 ---h--w- c:\windows\Fonts\windef.Log
2009-07-02 04:35 . 2009-07-02 04:35 127488 ---h--w- c:\windows\Fonts\windef.dll
2009-07-02 04:35 . 2009-07-02 04:35 127488 ---h--w- c:\windows\Fonts\logcde.dll
2009-07-02 04:35 . 2009-07-02 04:35 127488 ---h--w- c:\windows\Fonts\cooecp.tlb
2009-07-02 04:35 . 2009-07-02 04:35 34304 ---h--w- c:\windows\Fonts\services.exe
2009-07-02 03:57 . 2004-08-04 11:00 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-02 01:58 . 2007-01-27 06:03 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-27 06:29 . 2009-06-24 04:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-27 06:28 . 2009-06-24 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Malwarebytes
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 05:36 . 2006-09-21 23:47 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Azureus
2009-06-24 05:23 . 2005-03-06 07:30 -------- d-----w- c:\program files\Yahoo!
2009-06-24 05:07 . 2009-06-24 05:07 184 ----a-w- c:\windows\22678h32.bat
2009-06-24 04:54 . 2009-06-26 23:20 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-18 08:20 . 2005-01-08 03:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 21:52 . 2007-01-22 07:14 -------- d--h--w- c:\documents and settings\BaoDo\Application Data\Move Networks
2009-06-17 18:27 . 2009-06-24 05:59 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 18:27 . 2009-06-24 05:59 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 07:48 . 2008-12-14 06:58 -------- d-----w- c:\program files\AIM6
2009-06-17 07:48 . 2005-01-08 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-17 12:26 . 2004-08-04 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-07-28 14:47 . 2005-07-28 14:47 0 -c--a-w- c:\program files\AMERICA ONLINE
1993-06-16 08:00 . 2005-08-26 18:07 107 -c--a-w- c:\program files\Adl.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qkvKSBGQ"= {6C7CE54F-C6D6-4FE5-DB88-B8CE7FD47579} - c:\windows\system32\pzqwh.dll [2009-03-21 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dabaabaeadfafbaa]
2009-07-04 23:00 312847 ----a-w- c:\windows\SYSTEM32\dabaabaeadfafbaa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BaoDo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\BaoDo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\BaoDo\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
"67:UDP"= 67:UDP:DHCP Discovery Service
"8085:TCP"= 8085:TCP:drv

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

--- Other Services/Drivers In Memory ---

*NewlyCreated* - avast!antivirus
*Deregistered* - 6to4
*Deregistered* - abp480n5
*Deregistered* - adpu160m
*Deregistered* - AFD
*Deregistered* - agp440
*Deregistered* - agpCPQ
*Deregistered* - Aha154x
*Deregistered* - aic78u2
*Deregistered* - aic78xx
*Deregistered* - ALG
*Deregistered* - AliIde
*Deregistered* - alim1541
*Deregistered* - amdagp
*Deregistered* - amsint
*Deregistered* - Apple Mobile Device
*Deregistered* - asc
*Deregistered* - asc3350p
*Deregistered* - asc3550
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast!Antivirus
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - cbidf
*Deregistered* - CCALib8
*Deregistered* - cd20xrnt
*Deregistered* - Cdfs
*Deregistered* - CmdIde
*Deregistered* - Cpqarray
*Deregistered* - Creative Service for CDROM Access
*Deregistered* - CryptSvc
*Deregistered* - ctsfm2k
*Deregistered* - dac2w2k
*Deregistered* - dac960nt
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dpti2o
*Deregistered* - drvdrv
*Deregistered* - drvnddm
*Deregistered* - dsunidrv
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fax
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - hpn
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - i2omgmt
*Deregistered* - i2omp
*Deregistered* - IAANTMon
*Deregistered* - ini910u
*Deregistered* - IntelIde
*Deregistered* - Ip6Fw
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mdmxsdk
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - mraid35x
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - nmservice
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - omci
*Deregistered* - ossrv
*Deregistered* - PartMgr
*Deregistered* - pavboot
*Deregistered* - perc2
*Deregistered* - perc2hib
*Deregistered* - PfModNT
*Deregistered* - Pml Driver HPZ12
*Deregistered* - pnarp
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - purendis
*Deregistered* - ql1080
*Deregistered* - Ql10wnt
*Deregistered* - ql12160
*Deregistered* - ql1240
*Deregistered* - ql1280
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RDPWD
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - Schedule
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfvfs02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisagp
*Deregistered* - Sparrow
*Deregistered* - Spooler
*Deregistered* - sprtsvc_dellsupportcenter
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - ssrtln
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - sym_hi
*Deregistered* - sym_u3
*Deregistered* - symc810
*Deregistered* - symc8xx
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - Tcpip6
*Deregistered* - TDTCP
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - tfsnboio
*Deregistered* - tfsncofs
*Deregistered* - tfsndrct
*Deregistered* - tfsndres
*Deregistered* - tfsnifs
*Deregistered* - tfsnopio
*Deregistered* - tfsnpool
*Deregistered* - tfsnudf
*Deregistered* - tfsnudfa
*Deregistered* - Themes
*Deregistered* - TosIde
*Deregistered* - TrkWks
*Deregistered* - tunmp
*Deregistered* - ultra
*Deregistered* - Update
*Deregistered* - UserAccess7
*Deregistered* - VgaSave
*Deregistered* - viaagp
*Deregistered* - ViaIde
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - w32time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wscsvc
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 22:25]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-11235 - c:\ofufgldx.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
FF - ProfilePath - c:\documents and settings\BaoDo\Application Data\Mozilla\Firefox\Profiles\07rzf5q7.default\
FF - plugin: c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 16:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys 39936 bytes executable
c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir 39936 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\c6ad7ce771b16ebeee55e870f7868ffb]
"ImagePath"="system32\c6ad7ce771b16ebeee55e870f7868ffb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\Beep]

--

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\Null]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\s-1-5-21-2769234590-500376368-3126826751-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\BITS\Parameters]
@DACL=(02 0000)
"ServiceDll"=expand:"c:\\WINDOWS\\system32\\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\BITS\Security]
@DACL=(02 0000)
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\dabaabaeadfafbaa.dll

- - - - - - - > 'lsass.exe'(692)
c:\windows\system32\WININET.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\UAService7.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\SYSTEM32\avast!Antivirus.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-07-04 16:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 23:13

Pre-Run: 8,373,346,304 bytes free
Post-Run: 7,268,118,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
1218 --- E O F --- 2009-06-15 06:41

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 04 July 2009 - 10:08 PM

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Azureus Vuze and Limewire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Killall::

File::
c:\windows\system32\pzqwh.dll
c:\windows\system32\drivers\aec.sys
c:\windows\system32\sgcpnjj0ep8n.dll
c:\windows\system32\qgctnjj0ep8n.exe
c:\windows\system32\ydo.exe
c:\windows\system32\drivers\OLD19.tmp
c:\windows\system32\drivers\OLD1B.tmp
c:\windows\system32\drivers\OLD17.tmp
c:\windows\system32\drivers\OLD15.tmp
c:\windows\system32\drivers\OLD11.tmp
c:\windows\system32\drivers\OLDE.tmp
c:\windows\system32\dabaabaeadfafbaa.dll
c:\windows\system32\52a5de8c161da234ee0634edd24a8998.TMP
c:\windows\system32\d3d9caps.dat
C:\lmkgwrym.exe
C:\stfqqym.exe
C:\illhtee.exe
C:\rcdpquup.exe
C:\fdvjfx.exe
C:\gklrwl.exe
C:\qngbvkhl.exe
C:\rmydqsiw.exe
C:\gswrij.exe
c:\windows\drw20.tmp
c:\windows\drw21.tmp
c:\windows\drw1C.tmp
c:\windows\Fonts\mlog
c:\windows\Fonts\winpaged.ocx
c:\windows\Fonts\windef.Log
c:\windows\Fonts\windef.dll
c:\windows\Fonts\logcde.dll
c:\windows\Fonts\cooecp.tlb
c:\windows\Fonts\services.exe
c:\windows\22678h32.bat

Folder::
C:\viking
c:\program files\drv
c:\program files\123

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"qkvKSBGQ"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dabaabaeadfafbaa]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"=-
"67:UDP"=-
"8085:TCP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-

Driver::
Norton AntiVirus
c6ad7ce771b16ebeee55e870f7868ffb
avast!antivirus 

Rootkit::
c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys
c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir

RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\BITS\Parameters]
[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\BITS\Security]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following files one by one and click Submit.

c:\windows\system32\drivers\null.sys
c:\program files\Adl.drv

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply
Then please post back here with the following:
  • Combofix.txt
  • Rooter.txt
  • Virustotal results
Thanks

unite.jpg


#9 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 July 2009 - 12:07 AM

Here is my combofix log:
ComboFix 09-07-04.04 - BaoDo 07/04/2009 21:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -7:00]
Running from: c:\documents and settings\BaoDo\Desktop\123.exe
Command switches used :: c:\documents and settings\BaoDo\Desktop\CFScript.txt

FILE ::
"C:\fdvjfx.exe"
"C:\gklrwl.exe"
"C:\gswrij.exe"
"C:\illhtee.exe"
"C:\lmkgwrym.exe"
"C:\qngbvkhl.exe"
"C:\rcdpquup.exe"
"C:\rmydqsiw.exe"
"C:\stfqqym.exe"
"c:\windows\22678h32.bat"
"c:\windows\drw1C.tmp"
"c:\windows\drw20.tmp"
"c:\windows\drw21.tmp"
"c:\windows\Fonts\cooecp.tlb"
"c:\windows\Fonts\logcde.dll"
"c:\windows\Fonts\mlog"
"c:\windows\Fonts\services.exe"
"c:\windows\Fonts\windef.dll"
"c:\windows\Fonts\windef.Log"
"c:\windows\Fonts\winpaged.ocx"
"c:\windows\system32\52a5de8c161da234ee0634edd24a8998.TMP"
"c:\windows\system32\d3d9caps.dat"
"c:\windows\system32\dabaabaeadfafbaa.dll"
"c:\windows\system32\drivers\aec.sys"
"c:\windows\system32\drivers\OLD11.tmp"
"c:\windows\system32\drivers\OLD15.tmp"
"c:\windows\system32\drivers\OLD17.tmp"
"c:\windows\system32\drivers\OLD19.tmp"
"c:\windows\system32\drivers\OLD1B.tmp"
"c:\windows\system32\drivers\OLDE.tmp"
"c:\windows\system32\pzqwh.dll"
"c:\windows\system32\qgctnjj0ep8n.exe"
"c:\windows\system32\sgcpnjj0ep8n.dll"
"c:\windows\system32\ydo.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fdvjfx.exe
C:\gklrwl.exe
C:\gswrij.exe
C:\illhtee.exe
C:\lmkgwrym.exe
c:\program files\123
c:\program files\123\123.exe
c:\program files\123\changes.rtf
c:\program files\123\Languages\albanian.lng
c:\program files\123\Languages\arabic.lng
c:\program files\123\Languages\bulgarian.lng
c:\program files\123\Languages\catalan.lng
c:\program files\123\Languages\chineseSI.lng
c:\program files\123\Languages\chineseTR.lng
c:\program files\123\Languages\croatian.lng
c:\program files\123\Languages\czech.lng
c:\program files\123\Languages\danish.lng
c:\program files\123\Languages\dutch.lng
c:\program files\123\Languages\english.lng
c:\program files\123\Languages\estonian.lng
c:\program files\123\Languages\finnish.lng
c:\program files\123\Languages\french.lng
c:\program files\123\Languages\german.lng
c:\program files\123\Languages\greek.lng
c:\program files\123\Languages\hungarian.lng
c:\program files\123\Languages\italian.lng
c:\program files\123\Languages\latvian.lng
c:\program files\123\Languages\macedonian.lng
c:\program files\123\Languages\norwegian.lng
c:\program files\123\Languages\polish.lng
c:\program files\123\Languages\portugueseBR.lng
c:\program files\123\Languages\portuguesePT.lng
c:\program files\123\Languages\romanian.lng
c:\program files\123\Languages\russian.lng
c:\program files\123\Languages\serbian.lng
c:\program files\123\Languages\slovak.lng
c:\program files\123\Languages\slovenian.lng
c:\program files\123\Languages\spanish.lng
c:\program files\123\Languages\swedish.lng
c:\program files\123\Languages\turkish.lng
c:\program files\123\Languages\ukrainian.lng
c:\program files\123\license.txt
c:\program files\123\m.exe
c:\program files\123\mbam-dor.exe
c:\program files\123\mbam.chm
c:\program files\123\mbam.dll
c:\program files\123\mbamext.dll
c:\program files\123\mbamservice.exe
c:\program files\123\ssubtmr6.dll
c:\program files\123\unins000.dat
c:\program files\123\unins000.exe
c:\program files\123\unins000.msg
c:\program files\123\vbalsgrid6.ocx
c:\program files\123\zlib.dll
c:\program files\drv
c:\program files\drv\drv.dll
c:\program files\drv\drv.sys
C:\qngbvkhl.exe
C:\rcdpquup.exe
C:\rmydqsiw.exe
C:\stfqqym.exe
C:\viking
c:\viking\CF25975.exe
c:\viking\CregC_0B
c:\viking\Nircmd.com
c:\windows\22678h32.bat
c:\windows\drw1C.tmp
c:\windows\drw20.tmp
c:\windows\drw21.tmp
c:\windows\Fonts\cooecp.tlb
c:\windows\Fonts\logcde.dll
c:\windows\Fonts\mlog
c:\windows\Fonts\services.exe
c:\windows\Fonts\windef.dll
c:\windows\Fonts\windef.Log
c:\windows\Fonts\winpaged.ocx
c:\windows\system32\avast!Antivirus.exe
c:\windows\system32\d3d9caps.dat
c:\windows\system32\drivers\aec.sys
c:\windows\system32\drivers\OLD15.tmp
c:\windows\system32\drivers\OLD17.tmp
c:\windows\system32\drivers\OLD19.tmp
c:\windows\system32\drivers\OLD1B.tmp
c:\windows\system32\pzqwh.dll
c:\windows\system32\qgctnjj0ep8n.exe
c:\windows\system32\sgcpnjj0ep8n.dll
c:\windows\system32\ydo.exe
c:\windows\system32\dabaabaeadfafbaa.dll . . . . failed to delete

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - The cat ate it :thumbup2:
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_avast!antivirus
-------\Legacy_NORTON_ANTIVIRUS
-------\Service_avast!Antivirus
-------\Service_Norton AntiVirus
-------\Legacy_drvdrv
-------\Service_drvdrv


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-04 22:59 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 22:59 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-04 22:53 . 2009-07-05 04:45 39936 ----a-w- c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir
2009-07-02 07:24 . 2009-07-02 07:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-02 04:13 . 2009-07-05 04:45 39936 ----a-w- c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys
2009-07-02 04:09 . 2009-07-02 04:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-02 04:03 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
2009-06-29 05:01 . 2009-06-29 05:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-27 07:04 . 2009-06-27 07:04 -------- d-----w- c:\program files\Trend Micro
2009-06-27 06:27 . 2009-06-27 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 23:20 . 2009-06-24 04:54 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Malwarebytes
2009-06-24 05:59 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 05:59 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 05:05 . 2009-06-24 05:05 -------- d-----w- c:\documents and settings\BaoDo\Local Settings\Application Data\Symantec
2009-06-24 04:54 . 2009-06-27 06:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-24 04:54 . 2009-06-27 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-24 04:53 . 2009-06-24 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-24 04:15 . 2009-06-24 04:23 56909736 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton AntiVirus 2009 Gaming Edition v16.1.0.33.exe
2009-06-24 04:15 . 2009-06-24 04:23 2265088 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton Trial RESET v1.5.exe
2009-06-23 08:09 . 2009-06-24 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-21 04:56 . 2009-06-21 04:56 -------- d-----w- c:\program files\Half Life 2
2009-06-21 04:40 . 2006-05-09 20:42 3939 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\CSS Install-Update.bat
2009-06-21 04:40 . 2006-05-09 20:40 4792 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2 Install-Update.bat
2009-06-21 04:40 . 2006-04-08 06:53 839680 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steamclient.dll
2009-06-21 04:40 . 2005-01-15 03:09 180224 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steam.dll
2009-06-21 04:40 . 2004-12-05 13:24 110592 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\Unpack.exe
2009-06-20 03:46 . 2009-06-20 03:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-18 23:25 . 2009-06-18 23:25 -------- d-----w- c:\documents and settings\BaoDo\Application Data\2K Sports
2009-06-18 09:55 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-06-18 09:55 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-06-18 09:55 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-06-18 09:55 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-06-18 09:55 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-06-18 09:55 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-06-18 09:55 . 2007-06-21 03:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-06-18 09:55 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-06-18 09:55 . 2007-03-15 23:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-06-18 09:55 . 2007-03-12 23:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-06-18 09:54 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-18 09:54 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-06-18 09:54 . 2006-12-08 19:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-06-18 09:54 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-18 09:54 . 2007-03-05 19:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-06-18 09:54 . 2006-09-28 23:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-06-18 09:54 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-18 09:54 . 2006-07-28 16:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-06-18 09:54 . 2006-07-28 16:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-06-17 06:39 . 2009-06-17 06:39 127872 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\uninstall.exe
2009-06-17 06:39 . 2009-06-17 06:39 1686272 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-17 06:39 4183416 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-15 21:20 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-14 15:35 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-14 15:35 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 04:50 . 2004-07-03 07:02 312847 ----a-w- c:\windows\system32\dabaabaeadfafbaa.dll
2009-07-05 04:45 . 2004-08-04 11:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-05 00:44 . 2005-01-08 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-04 23:38 . 2009-07-04 23:38 102988 ----a-w- c:\windows\system32\drivers\OLD61D.tmp
2009-07-04 23:37 . 2009-07-04 23:37 102988 ----a-w- c:\windows\system32\drivers\OLD5EC.tmp
2009-07-04 23:36 . 2009-07-04 23:36 102988 ----a-w- c:\windows\system32\drivers\OLD5C0.tmp
2009-07-04 23:35 . 2009-07-04 23:35 102988 ----a-w- c:\windows\system32\drivers\OLD594.tmp
2009-07-04 23:34 . 2009-07-04 23:34 102988 ----a-w- c:\windows\system32\drivers\OLD568.tmp
2009-07-04 23:33 . 2009-07-04 23:33 102988 ----a-w- c:\windows\system32\drivers\OLD53E.tmp
2009-07-04 23:32 . 2009-07-04 23:32 102988 ----a-w- c:\windows\system32\drivers\OLD510.tmp
2009-07-04 23:31 . 2009-07-04 23:31 102988 ----a-w- c:\windows\system32\drivers\OLD4E0.tmp
2009-07-04 23:30 . 2009-07-04 23:30 102988 ----a-w- c:\windows\system32\drivers\OLD4B4.tmp
2009-07-04 23:29 . 2009-07-04 23:29 102476 ----a-w- c:\windows\system32\drivers\OLD48A.tmp
2009-07-04 23:28 . 2009-07-04 23:28 102988 ----a-w- c:\windows\system32\drivers\OLD45C.tmp
2009-07-04 23:27 . 2009-07-04 23:27 102988 ----a-w- c:\windows\system32\drivers\OLD430.tmp
2009-07-04 23:26 . 2009-07-04 23:26 102476 ----a-w- c:\windows\system32\drivers\OLD406.tmp
2009-07-04 23:25 . 2009-07-04 23:25 102988 ----a-w- c:\windows\system32\drivers\OLD3D8.tmp
2009-07-04 23:24 . 2009-07-04 23:24 102988 ----a-w- c:\windows\system32\drivers\OLD3A8.tmp
2009-07-04 23:22 . 2009-07-04 23:23 102476 ----a-w- c:\windows\system32\drivers\OLD37D.tmp
2009-07-04 23:21 . 2009-07-04 23:21 102988 ----a-w- c:\windows\system32\drivers\OLD34D.tmp
2009-07-04 23:20 . 2009-07-04 23:20 102988 ----a-w- c:\windows\system32\drivers\OLD321.tmp
2009-07-04 23:19 . 2009-07-04 23:19 102988 ----a-w- c:\windows\system32\drivers\OLD2F5.tmp
2009-07-04 23:18 . 2009-07-04 23:18 102988 ----a-w- c:\windows\system32\drivers\OLD2C9.tmp
2009-07-04 23:17 . 2009-07-04 23:17 102988 ----a-w- c:\windows\system32\drivers\OLD29D.tmp
2009-07-04 23:16 . 2009-07-04 23:16 102988 ----a-w- c:\windows\system32\drivers\OLD271.tmp
2009-07-04 23:15 . 2009-07-04 23:15 102988 ----a-w- c:\windows\system32\drivers\OLD241.tmp
2009-07-04 23:14 . 2009-07-04 23:14 102988 ----a-w- c:\windows\system32\drivers\OLD215.tmp
2009-07-04 23:13 . 2009-07-04 23:13 102988 ----a-w- c:\windows\system32\drivers\OLD1E9.tmp
2009-07-04 23:12 . 2009-07-04 23:12 102988 ----a-w- c:\windows\system32\drivers\OLD1BD.tmp
2009-07-04 23:11 . 2009-07-04 23:11 102988 ----a-w- c:\windows\system32\drivers\OLD195.tmp
2009-07-04 23:10 . 2009-07-04 23:10 102988 ----a-w- c:\windows\system32\drivers\OLD168.tmp
2009-07-04 23:09 . 2009-07-04 23:09 102988 ----a-w- c:\windows\system32\drivers\OLD13C.tmp
2009-07-04 23:08 . 2009-07-04 23:08 102988 ----a-w- c:\windows\system32\drivers\OLD108.tmp
2009-07-04 23:07 . 2009-07-04 23:07 102988 ----a-w- c:\windows\system32\drivers\OLDD8.tmp
2009-07-04 23:06 . 2009-07-04 23:06 102988 ----a-w- c:\windows\system32\drivers\OLDAC.tmp
2009-07-04 23:05 . 2009-07-04 23:05 102988 ----a-w- c:\windows\system32\drivers\OLD7F.tmp
2009-07-04 23:04 . 2009-07-04 23:04 102988 ----a-w- c:\windows\system32\drivers\OLD57.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD2B.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD29.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD27.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD25.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD23.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD21.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102988 ----a-w- c:\windows\system32\drivers\OLD1F.tmp
2009-07-04 23:03 . 2009-07-04 23:03 102476 ----a-w- c:\windows\system32\drivers\OLD1D.tmp
2009-07-04 23:01 . 2008-11-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 09:26 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\svchost.exe
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 05:36 . 2006-09-21 23:47 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Azureus
2009-06-24 05:23 . 2005-03-06 07:30 -------- d-----w- c:\program files\Yahoo!
2009-06-18 08:20 . 2005-01-08 03:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 21:52 . 2007-01-22 07:14 -------- d--h--w- c:\documents and settings\BaoDo\Application Data\Move Networks
2009-06-17 07:48 . 2008-12-14 06:58 -------- d-----w- c:\program files\AIM6
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-17 12:26 . 2004-08-04 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-07-28 14:47 . 2005-07-28 14:47 0 -c--a-w- c:\program files\AMERICA ONLINE
1993-06-16 08:00 . 2005-08-26 18:07 107 -c--a-w- c:\program files\Adl.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"11235"="c:\ofufgldx.exe" [BU]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dabaabaeadfafbaa]
2009-07-05 04:50 312847 ----a-w- c:\windows\SYSTEM32\dabaabaeadfafbaa.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BaoDo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\BaoDo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\BaoDo\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [6/15/2009 2:20 PM 28544]
S0 c6ad7ce771b16ebeee55e870f7868ffb;c6ad7ce771b16ebeee55e870f7868ffb;c:\windows\SYSTEM32\c6ad7ce771b16ebeee55e870f7868ffb.sys [7/1/2009 9:13 PM 39936]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS --> c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [?]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\Drivers\NAV\1005000.086\BHDrvx86.sys --> c:\windows\system32\Drivers\NAV\1005000.086\BHDrvx86.sys [?]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\NAV\1005000.086\ccHPx86.sys --> c:\windows\system32\Drivers\NAV\1005000.086\ccHPx86.sys [?]
S1 IDSxpx86;IDSxpx86;\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090623.001\IDSxpx86.sys --> c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090623.001\IDSxpx86.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [6/23/2009 10:59 PM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
FF - ProfilePath - c:\documents and settings\BaoDo\Application Data\Mozilla\Firefox\Profiles\07rzf5q7.default\
FF - plugin: c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\user preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ed,c6,04,55,1b,80,42,86,34,2f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2c,ed,c6,04,55,1b,80,42,86,34,2f,\

[HKEY_USERS\S-1-5-21-2769234590-500376368-3126826751-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\dabaabaeadfafbaa.dll
c:\windows\system32\WININET.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\UAService7.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\SYSTEM32\wscript.exe
.
**************************************************************************
.
Completion time: 2009-07-05 21:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 04:56
ComboFix2.txt 2009-07-04 23:34

Pre-Run: 7,464,337,408 bytes free
Post-Run: 7,444,066,304 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
440 --- E O F --- 2009-06-15 06:41


For Jotti:
Neither file found anything.

Here is the Rooter scan log:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 1, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.0.11 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:71 Go - Free:6 Go )
D:\ [CD_Rom]
.
Scan : 22:06.13
Path : C:\Documents and Settings\BaoDo\Desktop\Rooter.exe
User : BaoDo ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (516)
______ \??\C:\WINDOWS\system32\csrss.exe (572)
______ \??\C:\WINDOWS\system32\winlogon.exe (600)
______ C:\WINDOWS\system32\services.exe (644)
______ C:\WINDOWS\system32\lsass.exe (656)
______ C:\WINDOWS\system32\Ati2evxx.exe (852)
______ C:\WINDOWS\system32\svchost.exe (872)
______ C:\WINDOWS\system32\svchost.exe (932)
______ C:\WINDOWS\System32\svchost.exe (1000)
______ C:\WINDOWS\system32\svchost.exe (1040)
______ C:\WINDOWS\system32\svchost.exe (1196)
______ C:\WINDOWS\system32\spoolsv.exe (1292)
______ C:\WINDOWS\system32\Ati2evxx.exe (1376)
______ C:\WINDOWS\system32\svchost.exe (1972)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (2004)
______ C:\Program Files\Bonjour\mDNSResponder.exe (2040)
______ C:\WINDOWS\system32\CTsvcCDA.EXE (196)
______ C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe (420)
______ C:\Program Files\Java\jre6\bin\jqs.exe (448)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1616)
______ C:\WINDOWS\system32\svchost.exe (1720)
______ C:\WINDOWS\system32\UAService7.exe (1712)
______ C:\WINDOWS\system32\MsPMSPSv.exe (1884)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (232)
______ C:\Program Files\Canon\CAL\CALMAIN.exe (1876)
______ C:\WINDOWS\system32\wscntfy.exe (3384)
______ C:\WINDOWS\System32\alg.exe (2764)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (1452)
______ C:\WINDOWS\system32\ctfmon.exe (1468)
______ C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (1480)
______ C:\WINDOWS\System32\svchost.exe (324)
______ C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (3004)
______ C:\WINDOWS\explorer.exe (1536)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2352)
______ C:\Documents and Settings\BaoDo\Desktop\Rooter.exe (2716)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:49319424)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:49351680 | Length:76593807360)
\Device\Harddisk0\Partition3 (Start_Offset:76643159040 | Length:3347688960)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\DESKTOP.INI
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 22:06.31
.
C:\Rooter$\Rooter_1.txt - (04/07/2009 | 22:06.31)

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 05 July 2009 - 01:37 AM

You have still some leftovers from an incomplete uninstalled Norton Antivirus on your computer.

To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.


Next

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Next

First delete the copy of combofix you have and download a new copy.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir
c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys
c:\windows\system32\dabaabaeadfafbaa.dll
c:\windows\system32\drivers\OLD61D.tmp
c:\windows\system32\drivers\OLD5EC.tmp
c:\windows\system32\drivers\OLD5C0.tmp
c:\windows\system32\drivers\OLD594.tmp
c:\windows\system32\drivers\OLD568.tmp
c:\windows\system32\drivers\OLD53E.tmp
c:\windows\system32\drivers\OLD510.tmp
c:\windows\system32\drivers\OLD4E0.tmp
c:\windows\system32\drivers\OLD4B4.tmp
c:\windows\system32\drivers\OLD48A.tmp
c:\windows\system32\drivers\OLD45C.tmp
c:\windows\system32\drivers\OLD430.tmp
c:\windows\system32\drivers\OLD406.tmp
c:\windows\system32\drivers\OLD3D8.tmp
c:\windows\system32\drivers\OLD3A8.tmp
c:\windows\system32\drivers\OLD37D.tmp
c:\windows\system32\drivers\OLD34D.tmp
c:\windows\system32\drivers\OLD321.tmp
c:\windows\system32\drivers\OLD2F5.tmp
c:\windows\system32\drivers\OLD2C9.tmp
c:\windows\system32\drivers\OLD29D.tmp
c:\windows\system32\drivers\OLD271.tmp
c:\windows\system32\drivers\OLD241.tmp
c:\windows\system32\drivers\OLD215.tmp
c:\windows\system32\drivers\OLD1E9.tmp
c:\windows\system32\drivers\OLD1BD.tmp
c:\windows\system32\drivers\OLD195.tmp
c:\windows\system32\drivers\OLD168.tmp
c:\windows\system32\drivers\OLD13C.tmp
c:\windows\system32\drivers\OLD108.tmp
c:\windows\system32\drivers\OLDD8.tmp
c:\windows\system32\drivers\OLDAC.tmp
c:\windows\system32\drivers\OLD7F.tmp
c:\windows\system32\drivers\OLD57.tmp
c:\windows\system32\drivers\OLD2B.tmp
c:\windows\system32\drivers\OLD29.tmp
c:\windows\system32\drivers\OLD27.tmp
c:\windows\system32\drivers\OLD25.tmp
c:\windows\system32\drivers\OLD23.tmp
c:\windows\system32\drivers\OLD21.tmp
c:\windows\system32\drivers\OLD1F.tmp
c:\windows\system32\drivers\OLD1D.tmp
c:\ofufgldx.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"11235"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dabaabaeadfafbaa]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"=-

Driver::
c6ad7ce771b16ebeee55e870f7868ffb

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\user preferences]

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back with Combofix.txt and the Kaspersky report.

Thanks

unite.jpg


#11 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 July 2009 - 04:59 AM

I can't seem to download the avast antivirus. Everytime I go to their website, Firefox shuts down automatically. even if i google avast, firefox shuts down.

Here is my Combofix log:
ComboFix 09-07-04.04 - BaoDo 07/05/2009 0:00.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.565 [GMT -7:00]
Running from: c:\documents and settings\BaoDo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BaoDo\Desktop\CFScript.txt

FILE ::
"c:\ofufgldx.exe"
"c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir"
"c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys"
"c:\windows\system32\dabaabaeadfafbaa.dll"
"c:\windows\system32\drivers\OLD108.tmp"
"c:\windows\system32\drivers\OLD13C.tmp"
"c:\windows\system32\drivers\OLD168.tmp"
"c:\windows\system32\drivers\OLD195.tmp"
"c:\windows\system32\drivers\OLD1BD.tmp"
"c:\windows\system32\drivers\OLD1D.tmp"
"c:\windows\system32\drivers\OLD1E9.tmp"
"c:\windows\system32\drivers\OLD1F.tmp"
"c:\windows\system32\drivers\OLD21.tmp"
"c:\windows\system32\drivers\OLD215.tmp"
"c:\windows\system32\drivers\OLD23.tmp"
"c:\windows\system32\drivers\OLD241.tmp"
"c:\windows\system32\drivers\OLD25.tmp"
"c:\windows\system32\drivers\OLD27.tmp"
"c:\windows\system32\drivers\OLD271.tmp"
"c:\windows\system32\drivers\OLD29.tmp"
"c:\windows\system32\drivers\OLD29D.tmp"
"c:\windows\system32\drivers\OLD2B.tmp"
"c:\windows\system32\drivers\OLD2C9.tmp"
"c:\windows\system32\drivers\OLD2F5.tmp"
"c:\windows\system32\drivers\OLD321.tmp"
"c:\windows\system32\drivers\OLD34D.tmp"
"c:\windows\system32\drivers\OLD37D.tmp"
"c:\windows\system32\drivers\OLD3A8.tmp"
"c:\windows\system32\drivers\OLD3D8.tmp"
"c:\windows\system32\drivers\OLD406.tmp"
"c:\windows\system32\drivers\OLD430.tmp"
"c:\windows\system32\drivers\OLD45C.tmp"
"c:\windows\system32\drivers\OLD48A.tmp"
"c:\windows\system32\drivers\OLD4B4.tmp"
"c:\windows\system32\drivers\OLD4E0.tmp"
"c:\windows\system32\drivers\OLD510.tmp"
"c:\windows\system32\drivers\OLD53E.tmp"
"c:\windows\system32\drivers\OLD568.tmp"
"c:\windows\system32\drivers\OLD57.tmp"
"c:\windows\system32\drivers\OLD594.tmp"
"c:\windows\system32\drivers\OLD5C0.tmp"
"c:\windows\system32\drivers\OLD5EC.tmp"
"c:\windows\system32\drivers\OLD61D.tmp"
"c:\windows\system32\drivers\OLD7F.tmp"
"c:\windows\system32\drivers\OLDAC.tmp"
"c:\windows\system32\drivers\OLDD8.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_c6ad7ce771b16ebeee55e870f7868ffb.sys_.vir
c:\windows\system32\c6ad7ce771b16ebeee55e870f7868ffb.sys
c:\windows\system32\dabaabaeadfafbaa.dll
c:\windows\system32\drivers\OLD108.tmp
c:\windows\system32\drivers\OLD13C.tmp
c:\windows\system32\drivers\OLD168.tmp
c:\windows\system32\drivers\OLD195.tmp
c:\windows\system32\drivers\OLD1BD.tmp
c:\windows\system32\drivers\OLD1D.tmp
c:\windows\system32\drivers\OLD1E9.tmp
c:\windows\system32\drivers\OLD1F.tmp
c:\windows\system32\drivers\OLD21.tmp
c:\windows\system32\drivers\OLD215.tmp
c:\windows\system32\drivers\OLD23.tmp
c:\windows\system32\drivers\OLD241.tmp
c:\windows\system32\drivers\OLD25.tmp
c:\windows\system32\drivers\OLD27.tmp
c:\windows\system32\drivers\OLD271.tmp
c:\windows\system32\drivers\OLD29.tmp
c:\windows\system32\drivers\OLD29D.tmp
c:\windows\system32\drivers\OLD2B.tmp
c:\windows\system32\drivers\OLD2C9.tmp
c:\windows\system32\drivers\OLD2F5.tmp
c:\windows\system32\drivers\OLD321.tmp
c:\windows\system32\drivers\OLD34D.tmp
c:\windows\system32\drivers\OLD37D.tmp
c:\windows\system32\drivers\OLD3A8.tmp
c:\windows\system32\drivers\OLD3D8.tmp
c:\windows\system32\drivers\OLD406.tmp
c:\windows\system32\drivers\OLD430.tmp
c:\windows\system32\drivers\OLD45C.tmp
c:\windows\system32\drivers\OLD48A.tmp
c:\windows\system32\drivers\OLD4B4.tmp
c:\windows\system32\drivers\OLD4E0.tmp
c:\windows\system32\drivers\OLD510.tmp
c:\windows\system32\drivers\OLD53E.tmp
c:\windows\system32\drivers\OLD568.tmp
c:\windows\system32\drivers\OLD57.tmp
c:\windows\system32\drivers\OLD594.tmp
c:\windows\system32\drivers\OLD5C0.tmp
c:\windows\system32\drivers\OLD5EC.tmp
c:\windows\system32\drivers\OLD61D.tmp
c:\windows\system32\drivers\OLD7F.tmp
c:\windows\system32\drivers\OLDAC.tmp
c:\windows\system32\drivers\OLDD8.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_c6ad7ce771b16ebeee55e870f7868ffb
-------\Service_c6ad7ce771b16ebeee55e870f7868ffb


((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 05:06 . 2009-07-05 05:06 -------- d-----w- C:\Rooter$
2009-07-04 22:59 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-04 22:59 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe
2009-07-02 07:24 . 2009-07-02 07:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-07-02 04:09 . 2009-07-02 04:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-07-02 04:03 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2009-07-02 04:03 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\dllcache\aec.sys
2009-06-29 05:01 . 2009-06-29 05:01 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-28 16:27 . 2009-06-28 16:27 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-06-27 07:04 . 2009-06-27 07:04 -------- d-----w- c:\program files\Trend Micro
2009-06-27 06:27 . 2009-06-27 06:27 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Malwarebytes
2009-06-24 05:59 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 05:59 . 2009-06-24 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 05:59 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 05:05 . 2009-06-24 05:05 -------- d-----w- c:\documents and settings\BaoDo\Local Settings\Application Data\Symantec
2009-06-24 04:54 . 2009-06-27 06:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-06-24 04:53 . 2009-06-24 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-06-24 04:15 . 2009-06-24 04:23 56909736 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton AntiVirus 2009 Gaming Edition v16.1.0.33.exe
2009-06-24 04:15 . 2009-06-24 04:23 2265088 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33\Norton Trial RESET v1.5.exe
2009-06-23 08:09 . 2009-07-05 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-21 04:56 . 2009-06-21 04:56 -------- d-----w- c:\program files\Half Life 2
2009-06-21 04:40 . 2006-05-09 20:42 3939 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\CSS Install-Update.bat
2009-06-21 04:40 . 2006-05-09 20:40 4792 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2 Install-Update.bat
2009-06-21 04:40 . 2006-04-08 06:53 839680 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steamclient.dll
2009-06-21 04:40 . 2005-01-15 03:09 180224 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2\steam.dll
2009-06-21 04:40 . 2004-12-05 13:24 110592 ----a-w- c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\Unpack.exe
2009-06-20 03:46 . 2009-06-20 03:46 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-18 23:25 . 2009-06-18 23:25 -------- d-----w- c:\documents and settings\BaoDo\Application Data\2K Sports
2009-06-18 09:55 . 2007-10-22 10:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
2009-06-18 09:55 . 2007-10-12 22:14 3734536 ----a-w- c:\windows\system32\d3dx9_36.dll
2009-06-18 09:55 . 2007-10-12 22:14 1374232 ----a-w- c:\windows\system32\D3DCompiler_36.dll
2009-06-18 09:55 . 2007-10-02 16:56 444776 ----a-w- c:\windows\system32\d3dx10_36.dll
2009-06-18 09:55 . 2007-07-20 07:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2009-06-18 09:55 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2009-06-18 09:55 . 2007-06-21 03:46 266088 ----a-w- c:\windows\system32\xactengine2_8.dll
2009-06-18 09:55 . 2007-04-05 01:55 261480 ----a-w- c:\windows\system32\xactengine2_7.dll
2009-06-18 09:55 . 2007-03-15 23:57 443752 ----a-w- c:\windows\system32\d3dx10_33.dll
2009-06-18 09:55 . 2007-03-12 23:42 1123696 ----a-w- c:\windows\system32\D3DCompiler_33.dll
2009-06-18 09:54 . 2007-03-12 23:42 3495784 ----a-w- c:\windows\system32\d3dx9_33.dll
2009-06-18 09:54 . 2007-01-24 22:27 255848 ----a-w- c:\windows\system32\xactengine2_6.dll
2009-06-18 09:54 . 2006-12-08 19:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-06-18 09:54 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-18 09:54 . 2007-03-05 19:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-06-18 09:54 . 2006-09-28 23:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-06-18 09:54 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-18 09:54 . 2006-07-28 16:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-06-18 09:54 . 2006-07-28 16:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-06-17 06:39 . 2009-06-17 06:39 127872 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\uninstall.exe
2009-06-17 06:39 . 2009-06-17 06:39 1686272 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe
2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-06-16 06:35 . 2009-06-17 06:39 4183416 ----a-w- c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-06-15 21:20 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-06-14 15:35 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-14 15:35 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 04:45 . 2004-08-04 11:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-07-05 00:44 . 2005-01-08 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-04 23:38 . 2009-07-04 23:38 102988 ----a-w- c:\windows\system32\drivers\OLD619.tmp
2009-07-04 23:37 . 2009-07-04 23:37 102476 ----a-w- c:\windows\system32\drivers\OLD5EE.tmp
2009-07-04 23:36 . 2009-07-04 23:36 102476 ----a-w- c:\windows\system32\drivers\OLD5C2.tmp
2009-07-04 23:35 . 2009-07-04 23:35 102476 ----a-w- c:\windows\system32\drivers\OLD596.tmp
2009-07-04 23:34 . 2009-07-04 23:34 102476 ----a-w- c:\windows\system32\drivers\OLD56A.tmp
2009-07-04 23:33 . 2009-07-04 23:33 102476 ----a-w- c:\windows\system32\drivers\OLD53C.tmp
2009-07-04 23:32 . 2009-07-04 23:32 102476 ----a-w- c:\windows\system32\drivers\OLD512.tmp
2009-07-04 23:31 . 2009-07-04 23:31 102476 ----a-w- c:\windows\system32\drivers\OLD4E2.tmp
2009-07-04 23:30 . 2009-07-04 23:30 102476 ----a-w- c:\windows\system32\drivers\OLD4B6.tmp
2009-07-04 23:29 . 2009-07-04 23:29 102988 ----a-w- c:\windows\system32\drivers\OLD488.tmp
2009-07-04 23:28 . 2009-07-04 23:28 102476 ----a-w- c:\windows\system32\drivers\OLD45E.tmp
2009-07-04 23:27 . 2009-07-04 23:27 102476 ----a-w- c:\windows\system32\drivers\OLD432.tmp
2009-07-04 23:26 . 2009-07-04 23:26 102988 ----a-w- c:\windows\system32\drivers\OLD404.tmp
2009-07-04 23:25 . 2009-07-04 23:25 102476 ----a-w- c:\windows\system32\drivers\OLD3DA.tmp
2009-07-04 23:24 . 2009-07-04 23:24 102476 ----a-w- c:\windows\system32\drivers\OLD3AA.tmp
2009-07-04 23:22 . 2009-07-04 23:23 102988 ----a-w- c:\windows\system32\drivers\OLD37B.tmp
2009-07-04 23:21 . 2009-07-04 23:21 102476 ----a-w- c:\windows\system32\drivers\OLD34B.tmp
2009-07-04 23:20 . 2009-07-04 23:20 102476 ----a-w- c:\windows\system32\drivers\OLD31F.tmp
2009-07-04 23:19 . 2009-07-04 23:19 102476 ----a-w- c:\windows\system32\drivers\OLD2F3.tmp
2009-07-04 23:18 . 2009-07-04 23:18 102476 ----a-w- c:\windows\system32\drivers\OLD2C7.tmp
2009-07-04 23:17 . 2009-07-04 23:17 102476 ----a-w- c:\windows\system32\drivers\OLD29B.tmp
2009-07-04 23:16 . 2009-07-04 23:16 102476 ----a-w- c:\windows\system32\drivers\OLD26F.tmp
2009-07-04 23:15 . 2009-07-04 23:15 102476 ----a-w- c:\windows\system32\drivers\OLD23F.tmp
2009-07-04 23:14 . 2009-07-04 23:14 102476 ----a-w- c:\windows\system32\drivers\OLD213.tmp
2009-07-04 23:13 . 2009-07-04 23:13 102476 ----a-w- c:\windows\system32\drivers\OLD1E7.tmp
2009-07-04 23:12 . 2009-07-04 23:12 102476 ----a-w- c:\windows\system32\drivers\OLD1BB.tmp
2009-07-04 23:11 . 2009-07-04 23:11 102476 ----a-w- c:\windows\system32\drivers\OLD193.tmp
2009-07-04 23:10 . 2009-07-04 23:10 102476 ----a-w- c:\windows\system32\drivers\OLD166.tmp
2009-07-04 23:09 . 2009-07-04 23:09 102476 ----a-w- c:\windows\system32\drivers\OLD13A.tmp
2009-07-04 23:08 . 2009-07-04 23:08 102476 ----a-w- c:\windows\system32\drivers\OLD106.tmp
2009-07-04 23:07 . 2009-07-04 23:07 102476 ----a-w- c:\windows\system32\drivers\OLDD6.tmp
2009-07-04 23:06 . 2009-07-04 23:06 102476 ----a-w- c:\windows\system32\drivers\OLDAA.tmp
2009-07-04 23:05 . 2009-07-04 23:05 102476 ----a-w- c:\windows\system32\drivers\OLD7D.tmp
2009-07-04 23:04 . 2009-07-04 23:04 102476 ----a-w- c:\windows\system32\drivers\OLD55.tmp
2009-07-04 23:01 . 2008-11-15 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 09:26 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\svchost.exe
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 05:57 . 2005-09-01 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 05:36 . 2006-09-21 23:47 -------- d-----w- c:\documents and settings\BaoDo\Application Data\Azureus
2009-06-24 05:23 . 2005-03-06 07:30 -------- d-----w- c:\program files\Yahoo!
2009-06-18 08:20 . 2005-01-08 03:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 21:52 . 2007-01-22 07:14 -------- d--h--w- c:\documents and settings\BaoDo\Application Data\Move Networks
2009-06-17 07:48 . 2008-12-14 06:58 -------- d-----w- c:\program files\AIM6
2009-05-13 05:15 . 2004-08-04 11:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-04 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-17 12:26 . 2004-08-04 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 11:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-07-28 14:47 . 2005-07-28 14:47 0 -c--a-w- c:\program files\AMERICA ONLINE
1993-06-16 08:00 . 2005-08-26 18:07 107 -c--a-w- c:\program files\Adl.drv
.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_04.50.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-05 07:09 . 2009-07-05 07:09 16384 c:\windows\temp\Perflib_Perfdata_4e4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BaoDo^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\BaoDo\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPNSVR.EXE"=
"c:\\WINDOWS\\SYSTEM32\\DXDIAG.EXE"=
"c:\\Program Files\\SBC Self Support Tool\\SmartBridge\\MotiveSB.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Yahoo!\\YOP\\yop.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Documents and Settings\\BaoDo\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [6/15/2009 2:20 PM 28544]
S3 mbamswissarmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [6/23/2009 10:59 PM 38160]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-15 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Yahoo! Chat - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} - hxxp://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
FF - ProfilePath - c:\documents and settings\BaoDo\Application Data\Mozilla\Firefox\Profiles\07rzf5q7.default\
FF - plugin: c:\documents and settings\BaoDo\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 00:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2769234590-500376368-3126826751-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\UAService7.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-05 0:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-05 07:15
ComboFix2.txt 2009-07-05 04:56
ComboFix3.txt 2009-07-04 23:34

Pre-Run: 7,430,504,448 bytes free
Post-Run: 7,417,778,176 bytes free

Current=8 Default=8 Failed=7 LastKnownGood=9 Sets=1,2,3,4,5,6,7,8,9
380 --- E O F --- 2009-06-15 06:41

Here is the Kaspersky Log: (756 infected objects?? really? wow)
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, July 05, 2009 10:12:23
Records in database: 2428767
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\BaoDo\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 124324
Threat name: 5
Infected objects: 756
Suspicious objects: 1
Duration of the scan: 01:53:06


File name / Threat name / Threats count
C:\WINDOWS\system32\winlogon.exe/C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\system32\services.exe/C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\system32\lsass.exe/C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\system32\svchost.exe/C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa 6
C:\WINDOWS\System32\svchost.exe/C:\WINDOWS\System32\svchost.exe Infected: Trojan.Win32.Patched.aa 2
C:\WINDOWS\system32\spoolsv.exe/C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\explorer.exe/C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.aa 1
C:\Program Files\Yahoo!\YPSR\Quarantine\20071001003725.zip Suspicious: Password-protected-EXE 1
C:\WINDOWS\explorer.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD100.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD102.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD104.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD106.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD112.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD114.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD116.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD118.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD11A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD11C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD11E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD120.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD122.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD124.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD126.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD128.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD12A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD12C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD12E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD130.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD132.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD134.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD136.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD138.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD13A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD13E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD140.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD142.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD144.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD146.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD148.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD14A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD14C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD14E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD150.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD152.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD154.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD156.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD158.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD15A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD15C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD15E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD160.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD162.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD164.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD166.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD16A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD16C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD16E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD170.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD172.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD174.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD176.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD178.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD17B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD17D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD17F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD181.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD183.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD185.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD187.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD189.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD18B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD18D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD18F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD191.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD193.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD197.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD199.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD19B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD19D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD19F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1A1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1A3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1A5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1A7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1A9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1AB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1AD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1AF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1B1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1B3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1B5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1B7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1B9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1BB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1BF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1C1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1C3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1C5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1C7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1C9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1CB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1CD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1CF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1D1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1D3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1D5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1D7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1D9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1DB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1DD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1DF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1E1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1E3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1E5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1E7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1EB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1ED.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1EF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1F1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1F3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1F5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1F7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1F9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1FB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1FD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD1FF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD201.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD203.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD205.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD207.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD209.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD20B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD20D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD20F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD211.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD213.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD217.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD219.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD21B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD21D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD21F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD221.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD223.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD225.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD227.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD229.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD22B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD22D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD22F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD231.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD233.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD235.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD237.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD239.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD23B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD23D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD23F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD243.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD245.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD247.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD249.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD24B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD24D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD24F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD251.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD253.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD255.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD257.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD259.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD25B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD25D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD25F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD261.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD263.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD265.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD267.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD269.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD26B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD26D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD26F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD273.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD275.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD277.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD279.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD27B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD27D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD27F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD281.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD283.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD285.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD287.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD289.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD28B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD28D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD28F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD291.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD293.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD295.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD297.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD299.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD29B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD29F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2A1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2A3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2A5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2A7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2A9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2AB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2AD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2AF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2B1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2B3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2B5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2B7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2B9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2BB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2BD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2BF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2C1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2C3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2C5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2C7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2CB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2CD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2CF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2D9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2DB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2DD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2DF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2E1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2E3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2E5.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2E7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2E9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2EB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2ED.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2EF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2F1.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2F3.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2F7.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2F9.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2FB.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2FD.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD2FF.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD301.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD303.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD305.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD307.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD309.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD30B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD30D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD30F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD31.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD311.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD313.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD315.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD317.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD319.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD31B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD31D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD31F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD323.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD325.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD327.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD329.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD32B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD32D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD32F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD33.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD331.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD333.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD335.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD337.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD339.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD33B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD33D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD33F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD341.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD343.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD345.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD347.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD349.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD34B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD34F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD35.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD351.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD353.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD355.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD357.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD359.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD35B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD35D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD35F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD361.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD363.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD365.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD367.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD369.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD36B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD36D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD36F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD37.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD371.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD373.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD375.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD377.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD379.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD37B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD38A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD38C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD38E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD39.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD390.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD392.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD394.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD396.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD398.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD39A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD39C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD39E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3A0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3A2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3A4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3A6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3AA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3AC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3AE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3B8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3BA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3BC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3BE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3C0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3C2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3C4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3C6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3C8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3CA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3CC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3CE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3D0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3D2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3D4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3D6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3DA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3DC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3DE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3E0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3E2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3E4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3E6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3E8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3EA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3EC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3EE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3F8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3FA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3FC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD3FE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD400.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD402.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD404.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD408.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD40A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD40C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD40E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD41.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD410.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD412.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD414.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD416.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD418.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD41A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD41C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD41E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD420.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD422.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD424.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD426.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD428.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD42A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD42C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD42E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD43.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD432.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD434.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD436.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD438.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD43A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD43C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD43E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD440.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD442.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD444.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD446.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD448.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD44A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD44C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD44E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD45.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD450.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD452.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD454.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD456.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD458.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD45A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD45E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD460.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD462.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD464.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD466.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD468.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD46A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD46C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD46E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD47.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD470.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD472.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD474.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD476.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD478.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD47A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD47C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD47E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD480.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD482.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD484.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD486.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD488.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD48C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD48E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD49.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD490.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD492.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD494.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD496.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD498.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD49A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD49C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD49E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4A0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4A2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4A4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4A6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4A8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4AA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4AC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4AE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4B0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4B2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4B6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4B8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4BA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4BC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4BE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4C0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4C2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4C4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4C6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4C8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4CA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4CC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4CE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4D8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4DA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4DC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4DE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4E2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4E4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4E6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4E8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4EA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4EC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4EE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4F8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4FA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4FC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD4FE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD500.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD502.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD504.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD506.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD508.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD50A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD50C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD50E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD51.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD512.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD514.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD516.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD518.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD51A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD51C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD51E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD520.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD522.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD524.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD526.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD528.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD52A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD52C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD52E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD53.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD530.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD532.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD534.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD536.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD538.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD53A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD53C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD540.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD542.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD544.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD546.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD548.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD54A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD54C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD54E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD55.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD550.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD552.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD554.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD556.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD558.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD55A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD55C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD55E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD560.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD562.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD564.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD566.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD56A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD56C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD56E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD570.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD572.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD574.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD576.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD578.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD57A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD57C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD57E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD580.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD582.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD584.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD586.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD588.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD58A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD58C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD58E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD59.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD590.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD592.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD596.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD598.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD59A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD59C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD59E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5A0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5A2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5A4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5A6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5A8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5AA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5AC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5AE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5B8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5BA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5BC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5BE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5C2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5C4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5C6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5C8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5CA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5CC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5CE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5D8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5DA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5DC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5DE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5E0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5E2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5E4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5E6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5E8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5EA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5EE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5F8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5FA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5FC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD5FE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD600.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD602.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD605.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD607.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD609.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD60B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD60D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD60F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD61.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD611.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD613.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD615.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD617.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD619.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD61B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD61F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD621.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD623.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD625.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD627.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD629.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD62B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD62D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD62F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD63.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD631.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD633.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD635.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD637.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD639.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD63B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD63D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD63F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD641.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD643.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD65.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD67.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD69.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD6B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD6D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD6F.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD71.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD73.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD75.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD77.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD79.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD7B.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD7D.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD81.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD83.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD86.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD88.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD8A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD8C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD8E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD90.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD92.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD94.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD96.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD98.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD9A.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD9C.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLD9E.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDA0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDA2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDA4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDA6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDA8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDAA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDAE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDB0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDB2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDB4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDB6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDB8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDBA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDBC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDBE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDC0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDC2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDC4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDC6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDC8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDCA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDCC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDCE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDD0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDD2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDD4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDD6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDDA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDDC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDDE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDE0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDE2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDE4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDE6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDE8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDEA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDEC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDEE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDF0.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDF2.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDF4.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDF6.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDF8.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDFA.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDFC.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\DRIVERS\OLDFE.tmp Infected: Backdoor.Win32.NewRest.ao 1
C:\WINDOWS\SYSTEM32\imapi.dll Infected: Trojan-Spy.Win32.Bzub.ffe 1
C:\WINDOWS\SYSTEM32\lsass.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\SYSTEM32\services.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\SYSTEM32\spoolsv.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\SYSTEM32\svchost.exe Infected: Trojan.Win32.Patched.aa 1
C:\WINDOWS\SYSTEM32\sysocmgr.dll Infected: Trojan-Spy.Win32.Bzub.fga 1
C:\WINDOWS\SYSTEM32\winlogon.exe Infected: Trojan.Win32.Patched.aa 1

The selected area was scanned.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 05 July 2009 - 04:30 PM

Can you download avast to another computer and transfer it to that computer then install it. Follow thes next instructions first
then try installing avast again.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    explorer
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"=-
    
    :Files
    c:\documents and settings\BaoDo\Application Data\Azureus\torrents\*
    c:\windows\system32\drivers\OLD*.tmp
    C:\Program Files\Yahoo!\YPSR\Quarantine\*.*
    C:\WINDOWS\SYSTEM32\sysocmgr.dll 
    
    :Commands
    [Purity]
    [EmptyTemp]
    [Start Explorer]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Next

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program.
  • Cancel any prompts to download the latest CureIt version and click Start.
  • At the prompt to "Start scan now", click Ok. Allow the setup.exe/driver to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Then post back with the OTM results and Dr Web report.

unite.jpg


#13 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 July 2009 - 05:52 PM

I have the OTM log, but everytime I run Drweb cure it, I get the Blue screen of death......
Here is the OTM log:
All processes killed
========== PROCESSES ==========
No active process named explorer was found!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List\\67:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings\\AllowInboundEchoRequest deleted successfully.
========== FILES ==========
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\attachments_2009_01_04.zip moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU1945755115683547276.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU3054939812896027106.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU3536759880524410543.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU4526658513941926396.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU57983.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU8146627569976107260.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\AZU8207139349940458853.tmp moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Bloc Party - Intimacy moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Bloc Party - Intimacy [mininova].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\HL2 moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source\CSS moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Half Life 2 + Counter Strike Source Non Steam www.cp4ever.org [mininova].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Lupe_Fiasco-The_Cool-(RapGodFathers.com) moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\NBA.2K9-RELOADED [mininova].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\NORTON 2008 ULTIMATE PACK 3in1[Must Have][h33t][shahaz] [mininova].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33 moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Norton AntiVirus 2009 Gaming Edition v16.1.0.33.torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\Sigur_Ros_-_Heima_(DVD_1).3936653.TPB.torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\TV on the Radio - Dear Science, (2008) moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\TV on the Radio - Dear Science, (2008) [mininova].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\VSO-Convert_X_to_DVD-3.1.1.31-BRD[1].torrent moved successfully.
c:\documents and settings\BaoDo\Application Data\Azureus\torrents\_NBA.2K9-RELOADED [mininova].torrent moved successfully.
c:\windows\system32\drivers\OLD100.tmp moved successfully.
c:\windows\system32\drivers\OLD102.tmp moved successfully.
c:\windows\system32\drivers\OLD104.tmp moved successfully.
c:\windows\system32\drivers\OLD106.tmp moved successfully.
c:\windows\system32\drivers\OLD112.tmp moved successfully.
c:\windows\system32\drivers\OLD114.tmp moved successfully.
c:\windows\system32\drivers\OLD116.tmp moved successfully.
c:\windows\system32\drivers\OLD118.tmp moved successfully.
c:\windows\system32\drivers\OLD11A.tmp moved successfully.
c:\windows\system32\drivers\OLD11C.tmp moved successfully.
c:\windows\system32\drivers\OLD11E.tmp moved successfully.
c:\windows\system32\drivers\OLD120.tmp moved successfully.
c:\windows\system32\drivers\OLD122.tmp moved successfully.
c:\windows\system32\drivers\OLD124.tmp moved successfully.
c:\windows\system32\drivers\OLD126.tmp moved successfully.
c:\windows\system32\drivers\OLD128.tmp moved successfully.
c:\windows\system32\drivers\OLD12A.tmp moved successfully.
c:\windows\system32\drivers\OLD12C.tmp moved successfully.
c:\windows\system32\drivers\OLD12E.tmp moved successfully.
c:\windows\system32\drivers\OLD130.tmp moved successfully.
c:\windows\system32\drivers\OLD132.tmp moved successfully.
c:\windows\system32\drivers\OLD134.tmp moved successfully.
c:\windows\system32\drivers\OLD136.tmp moved successfully.
c:\windows\system32\drivers\OLD138.tmp moved successfully.
c:\windows\system32\drivers\OLD13A.tmp moved successfully.
c:\windows\system32\drivers\OLD13E.tmp moved successfully.
c:\windows\system32\drivers\OLD140.tmp moved successfully.
c:\windows\system32\drivers\OLD142.tmp moved successfully.
c:\windows\system32\drivers\OLD144.tmp moved successfully.
c:\windows\system32\drivers\OLD146.tmp moved successfully.
c:\windows\system32\drivers\OLD148.tmp moved successfully.
c:\windows\system32\drivers\OLD14A.tmp moved successfully.
c:\windows\system32\drivers\OLD14C.tmp moved successfully.
c:\windows\system32\drivers\OLD14E.tmp moved successfully.
c:\windows\system32\drivers\OLD150.tmp moved successfully.
c:\windows\system32\drivers\OLD152.tmp moved successfully.
c:\windows\system32\drivers\OLD154.tmp moved successfully.
c:\windows\system32\drivers\OLD156.tmp moved successfully.
c:\windows\system32\drivers\OLD158.tmp moved successfully.
c:\windows\system32\drivers\OLD15A.tmp moved successfully.
c:\windows\system32\drivers\OLD15C.tmp moved successfully.
c:\windows\system32\drivers\OLD15E.tmp moved successfully.
c:\windows\system32\drivers\OLD160.tmp moved successfully.
c:\windows\system32\drivers\OLD162.tmp moved successfully.
c:\windows\system32\drivers\OLD164.tmp moved successfully.
c:\windows\system32\drivers\OLD166.tmp moved successfully.
c:\windows\system32\drivers\OLD16A.tmp moved successfully.
c:\windows\system32\drivers\OLD16C.tmp moved successfully.
c:\windows\system32\drivers\OLD16E.tmp moved successfully.
c:\windows\system32\drivers\OLD170.tmp moved successfully.
c:\windows\system32\drivers\OLD172.tmp moved successfully.
c:\windows\system32\drivers\OLD174.tmp moved successfully.
c:\windows\system32\drivers\OLD176.tmp moved successfully.
c:\windows\system32\drivers\OLD178.tmp moved successfully.
c:\windows\system32\drivers\OLD17B.tmp moved successfully.
c:\windows\system32\drivers\OLD17D.tmp moved successfully.
c:\windows\system32\drivers\OLD17F.tmp moved successfully.
c:\windows\system32\drivers\OLD181.tmp moved successfully.
c:\windows\system32\drivers\OLD183.tmp moved successfully.
c:\windows\system32\drivers\OLD185.tmp moved successfully.
c:\windows\system32\drivers\OLD187.tmp moved successfully.
c:\windows\system32\drivers\OLD189.tmp moved successfully.
c:\windows\system32\drivers\OLD18B.tmp moved successfully.
c:\windows\system32\drivers\OLD18D.tmp moved successfully.
c:\windows\system32\drivers\OLD18F.tmp moved successfully.
c:\windows\system32\drivers\OLD191.tmp moved successfully.
c:\windows\system32\drivers\OLD193.tmp moved successfully.
c:\windows\system32\drivers\OLD197.tmp moved successfully.
c:\windows\system32\drivers\OLD199.tmp moved successfully.
c:\windows\system32\drivers\OLD19B.tmp moved successfully.
c:\windows\system32\drivers\OLD19D.tmp moved successfully.
c:\windows\system32\drivers\OLD19F.tmp moved successfully.
c:\windows\system32\drivers\OLD1A1.tmp moved successfully.
c:\windows\system32\drivers\OLD1A3.tmp moved successfully.
c:\windows\system32\drivers\OLD1A5.tmp moved successfully.
c:\windows\system32\drivers\OLD1A7.tmp moved successfully.
c:\windows\system32\drivers\OLD1A9.tmp moved successfully.
c:\windows\system32\drivers\OLD1AB.tmp moved successfully.
c:\windows\system32\drivers\OLD1AD.tmp moved successfully.
c:\windows\system32\drivers\OLD1AF.tmp moved successfully.
c:\windows\system32\drivers\OLD1B1.tmp moved successfully.
c:\windows\system32\drivers\OLD1B3.tmp moved successfully.
c:\windows\system32\drivers\OLD1B5.tmp moved successfully.
c:\windows\system32\drivers\OLD1B7.tmp moved successfully.
c:\windows\system32\drivers\OLD1B9.tmp moved successfully.
c:\windows\system32\drivers\OLD1BB.tmp moved successfully.
c:\windows\system32\drivers\OLD1BF.tmp moved successfully.
c:\windows\system32\drivers\OLD1C1.tmp moved successfully.
c:\windows\system32\drivers\OLD1C3.tmp moved successfully.
c:\windows\system32\drivers\OLD1C5.tmp moved successfully.
c:\windows\system32\drivers\OLD1C7.tmp moved successfully.
c:\windows\system32\drivers\OLD1C9.tmp moved successfully.
c:\windows\system32\drivers\OLD1CB.tmp moved successfully.
c:\windows\system32\drivers\OLD1CD.tmp moved successfully.
c:\windows\system32\drivers\OLD1CF.tmp moved successfully.
c:\windows\system32\drivers\OLD1D1.tmp moved successfully.
c:\windows\system32\drivers\OLD1D3.tmp moved successfully.
c:\windows\system32\drivers\OLD1D5.tmp moved successfully.
c:\windows\system32\drivers\OLD1D7.tmp moved successfully.
c:\windows\system32\drivers\OLD1D9.tmp moved successfully.
c:\windows\system32\drivers\OLD1DB.tmp moved successfully.
c:\windows\system32\drivers\OLD1DD.tmp moved successfully.
c:\windows\system32\drivers\OLD1DF.tmp moved successfully.
c:\windows\system32\drivers\OLD1E1.tmp moved successfully.
c:\windows\system32\drivers\OLD1E3.tmp moved successfully.
c:\windows\system32\drivers\OLD1E5.tmp moved successfully.
c:\windows\system32\drivers\OLD1E7.tmp moved successfully.
c:\windows\system32\drivers\OLD1EB.tmp moved successfully.
c:\windows\system32\drivers\OLD1ED.tmp moved successfully.
c:\windows\system32\drivers\OLD1EF.tmp moved successfully.
c:\windows\system32\drivers\OLD1F1.tmp moved successfully.
c:\windows\system32\drivers\OLD1F3.tmp moved successfully.
c:\windows\system32\drivers\OLD1F5.tmp moved successfully.
c:\windows\system32\drivers\OLD1F7.tmp moved successfully.
c:\windows\system32\drivers\OLD1F9.tmp moved successfully.
c:\windows\system32\drivers\OLD1FB.tmp moved successfully.
c:\windows\system32\drivers\OLD1FD.tmp moved successfully.
c:\windows\system32\drivers\OLD1FF.tmp moved successfully.
c:\windows\system32\drivers\OLD201.tmp moved successfully.
c:\windows\system32\drivers\OLD203.tmp moved successfully.
c:\windows\system32\drivers\OLD205.tmp moved successfully.
c:\windows\system32\drivers\OLD207.tmp moved successfully.
c:\windows\system32\drivers\OLD209.tmp moved successfully.
c:\windows\system32\drivers\OLD20B.tmp moved successfully.
c:\windows\system32\drivers\OLD20D.tmp moved successfully.
c:\windows\system32\drivers\OLD20F.tmp moved successfully.
c:\windows\system32\drivers\OLD211.tmp moved successfully.
c:\windows\system32\drivers\OLD213.tmp moved successfully.
c:\windows\system32\drivers\OLD217.tmp moved successfully.
c:\windows\system32\drivers\OLD219.tmp moved successfully.
c:\windows\system32\drivers\OLD21B.tmp moved successfully.
c:\windows\system32\drivers\OLD21D.tmp moved successfully.
c:\windows\system32\drivers\OLD21F.tmp moved successfully.
c:\windows\system32\drivers\OLD221.tmp moved successfully.
c:\windows\system32\drivers\OLD223.tmp moved successfully.
c:\windows\system32\drivers\OLD225.tmp moved successfully.
c:\windows\system32\drivers\OLD227.tmp moved successfully.
c:\windows\system32\drivers\OLD229.tmp moved successfully.
c:\windows\system32\drivers\OLD22B.tmp moved successfully.
c:\windows\system32\drivers\OLD22D.tmp moved successfully.
c:\windows\system32\drivers\OLD22F.tmp moved successfully.
c:\windows\system32\drivers\OLD231.tmp moved successfully.
c:\windows\system32\drivers\OLD233.tmp moved successfully.
c:\windows\system32\drivers\OLD235.tmp moved successfully.
c:\windows\system32\drivers\OLD237.tmp moved successfully.
c:\windows\system32\drivers\OLD239.tmp moved successfully.
c:\windows\system32\drivers\OLD23B.tmp moved successfully.
c:\windows\system32\drivers\OLD23D.tmp moved successfully.
c:\windows\system32\drivers\OLD23F.tmp moved successfully.
c:\windows\system32\drivers\OLD243.tmp moved successfully.
c:\windows\system32\drivers\OLD245.tmp moved successfully.
c:\windows\system32\drivers\OLD247.tmp moved successfully.
c:\windows\system32\drivers\OLD249.tmp moved successfully.
c:\windows\system32\drivers\OLD24B.tmp moved successfully.
c:\windows\system32\drivers\OLD24D.tmp moved successfully.
c:\windows\system32\drivers\OLD24F.tmp moved successfully.
c:\windows\system32\drivers\OLD251.tmp moved successfully.
c:\windows\system32\drivers\OLD253.tmp moved successfully.
c:\windows\system32\drivers\OLD255.tmp moved successfully.
c:\windows\system32\drivers\OLD257.tmp moved successfully.
c:\windows\system32\drivers\OLD259.tmp moved successfully.
c:\windows\system32\drivers\OLD25B.tmp moved successfully.
c:\windows\system32\drivers\OLD25D.tmp moved successfully.
c:\windows\system32\drivers\OLD25F.tmp moved successfully.
c:\windows\system32\drivers\OLD261.tmp moved successfully.
c:\windows\system32\drivers\OLD263.tmp moved successfully.
c:\windows\system32\drivers\OLD265.tmp moved successfully.
c:\windows\system32\drivers\OLD267.tmp moved successfully.
c:\windows\system32\drivers\OLD269.tmp moved successfully.
c:\windows\system32\drivers\OLD26B.tmp moved successfully.
c:\windows\system32\drivers\OLD26D.tmp moved successfully.
c:\windows\system32\drivers\OLD26F.tmp moved successfully.
c:\windows\system32\drivers\OLD273.tmp moved successfully.
c:\windows\system32\drivers\OLD275.tmp moved successfully.
c:\windows\system32\drivers\OLD277.tmp moved successfully.
c:\windows\system32\drivers\OLD279.tmp moved successfully.
c:\windows\system32\drivers\OLD27B.tmp moved successfully.
c:\windows\system32\drivers\OLD27D.tmp moved successfully.
c:\windows\system32\drivers\OLD27F.tmp moved successfully.
c:\windows\system32\drivers\OLD281.tmp moved successfully.
c:\windows\system32\drivers\OLD283.tmp moved successfully.
c:\windows\system32\drivers\OLD285.tmp moved successfully.
c:\windows\system32\drivers\OLD287.tmp moved successfully.
c:\windows\system32\drivers\OLD289.tmp moved successfully.
c:\windows\system32\drivers\OLD28B.tmp moved successfully.
c:\windows\system32\drivers\OLD28D.tmp moved successfully.
c:\windows\system32\drivers\OLD28F.tmp moved successfully.
c:\windows\system32\drivers\OLD291.tmp moved successfully.
c:\windows\system32\drivers\OLD293.tmp moved successfully.
c:\windows\system32\drivers\OLD295.tmp moved successfully.
c:\windows\system32\drivers\OLD297.tmp moved successfully.
c:\windows\system32\drivers\OLD299.tmp moved successfully.
c:\windows\system32\drivers\OLD29B.tmp moved successfully.
c:\windows\system32\drivers\OLD29F.tmp moved successfully.
c:\windows\system32\drivers\OLD2A1.tmp moved successfully.
c:\windows\system32\drivers\OLD2A3.tmp moved successfully.
c:\windows\system32\drivers\OLD2A5.tmp moved successfully.
c:\windows\system32\drivers\OLD2A7.tmp moved successfully.
c:\windows\system32\drivers\OLD2A9.tmp moved successfully.
c:\windows\system32\drivers\OLD2AB.tmp moved successfully.
c:\windows\system32\drivers\OLD2AD.tmp moved successfully.
c:\windows\system32\drivers\OLD2AF.tmp moved successfully.
c:\windows\system32\drivers\OLD2B1.tmp moved successfully.
c:\windows\system32\drivers\OLD2B3.tmp moved successfully.
c:\windows\system32\drivers\OLD2B5.tmp moved successfully.
c:\windows\system32\drivers\OLD2B7.tmp moved successfully.
c:\windows\system32\drivers\OLD2B9.tmp moved successfully.
c:\windows\system32\drivers\OLD2BB.tmp moved successfully.
c:\windows\system32\drivers\OLD2BD.tmp moved successfully.
c:\windows\system32\drivers\OLD2BF.tmp moved successfully.
c:\windows\system32\drivers\OLD2C1.tmp moved successfully.
c:\windows\system32\drivers\OLD2C3.tmp moved successfully.
c:\windows\system32\drivers\OLD2C5.tmp moved successfully.
c:\windows\system32\drivers\OLD2C7.tmp moved successfully.
c:\windows\system32\drivers\OLD2CB.tmp moved successfully.
c:\windows\system32\drivers\OLD2CD.tmp moved successfully.
c:\windows\system32\drivers\OLD2CF.tmp moved successfully.
c:\windows\system32\drivers\OLD2D.tmp moved successfully.
c:\windows\system32\drivers\OLD2D1.tmp moved successfully.
c:\windows\system32\drivers\OLD2D3.tmp moved successfully.
c:\windows\system32\drivers\OLD2D5.tmp moved successfully.
c:\windows\system32\drivers\OLD2D7.tmp moved successfully.
c:\windows\system32\drivers\OLD2D9.tmp moved successfully.
c:\windows\system32\drivers\OLD2DB.tmp moved successfully.
c:\windows\system32\drivers\OLD2DD.tmp moved successfully.
c:\windows\system32\drivers\OLD2DF.tmp moved successfully.
c:\windows\system32\drivers\OLD2E1.tmp moved successfully.
c:\windows\system32\drivers\OLD2E3.tmp moved successfully.
c:\windows\system32\drivers\OLD2E5.tmp moved successfully.
c:\windows\system32\drivers\OLD2E7.tmp moved successfully.
c:\windows\system32\drivers\OLD2E9.tmp moved successfully.
c:\windows\system32\drivers\OLD2EB.tmp moved successfully.
c:\windows\system32\drivers\OLD2ED.tmp moved successfully.
c:\windows\system32\drivers\OLD2EF.tmp moved successfully.
c:\windows\system32\drivers\OLD2F.tmp moved successfully.
c:\windows\system32\drivers\OLD2F1.tmp moved successfully.
c:\windows\system32\drivers\OLD2F3.tmp moved successfully.
c:\windows\system32\drivers\OLD2F7.tmp moved successfully.
c:\windows\system32\drivers\OLD2F9.tmp moved successfully.
c:\windows\system32\drivers\OLD2FB.tmp moved successfully.
c:\windows\system32\drivers\OLD2FD.tmp moved successfully.
c:\windows\system32\drivers\OLD2FF.tmp moved successfully.
c:\windows\system32\drivers\OLD301.tmp moved successfully.
c:\windows\system32\drivers\OLD303.tmp moved successfully.
c:\windows\system32\drivers\OLD305.tmp moved successfully.
c:\windows\system32\drivers\OLD307.tmp moved successfully.
c:\windows\system32\drivers\OLD309.tmp moved successfully.
c:\windows\system32\drivers\OLD30B.tmp moved successfully.
c:\windows\system32\drivers\OLD30D.tmp moved successfully.
c:\windows\system32\drivers\OLD30F.tmp moved successfully.
c:\windows\system32\drivers\OLD31.tmp moved successfully.
c:\windows\system32\drivers\OLD311.tmp moved successfully.
c:\windows\system32\drivers\OLD313.tmp moved successfully.
c:\windows\system32\drivers\OLD315.tmp moved successfully.
c:\windows\system32\drivers\OLD317.tmp moved successfully.
c:\windows\system32\drivers\OLD319.tmp moved successfully.
c:\windows\system32\drivers\OLD31B.tmp moved successfully.
c:\windows\system32\drivers\OLD31D.tmp moved successfully.
c:\windows\system32\drivers\OLD31F.tmp moved successfully.
c:\windows\system32\drivers\OLD323.tmp moved successfully.
c:\windows\system32\drivers\OLD325.tmp moved successfully.
c:\windows\system32\drivers\OLD327.tmp moved successfully.
c:\windows\system32\drivers\OLD329.tmp moved successfully.
c:\windows\system32\drivers\OLD32B.tmp moved successfully.
c:\windows\system32\drivers\OLD32D.tmp moved successfully.
c:\windows\system32\drivers\OLD32F.tmp moved successfully.
c:\windows\system32\drivers\OLD33.tmp moved successfully.
c:\windows\system32\drivers\OLD331.tmp moved successfully.
c:\windows\system32\drivers\OLD333.tmp moved successfully.
c:\windows\system32\drivers\OLD335.tmp moved successfully.
c:\windows\system32\drivers\OLD337.tmp moved successfully.
c:\windows\system32\drivers\OLD339.tmp moved successfully.
c:\windows\system32\drivers\OLD33B.tmp moved successfully.
c:\windows\system32\drivers\OLD33D.tmp moved successfully.
c:\windows\system32\drivers\OLD33F.tmp moved successfully.
c:\windows\system32\drivers\OLD341.tmp moved successfully.
c:\windows\system32\drivers\OLD343.tmp moved successfully.
c:\windows\system32\drivers\OLD345.tmp moved successfully.
c:\windows\system32\drivers\OLD347.tmp moved successfully.
c:\windows\system32\drivers\OLD349.tmp moved successfully.
c:\windows\system32\drivers\OLD34B.tmp moved successfully.
c:\windows\system32\drivers\OLD34F.tmp moved successfully.
c:\windows\system32\drivers\OLD35.tmp moved successfully.
c:\windows\system32\drivers\OLD351.tmp moved successfully.
c:\windows\system32\drivers\OLD353.tmp moved successfully.
c:\windows\system32\drivers\OLD355.tmp moved successfully.
c:\windows\system32\drivers\OLD357.tmp moved successfully.
c:\windows\system32\drivers\OLD359.tmp moved successfully.
c:\windows\system32\drivers\OLD35B.tmp moved successfully.
c:\windows\system32\drivers\OLD35D.tmp moved successfully.
c:\windows\system32\drivers\OLD35F.tmp moved successfully.
c:\windows\system32\drivers\OLD361.tmp moved successfully.
c:\windows\system32\drivers\OLD363.tmp moved successfully.
c:\windows\system32\drivers\OLD365.tmp moved successfully.
c:\windows\system32\drivers\OLD367.tmp moved successfully.
c:\windows\system32\drivers\OLD369.tmp moved successfully.
c:\windows\system32\drivers\OLD36B.tmp moved successfully.
c:\windows\system32\drivers\OLD36D.tmp moved successfully.
c:\windows\system32\drivers\OLD36F.tmp moved successfully.
c:\windows\system32\drivers\OLD37.tmp moved successfully.
c:\windows\system32\drivers\OLD371.tmp moved successfully.
c:\windows\system32\drivers\OLD373.tmp moved successfully.
c:\windows\system32\drivers\OLD375.tmp moved successfully.
c:\windows\system32\drivers\OLD377.tmp moved successfully.
c:\windows\system32\drivers\OLD379.tmp moved successfully.
c:\windows\system32\drivers\OLD37B.tmp moved successfully.
c:\windows\system32\drivers\OLD38A.tmp moved successfully.
c:\windows\system32\drivers\OLD38C.tmp moved successfully.
c:\windows\system32\drivers\OLD38E.tmp moved successfully.
c:\windows\system32\drivers\OLD39.tmp moved successfully.
c:\windows\system32\drivers\OLD390.tmp moved successfully.
c:\windows\system32\drivers\OLD392.tmp moved successfully.
c:\windows\system32\drivers\OLD394.tmp moved successfully.
c:\windows\system32\drivers\OLD396.tmp moved successfully.
c:\windows\system32\drivers\OLD398.tmp moved successfully.
c:\windows\system32\drivers\OLD39A.tmp moved successfully.
c:\windows\system32\drivers\OLD39C.tmp moved successfully.
c:\windows\system32\drivers\OLD39E.tmp moved successfully.
c:\windows\system32\drivers\OLD3A0.tmp moved successfully.
c:\windows\system32\drivers\OLD3A2.tmp moved successfully.
c:\windows\system32\drivers\OLD3A4.tmp moved successfully.
c:\windows\system32\drivers\OLD3A6.tmp moved successfully.
c:\windows\system32\drivers\OLD3AA.tmp moved successfully.
c:\windows\system32\drivers\OLD3AC.tmp moved successfully.
c:\windows\system32\drivers\OLD3AE.tmp moved successfully.
c:\windows\system32\drivers\OLD3B.tmp moved successfully.
c:\windows\system32\drivers\OLD3B0.tmp moved successfully.
c:\windows\system32\drivers\OLD3B2.tmp moved successfully.
c:\windows\system32\drivers\OLD3B4.tmp moved successfully.
c:\windows\system32\drivers\OLD3B6.tmp moved successfully.
c:\windows\system32\drivers\OLD3B8.tmp moved successfully.
c:\windows\system32\drivers\OLD3BA.tmp moved successfully.
c:\windows\system32\drivers\OLD3BC.tmp moved successfully.
c:\windows\system32\drivers\OLD3BE.tmp moved successfully.
c:\windows\system32\drivers\OLD3C0.tmp moved successfully.
c:\windows\system32\drivers\OLD3C2.tmp moved successfully.
c:\windows\system32\drivers\OLD3C4.tmp moved successfully.
c:\windows\system32\drivers\OLD3C6.tmp moved successfully.
c:\windows\system32\drivers\OLD3C8.tmp moved successfully.
c:\windows\system32\drivers\OLD3CA.tmp moved successfully.
c:\windows\system32\drivers\OLD3CC.tmp moved successfully.
c:\windows\system32\drivers\OLD3CE.tmp moved successfully.
c:\windows\system32\drivers\OLD3D.tmp moved successfully.
c:\windows\system32\drivers\OLD3D0.tmp moved successfully.
c:\windows\system32\drivers\OLD3D2.tmp moved successfully.
c:\windows\system32\drivers\OLD3D4.tmp moved successfully.
c:\windows\system32\drivers\OLD3D6.tmp moved successfully.
c:\windows\system32\drivers\OLD3DA.tmp moved successfully.
c:\windows\system32\drivers\OLD3DC.tmp moved successfully.
c:\windows\system32\drivers\OLD3DE.tmp moved successfully.
c:\windows\system32\drivers\OLD3E0.tmp moved successfully.
c:\windows\system32\drivers\OLD3E2.tmp moved successfully.
c:\windows\system32\drivers\OLD3E4.tmp moved successfully.
c:\windows\system32\drivers\OLD3E6.tmp moved successfully.
c:\windows\system32\drivers\OLD3E8.tmp moved successfully.
c:\windows\system32\drivers\OLD3EA.tmp moved successfully.
c:\windows\system32\drivers\OLD3EC.tmp moved successfully.
c:\windows\system32\drivers\OLD3EE.tmp moved successfully.
c:\windows\system32\drivers\OLD3F.tmp moved successfully.
c:\windows\system32\drivers\OLD3F0.tmp moved successfully.
c:\windows\system32\drivers\OLD3F2.tmp moved successfully.
c:\windows\system32\drivers\OLD3F4.tmp moved successfully.
c:\windows\system32\drivers\OLD3F6.tmp moved successfully.
c:\windows\system32\drivers\OLD3F8.tmp moved successfully.
c:\windows\system32\drivers\OLD3FA.tmp moved successfully.
c:\windows\system32\drivers\OLD3FC.tmp moved successfully.
c:\windows\system32\drivers\OLD3FE.tmp moved successfully.
c:\windows\system32\drivers\OLD400.tmp moved successfully.
c:\windows\system32\drivers\OLD402.tmp moved successfully.
c:\windows\system32\drivers\OLD404.tmp moved successfully.
c:\windows\system32\drivers\OLD408.tmp moved successfully.
c:\windows\system32\drivers\OLD40A.tmp moved successfully.
c:\windows\system32\drivers\OLD40C.tmp moved successfully.
c:\windows\system32\drivers\OLD40E.tmp moved successfully.
c:\windows\system32\drivers\OLD41.tmp moved successfully.
c:\windows\system32\drivers\OLD410.tmp moved successfully.
c:\windows\system32\drivers\OLD412.tmp moved successfully.
c:\windows\system32\drivers\OLD414.tmp moved successfully.
c:\windows\system32\drivers\OLD416.tmp moved successfully.
c:\windows\system32\drivers\OLD418.tmp moved successfully.
c:\windows\system32\drivers\OLD41A.tmp moved successfully.
c:\windows\system32\drivers\OLD41C.tmp moved successfully.
c:\windows\system32\drivers\OLD41E.tmp moved successfully.
c:\windows\system32\drivers\OLD420.tmp moved successfully.
c:\windows\system32\drivers\OLD422.tmp moved successfully.
c:\windows\system32\drivers\OLD424.tmp moved successfully.
c:\windows\system32\drivers\OLD426.tmp moved successfully.
c:\windows\system32\drivers\OLD428.tmp moved successfully.
c:\windows\system32\drivers\OLD42A.tmp moved successfully.
c:\windows\system32\drivers\OLD42C.tmp moved successfully.
c:\windows\system32\drivers\OLD42E.tmp moved successfully.
c:\windows\system32\drivers\OLD43.tmp moved successfully.
c:\windows\system32\drivers\OLD432.tmp moved successfully.
c:\windows\system32\drivers\OLD434.tmp moved successfully.
c:\windows\system32\drivers\OLD436.tmp moved successfully.
c:\windows\system32\drivers\OLD438.tmp moved successfully.
c:\windows\system32\drivers\OLD43A.tmp moved successfully.
c:\windows\system32\drivers\OLD43C.tmp moved successfully.
c:\windows\system32\drivers\OLD43E.tmp moved successfully.
c:\windows\system32\drivers\OLD440.tmp moved successfully.
c:\windows\system32\drivers\OLD442.tmp moved successfully.
c:\windows\system32\drivers\OLD444.tmp moved successfully.
c:\windows\system32\drivers\OLD446.tmp moved successfully.
c:\windows\system32\drivers\OLD448.tmp moved successfully.
c:\windows\system32\drivers\OLD44A.tmp moved successfully.
c:\windows\system32\drivers\OLD44C.tmp moved successfully.
c:\windows\system32\drivers\OLD44E.tmp moved successfully.
c:\windows\system32\drivers\OLD45.tmp moved successfully.
c:\windows\system32\drivers\OLD450.tmp moved successfully.
c:\windows\system32\drivers\OLD452.tmp moved successfully.
c:\windows\system32\drivers\OLD454.tmp moved successfully.
c:\windows\system32\drivers\OLD456.tmp moved successfully.
c:\windows\system32\drivers\OLD458.tmp moved successfully.
c:\windows\system32\drivers\OLD45A.tmp moved successfully.
c:\windows\system32\drivers\OLD45E.tmp moved successfully.
c:\windows\system32\drivers\OLD460.tmp moved successfully.
c:\windows\system32\drivers\OLD462.tmp moved successfully.
c:\windows\system32\drivers\OLD464.tmp moved successfully.
c:\windows\system32\drivers\OLD466.tmp moved successfully.
c:\windows\system32\drivers\OLD468.tmp moved successfully.
c:\windows\system32\drivers\OLD46A.tmp moved successfully.
c:\windows\system32\drivers\OLD46C.tmp moved successfully.
c:\windows\system32\drivers\OLD46E.tmp moved successfully.
c:\windows\system32\drivers\OLD47.tmp moved successfully.
c:\windows\system32\drivers\OLD470.tmp moved successfully.
c:\windows\system32\drivers\OLD472.tmp moved successfully.
c:\windows\system32\drivers\OLD474.tmp moved successfully.
c:\windows\system32\drivers\OLD476.tmp moved successfully.
c:\windows\system32\drivers\OLD478.tmp moved successfully.
c:\windows\system32\drivers\OLD47A.tmp moved successfully.
c:\windows\system32\drivers\OLD47C.tmp moved successfully.
c:\windows\system32\drivers\OLD47E.tmp moved successfully.
c:\windows\system32\drivers\OLD480.tmp moved successfully.
c:\windows\system32\drivers\OLD482.tmp moved successfully.
c:\windows\system32\drivers\OLD484.tmp moved successfully.
c:\windows\system32\drivers\OLD486.tmp moved successfully.
c:\windows\system32\drivers\OLD488.tmp moved successfully.
c:\windows\system32\drivers\OLD48C.tmp moved successfully.
c:\windows\system32\drivers\OLD48E.tmp moved successfully.
c:\windows\system32\drivers\OLD49.tmp moved successfully.
c:\windows\system32\drivers\OLD490.tmp moved successfully.
c:\windows\system32\drivers\OLD492.tmp moved successfully.
c:\windows\system32\drivers\OLD494.tmp moved successfully.
c:\windows\system32\drivers\OLD496.tmp moved successfully.
c:\windows\system32\drivers\OLD498.tmp moved successfully.
c:\windows\system32\drivers\OLD49A.tmp moved successfully.
c:\windows\system32\drivers\OLD49C.tmp moved successfully.
c:\windows\system32\drivers\OLD49E.tmp moved successfully.
c:\windows\system32\drivers\OLD4A0.tmp moved successfully.
c:\windows\system32\drivers\OLD4A2.tmp moved successfully.
c:\windows\system32\drivers\OLD4A4.tmp moved successfully.
c:\windows\system32\drivers\OLD4A6.tmp moved successfully.
c:\windows\system32\drivers\OLD4A8.tmp moved successfully.
c:\windows\system32\drivers\OLD4AA.tmp moved successfully.
c:\windows\system32\drivers\OLD4AC.tmp moved successfully.
c:\windows\system32\drivers\OLD4AE.tmp moved successfully.
c:\windows\system32\drivers\OLD4B.tmp moved successfully.
c:\windows\system32\drivers\OLD4B0.tmp moved successfully.
c:\windows\system32\drivers\OLD4B2.tmp moved successfully.
c:\windows\system32\drivers\OLD4B6.tmp moved successfully.
c:\windows\system32\drivers\OLD4B8.tmp moved successfully.
c:\windows\system32\drivers\OLD4BA.tmp moved successfully.
c:\windows\system32\drivers\OLD4BC.tmp moved successfully.
c:\windows\system32\drivers\OLD4BE.tmp moved successfully.
c:\windows\system32\drivers\OLD4C0.tmp moved successfully.
c:\windows\system32\drivers\OLD4C2.tmp moved successfully.
c:\windows\system32\drivers\OLD4C4.tmp moved successfully.
c:\windows\system32\drivers\OLD4C6.tmp moved successfully.
c:\windows\system32\drivers\OLD4C8.tmp moved successfully.
c:\windows\system32\drivers\OLD4CA.tmp moved successfully.
c:\windows\system32\drivers\OLD4CC.tmp moved successfully.
c:\windows\system32\drivers\OLD4CE.tmp moved successfully.
c:\windows\system32\drivers\OLD4D.tmp moved successfully.
c:\windows\system32\drivers\OLD4D0.tmp moved successfully.
c:\windows\system32\drivers\OLD4D2.tmp moved successfully.
c:\windows\system32\drivers\OLD4D4.tmp moved successfully.
c:\windows\system32\drivers\OLD4D6.tmp moved successfully.
c:\windows\system32\drivers\OLD4D8.tmp moved successfully.
c:\windows\system32\drivers\OLD4DA.tmp moved successfully.
c:\windows\system32\drivers\OLD4DC.tmp moved successfully.
c:\windows\system32\drivers\OLD4DE.tmp moved successfully.
c:\windows\system32\drivers\OLD4E2.tmp moved successfully.
c:\windows\system32\drivers\OLD4E4.tmp moved successfully.
c:\windows\system32\drivers\OLD4E6.tmp moved successfully.
c:\windows\system32\drivers\OLD4E8.tmp moved successfully.
c:\windows\system32\drivers\OLD4EA.tmp moved successfully.
c:\windows\system32\drivers\OLD4EC.tmp moved successfully.
c:\windows\system32\drivers\OLD4EE.tmp moved successfully.
c:\windows\system32\drivers\OLD4F.tmp moved successfully.
c:\windows\system32\drivers\OLD4F0.tmp moved successfully.
c:\windows\system32\drivers\OLD4F2.tmp moved successfully.
c:\windows\system32\drivers\OLD4F4.tmp moved successfully.
c:\windows\system32\drivers\OLD4F6.tmp moved successfully.
c:\windows\system32\drivers\OLD4F8.tmp moved successfully.
c:\windows\system32\drivers\OLD4FA.tmp moved successfully.
c:\windows\system32\drivers\OLD4FC.tmp moved successfully.
c:\windows\system32\drivers\OLD4FE.tmp moved successfully.
c:\windows\system32\drivers\OLD500.tmp moved successfully.
c:\windows\system32\drivers\OLD502.tmp moved successfully.
c:\windows\system32\drivers\OLD504.tmp moved successfully.
c:\windows\system32\drivers\OLD506.tmp moved successfully.
c:\windows\system32\drivers\OLD508.tmp moved successfully.
c:\windows\system32\drivers\OLD50A.tmp moved successfully.
c:\windows\system32\drivers\OLD50C.tmp moved successfully.
c:\windows\system32\drivers\OLD50E.tmp moved successfully.
c:\windows\system32\drivers\OLD51.tmp moved successfully.
c:\windows\system32\drivers\OLD512.tmp moved successfully.
c:\windows\system32\drivers\OLD514.tmp moved successfully.
c:\windows\system32\drivers\OLD516.tmp moved successfully.
c:\windows\system32\drivers\OLD518.tmp moved successfully.
c:\windows\system32\drivers\OLD51A.tmp moved successfully.
c:\windows\system32\drivers\OLD51C.tmp moved successfully.
c:\windows\system32\drivers\OLD51E.tmp moved successfully.
c:\windows\system32\drivers\OLD520.tmp moved successfully.
c:\windows\system32\drivers\OLD522.tmp moved successfully.
c:\windows\system32\drivers\OLD524.tmp moved successfully.
c:\windows\system32\drivers\OLD526.tmp moved successfully.
c:\windows\system32\drivers\OLD528.tmp moved successfully.
c:\windows\system32\drivers\OLD52A.tmp moved successfully.
c:\windows\system32\drivers\OLD52C.tmp moved successfully.
c:\windows\system32\drivers\OLD52E.tmp moved successfully.
c:\windows\system32\drivers\OLD53.tmp moved successfully.
c:\windows\system32\drivers\OLD530.tmp moved successfully.
c:\windows\system32\drivers\OLD532.tmp moved successfully.
c:\windows\system32\drivers\OLD534.tmp moved successfully.
c:\windows\system32\drivers\OLD536.tmp moved successfully.
c:\windows\system32\drivers\OLD538.tmp moved successfully.
c:\windows\system32\drivers\OLD53A.tmp moved successfully.
c:\windows\system32\drivers\OLD53C.tmp moved successfully.
c:\windows\system32\drivers\OLD540.tmp moved successfully.
c:\windows\system32\drivers\OLD542.tmp moved successfully.
c:\windows\system32\drivers\OLD544.tmp moved successfully.
c:\windows\system32\drivers\OLD546.tmp moved successfully.
c:\windows\system32\drivers\OLD548.tmp moved successfully.
c:\windows\system32\drivers\OLD54A.tmp moved successfully.
c:\windows\system32\drivers\OLD54C.tmp moved successfully.
c:\windows\system32\drivers\OLD54E.tmp moved successfully.
c:\windows\system32\drivers\OLD55.tmp moved successfully.
c:\windows\system32\drivers\OLD550.tmp moved successfully.
c:\windows\system32\drivers\OLD552.tmp moved successfully.
c:\windows\system32\drivers\OLD554.tmp moved successfully.
c:\windows\system32\drivers\OLD556.tmp moved successfully.
c:\windows\system32\drivers\OLD558.tmp moved successfully.
c:\windows\system32\drivers\OLD55A.tmp moved successfully.
c:\windows\system32\drivers\OLD55C.tmp moved successfully.
c:\windows\system32\drivers\OLD55E.tmp moved successfully.
c:\windows\system32\drivers\OLD560.tmp moved successfully.
c:\windows\system32\drivers\OLD562.tmp moved successfully.
c:\windows\system32\drivers\OLD564.tmp moved successfully.
c:\windows\system32\drivers\OLD566.tmp moved successfully.
c:\windows\system32\drivers\OLD56A.tmp moved successfully.
c:\windows\system32\drivers\OLD56C.tmp moved successfully.
c:\windows\system32\drivers\OLD56E.tmp moved successfully.
c:\windows\system32\drivers\OLD570.tmp moved successfully.
c:\windows\system32\drivers\OLD572.tmp moved successfully.
c:\windows\system32\drivers\OLD574.tmp moved successfully.
c:\windows\system32\drivers\OLD576.tmp moved successfully.
c:\windows\system32\drivers\OLD578.tmp moved successfully.
c:\windows\system32\drivers\OLD57A.tmp moved successfully.
c:\windows\system32\drivers\OLD57C.tmp moved successfully.
c:\windows\system32\drivers\OLD57E.tmp moved successfully.
c:\windows\system32\drivers\OLD580.tmp moved successfully.
c:\windows\system32\drivers\OLD582.tmp moved successfully.
c:\windows\system32\drivers\OLD584.tmp moved successfully.
c:\windows\system32\drivers\OLD586.tmp moved successfully.
c:\windows\system32\drivers\OLD588.tmp moved successfully.
c:\windows\system32\drivers\OLD58A.tmp moved successfully.
c:\windows\system32\drivers\OLD58C.tmp moved successfully.
c:\windows\system32\drivers\OLD58E.tmp moved successfully.
c:\windows\system32\drivers\OLD59.tmp moved successfully.
c:\windows\system32\drivers\OLD590.tmp moved successfully.
c:\windows\system32\drivers\OLD592.tmp moved successfully.
c:\windows\system32\drivers\OLD596.tmp moved successfully.
c:\windows\system32\drivers\OLD598.tmp moved successfully.
c:\windows\system32\drivers\OLD59A.tmp moved successfully.
c:\windows\system32\drivers\OLD59C.tmp moved successfully.
c:\windows\system32\drivers\OLD59E.tmp moved successfully.
c:\windows\system32\drivers\OLD5A0.tmp moved successfully.
c:\windows\system32\drivers\OLD5A2.tmp moved successfully.
c:\windows\system32\drivers\OLD5A4.tmp moved successfully.
c:\windows\system32\drivers\OLD5A6.tmp moved successfully.
c:\windows\system32\drivers\OLD5A8.tmp moved successfully.
c:\windows\system32\drivers\OLD5AA.tmp moved successfully.
c:\windows\system32\drivers\OLD5AC.tmp moved successfully.
c:\windows\system32\drivers\OLD5AE.tmp moved successfully.
c:\windows\system32\drivers\OLD5B.tmp moved successfully.
c:\windows\system32\drivers\OLD5B0.tmp moved successfully.
c:\windows\system32\drivers\OLD5B2.tmp moved successfully.
c:\windows\system32\drivers\OLD5B4.tmp moved successfully.
c:\windows\system32\drivers\OLD5B6.tmp moved successfully.
c:\windows\system32\drivers\OLD5B8.tmp moved successfully.
c:\windows\system32\drivers\OLD5BA.tmp moved successfully.
c:\windows\system32\drivers\OLD5BC.tmp moved successfully.
c:\windows\system32\drivers\OLD5BE.tmp moved successfully.
c:\windows\system32\drivers\OLD5C2.tmp moved successfully.
c:\windows\system32\drivers\OLD5C4.tmp moved successfully.
c:\windows\system32\drivers\OLD5C6.tmp moved successfully.
c:\windows\system32\drivers\OLD5C8.tmp moved successfully.
c:\windows\system32\drivers\OLD5CA.tmp moved successfully.
c:\windows\system32\drivers\OLD5CC.tmp moved successfully.
c:\windows\system32\drivers\OLD5CE.tmp moved successfully.
c:\windows\system32\drivers\OLD5D.tmp moved successfully.
c:\windows\system32\drivers\OLD5D0.tmp moved successfully.
c:\windows\system32\drivers\OLD5D2.tmp moved successfully.
c:\windows\system32\drivers\OLD5D4.tmp moved successfully.
c:\windows\system32\drivers\OLD5D6.tmp moved successfully.
c:\windows\system32\drivers\OLD5D8.tmp moved successfully.
c:\windows\system32\drivers\OLD5DA.tmp moved successfully.
c:\windows\system32\drivers\OLD5DC.tmp moved successfully.
c:\windows\system32\drivers\OLD5DE.tmp moved successfully.
c:\windows\system32\drivers\OLD5E0.tmp moved successfully.
c:\windows\system32\drivers\OLD5E2.tmp moved successfully.
c:\windows\system32\drivers\OLD5E4.tmp moved successfully.
c:\windows\system32\drivers\OLD5E6.tmp moved successfully.
c:\windows\system32\drivers\OLD5E8.tmp moved successfully.
c:\windows\system32\drivers\OLD5EA.tmp moved successfully.
c:\windows\system32\drivers\OLD5EE.tmp moved successfully.
c:\windows\system32\drivers\OLD5F.tmp moved successfully.
c:\windows\system32\drivers\OLD5F0.tmp moved successfully.
c:\windows\system32\drivers\OLD5F2.tmp moved successfully.
c:\windows\system32\drivers\OLD5F4.tmp moved successfully.
c:\windows\system32\drivers\OLD5F6.tmp moved successfully.
c:\windows\system32\drivers\OLD5F8.tmp moved successfully.
c:\windows\system32\drivers\OLD5FA.tmp moved successfully.
c:\windows\system32\drivers\OLD5FC.tmp moved successfully.
c:\windows\system32\drivers\OLD5FE.tmp moved successfully.
c:\windows\system32\drivers\OLD600.tmp moved successfully.
c:\windows\system32\drivers\OLD602.tmp moved successfully.
c:\windows\system32\drivers\OLD605.tmp moved successfully.
c:\windows\system32\drivers\OLD607.tmp moved successfully.
c:\windows\system32\drivers\OLD609.tmp moved successfully.
c:\windows\system32\drivers\OLD60B.tmp moved successfully.
c:\windows\system32\drivers\OLD60D.tmp moved successfully.
c:\windows\system32\drivers\OLD60F.tmp moved successfully.
c:\windows\system32\drivers\OLD61.tmp moved successfully.
c:\windows\system32\drivers\OLD611.tmp moved successfully.
c:\windows\system32\drivers\OLD613.tmp moved successfully.
c:\windows\system32\drivers\OLD615.tmp moved successfully.
c:\windows\system32\drivers\OLD617.tmp moved successfully.
c:\windows\system32\drivers\OLD619.tmp moved successfully.
c:\windows\system32\drivers\OLD61B.tmp moved successfully.
c:\windows\system32\drivers\OLD61F.tmp moved successfully.
c:\windows\system32\drivers\OLD621.tmp moved successfully.
c:\windows\system32\drivers\OLD623.tmp moved successfully.
c:\windows\system32\drivers\OLD625.tmp moved successfully.
c:\windows\system32\drivers\OLD627.tmp moved successfully.
c:\windows\system32\drivers\OLD629.tmp moved successfully.
c:\windows\system32\drivers\OLD62B.tmp moved successfully.
c:\windows\system32\drivers\OLD62D.tmp moved successfully.
c:\windows\system32\drivers\OLD62F.tmp moved successfully.
c:\windows\system32\drivers\OLD63.tmp moved successfully.
c:\windows\system32\drivers\OLD631.tmp moved successfully.
c:\windows\system32\drivers\OLD633.tmp moved successfully.
c:\windows\system32\drivers\OLD635.tmp moved successfully.
c:\windows\system32\drivers\OLD637.tmp moved successfully.
c:\windows\system32\drivers\OLD639.tmp moved successfully.
c:\windows\system32\drivers\OLD63B.tmp moved successfully.
c:\windows\system32\drivers\OLD63D.tmp moved successfully.
c:\windows\system32\drivers\OLD63F.tmp moved successfully.
c:\windows\system32\drivers\OLD641.tmp moved successfully.
c:\windows\system32\drivers\OLD643.tmp moved successfully.
c:\windows\system32\drivers\OLD65.tmp moved successfully.
c:\windows\system32\drivers\OLD67.tmp moved successfully.
c:\windows\system32\drivers\OLD69.tmp moved successfully.
c:\windows\system32\drivers\OLD6B.tmp moved successfully.
c:\windows\system32\drivers\OLD6D.tmp moved successfully.
c:\windows\system32\drivers\OLD6F.tmp moved successfully.
c:\windows\system32\drivers\OLD71.tmp moved successfully.
c:\windows\system32\drivers\OLD73.tmp moved successfully.
c:\windows\system32\drivers\OLD75.tmp moved successfully.
c:\windows\system32\drivers\OLD77.tmp moved successfully.
c:\windows\system32\drivers\OLD79.tmp moved successfully.
c:\windows\system32\drivers\OLD7B.tmp moved successfully.
c:\windows\system32\drivers\OLD7D.tmp moved successfully.
c:\windows\system32\drivers\OLD81.tmp moved successfully.
c:\windows\system32\drivers\OLD83.tmp moved successfully.
c:\windows\system32\drivers\OLD86.tmp moved successfully.
c:\windows\system32\drivers\OLD88.tmp moved successfully.
c:\windows\system32\drivers\OLD8A.tmp moved successfully.
c:\windows\system32\drivers\OLD8C.tmp moved successfully.
c:\windows\system32\drivers\OLD8E.tmp moved successfully.
c:\windows\system32\drivers\OLD90.tmp moved successfully.
c:\windows\system32\drivers\OLD92.tmp moved successfully.
c:\windows\system32\drivers\OLD94.tmp moved successfully.
c:\windows\system32\drivers\OLD96.tmp moved successfully.
c:\windows\system32\drivers\OLD98.tmp moved successfully.
c:\windows\system32\drivers\OLD9A.tmp moved successfully.
c:\windows\system32\drivers\OLD9C.tmp moved successfully.
c:\windows\system32\drivers\OLD9E.tmp moved successfully.
c:\windows\system32\drivers\OLDA0.tmp moved successfully.
c:\windows\system32\drivers\OLDA2.tmp moved successfully.
c:\windows\system32\drivers\OLDA4.tmp moved successfully.
c:\windows\system32\drivers\OLDA6.tmp moved successfully.
c:\windows\system32\drivers\OLDA8.tmp moved successfully.
c:\windows\system32\drivers\OLDAA.tmp moved successfully.
c:\windows\system32\drivers\OLDAE.tmp moved successfully.
c:\windows\system32\drivers\OLDB0.tmp moved successfully.
c:\windows\system32\drivers\OLDB2.tmp moved successfully.
c:\windows\system32\drivers\OLDB4.tmp moved successfully.
c:\windows\system32\drivers\OLDB6.tmp moved successfully.
c:\windows\system32\drivers\OLDB8.tmp moved successfully.
c:\windows\system32\drivers\OLDBA.tmp moved successfully.
c:\windows\system32\drivers\OLDBC.tmp moved successfully.
c:\windows\system32\drivers\OLDBE.tmp moved successfully.
c:\windows\system32\drivers\OLDC0.tmp moved successfully.
c:\windows\system32\drivers\OLDC2.tmp moved successfully.
c:\windows\system32\drivers\OLDC4.tmp moved successfully.
c:\windows\system32\drivers\OLDC6.tmp moved successfully.
c:\windows\system32\drivers\OLDC8.tmp moved successfully.
c:\windows\system32\drivers\OLDCA.tmp moved successfully.
c:\windows\system32\drivers\OLDCC.tmp moved successfully.
c:\windows\system32\drivers\OLDCE.tmp moved successfully.
c:\windows\system32\drivers\OLDD0.tmp moved successfully.
c:\windows\system32\drivers\OLDD2.tmp moved successfully.
c:\windows\system32\drivers\OLDD4.tmp moved successfully.
c:\windows\system32\drivers\OLDD6.tmp moved successfully.
c:\windows\system32\drivers\OLDDA.tmp moved successfully.
c:\windows\system32\drivers\OLDDC.tmp moved successfully.
c:\windows\system32\drivers\OLDDE.tmp moved successfully.
c:\windows\system32\drivers\OLDE0.tmp moved successfully.
c:\windows\system32\drivers\OLDE2.tmp moved successfully.
c:\windows\system32\drivers\OLDE4.tmp moved successfully.
c:\windows\system32\drivers\OLDE6.tmp moved successfully.
c:\windows\system32\drivers\OLDE8.tmp moved successfully.
c:\windows\system32\drivers\OLDEA.tmp moved successfully.
c:\windows\system32\drivers\OLDEC.tmp moved successfully.
c:\windows\system32\drivers\OLDEE.tmp moved successfully.
c:\windows\system32\drivers\OLDF0.tmp moved successfully.
c:\windows\system32\drivers\OLDF2.tmp moved successfully.
c:\windows\system32\drivers\OLDF4.tmp moved successfully.
c:\windows\system32\drivers\OLDF6.tmp moved successfully.
c:\windows\system32\drivers\OLDF8.tmp moved successfully.
c:\windows\system32\drivers\OLDFA.tmp moved successfully.
c:\windows\system32\drivers\OLDFC.tmp moved successfully.
c:\windows\system32\drivers\OLDFE.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050419003420.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050513234628.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050728220110.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050729190928.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050801212225.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050802231008.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050804011958.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20050830023229.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051003193719.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051003193840.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051021055027.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051119025306.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051203035353.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051216051603.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20051230215100.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060122205117.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060205014821.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060227035034.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060325011137.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060408005734.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060425005713.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060603004013.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060804224226.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060819010235.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060902012254.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20060918235427.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20061003050848.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20061019055935.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20061108030256.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20070506003554.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20071001003725.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20081215082811.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\20090326061518.zip moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8EE.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F0.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F2.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F4.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqCC.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqdb.dat moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp moved successfully.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqsdb.dat moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\sysocmgr.dll
C:\WINDOWS\SYSTEM32\sysocmgr.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\sysocmgr.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: BaoDo
->Temp folder emptied: 72189810 bytes
->Temporary Internet Files folder emptied: 344090 bytes
->Java cache emptied: 127535 bytes
->FireFox cache emptied: 65137019 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 9704960 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 140.75 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07052009_145832

Files moved on Reboot...

Registry entries deleted on Reboot...

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:25 PM

Posted 05 July 2009 - 05:55 PM

Are you running Dr Web in safemode?

unite.jpg


#15 Lostfan17

Lostfan17
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 05 July 2009 - 06:18 PM

Yes. I ran it in safe mode.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users